package org.apache.sentry.provider.db.service.thrift;

import com.codahale.metrics.Timer;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Splitter;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;
import org.apache.hadoop.conf.Configuration;
import org.apache.sentry.SentryUserException;
import org.apache.sentry.provider.common.GroupMappingService;
import org.apache.sentry.provider.db.SentryAccessDeniedException;
import org.apache.sentry.provider.db.SentryAlreadyExistsException;
import org.apache.sentry.provider.db.SentryInvalidInputException;
import org.apache.sentry.provider.db.SentryNoSuchObjectException;
import org.apache.sentry.provider.db.SentryPolicyStorePlugin;
import org.apache.sentry.provider.db.SentryThriftAPIMismatchException;
import org.apache.sentry.provider.db.log.entity.JsonLogEntity;
import org.apache.sentry.provider.db.log.entity.JsonLogEntityFactory;
import org.apache.sentry.provider.db.log.util.Constants;
import org.apache.sentry.provider.db.service.persistent.CommitContext;
import org.apache.sentry.provider.db.service.persistent.HAContext;
import org.apache.sentry.provider.db.service.persistent.SentryStore;
import org.apache.sentry.provider.db.service.persistent.ServiceRegister;
import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants;
import org.apache.sentry.provider.db.service.thrift.SentryMetrics;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyService;
import org.apache.sentry.service.thrift.ServiceConstants;
import org.apache.sentry.service.thrift.Status;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.class */
public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
    private static final Logger LOGGER = LoggerFactory.getLogger(SentryPolicyStoreProcessor.class);
    private static final Logger AUDIT_LOGGER = LoggerFactory.getLogger(Constants.AUDIT_LOGGER_NAME);
    public static final String SENTRY_POLICY_SERVICE_NAME = "SentryPolicyService";
    public static volatile SentryPolicyStoreProcessor instance;
    private final String name;
    private final Configuration conf;
    private final SentryStore sentryStore;
    private final NotificationHandlerInvoker notificationHandlerInvoker;
    private final ImmutableSet<String> adminGroups;
    private boolean isReady;
    SentryMetrics sentryMetrics;
    private HAContext haContext;
    private List<SentryPolicyStorePlugin> sentryPlugins = new LinkedList();

    public SentryPolicyStoreProcessor(String str, Configuration configuration) throws Exception {
        this.name = str;
        this.conf = configuration;
        this.notificationHandlerInvoker = new NotificationHandlerInvoker(configuration, createHandlers(configuration));
        this.isReady = false;
        if (configuration.getBoolean("sentry.ha.enabled", false)) {
            this.haContext = HAContext.getHAServerContext(configuration);
            this.sentryStore = new SentryStore(configuration);
            new ServiceRegister(this.haContext).regService(configuration.get(ServiceConstants.ServerConfig.RPC_ADDRESS), configuration.getInt(ServiceConstants.ServerConfig.RPC_PORT, 8038));
        } else {
            this.sentryStore = new SentryStore(configuration);
        }
        this.isReady = true;
        this.adminGroups = ImmutableSet.copyOf(toTrimedLower(Sets.newHashSet(configuration.getStrings(ServiceConstants.ServerConfig.ADMIN_GROUPS, new String[0]))));
        for (String str2 : ServiceConstants.ConfUtilties.CLASS_SPLITTER.split(configuration.get(ServiceConstants.ServerConfig.SENTRY_POLICY_STORE_PLUGINS, "").trim())) {
            Class classByName = configuration.getClassByName(str2);
            if (!SentryPolicyStorePlugin.class.isAssignableFrom(classByName)) {
                throw new IllegalArgumentException("Sentry Plugin [" + str2 + "] is not a " + SentryPolicyStorePlugin.class.getName());
            }
            SentryPolicyStorePlugin sentryPolicyStorePlugin = (SentryPolicyStorePlugin) classByName.newInstance();
            sentryPolicyStorePlugin.initialize(configuration, this.sentryStore);
            this.sentryPlugins.add(sentryPolicyStorePlugin);
        }
        if (instance == null) {
            instance = this;
        }
        initMetrics();
    }

    private void initMetrics() {
        this.sentryMetrics = SentryMetrics.getInstance();
        this.sentryMetrics.addSentryStoreGauges(this.sentryStore);
        String str = this.conf.get(ServiceConstants.ServerConfig.SENTRY_REPORTER);
        if (str != null) {
            try {
                this.sentryMetrics.initReporting(SentryMetrics.Reporting.valueOf(str.toUpperCase()));
            } catch (IllegalArgumentException e) {
                LOGGER.warn("Metrics reporting not configured correctly, please set sentry.service.reporter to: " + ServiceConstants.ServerConfig.SENTRY_REPORTER_CONSOLE + "/" + ServiceConstants.ServerConfig.SENTRY_REPORTER_JMX);
            }
        }
    }

    public void stop() {
        if (this.isReady) {
            this.sentryStore.stop();
        }
        if (this.haContext != null) {
            try {
                this.haContext.getCuratorFramework().close();
            } catch (Exception e) {
                LOGGER.warn("Error in stopping processor", e);
            }
        }
    }

    public void registerPlugin(SentryPolicyStorePlugin sentryPolicyStorePlugin) throws SentryPolicyStorePlugin.SentryPluginException {
        sentryPolicyStorePlugin.initialize(this.conf, this.sentryStore);
        this.sentryPlugins.add(sentryPolicyStorePlugin);
    }

    @VisibleForTesting
    static List<NotificationHandler> createHandlers(Configuration configuration) throws SentryConfigurationException {
        ArrayList newArrayList = Lists.newArrayList();
        for (String str : Splitter.onPattern("[\\s,]").trimResults().omitEmptyStrings().split(configuration.get(PolicyStoreConstants.PolicyStoreServerConfig.NOTIFICATION_HANDLERS, ""))) {
            try {
                Class<?> cls = Class.forName(str);
                if (!NotificationHandler.class.isAssignableFrom(cls)) {
                    throw new SentryConfigurationException("Class " + str + " is not a " + NotificationHandler.class.getName());
                }
                Preconditions.checkNotNull(cls, "Error class cannot be null");
                try {
                    newArrayList.add((NotificationHandler) cls.getConstructor(Configuration.class).newInstance(configuration));
                } catch (Exception e) {
                    throw new SentryConfigurationException("Error attempting to create " + str, e);
                }
            } catch (ClassNotFoundException e2) {
                throw new SentryConfigurationException("Value " + str + " is not a class", e2);
            }
        }
        return newArrayList;
    }

