package org.apache.hadoop.hive.ql.security.authorization;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hive.metastore.api.Database;
import org.apache.hadoop.hive.metastore.api.HiveObjectType;
import org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet;
import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo;
import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.metadata.Partition;
import org.apache.hadoop.hive.ql.metadata.Table;

/* loaded from: input_file:org/apache/hadoop/hive/ql/security/authorization/BitSetCheckedAuthorizationProvider.class */
public abstract class BitSetCheckedAuthorizationProvider extends HiveAuthorizationProviderBase {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/hadoop/hive/ql/security/authorization/BitSetCheckedAuthorizationProvider$BitSetChecker.class */
    public static class BitSetChecker {
        boolean[] inputCheck = null;
        boolean[] outputCheck = null;

        BitSetChecker() {
        }

        public static BitSetChecker getBitSetChecker(Privilege[] privilegeArr, Privilege[] privilegeArr2) {
            BitSetChecker bitSetChecker = new BitSetChecker();
            if (privilegeArr != null) {
                bitSetChecker.inputCheck = new boolean[privilegeArr.length];
                for (int i = 0; i < bitSetChecker.inputCheck.length; i++) {
                    bitSetChecker.inputCheck[i] = false;
                }
            }
            if (privilegeArr2 != null) {
                bitSetChecker.outputCheck = new boolean[privilegeArr2.length];
                for (int i2 = 0; i2 < bitSetChecker.outputCheck.length; i2++) {
                    bitSetChecker.outputCheck[i2] = false;
                }
            }
            return bitSetChecker;
        }
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider
    public void authorize(Privilege[] privilegeArr, Privilege[] privilegeArr2) throws HiveException, AuthorizationException {
        BitSetChecker bitSetChecker = BitSetChecker.getBitSetChecker(privilegeArr, privilegeArr2);
        boolean[] zArr = bitSetChecker.inputCheck;
        boolean[] zArr2 = bitSetChecker.outputCheck;
        authorizeUserPriv(privilegeArr, zArr, privilegeArr2, zArr2);
        checkAndThrowAuthorizationException(privilegeArr, privilegeArr2, zArr, zArr2, null, null, null, null);
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider
    public void authorize(Path path, Privilege[] privilegeArr, Privilege[] privilegeArr2) throws HiveException, AuthorizationException {
        BitSetChecker bitSetChecker = BitSetChecker.getBitSetChecker(privilegeArr, privilegeArr2);
        boolean[] zArr = bitSetChecker.inputCheck;
        boolean[] zArr2 = bitSetChecker.outputCheck;
        authorizeUserPriv(privilegeArr, zArr, privilegeArr2, zArr2);
        checkAndThrowAuthorizationException(privilegeArr, privilegeArr2, zArr, zArr2, null, null, null, null);
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider
    public void authorize(Database database, Privilege[] privilegeArr, Privilege[] privilegeArr2) throws HiveException, AuthorizationException {
        BitSetChecker bitSetChecker = BitSetChecker.getBitSetChecker(privilegeArr, privilegeArr2);
        boolean[] zArr = bitSetChecker.inputCheck;
        boolean[] zArr2 = bitSetChecker.outputCheck;
        authorizeUserAndDBPriv(database, privilegeArr, privilegeArr2, zArr, zArr2);
        checkAndThrowAuthorizationException(privilegeArr, privilegeArr2, zArr, zArr2, database.getName(), null, null, null);
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider
    public void authorize(Table table, Privilege[] privilegeArr, Privilege[] privilegeArr2) throws HiveException {
        BitSetChecker bitSetChecker = BitSetChecker.getBitSetChecker(privilegeArr, privilegeArr2);
        boolean[] zArr = bitSetChecker.inputCheck;
        boolean[] zArr2 = bitSetChecker.outputCheck;
        authorizeUserDBAndTable(table, privilegeArr, privilegeArr2, zArr, zArr2);
        checkAndThrowAuthorizationException(privilegeArr, privilegeArr2, zArr, zArr2, table.getDbName(), table.getTableName(), null, null);
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider
    public void authorize(Partition partition, Privilege[] privilegeArr, Privilege[] privilegeArr2) throws HiveException {
        Table table = partition.getTable();
        if (table.getParameters().get("PARTITION_LEVEL_PRIVILEGE") == null || "FALSE".equalsIgnoreCase(table.getParameters().get("PARTITION_LEVEL_PRIVILEGE"))) {
            authorize(partition.getTable(), privilegeArr, privilegeArr2);
            return;
        }
        BitSetChecker bitSetChecker = BitSetChecker.getBitSetChecker(privilegeArr, privilegeArr2);
        boolean[] zArr = bitSetChecker.inputCheck;
        boolean[] zArr2 = bitSetChecker.outputCheck;
        if (authorizeUserDbAndPartition(partition, privilegeArr, privilegeArr2, zArr, zArr2)) {
            return;
        }
        checkAndThrowAuthorizationException(privilegeArr, privilegeArr2, zArr, zArr2, partition.getTable().getDbName(), partition.getTable().getTableName(), partition.getName(), null);
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider
    public void authorize(Table table, Partition partition, List<String> list, Privilege[] privilegeArr, Privilege[] privilegeArr2) throws HiveException {
        BitSetChecker bitSetChecker = BitSetChecker.getBitSetChecker(privilegeArr, privilegeArr2);
        boolean[] zArr = bitSetChecker.inputCheck;
        boolean[] zArr2 = bitSetChecker.outputCheck;
        String str = null;
        List<String> list2 = null;
        if (partition != null && table.getParameters().get("PARTITION_LEVEL_PRIVILEGE") != null && "TRUE".equalsIgnoreCase(table.getParameters().get("PARTITION_LEVEL_PRIVILEGE"))) {
            str = partition.getName();
            list2 = partition.getValues();
        }
        if (list2 == null) {
            if (authorizeUserDBAndTable(table, privilegeArr, privilegeArr2, zArr, zArr2)) {
                return;
            }
        } else if (authorizeUserDbAndPartition(partition, privilegeArr, privilegeArr2, zArr, zArr2)) {
            return;
        }
        for (String str2 : list) {
            BitSetChecker bitSetChecker2 = BitSetChecker.getBitSetChecker(privilegeArr, privilegeArr2);
            boolean[] zArr3 = bitSetChecker2.inputCheck;
            boolean[] zArr4 = bitSetChecker2.outputCheck;
            authorizePrivileges(this.hive_db.get_privilege_set(HiveObjectType.COLUMN, table.getDbName(), table.getTableName(), list2, str2, getAuthenticator().getUserName(), getAuthenticator().getGroupNames()), privilegeArr, zArr3, privilegeArr2, zArr4);
            if (zArr3 != null) {
                booleanArrayOr(zArr3, zArr);
            }
            if (zArr4 != null) {
                booleanArrayOr(zArr3, zArr);
            }
            checkAndThrowAuthorizationException(privilegeArr, privilegeArr2, zArr3, zArr4, table.getDbName(), table.getTableName(), str, str2);
        }
    }

