package org.apache.sentry.binding.metastore;

import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.login.LoginException;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.MetaStorePreEventListener;
import org.apache.hadoop.hive.metastore.api.InvalidOperationException;
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.hive.metastore.api.NoSuchObjectException;
import org.apache.hadoop.hive.metastore.api.Partition;
import org.apache.hadoop.hive.metastore.api.StorageDescriptor;
import org.apache.hadoop.hive.metastore.events.PreAddPartitionEvent;
import org.apache.hadoop.hive.metastore.events.PreAlterPartitionEvent;
import org.apache.hadoop.hive.metastore.events.PreAlterTableEvent;
import org.apache.hadoop.hive.metastore.events.PreCreateDatabaseEvent;
import org.apache.hadoop.hive.metastore.events.PreCreateTableEvent;
import org.apache.hadoop.hive.metastore.events.PreDropDatabaseEvent;
import org.apache.hadoop.hive.metastore.events.PreDropPartitionEvent;
import org.apache.hadoop.hive.metastore.events.PreDropTableEvent;
import org.apache.hadoop.hive.metastore.events.PreEventContext;
import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.hadoop.hive.shims.Utils;
import org.apache.sentry.SentryUserException;
import org.apache.sentry.binding.hive.authz.HiveAuthzBinding;
import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.common.utils.PathUtils;
import org.apache.sentry.core.model.db.AccessURI;
import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.apache.sentry.core.model.db.Database;
import org.apache.sentry.core.model.db.Server;
import org.apache.sentry.core.model.db.Table;

/* loaded from: input_file:org/apache/sentry/binding/metastore/MetastoreAuthzBinding.class */
public class MetastoreAuthzBinding extends MetaStorePreEventListener {
    private HiveAuthzConf authzConf;
    private final Server authServer;
    private final HiveConf hiveConf;
    private final ImmutableSet<String> serviceUsers;
    private HiveAuthzBinding hiveAuthzBinding;
    private final String warehouseDir;
    private static boolean sentryCacheOutOfSync = false;

    /* renamed from: org.apache.sentry.binding.metastore.MetastoreAuthzBinding$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/sentry/binding/metastore/MetastoreAuthzBinding$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType = new int[PreEventContext.PreEventType.values().length];

        static {
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.CREATE_TABLE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.DROP_TABLE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.ALTER_TABLE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.ADD_PARTITION.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.DROP_PARTITION.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.ALTER_PARTITION.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.CREATE_DATABASE.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.DROP_DATABASE.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.LOAD_PARTITION_DONE.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/sentry/binding/metastore/MetastoreAuthzBinding$HierarcyBuilder.class */
    public static class HierarcyBuilder {
        private List<List<DBModelAuthorizable>> authHierarchy = new ArrayList();

        public HierarcyBuilder addServerToOutput(Server server) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(server);
            this.authHierarchy.add(arrayList);
            return this;
        }

        public HierarcyBuilder addDbToOutput(Server server, String str) {
            ArrayList arrayList = new ArrayList();
            addServerToOutput(server);
            arrayList.add(server);
            arrayList.add(new Database(str));
            this.authHierarchy.add(arrayList);
            return this;
        }

        public HierarcyBuilder addUriToOutput(Server server, String str, String str2) throws MetaException {
            ArrayList arrayList = new ArrayList();
            addServerToOutput(server);
            arrayList.add(server);
            try {
                arrayList.add(new AccessURI(PathUtils.parseDFSURI(str2, str)));
                this.authHierarchy.add(arrayList);
                return this;
            } catch (URISyntaxException e) {
                throw new MetaException("Error paring the URI " + e.getMessage());
            }
        }

        public HierarcyBuilder addTableToOutput(Server server, String str, String str2) {
            ArrayList arrayList = new ArrayList();
            addDbToOutput(server, str);
            arrayList.add(server);
            arrayList.add(new Database(str));
            arrayList.add(new Table(str2));
            this.authHierarchy.add(arrayList);
            return this;
        }

        public List<List<DBModelAuthorizable>> build() {
            return this.authHierarchy;
        }
    }

