/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.ranger.common;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;

import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.PathParam;
import javax.ws.rs.WebApplicationException;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXGroup;
import org.apache.ranger.entity.XXUser;
import org.apache.ranger.plugin.model.RangerBaseModelObject;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.RangerServiceNotFoundException;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.view.VXAsset;
import org.apache.ranger.view.VXAuditMap;
import org.apache.ranger.view.VXDataObject;
import org.apache.ranger.view.VXPermMap;
import org.apache.ranger.view.VXPermObj;
import org.apache.ranger.view.VXPolicy;
import org.apache.ranger.view.VXPolicyList;
import org.apache.ranger.view.VXRepository;
import org.apache.ranger.view.VXRepositoryList;
import org.apache.ranger.view.VXResource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
public class ServiceUtil {
	static final Logger LOG = Logger.getLogger(ServiceUtil.class);
	private static final String REGEX_PREFIX_STR 	 = "regex:";
	private static final int REGEX_PREFIX_STR_LENGTH = REGEX_PREFIX_STR.length();

	static Map<String, Integer> mapServiceTypeToAssetType = new HashMap<String, Integer>();
	static Map<String, Integer> mapAccessTypeToPermType   = new HashMap<String, Integer>();
	static String version;
	
	@Autowired
	JSONUtil jsonUtil;

	@Autowired
	RangerDaoManager xaDaoMgr;

	@Autowired
	RESTErrorUtil restErrorUtil;

	@Autowired
	ServiceDBStore svcStore;

	static {
		mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HDFS_NAME,  Integer.valueOf(RangerCommonEnums.ASSET_HDFS));
		mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HBASE_NAME, Integer.valueOf(RangerCommonEnums.ASSET_HBASE));
		mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HIVE_NAME,  Integer.valueOf(RangerCommonEnums.ASSET_HIVE));
		mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_KNOX_NAME,  Integer.valueOf(RangerCommonEnums.ASSET_KNOX));
		mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_STORM_NAME, Integer.valueOf(RangerCommonEnums.ASSET_STORM));

		mapAccessTypeToPermType.put("Unknown", 0);
		mapAccessTypeToPermType.put("Reset", 1);
		mapAccessTypeToPermType.put("read", 2);
		mapAccessTypeToPermType.put("write", 3);
		mapAccessTypeToPermType.put("create", 4);
		mapAccessTypeToPermType.put("delete", 5);
		mapAccessTypeToPermType.put("admin", 6);
		mapAccessTypeToPermType.put("Obfuscate", 7);
		mapAccessTypeToPermType.put("Mask", 8);
		mapAccessTypeToPermType.put("execute", 9);
		mapAccessTypeToPermType.put("select", 10);
		mapAccessTypeToPermType.put("update", 11);
		mapAccessTypeToPermType.put("drop", 12);
		mapAccessTypeToPermType.put("alter", 13);
		mapAccessTypeToPermType.put("index", 14);
		mapAccessTypeToPermType.put("lock", 15);
		mapAccessTypeToPermType.put("all", 16);
		mapAccessTypeToPermType.put("allow", 17);
		mapAccessTypeToPermType.put("submitTopology", 18);
		mapAccessTypeToPermType.put("fileUpload", 19);
		mapAccessTypeToPermType.put("getNimbusConf", 20);
		mapAccessTypeToPermType.put("getClusterInfo", 21);
		mapAccessTypeToPermType.put("fileDownload", 22);
		mapAccessTypeToPermType.put("killTopology", 23);
		mapAccessTypeToPermType.put("rebalance", 24);
		mapAccessTypeToPermType.put("activate", 25);
		mapAccessTypeToPermType.put("deactivate", 26);
		mapAccessTypeToPermType.put("getTopologyConf", 27);
		mapAccessTypeToPermType.put("getTopology", 28);
		mapAccessTypeToPermType.put("getUserTopology", 29);
		mapAccessTypeToPermType.put("getTopologyInfo", 30);
		mapAccessTypeToPermType.put("uploadNewCredentials", 31);
		mapAccessTypeToPermType.put("repladmin",32);
		mapAccessTypeToPermType.put("serviceadmin",33);
		mapAccessTypeToPermType.put("tempudfadmin",34);

		version = "0";
	}

	public RangerService getServiceByName(@PathParam("name") String name) {
		if(LOG.isDebugEnabled()) {
			LOG.debug("==> ServiceUtil.getServiceByName(" + name + ")");
		}

		RangerService ret = null;

		try {
			ret = svcStore.getServiceByName(name);
		} catch(WebApplicationException excp) {
			throw excp;
		} catch(Throwable excp) {
			LOG.error("getServiceByName(" + name + ") failed", excp);

			throw restErrorUtil.createRESTException(excp.getMessage());
		}

		if(ret == null) {
			throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, RangerServiceNotFoundException.buildExceptionMsg(name), true);
		}

		if(LOG.isDebugEnabled()) {
			LOG.debug("<== ServiceUtil.getServiceByName(" + name + "): " + ret);
		}

		return ret;
	}

	public RangerService toRangerService(VXAsset asset) {
		if(asset == null) {
			return null;
		}

		RangerService ret = new RangerService();

		dataObjectToRangerObject(asset, ret);

		ret.setType(toServiceType(asset.getAssetType()));
		ret.setName(asset.getName());
		ret.setDescription(asset.getDescription());
		ret.setIsEnabled(asset.getActiveStatus() == RangerCommonEnums.STATUS_ENABLED);
		ret.setConfigs(jsonUtil.jsonToMap(asset.getConfig()));

		return ret;
	}

	public VXAsset toVXAsset(RangerService service) {
		if(service == null || toAssetType(service.getType()) == null) {
			return null;
		}

		VXAsset ret = new VXAsset();
	
		rangerObjectToDataObject(service, ret);

		ret.setAssetType(toAssetType(service.getType()));
		ret.setName(service.getName());
		ret.setDescription(service.getDescription());
		ret.setActiveStatus(service.getIsEnabled() ? RangerCommonEnums.STATUS_ENABLED : RangerCommonEnums.STATUS_DISABLED);
		ret.setConfig(jsonUtil.readMapToString(service.getConfigs()));

		return ret;
	}

	public VXRepository toVXRepository(RangerService service){
		if(service == null || toAssetType(service.getType()) == null) {
			return null;
		}

		VXRepository  ret = new VXRepository();

		rangerObjectToDataObject(service,ret);

		ret.setRepositoryType(service.getType());
		ret.setName(service.getName());
		ret.setDescription(service.getDescription());
		ret.setIsActive(service.getIsEnabled());
		ret.setConfig(jsonUtil.readMapToString(service.getConfigs()));
		ret.setVersion(Long.toString(service.getVersion()));
		
		return ret;
	}
	
	public RangerPolicy toRangerPolicy(VXResource resource, RangerService service) {
		if(resource == null) {
			return null;
		}

		RangerPolicy ret = new RangerPolicy();

		dataObjectToRangerObject(resource, ret);

		if(service != null) {
			ret.setService(service.getName());
		} else {
			ret.setService(resource.getAssetName());
		}

		ret.setName(StringUtils.trim(resource.getPolicyName()));
		ret.setDescription(resource.getDescription());
		ret.setIsEnabled(resource.getResourceStatus() == RangerCommonEnums.STATUS_ENABLED);
		ret.setIsAuditEnabled(resource.getAuditList() != null && !resource.getAuditList().isEmpty());