    @VisibleForTesting
    public Configuration getSentryStoreConf() {
        return this.conf;
    }

    private static Set<String> toTrimedLower(Set<String> set) {
        HashSet newHashSet = Sets.newHashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            newHashSet.add(it.next().trim().toLowerCase());
        }
        return newHashSet;
    }

    private boolean inAdminGroups(Set<String> set) {
        return !Sets.intersection(this.adminGroups, toTrimedLower(set)).isEmpty();
    }

    private void authorize(String str, Set<String> set) throws SentryAccessDeniedException {
        if (inAdminGroups(set)) {
            return;
        }
        LOGGER.warn("User: " + str + " is part of " + set + " which does not, intersect admin groups " + this.adminGroups);
        throw new SentryAccessDeniedException("Access denied to " + str);
    }

    /* JADX WARN: Type inference failed for: r10v1, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    /* JADX WARN: Type inference failed for: r10v2, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryThriftAPIMismatchException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TCreateSentryRoleResponse create_sentry_role(TCreateSentryRoleRequest tCreateSentryRoleRequest) throws TException {
        Timer.Context time = this.sentryMetrics.createRoleTimer.time();
        TCreateSentryRoleResponse tCreateSentryRoleResponse = new TCreateSentryRoleResponse();
        try {
            try {
                try {
                    try {
                        validateClientVersion(tCreateSentryRoleRequest.getProtocol_version());
                        authorize(tCreateSentryRoleRequest.getRequestorUserName(), getRequestorGroups(tCreateSentryRoleRequest.getRequestorUserName()));
                        CommitContext createSentryRole = this.sentryStore.createSentryRole(tCreateSentryRoleRequest.getRoleName());
                        tCreateSentryRoleResponse.setStatus(Status.OK());
                        this.notificationHandlerInvoker.create_sentry_role(createSentryRole, tCreateSentryRoleRequest, tCreateSentryRoleResponse);
                        time.stop();
                    } catch (Exception e) {
                        String str = "Unknown error for request: " + tCreateSentryRoleRequest + ", message: " + e.getMessage();
                        LOGGER.error(str, e);
                        tCreateSentryRoleResponse.setStatus(Status.RuntimeError(str, e));
                        time.stop();
                    }
                } catch (SentryThriftAPIMismatchException e2) {
                    LOGGER.error(e2.getMessage(), (Throwable) e2);
                    tCreateSentryRoleResponse.setStatus(Status.THRIFT_VERSION_MISMATCH(e2.getMessage(), e2));
                    time.stop();
                }
            } catch (SentryAccessDeniedException e3) {
                LOGGER.error(e3.getMessage(), (Throwable) e3);
                tCreateSentryRoleResponse.setStatus(Status.AccessDenied(e3.getMessage(), e3));
                time.stop();
            } catch (SentryAlreadyExistsException e4) {
                String str2 = "Role: " + tCreateSentryRoleRequest + " already exists.";
                LOGGER.error(str2, e4);
                tCreateSentryRoleResponse.setStatus(Status.AlreadyExists(str2, e4));
                time.stop();
            }
            try {
                AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance().createJsonLogEntity(tCreateSentryRoleRequest, tCreateSentryRoleResponse, this.conf).toJsonFormatLog());
            } catch (Exception e5) {
                LOGGER.error("Error creating audit log for create role: " + e5.getMessage(), e5);
            }
            return tCreateSentryRoleResponse;
        } catch (Throwable th) {
            time.stop();
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r10v1, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    /* JADX WARN: Type inference failed for: r10v4, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryThriftAPIMismatchException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege(TAlterSentryRoleGrantPrivilegeRequest tAlterSentryRoleGrantPrivilegeRequest) throws TException {
        Timer.Context time = this.sentryMetrics.grantTimer.time();
        TAlterSentryRoleGrantPrivilegeResponse tAlterSentryRoleGrantPrivilegeResponse = new TAlterSentryRoleGrantPrivilegeResponse();
        try {
            try {
                try {
                    try {
                        try {
                            validateClientVersion(tAlterSentryRoleGrantPrivilegeRequest.getProtocol_version());
                        } catch (SentryThriftAPIMismatchException e) {
                            LOGGER.error(e.getMessage(), (Throwable) e);
                            tAlterSentryRoleGrantPrivilegeResponse.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
                            time.stop();
                        }
                    } catch (SentryNoSuchObjectException e2) {
                        String str = "Role: " + tAlterSentryRoleGrantPrivilegeRequest.getRoleName() + " doesn't exist";
                        LOGGER.error(str, e2);
                        tAlterSentryRoleGrantPrivilegeResponse.setStatus(Status.NoSuchObject(str, e2));
                        time.stop();
                    }
                } catch (Exception e3) {
                    String str2 = "Unknown error for request: " + tAlterSentryRoleGrantPrivilegeRequest + ", message: " + e3.getMessage();
                    LOGGER.error(str2, e3);
                    tAlterSentryRoleGrantPrivilegeResponse.setStatus(Status.RuntimeError(str2, e3));
                    time.stop();
                }
            } catch (SentryAccessDeniedException e4) {
                LOGGER.error(e4.getMessage(), (Throwable) e4);
                tAlterSentryRoleGrantPrivilegeResponse.setStatus(Status.AccessDenied(e4.getMessage(), e4));
                time.stop();
            } catch (SentryInvalidInputException e5) {
                LOGGER.error("Invalid input privilege object", e5);
                tAlterSentryRoleGrantPrivilegeResponse.setStatus(Status.InvalidInput("Invalid input privilege object", e5));
                time.stop();
            }
            if (!(tAlterSentryRoleGrantPrivilegeRequest.isSetPrivileges() ^ tAlterSentryRoleGrantPrivilegeRequest.isSetPrivilege())) {
                throw new SentryUserException("SENTRY API version is not right!");
            }
            if (tAlterSentryRoleGrantPrivilegeRequest.isSetPrivilege()) {
                tAlterSentryRoleGrantPrivilegeRequest.setPrivileges(Sets.newHashSet(new TSentryPrivilege[]{tAlterSentryRoleGrantPrivilegeRequest.getPrivilege()}));
            }
            CommitContext alterSentryRoleGrantPrivileges = this.sentryStore.alterSentryRoleGrantPrivileges(tAlterSentryRoleGrantPrivilegeRequest.getRequestorUserName(), tAlterSentryRoleGrantPrivilegeRequest.getRoleName(), tAlterSentryRoleGrantPrivilegeRequest.getPrivileges());
            tAlterSentryRoleGrantPrivilegeResponse.setStatus(Status.OK());
            tAlterSentryRoleGrantPrivilegeResponse.setPrivileges(tAlterSentryRoleGrantPrivilegeRequest.getPrivileges());
            if (tAlterSentryRoleGrantPrivilegeResponse.isSetPrivileges() && tAlterSentryRoleGrantPrivilegeResponse.getPrivileges().size() == 1) {
                tAlterSentryRoleGrantPrivilegeResponse.setPrivilege(tAlterSentryRoleGrantPrivilegeResponse.getPrivileges().iterator().next());
            }
            this.notificationHandlerInvoker.alter_sentry_role_grant_privilege(alterSentryRoleGrantPrivileges, tAlterSentryRoleGrantPrivilegeRequest, tAlterSentryRoleGrantPrivilegeResponse);
            Iterator<SentryPolicyStorePlugin> it = this.sentryPlugins.iterator();
            while (it.hasNext()) {
                it.next().onAlterSentryRoleGrantPrivilege(tAlterSentryRoleGrantPrivilegeRequest);
            }
            time.stop();
            try {
                Iterator<JsonLogEntity> it2 = JsonLogEntityFactory.getInstance().createJsonLogEntitys(tAlterSentryRoleGrantPrivilegeRequest, tAlterSentryRoleGrantPrivilegeResponse, this.conf).iterator();
                while (it2.hasNext()) {
                    AUDIT_LOGGER.info(it2.next().toJsonFormatLog());
                }
            } catch (Exception e6) {
                LOGGER.error("Error creating audit log for grant privilege to role: " + e6.getMessage(), e6);