    public MetastoreAuthzBinding(Configuration configuration) throws Exception {
        super(configuration);
        String str = configuration.get(HiveAuthzConf.HIVE_SENTRY_CONF_URL);
        if (str != null) {
            String trim = str.trim();
            str = trim;
            if (!trim.isEmpty()) {
                try {
                    this.authzConf = new HiveAuthzConf(new URL(str));
                    this.hiveConf = new HiveConf(configuration, getClass());
                    this.authServer = new Server(this.authzConf.get(HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME.getVar()));
                    this.serviceUsers = ImmutableSet.copyOf(toTrimedLower(Sets.newHashSet(this.authzConf.getStrings(HiveAuthzConf.AuthzConfVars.AUTHZ_METASTORE_SERVICE_USERS.getVar(), new String[]{""}))));
                    this.warehouseDir = this.hiveConf.getVar(HiveConf.ConfVars.METASTOREWAREHOUSE);
                    return;
                } catch (MalformedURLException e) {
                    throw new IllegalArgumentException("Configuration key hive.sentry.conf.url specifies a malformed URL '" + str + "'", e);
                }
            }
        }
        throw new IllegalArgumentException("Configuration key hive.sentry.conf.url value '" + str + "' is invalid.");
    }

    public void onEvent(PreEventContext preEventContext) throws MetaException, NoSuchObjectException, InvalidOperationException {
        if (needsAuthorization(getUserName())) {
            switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[preEventContext.getEventType().ordinal()]) {
                case 1:
                    authorizeCreateTable((PreCreateTableEvent) preEventContext);
                    return;
                case 2:
                    authorizeDropTable((PreDropTableEvent) preEventContext);
                    return;
                case 3:
                    authorizeAlterTable((PreAlterTableEvent) preEventContext);
                    return;
                case 4:
                    authorizeAddPartition((PreAddPartitionEvent) preEventContext);
                    return;
                case 5:
                    authorizeDropPartition((PreDropPartitionEvent) preEventContext);
                    return;
                case 6:
                    authorizeAlterPartition((PreAlterPartitionEvent) preEventContext);
                    return;
                case 7:
                    authorizeCreateDatabase((PreCreateDatabaseEvent) preEventContext);
                    return;
                case 8:
                    authorizeDropDatabase((PreDropDatabaseEvent) preEventContext);
                    return;
                case 9:
                default:
                    return;
            }
        }
    }

    private void authorizeCreateDatabase(PreCreateDatabaseEvent preCreateDatabaseEvent) throws InvalidOperationException, MetaException {
        authorizeMetastoreAccess(HiveOperation.CREATEDATABASE, new HierarcyBuilder().addServerToOutput(getAuthServer()).build(), new HierarcyBuilder().addServerToOutput(getAuthServer()).build());
    }

    private void authorizeDropDatabase(PreDropDatabaseEvent preDropDatabaseEvent) throws InvalidOperationException, MetaException {
        authorizeMetastoreAccess(HiveOperation.DROPDATABASE, new HierarcyBuilder().addDbToOutput(getAuthServer(), preDropDatabaseEvent.getDatabase().getName()).build(), new HierarcyBuilder().addDbToOutput(getAuthServer(), preDropDatabaseEvent.getDatabase().getName()).build());
    }

    private void authorizeCreateTable(PreCreateTableEvent preCreateTableEvent) throws InvalidOperationException, MetaException {
        HierarcyBuilder hierarcyBuilder = new HierarcyBuilder();
        hierarcyBuilder.addDbToOutput(getAuthServer(), preCreateTableEvent.getTable().getDbName());
        HierarcyBuilder hierarcyBuilder2 = new HierarcyBuilder();
        hierarcyBuilder2.addDbToOutput(getAuthServer(), preCreateTableEvent.getTable().getDbName());
        if (!StringUtils.isEmpty(preCreateTableEvent.getTable().getSd().getLocation())) {
            try {
                hierarcyBuilder.addUriToOutput(getAuthServer(), PathUtils.parseDFSURI(this.warehouseDir, getSdLocation(preCreateTableEvent.getTable().getSd())), this.warehouseDir);
            } catch (URISyntaxException e) {
                throw new MetaException(e.getMessage());
            }
        }
        authorizeMetastoreAccess(HiveOperation.CREATETABLE, hierarcyBuilder.build(), hierarcyBuilder2.build());
    }