		Boolean isPathRecursive  = resource.getIsRecursive() == RangerCommonEnums.BOOL_TRUE;
		Boolean isTableExcludes  = resource.getTableType() == RangerCommonEnums.POLICY_EXCLUSION;
		Boolean isColumnExcludes = resource.getColumnType() == RangerCommonEnums.POLICY_EXCLUSION;

		toRangerResourceList(resource.getName(), "path", Boolean.FALSE, isPathRecursive, ret.getResources());
		toRangerResourceList(resource.getTables(), "table", isTableExcludes, Boolean.FALSE, ret.getResources());
		toRangerResourceList(resource.getColumnFamilies(), "column-family", Boolean.FALSE, Boolean.FALSE, ret.getResources());
		toRangerResourceList(resource.getColumns(), "column", isColumnExcludes, Boolean.FALSE, ret.getResources());
		toRangerResourceList(resource.getDatabases(), "database", Boolean.FALSE, Boolean.FALSE, ret.getResources());
		toRangerResourceList(resource.getUdfs(), "udf", Boolean.FALSE, Boolean.FALSE, ret.getResources());
		toRangerResourceList(resource.getTopologies(), "topology", Boolean.FALSE, Boolean.FALSE, ret.getResources());
		toRangerResourceList(resource.getServices(), "service", Boolean.FALSE, Boolean.FALSE, ret.getResources());
		toRangerResourceList(resource.getHiveServices(), "hiveservice", Boolean.FALSE, Boolean.FALSE, ret.getResources());

		HashMap<String, List<VXPermMap>> sortedPermMap = new HashMap<String, List<VXPermMap>>();
		
		// re-group the list with permGroup as the key
		if (resource.getPermMapList() != null) {
			for(VXPermMap permMap : resource.getPermMapList()) {
				String          permGrp    = permMap.getPermGroup();
				List<VXPermMap> sortedList = sortedPermMap.get(permGrp);

				if(sortedList == null) {
					sortedList = new ArrayList<VXPermMap>();
					sortedPermMap.put(permGrp, sortedList);
				}

				sortedList.add(permMap);
			}
		}

		Integer assetType = getAssetType(service,ret.getService());

		for (Entry<String, List<VXPermMap>> entry : sortedPermMap.entrySet()) {
			List<String>                 userList   = new ArrayList<String>();
			List<String>                 groupList  = new ArrayList<String>();
			List<RangerPolicyItemAccess> accessList = new ArrayList<RangerPolicyItemAccess>();
			String                       ipAddress  = null;

			RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();

			for(VXPermMap permMap : entry.getValue()) {
				if(permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) {
					String userName = getUserName(permMap);

					if (! userList.contains(userName)) {
						userList.add(userName);
					}
				} else if(permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) {
					String groupName = getGroupName(permMap);

					if (! groupList.contains(groupName)) {
						groupList.add(groupName);
					}					
				}

				String accessType = toAccessType(permMap.getPermType());
				
				if(StringUtils.equalsIgnoreCase(accessType, "Admin")) {
					policyItem.setDelegateAdmin(Boolean.TRUE);
					if ( assetType != null && assetType == RangerCommonEnums.ASSET_HBASE) {
						accessList.add(new RangerPolicyItemAccess(accessType));
					}
				} else {
					accessList.add(new RangerPolicyItemAccess(accessType));
				}

				ipAddress = permMap.getIpAddress();
			}
			
			policyItem.setUsers(userList);
			policyItem.setGroups(groupList);
			policyItem.setAccesses(accessList);
			
			if(ipAddress != null && !ipAddress.isEmpty()) {
				RangerPolicy.RangerPolicyItemCondition ipCondition = new RangerPolicy.RangerPolicyItemCondition("ipaddress", Collections.singletonList(ipAddress));

				policyItem.getConditions().add(ipCondition);
			}
			
			ret.getPolicyItems().add(policyItem);
		}

		return ret;
	}

	public VXResource toVXResource(RangerPolicy policy, RangerService service) {
		if(policy == null || service == null || toAssetType(service.getType()) == null) {
			return null;
		}

		VXResource ret = new VXResource();

		rangerObjectToDataObject(policy, ret);

		ret.setAssetName(policy.getService());
		ret.setAssetId(service.getId());
		ret.setAssetType(toAssetType(service.getType()));
		ret.setPolicyName(policy.getName());
		ret.setDescription(policy.getDescription());
		ret.setGuid(policy.getGuid());
		ret.setResourceStatus(policy.getIsEnabled() ? RangerCommonEnums.STATUS_ENABLED : RangerCommonEnums.STATUS_DISABLED);

		List<VXAuditMap> auditList = null;
		if(policy.getIsAuditEnabled()) {
			VXAuditMap auditMap = new VXAuditMap();

			auditMap.setResourceId(policy.getId());
			auditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL);

			auditList = new ArrayList<VXAuditMap>();
			auditList.add(auditMap);
		}
		ret.setAuditList(auditList);

		for(Map.Entry<String, RangerPolicy.RangerPolicyResource> e : policy.getResources().entrySet()) {
			RangerPolicy.RangerPolicyResource res       = e.getValue();
			String                            resType   = e.getKey();
			String                            resString = getResourceString(res.getValues());

			if("path".equalsIgnoreCase(resType)) {
				ret.setName(resString);
				ret.setIsRecursive(Boolean.TRUE.equals(res.getIsRecursive()) ? RangerCommonEnums.BOOL_TRUE : RangerCommonEnums.BOOL_FALSE);
			} else if("table".equalsIgnoreCase(resType)) {
				ret.setTables(resString);
				ret.setTableType(Boolean.TRUE.equals(res.getIsExcludes()) ? RangerCommonEnums.POLICY_EXCLUSION : RangerCommonEnums.POLICY_INCLUSION);
			} else if("column-family".equalsIgnoreCase(resType)) {
				ret.setColumnFamilies(resString);
			} else if("column".equalsIgnoreCase(resType)) {
				ret.setColumns(resString);
				ret.setColumnType(Boolean.TRUE.equals(res.getIsExcludes()) ? RangerCommonEnums.POLICY_EXCLUSION : RangerCommonEnums.POLICY_INCLUSION);
			} else if("database".equalsIgnoreCase(resType)) {
				ret.setDatabases(resString);
			} else if("udf".equalsIgnoreCase(resType)) {
				ret.setUdfs(resString);
			} else if("topology".equalsIgnoreCase(resType)) {
				ret.setTopologies(resString);
			} else if("service".equalsIgnoreCase(resType)) {
				ret.setServices(resString);
			} else if(resType.equalsIgnoreCase("hiveservice")) {
				ret.setHiveServices(resString);
			}
		}
		updateResourceName(ret);

		List<VXPermMap> permMapList = getVXPermMapList(policy);
		
		ret.setPermMapList(permMapList);

		return ret;
	}

	public VXAsset publicObjecttoVXAsset(VXRepository vXRepository) {
		VXAsset ret = new VXAsset();
		publicDataObjectTovXDataObject(vXRepository,ret);