            }
            return tAlterSentryRoleGrantPrivilegeResponse;
        } catch (Throwable th) {
            time.stop();
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryThriftAPIMismatchException] */
    /* JADX WARN: Type inference failed for: r10v4, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TAlterSentryRoleRevokePrivilegeResponse alter_sentry_role_revoke_privilege(TAlterSentryRoleRevokePrivilegeRequest tAlterSentryRoleRevokePrivilegeRequest) throws TException {
        Timer.Context time = this.sentryMetrics.revokeTimer.time();
        TAlterSentryRoleRevokePrivilegeResponse tAlterSentryRoleRevokePrivilegeResponse = new TAlterSentryRoleRevokePrivilegeResponse();
        try {
            try {
                try {
                    try {
                        try {
                            validateClientVersion(tAlterSentryRoleRevokePrivilegeRequest.getProtocol_version());
                        } catch (SentryAccessDeniedException e) {
                            LOGGER.error(e.getMessage(), (Throwable) e);
                            tAlterSentryRoleRevokePrivilegeResponse.setStatus(Status.AccessDenied(e.getMessage(), e));
                            time.stop();
                        }
                    } catch (SentryInvalidInputException e2) {
                        LOGGER.error("Invalid input privilege object", e2);
                        tAlterSentryRoleRevokePrivilegeResponse.setStatus(Status.InvalidInput("Invalid input privilege object", e2));
                        time.stop();
                    }
                } catch (Exception e3) {
                    String str = "Unknown error for request: " + tAlterSentryRoleRevokePrivilegeRequest + ", message: " + e3.getMessage();
                    LOGGER.error(str, e3);
                    tAlterSentryRoleRevokePrivilegeResponse.setStatus(Status.RuntimeError(str, e3));
                    time.stop();
                }
            } catch (SentryNoSuchObjectException e4) {
                StringBuilder sb = new StringBuilder();
                if (tAlterSentryRoleRevokePrivilegeRequest.getPrivileges().size() > 0) {
                    for (TSentryPrivilege tSentryPrivilege : tAlterSentryRoleRevokePrivilegeRequest.getPrivileges()) {
                        sb.append("Privilege: [server=");
                        sb.append(tSentryPrivilege.getServerName());
                        sb.append(",db=");
                        sb.append(tSentryPrivilege.getDbName());
                        sb.append(",table=");
                        sb.append(tSentryPrivilege.getTableName());
                        sb.append(",URI=");
                        sb.append(tSentryPrivilege.getURI());
                        sb.append(",action=");
                        sb.append(tSentryPrivilege.getAction());
                        sb.append("] ");
                    }
                    sb.append("doesn't exist.");
                }
                LOGGER.error(sb.toString(), e4);
                tAlterSentryRoleRevokePrivilegeResponse.setStatus(Status.NoSuchObject(sb.toString(), e4));
                time.stop();
            } catch (SentryThriftAPIMismatchException e5) {
                LOGGER.error(e5.getMessage(), (Throwable) e5);
                tAlterSentryRoleRevokePrivilegeResponse.setStatus(Status.THRIFT_VERSION_MISMATCH(e5.getMessage(), e5));
                time.stop();
            }
            if (!(tAlterSentryRoleRevokePrivilegeRequest.isSetPrivileges() ^ tAlterSentryRoleRevokePrivilegeRequest.isSetPrivilege())) {
                throw new SentryUserException("SENTRY API version is not right!");
            }
            if (tAlterSentryRoleRevokePrivilegeRequest.isSetPrivilege()) {
                tAlterSentryRoleRevokePrivilegeRequest.setPrivileges(Sets.newHashSet(new TSentryPrivilege[]{tAlterSentryRoleRevokePrivilegeRequest.getPrivilege()}));
            }
            CommitContext alterSentryRoleRevokePrivileges = this.sentryStore.alterSentryRoleRevokePrivileges(tAlterSentryRoleRevokePrivilegeRequest.getRequestorUserName(), tAlterSentryRoleRevokePrivilegeRequest.getRoleName(), tAlterSentryRoleRevokePrivilegeRequest.getPrivileges());
            tAlterSentryRoleRevokePrivilegeResponse.setStatus(Status.OK());
            this.notificationHandlerInvoker.alter_sentry_role_revoke_privilege(alterSentryRoleRevokePrivileges, tAlterSentryRoleRevokePrivilegeRequest, tAlterSentryRoleRevokePrivilegeResponse);
            Iterator<SentryPolicyStorePlugin> it = this.sentryPlugins.iterator();
            while (it.hasNext()) {
                it.next().onAlterSentryRoleRevokePrivilege(tAlterSentryRoleRevokePrivilegeRequest);
            }
            time.stop();
            try {
                Iterator<JsonLogEntity> it2 = JsonLogEntityFactory.getInstance().createJsonLogEntitys(tAlterSentryRoleRevokePrivilegeRequest, tAlterSentryRoleRevokePrivilegeResponse, this.conf).iterator();
                while (it2.hasNext()) {
                    AUDIT_LOGGER.info(it2.next().toJsonFormatLog());
                }
            } catch (Exception e6) {
                LOGGER.error("Error creating audit log for revoke privilege from role: " + e6.getMessage(), e6);
            }
            return tAlterSentryRoleRevokePrivilegeResponse;
        } catch (Throwable th) {
            time.stop();
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r11v0, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryThriftAPIMismatchException] */
    /* JADX WARN: Type inference failed for: r11v1, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TDropSentryRoleResponse drop_sentry_role(TDropSentryRoleRequest tDropSentryRoleRequest) throws TException {
        Timer.Context time = this.sentryMetrics.dropRoleTimer.time();
        TDropSentryRoleResponse tDropSentryRoleResponse = new TDropSentryRoleResponse();
        try {
            try {
                try {
                    try {
                        validateClientVersion(tDropSentryRoleRequest.getProtocol_version());
                        authorize(tDropSentryRoleRequest.getRequestorUserName(), getRequestorGroups(tDropSentryRoleRequest.getRequestorUserName()));
                        CommitContext dropSentryRole = this.sentryStore.dropSentryRole(tDropSentryRoleRequest.getRoleName());
                        tDropSentryRoleResponse.setStatus(Status.OK());
                        this.notificationHandlerInvoker.drop_sentry_role(dropSentryRole, tDropSentryRoleRequest, tDropSentryRoleResponse);
                        Iterator<SentryPolicyStorePlugin> it = this.sentryPlugins.iterator();
                        while (it.hasNext()) {
                            it.next().onDropSentryRole(tDropSentryRoleRequest);
                        }
                        time.stop();
                    } catch (Throwable th) {
                        time.stop();
                        throw th;
                    }
                } catch (Exception e) {
                    String str = "Unknown error for request: " + tDropSentryRoleRequest + ", message: " + e.getMessage();
                    LOGGER.error(str, e);
                    tDropSentryRoleResponse.setStatus(Status.RuntimeError(str, e));
                    time.stop();
                }
            } catch (SentryNoSuchObjectException e2) {
                String str2 = "Role :" + tDropSentryRoleRequest + " doesn't exist";
                LOGGER.error(str2, e2);
                tDropSentryRoleResponse.setStatus(Status.NoSuchObject(str2, e2));
                time.stop();
            }
        } catch (SentryAccessDeniedException e3) {
            LOGGER.error(e3.getMessage(), (Throwable) e3);
            tDropSentryRoleResponse.setStatus(Status.AccessDenied(e3.getMessage(), e3));
            time.stop();
        } catch (SentryThriftAPIMismatchException e4) {
            LOGGER.error(e4.getMessage(), (Throwable) e4);
            tDropSentryRoleResponse.setStatus(Status.THRIFT_VERSION_MISMATCH(e4.getMessage(), e4));
            time.stop();
        }
        try {
            AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance().createJsonLogEntity(tDropSentryRoleRequest, tDropSentryRoleResponse, this.conf).toJsonFormatLog());
        } catch (Exception e5) {
            LOGGER.error("Error creating audit log for drop role: " + e5.getMessage(), e5);
        }
        return tDropSentryRoleResponse;
    }