    private void authorizeDropTable(PreDropTableEvent preDropTableEvent) throws InvalidOperationException, MetaException {
        authorizeMetastoreAccess(HiveOperation.DROPTABLE, new HierarcyBuilder().addTableToOutput(getAuthServer(), preDropTableEvent.getTable().getDbName(), preDropTableEvent.getTable().getTableName()).build(), new HierarcyBuilder().addTableToOutput(getAuthServer(), preDropTableEvent.getTable().getDbName(), preDropTableEvent.getTable().getTableName()).build());
    }

    private void authorizeAlterTable(PreAlterTableEvent preAlterTableEvent) throws InvalidOperationException, MetaException {
        HiveOperation hiveOperation = HiveOperation.ALTERTABLE_ADDCOLS;
        HierarcyBuilder hierarcyBuilder = new HierarcyBuilder();
        hierarcyBuilder.addTableToOutput(getAuthServer(), preAlterTableEvent.getOldTable().getDbName(), preAlterTableEvent.getOldTable().getTableName());
        HierarcyBuilder hierarcyBuilder2 = new HierarcyBuilder();
        hierarcyBuilder2.addTableToOutput(getAuthServer(), preAlterTableEvent.getOldTable().getDbName(), preAlterTableEvent.getOldTable().getTableName());
        try {
            String parseDFSURI = PathUtils.parseDFSURI(this.warehouseDir, getSdLocation(preAlterTableEvent.getOldTable().getSd()));
            String parseDFSURI2 = PathUtils.parseDFSURI(this.warehouseDir, getSdLocation(preAlterTableEvent.getNewTable().getSd()));
            if (parseDFSURI.compareTo(parseDFSURI2) != 0) {
                hierarcyBuilder2.addUriToOutput(getAuthServer(), parseDFSURI2, this.warehouseDir);
                hiveOperation = HiveOperation.ALTERTABLE_LOCATION;
            }
            authorizeMetastoreAccess(hiveOperation, hierarcyBuilder.build(), hierarcyBuilder2.build());
        } catch (URISyntaxException e) {
            throw new MetaException(e.getMessage());
        }
    }

    private void authorizeAddPartition(PreAddPartitionEvent preAddPartitionEvent) throws InvalidOperationException, MetaException, NoSuchObjectException {
        for (Partition partition : preAddPartitionEvent.getPartitions()) {
            HierarcyBuilder hierarcyBuilder = new HierarcyBuilder();
            hierarcyBuilder.addTableToOutput(getAuthServer(), partition.getDbName(), partition.getTableName());
            HierarcyBuilder hierarcyBuilder2 = new HierarcyBuilder();
            hierarcyBuilder2.addTableToOutput(getAuthServer(), partition.getDbName(), partition.getTableName());
            String location = partition.isSetSd() ? partition.getSd().getLocation() : null;
            if (!StringUtils.isEmpty(location)) {
                String location2 = preAddPartitionEvent.getHandler().get_table(partition.getDbName(), partition.getTableName()).getSd().getLocation();
                try {
                    String parseDFSURI = PathUtils.parseDFSURI(this.warehouseDir, partition.getSd().getLocation());
                    if (!location.equals(location2) && !location.startsWith(location2 + File.separator)) {
                        hierarcyBuilder2.addUriToOutput(getAuthServer(), parseDFSURI, this.warehouseDir);
                    }
                } catch (URISyntaxException e) {
                    throw new MetaException(e.getMessage());
                }
            }
            authorizeMetastoreAccess(HiveOperation.ALTERTABLE_ADDPARTS, hierarcyBuilder.build(), hierarcyBuilder2.build());
        }
    }