		Integer assetType = toAssetType(vXRepository.getRepositoryType());

		ret.setAssetType(assetType == null ? -1 : assetType.intValue());
		ret.setName(vXRepository.getName());
		ret.setDescription(vXRepository.getDescription());
		ret.setActiveStatus(vXRepository.getIsActive() ? RangerCommonEnums.STATUS_ENABLED : RangerCommonEnums.STATUS_DISABLED);
		ret.setConfig(vXRepository.getConfig());
		return ret;
	}
	
	public VXRepository  vXAssetToPublicObject(VXAsset asset) {
		VXRepository ret = new VXRepository();
		vXDataObjectToPublicDataObject(ret,asset);

		ret.setRepositoryType(toServiceType(asset.getAssetType()));
		ret.setName(asset.getName());
		ret.setDescription(asset.getDescription());
		ret.setIsActive(asset.getActiveStatus() == RangerCommonEnums.STATUS_ENABLED ? true : false);
		ret.setConfig(asset.getConfig());
		ret.setVersion(version);
		
		return ret;
	}

	private Map<String, RangerPolicy.RangerPolicyResource> toRangerResourceList(String resourceString, String resourceType, Boolean isExcludes, Boolean isRecursive, Map<String, RangerPolicy.RangerPolicyResource> resources) {
		Map<String, RangerPolicy.RangerPolicyResource> ret = resources == null ? new HashMap<String, RangerPolicy.RangerPolicyResource>() : resources;

		if(StringUtils.isNotBlank(resourceString)) {
			RangerPolicy.RangerPolicyResource resource = ret.get(resourceType);

			if(resource == null) {
				resource = new RangerPolicy.RangerPolicyResource();
				resource.setIsExcludes(isExcludes);
				resource.setIsRecursive(isRecursive);

				ret.put(resourceType, resource);
			}

			Collections.addAll(resource.getValues(), resourceString.split(","));
		}

		return ret;
	}

	private static String toServiceType(int assetType) {
		String ret = null;

		for(Map.Entry<String, Integer> e : mapServiceTypeToAssetType.entrySet()) {
			if(e.getValue().intValue() == assetType) {
				ret = e.getKey();

				break;
			}
		}

		return ret;
	}

	private static Integer toAssetType(String serviceType) {
		Integer ret = null;

		if(serviceType != null) {
			ret = mapServiceTypeToAssetType.get(serviceType.toLowerCase());
		}

		return ret;
	}

	public static String toAccessType(int permType) {
		String ret = null;

		for(Map.Entry<String, Integer> e : mapAccessTypeToPermType.entrySet()) {
			if(e.getValue().intValue() == permType) {
				ret = e.getKey();

				break;
			}
		}

		return ret;
	}

	private static Integer toPermType(String accessType) {
		Integer ret = null;

		for(Map.Entry<String, Integer> e : mapAccessTypeToPermType.entrySet()) {
			if(e.getKey().equalsIgnoreCase(accessType)) {
				ret = e.getValue();

				break;
			}
		}

		return ret == null ? 0 : ret;
	}
	
	private RangerBaseModelObject dataObjectToRangerObject(VXDataObject dataObject,RangerBaseModelObject rangerObject) {
		RangerBaseModelObject ret = rangerObject;

		ret.setId(dataObject.getId());
		ret.setCreateTime(dataObject.getCreateDate());
		ret.setUpdateTime(dataObject.getUpdateDate());
		ret.setCreatedBy(dataObject.getOwner());
		ret.setUpdatedBy(dataObject.getUpdatedBy());

		return ret;
	}

	private VXDataObject rangerObjectToDataObject(RangerBaseModelObject rangerObject, VXDataObject dataObject) {
		VXDataObject ret = dataObject;

		ret.setId(rangerObject.getId());
		ret.setCreateDate(rangerObject.getCreateTime());
		ret.setUpdateDate(rangerObject.getUpdateTime());
		ret.setOwner(rangerObject.getCreatedBy());
		ret.setUpdatedBy(rangerObject.getUpdatedBy());

		return ret;
	}
	
	private String toVxPolicyIncExc(int policyIncExc) {
		String ret = "";
		
		switch(policyIncExc)  {
		case 0:
			ret = "Inclusion";
			break;
		case 1:
			ret = "Exclusion";
			break;
		}
		return ret;
	}	

	private void updateResourceName(VXPolicy policy) {
		if(policy == null || toAssetType(policy.getRepositoryType()) == null) {
			return;
		}

		String resourceName = getResourceName(toAssetType(policy.getRepositoryType()),
											  policy.getResourceName(),
											  policy.getTables(),
											  policy.getColumnFamilies(),
											  policy.getColumns(),
											  policy.getDatabases(),
											  policy.getTopologies(),
											  policy.getServices());

		policy.setResourceName(resourceName);
	}

	private void updateResourceName(VXResource resource) {
		if(resource == null) {
			return;
		}

		String resourceName = getResourceName(resource.getAssetType(),
											  resource.getName(),
											  resource.getTables(),
											  resource.getColumnFamilies(),
											  resource.getColumns(),
											  resource.getDatabases(),
											  resource.getTopologies(),
											  resource.getServices());

		resource.setName(resourceName);
	}

	private String getResourceName(int assetType, String paths, String tables, String columnFamilies, String columns, String databases, String topologies, String services) {
		StringBuilder sb = new StringBuilder();

		switch(assetType) {
			case RangerCommonEnums.ASSET_HDFS:
				paths = emptyIfNull(paths);

				sb.append(paths);
			break;

			case RangerCommonEnums.ASSET_HBASE:
			{
				tables         = emptyIfNull(tables);
				columnFamilies = emptyIfNull(columnFamilies);
				columns        = emptyIfNull(columns);

				for(String column : columns.split(",")) {
					for(String columnFamily : columnFamilies.split(",")) {
						for(String table : tables.split(",")) {
							if(sb.length() > 0) {
								sb.append(",");
							}

							sb.append("/").append(table).append("/").append(columnFamily).append("/").append(column);
						}
					}
				}
			}
			break;

			case RangerCommonEnums.ASSET_HIVE:
			{
				databases = emptyIfNull(databases);
				tables    = emptyIfNull(tables);
				columns   = emptyIfNull(columns);

				for(String column : columns.split(",")) {
					for(String table : tables.split(",")) {
						for(String database : databases.split(",")) {
							if(sb.length() > 0) {
								sb.append(",");
							}

							sb.append("/").append(database).append("/").append(table).append("/").append(column);
						}
					}
				}
			}
			break;

			case RangerCommonEnums.ASSET_KNOX:
			{
				topologies = emptyIfNull(topologies);
				services   = emptyIfNull(services);

				for(String service : services.split(",")) {
					for(String topology : topologies.split(",")) {
						if(sb.length() > 0) {
							sb.append(",");
						}

						sb.append("/").append(topology).append("/").append(service);
					}
				}
			}
			break;

			case RangerCommonEnums.ASSET_STORM:
				topologies = emptyIfNull(topologies);