    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryThriftAPIMismatchException] */
    /* JADX WARN: Type inference failed for: r10v1, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups(TAlterSentryRoleAddGroupsRequest tAlterSentryRoleAddGroupsRequest) throws TException {
        Timer.Context time = this.sentryMetrics.grantRoleTimer.time();
        TAlterSentryRoleAddGroupsResponse tAlterSentryRoleAddGroupsResponse = new TAlterSentryRoleAddGroupsResponse();
        try {
            try {
                try {
                    validateClientVersion(tAlterSentryRoleAddGroupsRequest.getProtocol_version());
                    authorize(tAlterSentryRoleAddGroupsRequest.getRequestorUserName(), getRequestorGroups(tAlterSentryRoleAddGroupsRequest.getRequestorUserName()));
                    CommitContext alterSentryRoleAddGroups = this.sentryStore.alterSentryRoleAddGroups(tAlterSentryRoleAddGroupsRequest.getRequestorUserName(), tAlterSentryRoleAddGroupsRequest.getRoleName(), tAlterSentryRoleAddGroupsRequest.getGroups());
                    tAlterSentryRoleAddGroupsResponse.setStatus(Status.OK());
                    this.notificationHandlerInvoker.alter_sentry_role_add_groups(alterSentryRoleAddGroups, tAlterSentryRoleAddGroupsRequest, tAlterSentryRoleAddGroupsResponse);
                    Iterator<SentryPolicyStorePlugin> it = this.sentryPlugins.iterator();
                    while (it.hasNext()) {
                        it.next().onAlterSentryRoleAddGroups(tAlterSentryRoleAddGroupsRequest);
                    }
                    time.stop();
                } catch (Exception e) {
                    String str = "Unknown error for request: " + tAlterSentryRoleAddGroupsRequest + ", message: " + e.getMessage();
                    LOGGER.error(str, e);
                    tAlterSentryRoleAddGroupsResponse.setStatus(Status.RuntimeError(str, e));
                    time.stop();
                } catch (SentryNoSuchObjectException e2) {
                    String str2 = "Role: " + tAlterSentryRoleAddGroupsRequest + " doesn't exist";
                    LOGGER.error(str2, e2);
                    tAlterSentryRoleAddGroupsResponse.setStatus(Status.NoSuchObject(str2, e2));
                    time.stop();
                }
            } catch (SentryAccessDeniedException e3) {
                LOGGER.error(e3.getMessage(), (Throwable) e3);
                tAlterSentryRoleAddGroupsResponse.setStatus(Status.AccessDenied(e3.getMessage(), e3));
                time.stop();
            } catch (SentryThriftAPIMismatchException e4) {
                LOGGER.error(e4.getMessage(), (Throwable) e4);
                tAlterSentryRoleAddGroupsResponse.setStatus(Status.THRIFT_VERSION_MISMATCH(e4.getMessage(), e4));
                time.stop();
            }
            try {
                AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance().createJsonLogEntity(tAlterSentryRoleAddGroupsRequest, tAlterSentryRoleAddGroupsResponse, this.conf).toJsonFormatLog());
            } catch (Exception e5) {
                LOGGER.error("Error creating audit log for add role to group: " + e5.getMessage(), e5);
            }
            return tAlterSentryRoleAddGroupsResponse;
        } catch (Throwable th) {
            time.stop();
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryThriftAPIMismatchException] */
    /* JADX WARN: Type inference failed for: r10v3, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups(TAlterSentryRoleDeleteGroupsRequest tAlterSentryRoleDeleteGroupsRequest) throws TException {
        Timer.Context time = this.sentryMetrics.revokeRoleTimer.time();
        TAlterSentryRoleDeleteGroupsResponse tAlterSentryRoleDeleteGroupsResponse = new TAlterSentryRoleDeleteGroupsResponse();
        try {
            try {
                try {
                    try {
                        try {
                            validateClientVersion(tAlterSentryRoleDeleteGroupsRequest.getProtocol_version());
                            authorize(tAlterSentryRoleDeleteGroupsRequest.getRequestorUserName(), getRequestorGroups(tAlterSentryRoleDeleteGroupsRequest.getRequestorUserName()));
                            CommitContext alterSentryRoleDeleteGroups = this.sentryStore.alterSentryRoleDeleteGroups(tAlterSentryRoleDeleteGroupsRequest.getRoleName(), tAlterSentryRoleDeleteGroupsRequest.getGroups());
                            tAlterSentryRoleDeleteGroupsResponse.setStatus(Status.OK());
                            this.notificationHandlerInvoker.alter_sentry_role_delete_groups(alterSentryRoleDeleteGroups, tAlterSentryRoleDeleteGroupsRequest, tAlterSentryRoleDeleteGroupsResponse);
                            Iterator<SentryPolicyStorePlugin> it = this.sentryPlugins.iterator();
                            while (it.hasNext()) {
                                it.next().onAlterSentryRoleDeleteGroups(tAlterSentryRoleDeleteGroupsRequest);
                            }
                            time.stop();
                        } catch (SentryAccessDeniedException e) {
                            LOGGER.error(e.getMessage(), (Throwable) e);
                            tAlterSentryRoleDeleteGroupsResponse.setStatus(Status.AccessDenied(e.getMessage(), e));
                            time.stop();
                        }
                    } catch (Exception e2) {
                        String str = "Unknown error adding groups to role: " + tAlterSentryRoleDeleteGroupsRequest;
                        LOGGER.error(str, e2);
                        tAlterSentryRoleDeleteGroupsResponse.setStatus(Status.RuntimeError(str, e2));
                        time.stop();
                    }
                } catch (SentryNoSuchObjectException e3) {
                    String str2 = "Role: " + tAlterSentryRoleDeleteGroupsRequest + " does not exist.";
                    LOGGER.error(str2, e3);
                    tAlterSentryRoleDeleteGroupsResponse.setStatus(Status.NoSuchObject(str2, e3));
                    time.stop();
                }
            } catch (SentryThriftAPIMismatchException e4) {
                LOGGER.error(e4.getMessage(), (Throwable) e4);
                tAlterSentryRoleDeleteGroupsResponse.setStatus(Status.THRIFT_VERSION_MISMATCH(e4.getMessage(), e4));
                time.stop();
            }
            try {
                AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance().createJsonLogEntity(tAlterSentryRoleDeleteGroupsRequest, tAlterSentryRoleDeleteGroupsResponse, this.conf).toJsonFormatLog());
            } catch (Exception e5) {
                LOGGER.error("Error creating audit log for delete role from group: " + e5.getMessage(), e5);
            }
            return tAlterSentryRoleDeleteGroupsResponse;
        } catch (Throwable th) {
            time.stop();
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r12v0, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryNoSuchObjectException] */
    /* JADX WARN: Type inference failed for: r12v1, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    /* JADX WARN: Type inference failed for: r12v2, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryThriftAPIMismatchException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TListSentryRolesResponse list_sentry_roles_by_group(TListSentryRolesRequest tListSentryRolesRequest) throws TException {
        Timer.Context time = this.sentryMetrics.listRolesByGroupTimer.time();
        TListSentryRolesResponse tListSentryRolesResponse = new TListSentryRolesResponse();
        HashSet hashSet = new HashSet();
        String requestorUserName = tListSentryRolesRequest.getRequestorUserName();
        boolean z = false;
        try {
            try {
                try {
                    validateClientVersion(tListSentryRolesRequest.getProtocol_version());
                    Set<String> requestorGroups = getRequestorGroups(requestorUserName);
                    if ("*".equalsIgnoreCase(tListSentryRolesRequest.getGroupName())) {
                        z = true;
                    } else {