    protected boolean authorizeUserPriv(Privilege[] privilegeArr, boolean[] zArr, Privilege[] privilegeArr2, boolean[] zArr2) throws HiveException {
        return authorizePrivileges(this.hive_db.get_privilege_set(HiveObjectType.GLOBAL, null, null, null, null, getAuthenticator().getUserName(), getAuthenticator().getGroupNames()), privilegeArr, zArr, privilegeArr2, zArr2);
    }

    private boolean authorizeUserAndDBPriv(Database database, Privilege[] privilegeArr, Privilege[] privilegeArr2, boolean[] zArr, boolean[] zArr2) throws HiveException {
        return authorizeUserPriv(privilegeArr, zArr, privilegeArr2, zArr2) || authorizePrivileges(this.hive_db.get_privilege_set(HiveObjectType.DATABASE, database.getName(), null, null, null, getAuthenticator().getUserName(), getAuthenticator().getGroupNames()), privilegeArr, zArr, privilegeArr2, zArr2);
    }

    private boolean authorizeUserDBAndTable(Table table, Privilege[] privilegeArr, Privilege[] privilegeArr2, boolean[] zArr, boolean[] zArr2) throws HiveException {
        return authorizeUserAndDBPriv(this.hive_db.getDatabase(table.getDbName()), privilegeArr, privilegeArr2, zArr, zArr2) || authorizePrivileges(this.hive_db.get_privilege_set(HiveObjectType.TABLE, table.getDbName(), table.getTableName(), null, null, getAuthenticator().getUserName(), getAuthenticator().getGroupNames()), privilegeArr, zArr, privilegeArr2, zArr2);
    }

    private boolean authorizeUserDbAndPartition(Partition partition, Privilege[] privilegeArr, Privilege[] privilegeArr2, boolean[] zArr, boolean[] zArr2) throws HiveException {
        if (authorizeUserAndDBPriv(this.hive_db.getDatabase(partition.getTable().getDbName()), privilegeArr, privilegeArr2, zArr, zArr2)) {
            return true;
        }
        PrincipalPrivilegeSet privileges = partition.getTPartition().getPrivileges();
        if (privileges == null) {
            privileges = this.hive_db.get_privilege_set(HiveObjectType.PARTITION, partition.getTable().getDbName(), partition.getTable().getTableName(), partition.getValues(), null, getAuthenticator().getUserName(), getAuthenticator().getGroupNames());
        }
        return authorizePrivileges(privileges, privilegeArr, zArr, privilegeArr2, zArr2);
    }

    protected boolean authorizePrivileges(PrincipalPrivilegeSet principalPrivilegeSet, Privilege[] privilegeArr, boolean[] zArr, Privilege[] privilegeArr2, boolean[] zArr2) throws HiveException {
        boolean z = true;
        if (privilegeArr != null) {
            z = 1 != 0 && matchPrivs(privilegeArr, principalPrivilegeSet, zArr);
        }
        if (privilegeArr2 != null) {
            z = z && matchPrivs(privilegeArr2, principalPrivilegeSet, zArr2);
        }
        return z;
    }