				sb.append(topologies);
			break;
		}

		return sb.toString();
	}

	private String emptyIfNull(String str) {
		return str == null ? "" : str;
	}
	
	private String getResourceString(List<String> values) {
		String ret = null;

		if(values != null) {
			for(String value : values) {
				if(ret == null) {
					ret = value;
				} else if(value != null) {
					ret += ("," + value);
				}
			}
		}

		return ret;
	}

	private String getUserName(VXPermMap permMap) {
		String userName = permMap.getUserName();

		if(userName == null || userName.isEmpty()) {
			Long userId = permMap.getUserId();

			if(userId != null) {
				XXUser xxUser = xaDaoMgr.getXXUser().getById(userId);

				if(xxUser != null) {
					userName = xxUser.getName();
				}
			}
		}

		return userName;
	}

	private String getGroupName(VXPermMap permMap) {
		String groupName = permMap.getGroupName();

		if(groupName == null || groupName.isEmpty()) {
			Long groupId = permMap.getGroupId();

			if(groupId != null) {
				XXGroup xxGroup = xaDaoMgr.getXXGroup().getById(groupId);

				if(xxGroup != null) {
					groupName = xxGroup.getName();
				}
			}
		}
		
		return groupName;
		
	}

	private Long getUserId(String userName) {
		Long userId = null;

		if(userName != null) {
			XXUser xxUser = xaDaoMgr.getXXUser().findByUserName(userName);
	
			if(xxUser != null) {
				userId = xxUser.getId();
			}
		}

		return userId;
	}

	private Long getGroupId(String groupName) {
		Long groupId = null;

		if(groupName != null) {
			XXGroup xxGroup = xaDaoMgr.getXXGroup().findByGroupName(groupName);

			if(xxGroup != null) {
				groupId = xxGroup.getId();
			}
		}

		return groupId;
	}
	
	public SearchCriteria getMappedSearchParams(HttpServletRequest request,
			SearchCriteria searchCriteria) {

		Object typeObj = searchCriteria.getParamValue("type");
		Object statusObj = searchCriteria.getParamValue("status");

		ArrayList<Integer> statusList = new ArrayList<Integer>();
		if (statusObj == null) {
			statusList.add(RangerCommonEnums.STATUS_DISABLED);
			statusList.add(RangerCommonEnums.STATUS_ENABLED);
		} else {
			Boolean status = restErrorUtil.parseBoolean(
					request.getParameter("status"), "Invalid value for "
							+ "status", MessageEnums.INVALID_INPUT_DATA, null,
					"status");
			int statusEnum = (status == null || status == false) ? AppConstants.STATUS_DISABLED
					: AppConstants.STATUS_ENABLED;
			statusList.add(statusEnum);
		}
		searchCriteria.addParam("status", statusList);

		if (typeObj != null) {
			String type = typeObj.toString();
			int typeEnum = AppConstants.getEnumFor_AssetType(type);
			searchCriteria.addParam("type", typeEnum);
		}
		return searchCriteria;
	}
	
	
	public VXRepositoryList rangerServiceListToPublicObjectList(List<RangerService> serviceList) {

		List<VXRepository> repoList = new ArrayList<VXRepository>();
		for (RangerService service  : serviceList) {
			VXRepository vXRepo = toVXRepository(service);

			if(vXRepo != null) {
				repoList.add(vXRepo);
			}
		}
		VXRepositoryList vXRepositoryList = new VXRepositoryList(repoList);
		return vXRepositoryList;
	}
	
		
	private VXDataObject vXDataObjectToPublicDataObject(VXDataObject publicDataObject, VXDataObject vXdataObject) {
		
		VXDataObject ret = publicDataObject;
		
		ret.setId(vXdataObject.getId());
		ret.setCreateDate(vXdataObject.getCreateDate());
		ret.setUpdateDate(vXdataObject.getUpdateDate());
		ret.setOwner(vXdataObject.getOwner());
		ret.setUpdatedBy(vXdataObject.getUpdatedBy());

		return ret;
	}
	
	protected VXDataObject publicDataObjectTovXDataObject(VXDataObject publicDataObject,VXDataObject vXDataObject) {
		
		VXDataObject ret = vXDataObject;
		
		ret.setId(publicDataObject.getId());
		ret.setCreateDate(publicDataObject.getCreateDate());
		ret.setUpdateDate(publicDataObject.getUpdateDate());
		ret.setOwner(publicDataObject.getOwner());
		ret.setUpdatedBy(publicDataObject.getUpdatedBy());

		return ret;
	}
	
	
	public VXPolicy toVXPolicy(RangerPolicy policy, RangerService service) {
		if(policy == null || service == null || toAssetType(service.getType()) == null) {
			return null;
		}

		VXPolicy ret = new VXPolicy();

		rangerObjectToDataObject(policy, ret);

		ret.setPolicyName(StringUtils.trim(policy.getName()));
		ret.setDescription(policy.getDescription());
		ret.setRepositoryName(policy.getService());
		ret.setIsEnabled(policy.getIsEnabled() ? true : false);
		ret.setRepositoryType(service.getType());
		ret.setIsAuditEnabled(policy.getIsAuditEnabled());
		if (policy.getVersion() != null ) {
			ret.setVersion(policy.getVersion().toString());
		} else {
			ret.setVersion(version);
		}
		
		for(Map.Entry<String, RangerPolicy.RangerPolicyResource> e : policy.getResources().entrySet()) {
			RangerPolicy.RangerPolicyResource res       = e.getValue();
			String                            resType   = e.getKey();
			String                            resString = getResourceString(res.getValues());

			if("path".equalsIgnoreCase(resType)) {
				ret.setResourceName(resString);
				ret.setIsRecursive(Boolean.TRUE.equals(res.getIsRecursive()) ? true : false);
			} else if("table".equalsIgnoreCase(resType)) {
				ret.setTables(resString);
				ret.setTableType(Boolean.TRUE.equals(res.getIsExcludes()) ? toVxPolicyIncExc(RangerCommonEnums.POLICY_EXCLUSION):toVxPolicyIncExc(RangerCommonEnums.POLICY_INCLUSION));
			} else if("column-family".equalsIgnoreCase(resType)) {
				ret.setColumnFamilies(resString);
			} else if("column".equalsIgnoreCase(resType)) {
				ret.setColumns(resString);
				ret.setColumnType(Boolean.TRUE.equals(res.getIsExcludes()) ? toVxPolicyIncExc(RangerCommonEnums.POLICY_EXCLUSION):toVxPolicyIncExc(RangerCommonEnums.POLICY_INCLUSION));
			} else if("database".equalsIgnoreCase(resType)) {
				ret.setDatabases(resString);
			} else if("udf".equalsIgnoreCase(resType)) {
				ret.setUdfs(resString);
			} else if("topology".equalsIgnoreCase(resType)) {
				ret.setTopologies(resString);
			} else if("service".equalsIgnoreCase(resType)) {
				ret.setServices(resString);
			} else if(resType.equalsIgnoreCase("hiveservice")) {
				ret.setHiveServices(resString);
			}
		}
		updateResourceName(ret);
			
		List<VXPermMap> vXPermMapList = getVXPermMapList(policy);
			