                        if (!inAdminGroups(requestorGroups) && (tListSentryRolesRequest.getGroupName() == null || !requestorGroups.contains(tListSentryRolesRequest.getGroupName()))) {
                            throw new SentryAccessDeniedException("Access denied to " + requestorUserName);
                        }
                        requestorGroups.clear();
                        requestorGroups.add(tListSentryRolesRequest.getGroupName());
                    }
                    tListSentryRolesResponse.setRoles(this.sentryStore.getTSentryRolesByGroupName(requestorGroups, z));
                    tListSentryRolesResponse.setStatus(Status.OK());
                    time.stop();
                } catch (Exception e) {
                    String str = "Unknown error for request: " + tListSentryRolesRequest + ", message: " + e.getMessage();
                    LOGGER.error(str, e);
                    tListSentryRolesResponse.setStatus(Status.RuntimeError(str, e));
                    time.stop();
                } catch (SentryThriftAPIMismatchException e2) {
                    LOGGER.error(e2.getMessage(), (Throwable) e2);
                    tListSentryRolesResponse.setStatus(Status.THRIFT_VERSION_MISMATCH(e2.getMessage(), e2));
                    time.stop();
                }
            } catch (SentryAccessDeniedException e3) {
                LOGGER.error(e3.getMessage(), (Throwable) e3);
                tListSentryRolesResponse.setStatus(Status.AccessDenied(e3.getMessage(), e3));
                time.stop();
            } catch (SentryNoSuchObjectException e4) {
                tListSentryRolesResponse.setRoles(hashSet);
                String str2 = "Request: " + tListSentryRolesRequest + " couldn't be completed, message: " + e4.getMessage();
                LOGGER.error(str2, (Throwable) e4);
                tListSentryRolesResponse.setStatus(Status.NoSuchObject(str2, e4));
                time.stop();
            }
            return tListSentryRolesResponse;
        } catch (Throwable th) {
            time.stop();
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r13v0, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryThriftAPIMismatchException] */
    /* JADX WARN: Type inference failed for: r13v1, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TListSentryPrivilegesResponse list_sentry_privileges_by_role(TListSentryPrivilegesRequest tListSentryPrivilegesRequest) throws TException {
        Set<String> requestorGroups;
        Set<TSentryPrivilege> allTSentryPrivilegesByRoleName;
        Timer.Context time = this.sentryMetrics.listPrivilegesByRoleTimer.time();
        TListSentryPrivilegesResponse tListSentryPrivilegesResponse = new TListSentryPrivilegesResponse();
        HashSet hashSet = new HashSet();
        String requestorUserName = tListSentryPrivilegesRequest.getRequestorUserName();
        try {
            try {
                try {
                    validateClientVersion(tListSentryPrivilegesRequest.getProtocol_version());
                    requestorGroups = getRequestorGroups(requestorUserName);
                } catch (Exception e) {
                    String str = "Unknown error for request: " + tListSentryPrivilegesRequest + ", message: " + e.getMessage();
                    LOGGER.error(str, e);
                    tListSentryPrivilegesResponse.setStatus(Status.RuntimeError(str, e));
                    time.stop();
                } catch (SentryNoSuchObjectException e2) {
                    tListSentryPrivilegesResponse.setPrivileges(hashSet);
                    String str2 = "Privilege: " + tListSentryPrivilegesRequest + " couldn't be retrieved.";
                    LOGGER.error(str2, e2);
                    tListSentryPrivilegesResponse.setStatus(Status.NoSuchObject(str2, e2));
                    time.stop();
                }
            } catch (SentryAccessDeniedException e3) {
                LOGGER.error(e3.getMessage(), (Throwable) e3);
                tListSentryPrivilegesResponse.setStatus(Status.AccessDenied(e3.getMessage(), e3));
                time.stop();
            } catch (SentryThriftAPIMismatchException e4) {
                LOGGER.error(e4.getMessage(), (Throwable) e4);
                tListSentryPrivilegesResponse.setStatus(Status.THRIFT_VERSION_MISMATCH(e4.getMessage(), e4));
                time.stop();
            }
            if (!Boolean.valueOf(inAdminGroups(requestorGroups)).booleanValue() && !toTrimedLower(this.sentryStore.getRoleNamesForGroups(requestorGroups)).contains(tListSentryPrivilegesRequest.getRoleName().trim().toLowerCase())) {
                throw new SentryAccessDeniedException("Access denied to " + requestorUserName);
            }
            if (tListSentryPrivilegesRequest.isSetAuthorizableHierarchy()) {
                allTSentryPrivilegesByRoleName = this.sentryStore.getTSentryPrivileges(Sets.newHashSet(new String[]{tListSentryPrivilegesRequest.getRoleName()}), tListSentryPrivilegesRequest.getAuthorizableHierarchy());
            } else {
                allTSentryPrivilegesByRoleName = this.sentryStore.getAllTSentryPrivilegesByRoleName(tListSentryPrivilegesRequest.getRoleName());
            }
            tListSentryPrivilegesResponse.setPrivileges(allTSentryPrivilegesByRoleName);
            tListSentryPrivilegesResponse.setStatus(Status.OK());
            time.stop();
            return tListSentryPrivilegesResponse;
        } catch (Throwable th) {
            time.stop();
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r9v0, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryThriftAPIMismatchException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TListSentryPrivilegesForProviderResponse list_sentry_privileges_for_provider(TListSentryPrivilegesForProviderRequest tListSentryPrivilegesForProviderRequest) throws TException {
        Timer.Context time = this.sentryMetrics.listPrivilegesForProviderTimer.time();
        TListSentryPrivilegesForProviderResponse tListSentryPrivilegesForProviderResponse = new TListSentryPrivilegesForProviderResponse();
        tListSentryPrivilegesForProviderResponse.setPrivileges(new HashSet());
        try {
            try {
                validateClientVersion(tListSentryPrivilegesForProviderRequest.getProtocol_version());
                Set<String> listSentryPrivilegesForProvider = this.sentryStore.listSentryPrivilegesForProvider(tListSentryPrivilegesForProviderRequest.getGroups(), tListSentryPrivilegesForProviderRequest.getRoleSet(), tListSentryPrivilegesForProviderRequest.getAuthorizableHierarchy());
                tListSentryPrivilegesForProviderResponse.setPrivileges(listSentryPrivilegesForProvider);
                if (listSentryPrivilegesForProvider == null || (listSentryPrivilegesForProvider.size() == 0 && tListSentryPrivilegesForProviderRequest.getAuthorizableHierarchy() != null && this.sentryStore.hasAnyServerPrivileges(tListSentryPrivilegesForProviderRequest.getGroups(), tListSentryPrivilegesForProviderRequest.getRoleSet(), tListSentryPrivilegesForProviderRequest.getAuthorizableHierarchy().getServer()))) {
                    tListSentryPrivilegesForProviderResponse.setPrivileges(Sets.newHashSet(new String[]{"server=+"}));
                }
                tListSentryPrivilegesForProviderResponse.setStatus(Status.OK());
                time.stop();
            } catch (Exception e) {
                String str = "Unknown error for request: " + tListSentryPrivilegesForProviderRequest + ", message: " + e.getMessage();
                LOGGER.error(str, e);
                tListSentryPrivilegesForProviderResponse.setStatus(Status.RuntimeError(str, e));
                time.stop();
            } catch (SentryThriftAPIMismatchException e2) {
                LOGGER.error(e2.getMessage(), (Throwable) e2);
                tListSentryPrivilegesForProviderResponse.setStatus(Status.THRIFT_VERSION_MISMATCH(e2.getMessage(), e2));
                time.stop();
            }
            return tListSentryPrivilegesForProviderResponse;
        } catch (Throwable th) {
            time.stop();
            throw th;
        }
    }