    private boolean matchPrivs(Privilege[] privilegeArr, PrincipalPrivilegeSet principalPrivilegeSet, boolean[] zArr) {
        List<String> privilegeStringList;
        List<String> privilegeStringList2;
        List<String> privilegeStringList3;
        if (privilegeArr == null) {
            return true;
        }
        if (principalPrivilegeSet == null) {
            return false;
        }
        HashSet hashSet = new HashSet();
        if (principalPrivilegeSet.getUserPrivileges() != null && principalPrivilegeSet.getUserPrivileges().size() > 0 && (privilegeStringList3 = getPrivilegeStringList(principalPrivilegeSet.getUserPrivileges().values())) != null && privilegeStringList3.size() > 0) {
            for (String str : privilegeStringList3) {
                if (str != null && !str.trim().equals("")) {
                    if (str.equalsIgnoreCase(Privilege.ALL.toString())) {
                        setBooleanArray(zArr, true);
                        return true;
                    }
                    hashSet.add(str.toLowerCase());
                }
            }
        }
        if (principalPrivilegeSet.getGroupPrivileges() != null && principalPrivilegeSet.getGroupPrivileges().size() > 0 && (privilegeStringList2 = getPrivilegeStringList(principalPrivilegeSet.getGroupPrivileges().values())) != null && privilegeStringList2.size() > 0) {
            for (String str2 : privilegeStringList2) {
                if (str2 != null && !str2.trim().equals("")) {
                    if (str2.equalsIgnoreCase(Privilege.ALL.toString())) {
                        setBooleanArray(zArr, true);
                        return true;
                    }
                    hashSet.add(str2.toLowerCase());
                }
            }
        }
        if (principalPrivilegeSet.getRolePrivileges() != null && principalPrivilegeSet.getRolePrivileges().size() > 0 && (privilegeStringList = getPrivilegeStringList(principalPrivilegeSet.getRolePrivileges().values())) != null && privilegeStringList.size() > 0) {
            for (String str3 : privilegeStringList) {
                if (str3 != null && !str3.trim().equals("")) {
                    if (str3.equalsIgnoreCase(Privilege.ALL.toString())) {
                        setBooleanArray(zArr, true);
                        return true;
                    }
                    hashSet.add(str3.toLowerCase());
                }
            }
        }
        for (int i = 0; i < privilegeArr.length; i++) {
            String privilege = privilegeArr[i].toString();
            if (!zArr[i]) {
                zArr[i] = hashSet.contains(privilege.toLowerCase());
            }
        }
        return firstFalseIndex(zArr) < 0;
    }

    private List<String> getPrivilegeStringList(Collection<List<PrivilegeGrantInfo>> collection) {
        ArrayList arrayList = new ArrayList();
        if (collection != null && collection.size() > 0) {
            for (List<PrivilegeGrantInfo> list : collection) {
                if (list != null) {
                    for (int i = 0; i < list.size(); i++) {
                        arrayList.add(list.get(i).getPrivilege());
                    }
                }
            }
        }
        return arrayList;
    }

    private static void setBooleanArray(boolean[] zArr, boolean z) {
        for (int i = 0; i < zArr.length; i++) {
            zArr[i] = z;
        }
    }

    private static void booleanArrayOr(boolean[] zArr, boolean[] zArr2) {
        for (int i = 0; i < zArr.length && i < zArr2.length; i++) {
            zArr[i] = zArr[i] || zArr2[i];
        }
    }

    private void checkAndThrowAuthorizationException(Privilege[] privilegeArr, Privilege[] privilegeArr2, boolean[] zArr, boolean[] zArr2, String str, String str2, String str3, String str4) {
        String str5;
        int firstFalseIndex;
        int firstFalseIndex2;
        str5 = "{ ";
        str5 = str != null ? str5 + "database:" + str : "{ ";
        if (str2 != null) {
            str5 = str5 + ", table:" + str2;
        }
        if (str3 != null) {
            str5 = str5 + ", partitionName:" + str3;
        }
        if (str4 != null) {
            str5 = str5 + ", columnName:" + str4;
        }
        String str6 = str5 + "}";
        if (zArr != null && (firstFalseIndex2 = firstFalseIndex(zArr)) >= 0) {
            throw new AuthorizationException("No privilege '" + privilegeArr[firstFalseIndex2].toString() + "' found for inputs " + str6);
        }
        if (zArr2 != null && (firstFalseIndex = firstFalseIndex(zArr2)) >= 0) {
            throw new AuthorizationException("No privilege '" + privilegeArr2[firstFalseIndex].toString() + "' found for outputs " + str6);
        }
    }

    private int firstFalseIndex(boolean[] zArr) {
        if (zArr == null) {
            return -1;
        }
        for (int i = 0; i < zArr.length; i++) {
            if (!zArr[i]) {
                return i;
            }
        }
        return -1;
    }
}
