package org.apache.ranger.plugin.model.validation;

import com.juicefs.shaded.org.apache.commons.lang.StringUtils;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.plugin.errors.ValidationErrorCode;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerSecurityZone;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.validation.RangerValidator;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.policyengine.RangerResourceTrie;
import org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher;
import org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.store.SecurityZoneStore;
import org.apache.ranger.plugin.store.ServiceStore;
import org.apache.ranger.plugin.util.SearchFilter;

/* loaded from: input_file:org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.class */
public class RangerSecurityZoneValidator extends RangerValidator {
    private static final Log LOG = LogFactory.getLog(RangerSecurityZoneValidator.class);
    private final SecurityZoneStore securityZoneStore;

    public RangerSecurityZoneValidator(ServiceStore serviceStore, SecurityZoneStore securityZoneStore) {
        super(serviceStore);
        this.securityZoneStore = securityZoneStore;
    }

    public void validate(RangerSecurityZone rangerSecurityZone, RangerValidator.Action action) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("==> RangerPolicyValidator.validate(%s, %s)", rangerSecurityZone, action));
        }
        ArrayList arrayList = new ArrayList();
        try {
            if (!isValid(rangerSecurityZone, action, arrayList)) {
                throw new Exception(serializeFailures(arrayList));
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug(String.format("<== RangerPolicyValidator.validate(%s, %s)", rangerSecurityZone, action));
            }
        } catch (Throwable th) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(String.format("<== RangerPolicyValidator.validate(%s, %s)", rangerSecurityZone, action));
            }
            throw th;
        }
    }

    @Override // org.apache.ranger.plugin.model.validation.RangerValidator
    boolean isValid(String str, RangerValidator.Action action, List<ValidationFailureDetails> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("==> RangerPolicyValidator.isValid(%s, %s, %s)", str, action, list));
        }
        boolean z = true;
        if (action != RangerValidator.Action.DELETE) {
            ValidationErrorCode validationErrorCode = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_UNSUPPORTED_ACTION;
            list.add(new ValidationFailureDetailsBuilder().isAnInternalError().becauseOf(validationErrorCode.getMessage(new Object[0])).errorCode(validationErrorCode.getErrorCode()).build());
            z = false;
        } else if (StringUtils.isEmpty(str)) {
            ValidationErrorCode validationErrorCode2 = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_FIELD;
            list.add(new ValidationFailureDetailsBuilder().becauseOf("security zone name was null/missing").field("name").isMissing().errorCode(validationErrorCode2.getErrorCode()).becauseOf(validationErrorCode2.getMessage("name")).build());
            z = false;
        } else if (getSecurityZone(str) == null) {
            ValidationErrorCode validationErrorCode3 = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_INVALID_ZONE_ID;
            list.add(new ValidationFailureDetailsBuilder().becauseOf("security zone does not exist").field("name").errorCode(validationErrorCode3.getErrorCode()).becauseOf(validationErrorCode3.getMessage(str)).build());
            z = false;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("<== RangerPolicyValidator.isValid(%s, %s, %s) : %s", str, action, list, Boolean.valueOf(z)));
        }
        return z;
    }

    @Override // org.apache.ranger.plugin.model.validation.RangerValidator
    boolean isValid(Long l, RangerValidator.Action action, List<ValidationFailureDetails> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("==> RangerPolicyValidator.isValid(%s, %s, %s)", l, action, list));
        }
        boolean z = true;
        if (action != RangerValidator.Action.DELETE) {
            ValidationErrorCode validationErrorCode = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_UNSUPPORTED_ACTION;
            list.add(new ValidationFailureDetailsBuilder().isAnInternalError().becauseOf(validationErrorCode.getMessage(new Object[0])).errorCode(validationErrorCode.getErrorCode()).build());
            z = false;
        } else if (l == null) {
            ValidationErrorCode validationErrorCode2 = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_FIELD;
            list.add(new ValidationFailureDetailsBuilder().becauseOf("security zone id was null/missing").field("id").isMissing().errorCode(validationErrorCode2.getErrorCode()).becauseOf(validationErrorCode2.getMessage("id")).build());
            z = false;
        } else if (getSecurityZone(l) == null) {
            ValidationErrorCode validationErrorCode3 = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_INVALID_ZONE_ID;
            list.add(new ValidationFailureDetailsBuilder().becauseOf("security zone id does not exist").field("id").errorCode(validationErrorCode3.getErrorCode()).becauseOf(validationErrorCode3.getMessage(l)).build());
            z = false;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("<== RangerPolicyValidator.isValid(%s, %s, %s) : %s", l, action, list, Boolean.valueOf(z)));
        }
        return z;
    }