    private Set<String> getRequestorGroups(String str) throws SentryUserException {
        return getGroupsFromUserName(this.conf, str);
    }

    public static Set<String> getGroupsFromUserName(Configuration configuration, String str) throws SentryUserException {
        String str2 = configuration.get(ServiceConstants.ServerConfig.SENTRY_STORE_GROUP_MAPPING, "org.apache.sentry.provider.common.HadoopGroupMappingService");
        String str3 = configuration.get(ServiceConstants.ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE);
        try {
            Constructor<?> declaredConstructor = Class.forName(str2).getDeclaredConstructor(Configuration.class, String.class);
            declaredConstructor.setAccessible(true);
            return ((GroupMappingService) declaredConstructor.newInstance(configuration, str3)).getGroups(str);
        } catch (ClassNotFoundException e) {
            throw new SentryUserException("Unable to instantiate group mapping", e);
        } catch (IllegalAccessException e2) {
            throw new SentryUserException("Unable to instantiate group mapping", e2);
        } catch (IllegalArgumentException e3) {
            throw new SentryUserException("Unable to instantiate group mapping", e3);
        } catch (InstantiationException e4) {
            throw new SentryUserException("Unable to instantiate group mapping", e4);
        } catch (NoSuchMethodException e5) {
            throw new SentryUserException("Unable to instantiate group mapping", e5);
        } catch (SecurityException e6) {
            throw new SentryUserException("Unable to instantiate group mapping", e6);
        } catch (InvocationTargetException e7) {
            throw new SentryUserException("Unable to instantiate group mapping", e7);
        }
    }