    private void authorizeDropPartition(PreDropPartitionEvent preDropPartitionEvent) throws InvalidOperationException, MetaException {
        authorizeMetastoreAccess(HiveOperation.ALTERTABLE_DROPPARTS, new HierarcyBuilder().addTableToOutput(getAuthServer(), ((Partition) preDropPartitionEvent.getPartitionIterator().next()).getDbName(), ((Partition) preDropPartitionEvent.getPartitionIterator().next()).getTableName()).build(), new HierarcyBuilder().addTableToOutput(getAuthServer(), ((Partition) preDropPartitionEvent.getPartitionIterator().next()).getDbName(), ((Partition) preDropPartitionEvent.getPartitionIterator().next()).getTableName()).build());
    }

    private void authorizeAlterPartition(PreAlterPartitionEvent preAlterPartitionEvent) throws InvalidOperationException, MetaException {
        HierarcyBuilder addTableToOutput = new HierarcyBuilder().addTableToOutput(getAuthServer(), preAlterPartitionEvent.getDbName(), preAlterPartitionEvent.getTableName());
        HierarcyBuilder addTableToOutput2 = new HierarcyBuilder().addTableToOutput(getAuthServer(), preAlterPartitionEvent.getDbName(), preAlterPartitionEvent.getTableName());
        String sdLocation = getSdLocation(preAlterPartitionEvent.getNewPartition().getSd());
        if (!StringUtils.isEmpty(sdLocation)) {
            try {
                addTableToOutput2.addUriToOutput(getAuthServer(), PathUtils.parseDFSURI(this.warehouseDir, sdLocation), this.warehouseDir);
            } catch (URISyntaxException e) {
                throw new MetaException(e.getMessage());
            }
        }
        authorizeMetastoreAccess(HiveOperation.ALTERPARTITION_LOCATION, addTableToOutput.build(), addTableToOutput2.build());
    }

    private InvalidOperationException invalidOperationException(Exception exc) {
        InvalidOperationException invalidOperationException = new InvalidOperationException(exc.getMessage());
        invalidOperationException.initCause(exc.getCause());
        return invalidOperationException;
    }

    private void authorizeMetastoreAccess(HiveOperation hiveOperation, List<List<DBModelAuthorizable>> list, List<List<DBModelAuthorizable>> list2) throws InvalidOperationException {
        if (isSentryCacheOutOfSync()) {
            throw invalidOperationException(new SentryUserException("Metastore/Sentry cache is out of sync"));
        }
        try {
            getHiveAuthzBinding().authorize(hiveOperation, HiveAuthzPrivilegesMap.getHiveAuthzPrivileges(hiveOperation), new Subject(getUserName()), list, list2);
        } catch (IOException e) {
            throw invalidOperationException(e);
        } catch (LoginException e2) {
            throw invalidOperationException(e2);
        } catch (Exception e3) {
            throw invalidOperationException(e3);
        } catch (AuthorizationException e4) {
            throw invalidOperationException(e4);
        }
    }

    public Server getAuthServer() {
        return this.authServer;
    }

    private boolean needsAuthorization(String str) {
        return !this.serviceUsers.contains(str);
    }

    private static Set<String> toTrimedLower(Set<String> set) {
        HashSet newHashSet = Sets.newHashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            newHashSet.add(it.next().trim().toLowerCase());
        }
        return newHashSet;
    }

    private HiveAuthzBinding getHiveAuthzBinding() throws Exception {
        if (this.hiveAuthzBinding == null) {
            this.hiveAuthzBinding = new HiveAuthzBinding(HiveAuthzBinding.HiveHook.HiveMetaStore, this.hiveConf, this.authzConf);
        }
        return this.hiveAuthzBinding;
    }

    private String getUserName() throws MetaException {
        try {
            return Utils.getUGI().getShortUserName();
        } catch (IOException e) {
            throw new MetaException("Failed to get username " + e.getMessage());
        } catch (LoginException e2) {
            throw new MetaException("Failed to get username " + e2.getMessage());
        }
    }

    private String getSdLocation(StorageDescriptor storageDescriptor) {
        return storageDescriptor == null ? "" : storageDescriptor.getLocation();
    }

    public static boolean isSentryCacheOutOfSync() {
        return sentryCacheOutOfSync;
    }

    public static void setSentryCacheOutOfSync(boolean z) {
        sentryCacheOutOfSync = z;
    }
}