    boolean isValid(RangerSecurityZone rangerSecurityZone, RangerValidator.Action action, List<ValidationFailureDetails> list) {
        RangerSecurityZone securityZone;
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("==> RangerPolicyValidator.isValid(%s, %s, %s)", rangerSecurityZone, action, list));
        }
        if (action != RangerValidator.Action.CREATE && action != RangerValidator.Action.UPDATE) {
            throw new IllegalArgumentException("isValid(RangerPolicy, ...) is only supported for create/update");
        }
        boolean z = true;
        String name = rangerSecurityZone.getName();
        if (StringUtils.isEmpty(StringUtils.trim(name))) {
            ValidationErrorCode validationErrorCode = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_FIELD;
            list.add(new ValidationFailureDetailsBuilder().becauseOf("security zone name was null/missing").field("name").isMissing().errorCode(validationErrorCode.getErrorCode()).becauseOf(validationErrorCode.getMessage("name")).build());
            z = false;
        }
        if (action == RangerValidator.Action.CREATE) {
            rangerSecurityZone.setId(-1L);
            RangerSecurityZone securityZone2 = getSecurityZone(name);
            if (securityZone2 != null) {
                ValidationErrorCode validationErrorCode2 = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_ZONE_NAME_CONFLICT;
                list.add(new ValidationFailureDetailsBuilder().becauseOf("security zone name exists").field("name").errorCode(validationErrorCode2.getErrorCode()).becauseOf(validationErrorCode2.getMessage(securityZone2.getId())).build());
                z = false;
            }
        } else {
            Long id = rangerSecurityZone.getId();
            RangerSecurityZone securityZone3 = getSecurityZone(id);
            if (securityZone3 == null) {
                ValidationErrorCode validationErrorCode3 = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_INVALID_ZONE_ID;
                list.add(new ValidationFailureDetailsBuilder().becauseOf("security zone with id does not exist").field("id").errorCode(validationErrorCode3.getErrorCode()).becauseOf(validationErrorCode3.getMessage(id)).build());
                z = false;
            } else if (StringUtils.isNotEmpty(StringUtils.trim(name)) && !StringUtils.equals(name, securityZone3.getName()) && (securityZone = getSecurityZone(name)) != null && !StringUtils.equals(securityZone.getName(), name)) {
                ValidationErrorCode validationErrorCode4 = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_ZONE_NAME_CONFLICT;
                list.add(new ValidationFailureDetailsBuilder().becauseOf("security zone name").field("name").errorCode(validationErrorCode4.getErrorCode()).becauseOf(validationErrorCode4.getMessage(securityZone.getId())).build());
                z = false;
            }
        }
        boolean z2 = (z && validateWithinSecurityZone(rangerSecurityZone, action, list)) && validateAgainstAllSecurityZones(rangerSecurityZone, action, list);
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("<== RangerPolicyValidator.isValid(%s, %s, %s) : %s", rangerSecurityZone, action, list, Boolean.valueOf(z2)));
        }
        return z2;
    }