    /* JADX WARN: Type inference failed for: r8v0, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    /* JADX WARN: Type inference failed for: r8v2, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryThriftAPIMismatchException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TDropPrivilegesResponse drop_sentry_privilege(TDropPrivilegesRequest tDropPrivilegesRequest) throws TException {
        Timer.Context time = this.sentryMetrics.dropPrivilegeTimer.time();
        TDropPrivilegesResponse tDropPrivilegesResponse = new TDropPrivilegesResponse();
        try {
            try {
                try {
                    validateClientVersion(tDropPrivilegesRequest.getProtocol_version());
                    authorize(tDropPrivilegesRequest.getRequestorUserName(), this.adminGroups);
                    this.sentryStore.dropPrivilege(tDropPrivilegesRequest.getAuthorizable());
                    Iterator<SentryPolicyStorePlugin> it = this.sentryPlugins.iterator();
                    while (it.hasNext()) {
                        it.next().onDropSentryPrivilege(tDropPrivilegesRequest);
                    }
                    tDropPrivilegesResponse.setStatus(Status.OK());
                    time.stop();
                } catch (SentryThriftAPIMismatchException e) {
                    LOGGER.error(e.getMessage(), (Throwable) e);
                    tDropPrivilegesResponse.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
                    time.stop();
                }
            } catch (Exception e2) {
                String str = "Unknown error for request: " + tDropPrivilegesRequest + ", message: " + e2.getMessage();
                LOGGER.error(str, e2);
                tDropPrivilegesResponse.setStatus(Status.RuntimeError(str, e2));
                time.stop();
            } catch (SentryAccessDeniedException e3) {
                LOGGER.error(e3.getMessage(), (Throwable) e3);
                tDropPrivilegesResponse.setStatus(Status.AccessDenied(e3.getMessage(), e3));
                time.stop();
            }
            return tDropPrivilegesResponse;
        } catch (Throwable th) {
            time.stop();
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r8v0, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryThriftAPIMismatchException] */
    /* JADX WARN: Type inference failed for: r8v2, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TRenamePrivilegesResponse rename_sentry_privilege(TRenamePrivilegesRequest tRenamePrivilegesRequest) throws TException {
        Timer.Context time = this.sentryMetrics.renamePrivilegeTimer.time();
        TRenamePrivilegesResponse tRenamePrivilegesResponse = new TRenamePrivilegesResponse();
        try {
            try {
                try {
                    validateClientVersion(tRenamePrivilegesRequest.getProtocol_version());
                    authorize(tRenamePrivilegesRequest.getRequestorUserName(), this.adminGroups);
                    this.sentryStore.renamePrivilege(tRenamePrivilegesRequest.getOldAuthorizable(), tRenamePrivilegesRequest.getNewAuthorizable());
                    Iterator<SentryPolicyStorePlugin> it = this.sentryPlugins.iterator();
                    while (it.hasNext()) {
                        it.next().onRenameSentryPrivilege(tRenamePrivilegesRequest);
                    }
                    tRenamePrivilegesResponse.setStatus(Status.OK());
                    time.close();
                } catch (SentryAccessDeniedException e) {
                    LOGGER.error(e.getMessage(), (Throwable) e);
                    tRenamePrivilegesResponse.setStatus(Status.AccessDenied(e.getMessage(), e));
                    time.close();
                }
            } catch (Exception e2) {
                String str = "Unknown error for request: " + tRenamePrivilegesRequest + ", message: " + e2.getMessage();
                LOGGER.error(str, e2);
                tRenamePrivilegesResponse.setStatus(Status.RuntimeError(str, e2));
                time.close();
            } catch (SentryThriftAPIMismatchException e3) {
                LOGGER.error(e3.getMessage(), (Throwable) e3);
                tRenamePrivilegesResponse.setStatus(Status.THRIFT_VERSION_MISMATCH(e3.getMessage(), e3));
                time.close();
            }
            return tRenamePrivilegesResponse;
        } catch (Throwable th) {
            time.close();
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r17v0, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryThriftAPIMismatchException] */
    /* JADX WARN: Type inference failed for: r17v1, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(TListSentryPrivilegesByAuthRequest tListSentryPrivilegesByAuthRequest) throws TException {
        Timer.Context time = this.sentryMetrics.listPrivilegesByAuthorizableTimer.time();
        TListSentryPrivilegesByAuthResponse tListSentryPrivilegesByAuthResponse = new TListSentryPrivilegesByAuthResponse();
        HashMap newHashMap = Maps.newHashMap();
        String requestorUserName = tListSentryPrivilegesByAuthRequest.getRequestorUserName();
        Set<String> groups = tListSentryPrivilegesByAuthRequest.getGroups();
        TSentryActiveRoleSet roleSet = tListSentryPrivilegesByAuthRequest.getRoleSet();
        try {
            try {
                try {
                    try {
                        validateClientVersion(tListSentryPrivilegesByAuthRequest.getProtocol_version());
                        Set<String> requestorGroups = getRequestorGroups(requestorUserName);
                        if (!inAdminGroups(requestorGroups)) {
                            if (groups == null || groups.isEmpty()) {
                                groups = requestorGroups;
                            } else {
                                Iterator<String> it = groups.iterator();
                                while (it.hasNext()) {
                                    if (!requestorGroups.contains(it.next())) {
                                        throw new SentryAccessDeniedException("Access denied to " + requestorUserName);
                                    }
                                }
                            }
                            if (roleSet != null && !roleSet.isAll()) {
                                Set<String> trimedLower = toTrimedLower(this.sentryStore.getRoleNamesForGroups(requestorGroups));
                                Iterator<String> it2 = toTrimedLower(roleSet.getRoles()).iterator();
                                while (it2.hasNext()) {
                                    if (!trimedLower.contains(it2.next())) {
                                        throw new SentryAccessDeniedException("Access denied to " + requestorUserName);
                                    }
                                }
                            }
                        }
                        for (TSentryAuthorizable tSentryAuthorizable : tListSentryPrivilegesByAuthRequest.getAuthorizableSet()) {
                            newHashMap.put(tSentryAuthorizable, this.sentryStore.listSentryPrivilegesByAuthorizable(groups, tListSentryPrivilegesByAuthRequest.getRoleSet(), tSentryAuthorizable, inAdminGroups(requestorGroups)));
                        }
                        tListSentryPrivilegesByAuthResponse.setPrivilegesMapByAuth(newHashMap);
                        tListSentryPrivilegesByAuthResponse.setStatus(Status.OK());
                        time.stop();
                    } catch (Exception e) {
                        String str = "Unknown error for request: " + tListSentryPrivilegesByAuthRequest + ", message: " + e.getMessage();
                        LOGGER.error(str, e);
                        tListSentryPrivilegesByAuthResponse.setStatus(Status.RuntimeError(str, e));
                        time.stop();
                    }
                } catch (SentryAccessDeniedException e2) {
                    LOGGER.error(e2.getMessage(), (Throwable) e2);
                    tListSentryPrivilegesByAuthResponse.setStatus(Status.AccessDenied(e2.getMessage(), e2));
                    time.stop();
                }
            } catch (SentryThriftAPIMismatchException e3) {
                LOGGER.error(e3.getMessage(), (Throwable) e3);
                tListSentryPrivilegesByAuthResponse.setStatus(Status.THRIFT_VERSION_MISMATCH(e3.getMessage(), e3));
                time.stop();
            }
            return tListSentryPrivilegesByAuthResponse;
        } catch (Throwable th) {
            time.stop();
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r12v0, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryThriftAPIMismatchException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TSentryConfigValueResponse get_sentry_config_value(TSentryConfigValueRequest tSentryConfigValueRequest) throws TException {
        TSentryConfigValueResponse tSentryConfigValueResponse = new TSentryConfigValueResponse();
        String propertyName = tSentryConfigValueRequest.getPropertyName();
        try {
            validateClientVersion(tSentryConfigValueRequest.getProtocol_version());
        } catch (SentryThriftAPIMismatchException e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            tSentryConfigValueResponse.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
        }
        if (Pattern.matches("^sentry\\..*", propertyName) && !Pattern.matches(".*keytab.*|.*\\.jdbc\\..*|.*password.*", propertyName)) {
            tSentryConfigValueResponse.setValue(this.conf.get(propertyName, tSentryConfigValueRequest.getDefaultValue()));
            tSentryConfigValueResponse.setStatus(Status.OK());
            return tSentryConfigValueResponse;
        }
        String str = "Attempted access of the configuration property " + propertyName + " was denied";
        LOGGER.error(str);
        tSentryConfigValueResponse.setStatus(Status.AccessDenied(str, new SentryAccessDeniedException(str)));
        return tSentryConfigValueResponse;
    }