		List<VXPermObj> vXPermObjList = mapPermMapToPermObj(vXPermMapList);
		
		ret.setPermMapList(vXPermObjList);
		
		return ret;
 	}


	public List<VXPermMap> getVXPermMapList(RangerPolicy policy) {
		
		List<VXPermMap> permMapList = new ArrayList<VXPermMap>();
	
		int permGroup = 0;
		for(RangerPolicy.RangerPolicyItem policyItem : policy.getPolicyItems()) {
			String ipAddress = null;

            for (RangerPolicy.RangerPolicyItemCondition condition : policyItem.getConditions()) {
                if ("ipaddress".equalsIgnoreCase(condition.getType())) {
                    List<String> values = condition.getValues();
                    if (CollectionUtils.isNotEmpty(values)) {
                        // TODO changes this to properly deal with collection for now just returning 1st item
                        ipAddress = values.get(0);
                    }
                }

                if (ipAddress != null && !ipAddress.isEmpty()) {
                    break; // only 1 IP-address per permMap
                }
            }

			for(String userName : policyItem.getUsers()) {
				for(RangerPolicyItemAccess access : policyItem.getAccesses()) {
					if(! access.getIsAllowed()) {
						continue;
					}
	
					VXPermMap permMap = new VXPermMap();
	
					permMap.setPermFor(AppConstants.XA_PERM_FOR_USER);
					permMap.setPermGroup(Integer.valueOf(permGroup).toString());
					permMap.setUserName(userName);
					permMap.setUserId(getUserId(userName));
					permMap.setPermType(toPermType(access.getType()));
					permMap.setIpAddress(ipAddress);
	
					permMapList.add(permMap);
				}
				
				if(policyItem.getDelegateAdmin()) {
					VXPermMap permMap = new VXPermMap();
	
					permMap.setPermFor(AppConstants.XA_PERM_FOR_USER);
					permMap.setPermGroup(Integer.valueOf(permGroup).toString());
					permMap.setUserName(userName);
					permMap.setUserId(getUserId(userName));
					permMap.setPermType(toPermType("Admin"));
					permMap.setIpAddress(ipAddress);
	
					permMapList.add(permMap);
				}
			}
			permGroup++;
	
			for(String groupName : policyItem.getGroups()) {
				for(RangerPolicyItemAccess access : policyItem.getAccesses()) {
					if(! access.getIsAllowed()) {
						continue;
					}
	
					VXPermMap permMap = new VXPermMap();
	
					permMap.setPermFor(AppConstants.XA_PERM_FOR_GROUP);
					permMap.setPermGroup(Integer.valueOf(permGroup).toString());
					permMap.setGroupName(groupName);
					permMap.setGroupId(getGroupId(groupName));
					permMap.setPermType(toPermType(access.getType()));
					permMap.setIpAddress(ipAddress);
	
					permMapList.add(permMap);
				}
				
				if(policyItem.getDelegateAdmin()) {
					VXPermMap permMap = new VXPermMap();
	
					permMap.setPermFor(AppConstants.XA_PERM_FOR_GROUP);
					permMap.setPermGroup(Integer.valueOf(permGroup).toString());
					permMap.setGroupName(groupName);
					permMap.setGroupId(getGroupId(groupName));
					permMap.setPermType(toPermType("Admin"));
					permMap.setIpAddress(ipAddress);
	
					permMapList.add(permMap);
				}
			}
			permGroup++;
		}
		return permMapList;
    }
	
	
	public List<VXPermObj> mapPermMapToPermObj(List<VXPermMap> permMapList) {

		List<VXPermObj> permObjList = new ArrayList<VXPermObj>();
		HashMap<String, List<VXPermMap>> sortedPemMap = new HashMap<String, List<VXPermMap>>();

		if (permMapList != null) {
			for (VXPermMap vXPermMap : permMapList) {

				String permGrp = vXPermMap.getPermGroup();
				List<VXPermMap> sortedList = sortedPemMap.get(permGrp);
				if (sortedList == null) {
					sortedList = new ArrayList<VXPermMap>();
					sortedPemMap.put(permGrp, sortedList);
				}
				sortedList.add(vXPermMap);
			}
		}

		for (Entry<String, List<VXPermMap>> entry : sortedPemMap.entrySet()) {
			VXPermObj vXPermObj = new VXPermObj();
			List<String> userList = new ArrayList<String>();
			List<String> groupList = new ArrayList<String>();
			List<String> permList = new ArrayList<String>();
			String ipAddress = "";

			List<VXPermMap> permListForGrp = entry.getValue();

			for (VXPermMap permMap : permListForGrp) {
				if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) {
					if (!userList.contains(permMap.getUserName())) {
						userList.add(permMap.getUserName());
					}
				} else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) {
					if (!groupList.contains(permMap.getGroupName())) {
						groupList.add(permMap.getGroupName());
					}					
				}
				String perm = AppConstants.getLabelFor_XAPermType(permMap
						.getPermType());
				if (!permList.contains(perm)) {
					permList.add(perm);
				}
				ipAddress = permMap.getIpAddress();
			}
			vXPermObj.setUserList(userList);
			vXPermObj.setGroupList(groupList);
			vXPermObj.setPermList(permList);
			vXPermObj.setIpAddress(ipAddress);

			permObjList.add(vXPermObj);
		}
		return permObjList;
	}
	
	
	public RangerPolicy toRangerPolicy(VXPolicy vXPolicy, RangerService service ) {
		if(vXPolicy == null || service == null || toAssetType(service.getType()) == null) {
			return null;
		}

		RangerPolicy ret = new RangerPolicy();

		ret = (RangerPolicy) dataObjectToRangerObject(vXPolicy, ret);

		ret.setService(service.getName());
		ret.setName(StringUtils.trim(vXPolicy.getPolicyName()));
		ret.setDescription(vXPolicy.getDescription());
		ret.setIsEnabled(vXPolicy.getIsEnabled() == true);
		ret.setIsAuditEnabled(vXPolicy.getIsAuditEnabled());

		Integer assetType = toAssetType(service.getType());
		
		Boolean isRecursive  =  Boolean.FALSE;
		if (assetType == RangerCommonEnums.ASSET_HDFS && vXPolicy.getIsRecursive() != null) {
			isRecursive      = vXPolicy.getIsRecursive();
		}
		
		Boolean isTableExcludes =  Boolean.FALSE;
		if ( vXPolicy.getTableType() != null) {
			isTableExcludes  = vXPolicy.getTableType().equals(RangerCommonEnums.getLabelFor_PolicyType(RangerCommonEnums.POLICY_EXCLUSION));
		}
		