    private boolean validateWithinSecurityZone(RangerSecurityZone rangerSecurityZone, RangerValidator.Action action, List<ValidationFailureDetails> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("==> RangerPolicyValidator.validateWithinSecurityZone(%s, %s, %s)", rangerSecurityZone, action, list));
        }
        boolean z = true;
        if (MapUtils.isNotEmpty(rangerSecurityZone.getServices())) {
            for (Map.Entry<String, RangerSecurityZone.RangerSecurityZoneService> entry : rangerSecurityZone.getServices().entrySet()) {
                z = z && validateSecurityZoneService(entry.getKey(), entry.getValue(), list);
            }
        } else {
            ValidationErrorCode validationErrorCode = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_SERVICES;
            list.add(new ValidationFailureDetailsBuilder().becauseOf("security zone services").isMissing().field("services").errorCode(validationErrorCode.getErrorCode()).becauseOf(validationErrorCode.getMessage(rangerSecurityZone.getName())).build());
            z = false;
        }
        if (CollectionUtils.isEmpty(rangerSecurityZone.getAdminUsers()) && CollectionUtils.isEmpty(rangerSecurityZone.getAdminUserGroups())) {
            ValidationErrorCode validationErrorCode2 = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_USER_AND_GROUPS;
            list.add(new ValidationFailureDetailsBuilder().field("security zone admin users/user-groups").isMissing().becauseOf(validationErrorCode2.getMessage(new Object[0])).errorCode(validationErrorCode2.getErrorCode()).build());
            z = false;
        }
        if (CollectionUtils.isEmpty(rangerSecurityZone.getAuditUsers()) && CollectionUtils.isEmpty(rangerSecurityZone.getAuditUserGroups())) {
            ValidationErrorCode validationErrorCode3 = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_USER_AND_GROUPS;
            list.add(new ValidationFailureDetailsBuilder().field("security zone audit users/user-groups").isMissing().becauseOf(validationErrorCode3.getMessage(new Object[0])).errorCode(validationErrorCode3.getErrorCode()).build());
            z = false;
        }
        if (rangerSecurityZone.getServices() != null) {
            for (Map.Entry<String, RangerSecurityZone.RangerSecurityZoneService> entry2 : rangerSecurityZone.getServices().entrySet()) {
                if (entry2.getValue().getResources() != null) {
                    for (HashMap<String, List<String>> hashMap : entry2.getValue().getResources()) {
                        if (hashMap != null) {
                            Iterator<Map.Entry<String, List<String>>> it = hashMap.entrySet().iterator();
                            while (it.hasNext()) {
                                if (CollectionUtils.isEmpty(it.next().getValue())) {
                                    ValidationErrorCode validationErrorCode4 = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_RESOURCES;
                                    list.add(new ValidationFailureDetailsBuilder().field("security zone resources").subField("resources").isMissing().becauseOf(validationErrorCode4.getMessage(entry2.getKey())).errorCode(validationErrorCode4.getErrorCode()).build());
                                    z = false;
                                }
                            }
                        }
                    }
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("<== RangerPolicyValidator.validateWithinSecurityZone(%s, %s, %s) : %s", rangerSecurityZone, action, list, Boolean.valueOf(z)));
        }
        return z;
    }