    @VisibleForTesting
    static void validateClientVersion(int i) throws SentryThriftAPIMismatchException {
        if (2 != i) {
            throw new SentryThriftAPIMismatchException("Sentry thrift API protocol version mismatch: Client thrift version is: " + i + " , server thrift verion is 2");
        }
    }

    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TSentryExportMappingDataResponse export_sentry_mapping_data(TSentryExportMappingDataRequest tSentryExportMappingDataRequest) throws TException {
        String requestorUserName;
        TSentryExportMappingDataResponse tSentryExportMappingDataResponse = new TSentryExportMappingDataResponse();
        try {
            requestorUserName = tSentryExportMappingDataRequest.getRequestorUserName();
        } catch (Exception e) {
            String str = "Unknown error for request: " + tSentryExportMappingDataRequest + ", message: " + e.getMessage();
            LOGGER.error(str, e);
            tSentryExportMappingDataResponse.setMappingData(new TSentryMappingData());
            tSentryExportMappingDataResponse.setStatus(Status.RuntimeError(str, e));
        }
        if (!inAdminGroups(getRequestorGroups(requestorUserName))) {
            throw new SentryAccessDeniedException("Access denied to " + requestorUserName + " for export the metadata of sentry.");
        }
        TSentryMappingData tSentryMappingData = new TSentryMappingData();
        tSentryMappingData.setGroupRolesMap(this.sentryStore.getGroupNameRoleNamesMap());
        tSentryMappingData.setRolePrivilegesMap(this.sentryStore.getRoleNameTPrivilegesMap());
        tSentryExportMappingDataResponse.setMappingData(tSentryMappingData);
        tSentryExportMappingDataResponse.setStatus(Status.OK());
        return tSentryExportMappingDataResponse;
    }

    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TSentryImportMappingDataResponse import_sentry_mapping_data(TSentryImportMappingDataRequest tSentryImportMappingDataRequest) throws TException {
        String requestorUserName;
        TSentryImportMappingDataResponse tSentryImportMappingDataResponse = new TSentryImportMappingDataResponse();
        try {
            requestorUserName = tSentryImportMappingDataRequest.getRequestorUserName();
        } catch (Exception e) {
            String str = "Unknown error for request: " + tSentryImportMappingDataRequest + ", message: " + e.getMessage();
            LOGGER.error(str, e);
            tSentryImportMappingDataResponse.setStatus(Status.RuntimeError(str, e));
        } catch (SentryInvalidInputException e2) {
            LOGGER.error("Invalid input privilege object", e2);
            tSentryImportMappingDataResponse.setStatus(Status.InvalidInput("Invalid input privilege object", e2));
        }
        if (!inAdminGroups(getRequestorGroups(requestorUserName))) {
            throw new SentryAccessDeniedException("Access denied to " + requestorUserName + " for import the metadata of sentry.");
        }
        this.sentryStore.importSentryMetaData(tSentryImportMappingDataRequest.getMappingData(), tSentryImportMappingDataRequest.isOverwriteRole());
        tSentryImportMappingDataResponse.setStatus(Status.OK());
        return tSentryImportMappingDataResponse;
    }
}