		Boolean isColumnExcludes =  Boolean.FALSE;
		if ( vXPolicy.getColumnType() != null) {
			isColumnExcludes = vXPolicy.getColumnType().equals(RangerCommonEnums.getLabelFor_PolicyType(RangerCommonEnums.POLICY_EXCLUSION));
		}
		
		if (assetType == RangerCommonEnums.ASSET_HDFS && vXPolicy.getResourceName() != null ) {
			toRangerResourceList(vXPolicy.getResourceName(), "path", Boolean.FALSE, isRecursive, ret.getResources());
		}
		
		if (vXPolicy.getTables() != null) {
			toRangerResourceList(vXPolicy.getTables(), "table", isTableExcludes, isRecursive, ret.getResources());
		}
		
		if (vXPolicy.getColumnFamilies() != null) {
			toRangerResourceList(vXPolicy.getColumnFamilies(), "column-family", Boolean.FALSE, isRecursive, ret.getResources());
		}
		
		if (vXPolicy.getColumns() != null) {
			toRangerResourceList(vXPolicy.getColumns(), "column", isColumnExcludes, isRecursive, ret.getResources());
		}
		
		if (vXPolicy.getDatabases() != null) {
			toRangerResourceList(vXPolicy.getDatabases(), "database", Boolean.FALSE, isRecursive, ret.getResources());
		}
		
		if (vXPolicy.getUdfs() != null) {
			toRangerResourceList(vXPolicy.getUdfs(), "udf", Boolean.FALSE, isRecursive, ret.getResources());
		}
		
		if (vXPolicy.getTopologies() != null) {
			toRangerResourceList(vXPolicy.getTopologies(), "topology", Boolean.FALSE, isRecursive, ret.getResources());
		}
		
		if (vXPolicy.getServices() != null) {
			toRangerResourceList(vXPolicy.getServices(), "service", Boolean.FALSE, isRecursive, ret.getResources());
		}

		if (vXPolicy.getHiveServices() != null) {
			toRangerResourceList(vXPolicy.getHiveServices(), "hiveservice", Boolean.FALSE, isRecursive, ret.getResources());
		}

		if ( vXPolicy.getPermMapList() != null) {
			List<VXPermObj> vXPermObjList = vXPolicy.getPermMapList();

			for(VXPermObj vXPermObj : vXPermObjList ) {
				List<String>                 userList   = new ArrayList<String>();
				List<String>                 groupList  = new ArrayList<String>();
				List<RangerPolicyItemAccess> accessList = new ArrayList<RangerPolicyItemAccess>();
				String                       ipAddress  = null;
				boolean 			    delegatedAdmin  = false;
				
				if (vXPermObj.getUserList() != null)  {
					for (String user : vXPermObj.getUserList() ) {
						if ( user.contains(getUserName(user))) {
						userList.add(user);
						}
					}
				 }
				
				if (vXPermObj.getGroupList() != null) {
					for (String group : vXPermObj.getGroupList()) {
						if ( group.contains(getGroupName(group))) {
							groupList.add(group);
						}
					}
				}
		
				if (vXPermObj.getPermList() != null) {
					for (String perm : vXPermObj.getPermList()) {
						if ( AppConstants.getEnumFor_XAPermType(perm) != 0 ) {
							if ("Admin".equalsIgnoreCase(perm)) {
								delegatedAdmin=true;
								if (assetType != RangerCommonEnums.ASSET_HBASE) {
									continue;
								}
							}
							accessList.add(new RangerPolicyItemAccess(perm));
						}
					}
				}
				
				if (vXPermObj.getIpAddress() != null ) {
					ipAddress =  vXPermObj.getIpAddress();
				}
				
				RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
	
				policyItem.setUsers(userList);
				policyItem.setGroups(groupList);
				policyItem.setAccesses(accessList);
				
				if (delegatedAdmin) {
					policyItem.setDelegateAdmin(Boolean.TRUE);	
				} else {
					policyItem.setDelegateAdmin(Boolean.FALSE);	
				}
								
				if(ipAddress != null && !ipAddress.isEmpty()) {
					RangerPolicy.RangerPolicyItemCondition ipCondition = new RangerPolicy.RangerPolicyItemCondition("ipaddress", Collections.singletonList(ipAddress));
	
					policyItem.getConditions().add(ipCondition);
				}
				
				ret.getPolicyItems().add(policyItem);
			}
		}

		return ret;
	}
	
	private String getUserName(String userName) {
		if(userName == null || userName.isEmpty()) {
		
			XXUser xxUser = xaDaoMgr.getXXUser().findByUserName(userName);

			if(xxUser != null) {
				userName = xxUser.getName();
			}
		}
		return userName;
	}
	
	
	private String getGroupName(String groupName) {
	
		if(groupName == null || groupName.isEmpty()) {
				XXGroup xxGroup = xaDaoMgr.getXXGroup().findByGroupName(groupName);

				if(xxGroup != null) {
					groupName = xxGroup.getName();
				}
		}
		return groupName;
	}
	
	
	public VXPolicyList rangerPolicyListToPublic(List<RangerPolicy> rangerPolicyList,SearchFilter filter) {
		
		RangerService service       = null;
		List<VXPolicy> vXPolicyList = new ArrayList<VXPolicy>();

		VXPolicyList vXPolicyListObj = new VXPolicyList(new ArrayList<VXPolicy>());
		if(CollectionUtils.isNotEmpty(rangerPolicyList)) {
			int    totalCount = rangerPolicyList.size();
			int    startIndex = filter.getStartIndex();
			int    pageSize   = filter.getMaxRows();
			int    toIndex    = Math.min(startIndex + pageSize, totalCount);
			String sortType   = filter.getSortType();
			String sortBy     = filter.getSortBy();
			for(int i = startIndex; i < toIndex; i++) {
				RangerPolicy policy =rangerPolicyList.get(i);
				try {
					service = svcStore.getServiceByName(policy.getService());
				} catch(Exception excp) {
					throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
				}
				if(service  == null) {
					throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, RangerServiceNotFoundException.buildExceptionMsg(policy.getService()), true);
				}
				VXPolicy vXPolicy = toVXPolicy(policy,service);
				if(vXPolicy != null) {
					vXPolicyList.add(vXPolicy);
				}
			}
			vXPolicyListObj = new VXPolicyList(vXPolicyList);
			vXPolicyListObj.setPageSize(pageSize);
			vXPolicyListObj.setResultSize(vXPolicyList.size());
			vXPolicyListObj.setStartIndex(startIndex);
			vXPolicyListObj.setTotalCount(totalCount);
			vXPolicyListObj.setSortBy(sortBy);
			vXPolicyListObj.setSortType(sortType);
		}
		return vXPolicyListObj;
	}
	
	
	public GrantRevokeRequest toGrantRevokeRequest(VXPolicy vXPolicy) {
		String serviceType 	  = null;
		RangerService service = null;
		GrantRevokeRequest ret 	  = new GrantRevokeRequest();
		
		if ( vXPolicy != null) {
			String		  serviceName = vXPolicy.getRepositoryName();
			try {
				service = svcStore.getServiceByName(serviceName);
			} catch (Exception e) {
				  LOG.error( HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName:" + serviceName );
				  throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, e.getMessage() + serviceName, true);
			}
			
			if ( service != null) {
				serviceType = service.getType();
			} else {
			  LOG.error( HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName" + serviceName );
			  throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, "No Service Found for ServiceName" + serviceName, true);
			}
			
			if (vXPolicy.getGrantor() != null) {
				ret.setGrantor(vXPolicy.getGrantor());
			}
			ret.setEnableAudit(Boolean.TRUE);
			
			ret.setIsRecursive(Boolean.FALSE);
			
			ret.setReplaceExistingPermissions(toBooleanReplacePerm(vXPolicy.isReplacePerm()));
		