    private boolean validateAgainstAllSecurityZones(RangerSecurityZone rangerSecurityZone, RangerValidator.Action action, List<ValidationFailureDetails> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("==> RangerPolicyValidator.validateAgainstAllSecurityZones(%s, %s, %s)", rangerSecurityZone, action, list));
        }
        boolean z = true;
        String name = rangerSecurityZone.getId().longValue() != -1 ? getSecurityZone(rangerSecurityZone.getId()).getName() : rangerSecurityZone.getName();
        for (Map.Entry<String, RangerSecurityZone.RangerSecurityZoneService> entry : rangerSecurityZone.getServices().entrySet()) {
            String key = entry.getKey();
            if (CollectionUtils.isNotEmpty(entry.getValue().getResources())) {
                SearchFilter searchFilter = new SearchFilter();
                List<RangerSecurityZone> list2 = null;
                searchFilter.setParam("serviceName", key);
                searchFilter.setParam("zoneName", name);
                try {
                    list2 = this.securityZoneStore.getSecurityZones(searchFilter);
                } catch (Exception e) {
                    LOG.error("Failed to get Security-Zones", e);
                    ValidationErrorCode validationErrorCode = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_INTERNAL_ERROR;
                    list.add(new ValidationFailureDetailsBuilder().becauseOf(validationErrorCode.getMessage(e.getMessage())).errorCode(validationErrorCode.getErrorCode()).build());
                    z = false;
                }
                if (CollectionUtils.isNotEmpty(list2)) {
                    RangerService service = getService(key);
                    RangerServiceDef serviceDef = service != null ? getServiceDef(service.getType()) : null;
                    if (serviceDef == null) {
                        ValidationErrorCode validationErrorCode2 = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_INTERNAL_ERROR;
                        list.add(new ValidationFailureDetailsBuilder().becauseOf(validationErrorCode2.getMessage(key)).errorCode(validationErrorCode2.getErrorCode()).build());
                        z = false;
                    } else {
                        list2.add(rangerSecurityZone);
                        z = z && validateZoneServiceInAllZones(list2, key, serviceDef, list);
                    }
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("<== RangerPolicyValidator.validateAgainstAllSecurityZones(%s, %s, %s) : %s", rangerSecurityZone, action, list, Boolean.valueOf(z)));
        }
        return z;
    }

    private boolean validateZoneServiceInAllZones(List<RangerSecurityZone> list, String str, RangerServiceDef rangerServiceDef, List<ValidationFailureDetails> list2) {
        Set<RangerZoneResourceMatcher> set;
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("==> RangerPolicyValidator.validateZoneServiceInAllZones(%s, %s, %s, %s)", list, str, rangerServiceDef, list2));
        }
        boolean z = true;
        HashMap hashMap = new HashMap();
        for (RangerSecurityZone rangerSecurityZone : list) {
            for (HashMap<String, List<String>> hashMap2 : rangerSecurityZone.getServices().get(str).getResources()) {
                HashMap hashMap3 = new HashMap();
                for (Map.Entry<String, List<String>> entry : hashMap2.entrySet()) {
                    String key = entry.getKey();
                    List<String> value = entry.getValue();
                    RangerPolicy.RangerPolicyResource rangerPolicyResource = new RangerPolicy.RangerPolicyResource();
                    rangerPolicyResource.setIsExcludes(false);
                    rangerPolicyResource.setIsRecursive(Boolean.valueOf(EmbeddedServiceDefsUtil.isRecursiveEnabled(rangerServiceDef, key)));
                    rangerPolicyResource.setValues(value);
                    hashMap3.put(key, rangerPolicyResource);
                    if (hashMap.get(key) == null) {
                        hashMap.put(key, new ArrayList());
                    }
                }
                RangerZoneResourceMatcher rangerZoneResourceMatcher = new RangerZoneResourceMatcher(rangerSecurityZone.getName(), hashMap3, rangerServiceDef);
                Iterator<String> it = hashMap2.keySet().iterator();
                while (it.hasNext()) {
                    ((List) hashMap.get(it.next())).add(rangerZoneResourceMatcher);
                }
            }
        }
        HashMap hashMap4 = new HashMap();
        List<RangerServiceDef.RangerResourceDef> resources = rangerServiceDef.getResources();
        for (Map.Entry entry2 : hashMap.entrySet()) {
            String str2 = (String) entry2.getKey();
            List list3 = (List) entry2.getValue();
            RangerServiceDef.RangerResourceDef rangerResourceDef = null;
            Iterator<RangerServiceDef.RangerResourceDef> it2 = resources.iterator();
            while (true) {
                if (it2.hasNext()) {
                    RangerServiceDef.RangerResourceDef next = it2.next();
                    if (StringUtils.equals(next.getName(), str2)) {
                        rangerResourceDef = next;
                        break;
                    }
                }
            }
            hashMap4.put(entry2.getKey(), new RangerResourceTrie(rangerResourceDef, list3));
        }
        Iterator<RangerSecurityZone> it3 = list.iterator();
        while (it3.hasNext()) {
            Iterator<HashMap<String, List<String>>> it4 = it3.next().getServices().get(str).getResources().iterator();
            while (true) {
                if (it4.hasNext()) {
                    HashMap<String, List<String>> next2 = it4.next();
                    ArrayList<Set> arrayList = null;
                    Set set2 = null;
                    Iterator<Map.Entry<String, List<String>>> it5 = next2.entrySet().iterator();
                    while (true) {
                        if (!it5.hasNext()) {
                            break;
                        }
                        Map.Entry<String, List<String>> next3 = it5.next();
                        String key2 = next3.getKey();
                        List<String> value2 = next3.getValue();
                        Set evaluatorsForResource = ((RangerResourceTrie) hashMap4.get(key2)).getEvaluatorsForResource(value2);
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("ResourceDefName:[" + key2 + "], values:[" + value2 + "], matched-zones:[" + evaluatorsForResource + "]");
                        }
                        if (CollectionUtils.isEmpty(evaluatorsForResource)) {
                            arrayList = null;
                            set2 = null;
                            break;
                        }
                        if (set2 == null) {
                            set2 = evaluatorsForResource;
                        } else {
                            if (arrayList == null) {
                                arrayList = new ArrayList();
                                arrayList.add(set2);
                            }
                            arrayList.add(evaluatorsForResource);
                            if (set2.size() > evaluatorsForResource.size()) {
                                set2 = evaluatorsForResource;
                            }
                        }
                    }
                    if (set2 != null) {
                        if (arrayList != null) {
                            set = new HashSet(set2);
                            for (Set set3 : arrayList) {
                                if (set3 != set2) {
                                    set.retainAll(set3);
                                    if (CollectionUtils.isEmpty(set)) {
                                        break;
                                    }
                                }
                            }
                        } else {
                            set = set2;
                        }
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Resource:[" + next2 + "], matched-zones:[" + set + "]");
                        }
                        if (set.size() > 1) {
                            RangerAccessResourceImpl rangerAccessResourceImpl = new RangerAccessResourceImpl();
                            rangerAccessResourceImpl.setServiceDef(rangerServiceDef);
                            for (Map.Entry<String, List<String>> entry3 : next2.entrySet()) {
                                rangerAccessResourceImpl.setValue(entry3.getKey(), entry3.getValue());
                            }
                            HashSet hashSet = new HashSet();
                            for (RangerZoneResourceMatcher rangerZoneResourceMatcher2 : set) {
                                if (LOG.isDebugEnabled()) {
                                    LOG.debug("Trying to match resource:[" + rangerAccessResourceImpl + "] using zoneMatcher:[" + rangerZoneResourceMatcher2 + "]");
                                }
                                if (rangerZoneResourceMatcher2.getPolicyResourceMatcher().isMatch(rangerAccessResourceImpl, RangerPolicyResourceMatcher.MatchScope.ANY, (Map<String, Object>) null)) {
                                    if (LOG.isDebugEnabled()) {
                                        LOG.debug("Matched resource:[" + rangerAccessResourceImpl + "] using zoneMatcher:[" + rangerZoneResourceMatcher2 + "]");
                                    }
                                    hashSet.add(rangerZoneResourceMatcher2.getSecurityZoneName());
                                } else if (LOG.isDebugEnabled()) {
                                    LOG.debug("Did not match resource:[" + rangerAccessResourceImpl + "] using zoneMatcher:[" + rangerZoneResourceMatcher2 + "]");
                                }
                            }
                            LOG.info("The following zone-names matched resource:[" + next2 + "]: " + hashSet);
                            if (hashSet.size() > 1) {
                                ValidationErrorCode validationErrorCode = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_ZONE_RESOURCE_CONFLICT;
                                list2.add(new ValidationFailureDetailsBuilder().becauseOf(validationErrorCode.getMessage(hashSet, next2)).errorCode(validationErrorCode.getErrorCode()).build());
                                z = false;
                                break;
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("<== RangerPolicyValidator.validateZoneServiceInAllZones(%s, %s, %s, %s) : %s", list, str, rangerServiceDef, list2, Boolean.valueOf(z)));
        }
        return z;
    }