			Integer assetType = toAssetType(serviceType);
			
			if (assetType == RangerCommonEnums.ASSET_HIVE) {
				
				String database = StringUtils.isEmpty(vXPolicy.getDatabases()) ? "*" : vXPolicy.getDatabases();
				String table    = getTableOrUdf(vXPolicy);
				String column   = StringUtils.isEmpty(vXPolicy.getColumns()) ? "*" : vXPolicy.getColumns();
	
				Map<String, String> mapResource = new HashMap<String, String>();
				mapResource.put("database", database);
				mapResource.put("table", table);
				mapResource.put("column", column);
				ret.setResource(mapResource);
			}
			else if ( assetType == RangerCommonEnums.ASSET_HBASE) {
				
				String tableName = vXPolicy.getTables();
					   tableName = StringUtil.isEmpty(tableName) ? "*" : tableName;
					
				String colFamily = vXPolicy.getColumnFamilies();
					   colFamily = StringUtil.isEmpty(colFamily) ? "*": colFamily;
					
				String qualifier = vXPolicy.getColumns();
					   qualifier = StringUtil.isEmpty(qualifier) ? "*" : qualifier;

				Map<String, String> mapResource = new HashMap<String, String>();
				mapResource.put("table", tableName);
				mapResource.put("column-family", colFamily);
				mapResource.put("column", qualifier);
                                ret.setResource(mapResource);
				
			}
			
			List<VXPermObj> vXPermObjList = vXPolicy.getPermMapList();
			
			if (vXPermObjList != null) {
				for(VXPermObj vXPermObj : vXPermObjList ) {
					boolean delegatedAdmin  = false;
					
					if (vXPermObj.getUserList() != null ) {
						for (String user : vXPermObj.getUserList() ) {
							if ( user.contains(getUserName(user))) {
								ret.getUsers().add(user);
							}
						}
					}
					
					if (vXPermObj.getGroupList() != null) {
						for (String group : vXPermObj.getGroupList()) {
							if ( group.contains(getGroupName(group))) {
								ret.getGroups().add(group);
							}
						}
					}
			
					if(vXPermObj.getPermList() != null) {
						for (String perm : vXPermObj.getPermList()) {
							if ( AppConstants.getEnumFor_XAPermType(perm) != 0 ) {
								if ("Admin".equalsIgnoreCase(perm)) {
									delegatedAdmin=true;
									if (assetType!=null && assetType.intValue() != RangerCommonEnums.ASSET_HBASE) {
										continue;
									}
								}
								ret.getAccessTypes().add(perm);
							}
						}
					}
					
					if (delegatedAdmin) {
						ret.setDelegateAdmin(Boolean.TRUE);	
					} else {
						ret.setDelegateAdmin(Boolean.FALSE);	
					}
				 }
				
			  }
		}
		return ret;

	}
	
	private String getTableOrUdf(VXPolicy vXPolicy) {
		String ret   = null;
		String table = vXPolicy.getTables();
		String udf	 = vXPolicy.getUdfs();
		
		if (!StringUtils.isEmpty(table)) {
				ret = table;
		} else if (!StringUtils.isEmpty(udf)) {
				ret = udf;
		}
		return ret;
	}
	

	public boolean isValidateHttpsAuthentication( String serviceName, HttpServletRequest request) {		
		boolean isValidAuthentication=false;
		boolean httpEnabled = PropertiesUtil.getBooleanProperty("ranger.service.http.enabled",true);
		X509Certificate[] certchain = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
		String ipAddress = request.getHeader("X-FORWARDED-FOR");
		if (ipAddress == null) {
			ipAddress = request.getRemoteAddr();
		}
		boolean isSecure = request.isSecure();

		if (serviceName == null || serviceName.isEmpty()) {			
			LOG.error("ServiceName not provided");
			throw restErrorUtil.createRESTException("Unauthorized access.",
					MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
		}

		RangerService service = null;
		try {
			service = svcStore.getServiceByName(serviceName);
		} catch (Exception e) {
			LOG.error("Requested Service not found. serviceName=" + serviceName);
			throw restErrorUtil.createRESTException("Service:" + serviceName + " not found",
					MessageEnums.DATA_NOT_FOUND);
		}
		if(service==null){
			LOG.error("Requested Service not found. serviceName=" + serviceName);
			throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, RangerServiceNotFoundException.buildExceptionMsg(serviceName),
					false);
		}
		if(!service.getIsEnabled()){
			LOG.error("Requested Service is disabled. serviceName=" + serviceName);
			throw restErrorUtil.createRESTException("Unauthorized access.",
					MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
		}		
		if (!httpEnabled) {
			if (!isSecure) {
				LOG.error("Unauthorized access. Only https is allowed. serviceName=" + serviceName);
				throw restErrorUtil.createRESTException("Unauthorized access -"
						+ " only https allowed",
						MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
			}
			if (certchain == null || certchain.length == 0) {
				LOG.error("Unauthorized access. Unable to get client certificate. serviceName=" + serviceName);
				throw restErrorUtil.createRESTException("Unauthorized access -"
						+ " unable to get client certificate",
						MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
			}

			// Check if common name is found in service config
			Map<String, String> configMap = service.getConfigs();
			String cnFromConfig = configMap.get("commonNameForCertificate");
			if (cnFromConfig == null || "".equals(cnFromConfig.trim())) {
				LOG.error("Unauthorized access. No common name for certificate set. Please check your service config");
				throw restErrorUtil.createRESTException("Unauthorized access. No common name for certificate set. Please check your service config",
						MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);		
			}


			String cnFromConfigForTest = cnFromConfig;
			boolean isRegEx = cnFromConfig.toLowerCase().startsWith(REGEX_PREFIX_STR);
			if (isRegEx) {
				cnFromConfigForTest = cnFromConfig.substring(REGEX_PREFIX_STR_LENGTH);
			}

			// Perform SAN validation
			try {
			    Collection<List<?>> subjectAltNames = certchain[0].getSubjectAlternativeNames();
				if (subjectAltNames != null) {
					for (List<?> sanItem : subjectAltNames) {
						if (sanItem.size() == 2) {
							Integer sanType = (Integer) sanItem.get(0);
							String sanValue = (String) sanItem.get(1);
							if ( (sanType == 2 || sanType == 7) && (matchNames(sanValue, cnFromConfigForTest,isRegEx)) ) {
								if (LOG.isDebugEnabled()) LOG.debug("Client Cert verification successful, matched SAN:" + sanValue);
								isValidAuthentication=true;
								break;
							}
						}
					}
				}
			} catch (Throwable e) {
			    LOG.error("Unauthorized access. Error getting SAN from certificate", e);
				throw restErrorUtil.createRESTException("Unauthorized access - Error getting SAN from client certificate", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);						
			}