    private boolean validateSecurityZoneService(String str, RangerSecurityZone.RangerSecurityZoneService rangerSecurityZoneService, List<ValidationFailureDetails> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("==> RangerPolicyValidator.validateSecurityZoneService(%s, %s, %s)", str, rangerSecurityZoneService, list));
        }
        boolean z = true;
        RangerService service = getService(str);
        if (service == null) {
            ValidationErrorCode validationErrorCode = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_INVALID_SERVICE_NAME;
            list.add(new ValidationFailureDetailsBuilder().field("security zone resource service-name").becauseOf(validationErrorCode.getMessage(str)).errorCode(validationErrorCode.getErrorCode()).build());
            z = false;
        } else {
            RangerServiceDef serviceDef = getServiceDef(service.getType());
            if (serviceDef == null) {
                ValidationErrorCode validationErrorCode2 = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_INVALID_SERVICE_TYPE;
                list.add(new ValidationFailureDetailsBuilder().field("security zone resource service-type").becauseOf(validationErrorCode2.getMessage(service.getType())).errorCode(validationErrorCode2.getErrorCode()).build());
                z = false;
            } else if (StringUtils.equals(serviceDef.getName(), "tag")) {
                if (CollectionUtils.isNotEmpty(rangerSecurityZoneService.getResources())) {
                    ValidationErrorCode validationErrorCode3 = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_UNEXPECTED_RESOURCES;
                    list.add(new ValidationFailureDetailsBuilder().field("security zone resources").becauseOf(validationErrorCode3.getMessage(str)).errorCode(validationErrorCode3.getErrorCode()).build());
                    z = false;
                }
            } else if (CollectionUtils.isEmpty(rangerSecurityZoneService.getResources())) {
                ValidationErrorCode validationErrorCode4 = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_RESOURCES;
                list.add(new ValidationFailureDetailsBuilder().field("security zone resources").isMissing().becauseOf(validationErrorCode4.getMessage(str)).errorCode(validationErrorCode4.getErrorCode()).build());
                z = false;
            } else {
                for (HashMap<String, List<String>> hashMap : rangerSecurityZoneService.getResources()) {
                    Set<String> keySet = hashMap.keySet();
                    RangerServiceDefHelper rangerServiceDefHelper = new RangerServiceDefHelper(serviceDef);
                    boolean z2 = false;
                    for (int i : RangerPolicy.POLICY_TYPES) {
                        Set<List<RangerServiceDef.RangerResourceDef>> resourceHierarchies = rangerServiceDefHelper.getResourceHierarchies(Integer.valueOf(i), keySet);
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Size of resourceHierarchies for resourceDefNames:[" + keySet + ", policyType=" + i + "] = " + resourceHierarchies.size());
                        }
                        Iterator<List<RangerServiceDef.RangerResourceDef>> it = resourceHierarchies.iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            if (RangerDefaultPolicyResourceMatcher.isHierarchyValidForResources(it.next(), hashMap)) {
                                z2 = true;
                                break;
                            }
                            LOG.info("gaps found in resource, skipping hierarchy:[" + resourceHierarchies + "]");
                        }
                    }
                    if (!z2) {
                        ValidationErrorCode validationErrorCode5 = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_INVALID_RESOURCE_HIERARCHY;
                        list.add(new ValidationFailureDetailsBuilder().field("security zone resource hierarchy").becauseOf(validationErrorCode5.getMessage(str, keySet)).errorCode(validationErrorCode5.getErrorCode()).build());
                        z = false;
                    }
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("<== RangerPolicyValidator.validateSecurityZoneService(%s, %s, %s) : %s", str, rangerSecurityZoneService, list, Boolean.valueOf(z)));
        }
        return z;
    }
}