			// Perform common name validation only if SAN validation did not succeed
			if (!isValidAuthentication) {
				String commonName = null;
				if (certchain != null) {
					X509Certificate clientCert = certchain[0];
					String dn = clientCert.getSubjectX500Principal().getName();
					try {
						LdapName ln = new LdapName(dn);
						for (Rdn rdn : ln.getRdns()) {
							if ("CN".equalsIgnoreCase(rdn.getType())) {
								commonName = rdn.getValue() + "";
								break;
							}
						}
						if (commonName == null) {
							LOG.error("Unauthorized access. CName is null. serviceName=" + serviceName);
							throw restErrorUtil.createRESTException(
									"Unauthorized access - Unable to find Common Name from ["
											+ dn + "]",
											MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
						}
					} catch (InvalidNameException e) {
						LOG.error("Invalid Common Name. CName=" + commonName + ", serviceName=" + serviceName, e);
						throw restErrorUtil.createRESTException(
								"Unauthorized access - Invalid Common Name",
								MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
					}
				}		
				if (commonName != null) {
					if (matchNames(commonName, cnFromConfigForTest,isRegEx)) {
						if (LOG.isDebugEnabled()) LOG.debug("Client Cert verification successful, matched CN " + commonName + " with " + cnFromConfigForTest + ", wildcard match = " + isRegEx);
						isValidAuthentication=true;
					}

					if (!isValidAuthentication) {
						LOG.error("Unauthorized access. expected [" + cnFromConfigForTest + "], found ["
								+ commonName + "], serviceName=" + serviceName);
						throw restErrorUtil.createRESTException(
								"Unauthorized access. expected [" + cnFromConfigForTest
								+ "], found [" + commonName + "]",
								MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
					}
				}
			}
		} else {
			isValidAuthentication = true;
		}
		return isValidAuthentication;
	}

	public boolean isValidService(String serviceName, HttpServletRequest request){
		boolean isValid = true;
		if (serviceName == null || serviceName.isEmpty()) {
			LOG.error("ServiceName not provided");
			isValid = false;
			throw restErrorUtil.createRESTException("Unauthorized access.",
					MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
		}

		RangerService service = null;
		try {
			if(null != request.getAttribute("downloadPolicy") && StringUtils.equalsIgnoreCase(request.getAttribute("downloadPolicy").toString(), "secure")){
				service = svcStore.getServiceByNameForDP(serviceName);
			}else{
				service = svcStore.getServiceByName(serviceName);
			}
		} catch (Exception e) {
			isValid = false;
			LOG.error("Requested Service not found. serviceName=" + serviceName);
			throw restErrorUtil.createRESTException("Service:" + serviceName + " not found",
					MessageEnums.DATA_NOT_FOUND);
		}
		if(service==null){
			isValid = false;
			LOG.error("Requested Service not found. serviceName=" + serviceName);
			throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, RangerServiceNotFoundException.buildExceptionMsg(serviceName),
					false);
		}
		if(!service.getIsEnabled()){
			isValid = false;
			LOG.error("Requested Service is disabled. serviceName=" + serviceName);
			throw restErrorUtil.createRESTException("Unauthorized access.",
					MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
		}
		return isValid;
	}

   private boolean matchNames(String target, String source, boolean wildcardMatch) {
       boolean matched = false;
       if(target != null && source != null) {
           String names[] = (wildcardMatch ? new String[] { source } : source.split(","));
           for (String n:names) {

               if (wildcardMatch) {
                   if(LOG.isDebugEnabled()) LOG.debug("Wildcard Matching [" + target + "] with [" + n + "]");
            	   if (wildcardMatch(target,n)) {
            		   if(LOG.isDebugEnabled()) LOG.debug("Matched target:" + target + " with " + n);
            		   matched = true;
            		   break;
            	   }            	               	
               } else {
                   if(LOG.isDebugEnabled()) LOG.debug("Matching [" + target + "] with [" + n + "]");
            	   if (target.equalsIgnoreCase(n)) {
            		   if(LOG.isDebugEnabled()) LOG.debug("Matched target:" + target + " with " + n);
            		   matched = true;
            		   break;
            	   }            	
               }
           }
       } else {
    	   if(LOG.isDebugEnabled()) LOG.debug("source=[" + source + "],target=[" + target +"], returning false.");
       }
       return matched;
   }

   private boolean wildcardMatch(String target, String source) {
	   boolean matched = false;
	   if(target != null && source != null) {
		   try {
			   matched = target.matches(source);
		   } catch (Throwable e) {
			   LOG.error("Error doing wildcard match..", e);
		   }
	   } else {
    	   if(LOG.isDebugEnabled()) LOG.debug("source=[" + source + "],target=[" + target +"], returning false.");
       }
	   return matched;
   }

	
	private Boolean toBooleanReplacePerm(boolean isReplacePermission) {
		
		Boolean ret;
		
		if (isReplacePermission) {
			ret = Boolean.TRUE;
		} else {
			ret = Boolean.FALSE;
		}
		return ret;
	}

	private Integer getAssetType(RangerService service, String serviceName) {
		if(service == null || StringUtils.isEmpty(service.getType())) {
			try {
				service = svcStore.getServiceByName(serviceName);
			} catch (Exception e) {
				  LOG.info( HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName:" + serviceName );
				  throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, e.getMessage() + serviceName, true);
			}
		}
		
		String serviceType = service != null ? service.getType() : null;

		Integer assetType = toAssetType(serviceType);
		
		return assetType;
	}

	public List<RangerPolicy> getMatchingPoliciesForResource(HttpServletRequest request,
			List<RangerPolicy> policyLists) {
		List<RangerPolicy> policies = new ArrayList<RangerPolicy>();
		final String serviceTypeForTag = EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME;
		if (request != null) {
			String resource = request.getParameter(SearchFilter.POL_RESOURCE);
			String serviceType = request.getParameter(SearchFilter.SERVICE_TYPE);
			if (!StringUtil.isEmpty(resource) && !StringUtil.isEmpty(serviceType)) {
				List<String> resourceList = null;
				Map<String, RangerPolicy.RangerPolicyResource> rangerPolicyResourceMap = null;
				RangerPolicy.RangerPolicyResource rangerPolicyResource = null;
				for (RangerPolicy rangerPolicy : policyLists) {
					if (rangerPolicy != null) {
						if(serviceTypeForTag.equals(rangerPolicy.getServiceType())) {
							policies.add(rangerPolicy);
						}else {
							rangerPolicyResourceMap = rangerPolicy.getResources();
							if (rangerPolicyResourceMap != null) {
								if (rangerPolicyResourceMap.containsKey("path")) {
									rangerPolicyResource = rangerPolicyResourceMap.get("path");
									if (rangerPolicyResource != null) {
										resourceList = rangerPolicyResource.getValues();
										if (CollectionUtils.isNotEmpty(resourceList) && resourceList.contains(resource)) {
													policies.add(rangerPolicy);
										}
									}
								} else if (rangerPolicyResourceMap.containsKey("database")) {
									rangerPolicyResource = rangerPolicyResourceMap.get("database");
									if (rangerPolicyResource != null) {
										resourceList = rangerPolicyResource.getValues();
										if (CollectionUtils.isNotEmpty(resourceList) && resourceList.contains(resource)) {
													policies.add(rangerPolicy);
										}
									}
								}
							}
						}
					}
				}
				policyLists.clear();
				if (CollectionUtils.isNotEmpty(policies)) {
					policyLists.addAll(policies);
				}
			}
		}
		return policyLists;
	}
}