package org.apache.sentry.provider.db.service.persistent;

import com.codahale.metrics.Gauge;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Function;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.Collections2;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.UUID;
import java.util.concurrent.locks.Condition;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.jdo.JDODataStoreException;
import javax.jdo.JDOHelper;
import javax.jdo.PersistenceManager;
import javax.jdo.PersistenceManagerFactory;
import javax.jdo.Query;
import javax.jdo.Transaction;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.sentry.SentryUserException;
import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.apache.sentry.policy.common.PolicyConstants;
import org.apache.sentry.provider.db.SentryAccessDeniedException;
import org.apache.sentry.provider.db.SentryAlreadyExistsException;
import org.apache.sentry.provider.db.SentryGrantDeniedException;
import org.apache.sentry.provider.db.SentryInvalidInputException;
import org.apache.sentry.provider.db.SentryNoSuchObjectException;
import org.apache.sentry.provider.db.service.model.MSentryGroup;
import org.apache.sentry.provider.db.service.model.MSentryPrivilege;
import org.apache.sentry.provider.db.service.model.MSentryRole;
import org.apache.sentry.provider.db.service.model.MSentryVersion;
import org.apache.sentry.provider.db.service.thrift.SentryConfigurationException;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor;
import org.apache.sentry.provider.db.service.thrift.TSentryActiveRoleSet;
import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable;
import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
import org.apache.sentry.provider.db.service.thrift.TSentryMappingData;
import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
import org.apache.sentry.provider.db.service.thrift.TSentryPrivilegeMap;
import org.apache.sentry.provider.db.service.thrift.TSentryRole;
import org.apache.sentry.service.thrift.ServiceConstants;
import org.datanucleus.store.rdbms.exceptions.MissingTableException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/provider/db/service/persistent/SentryStore.class */
public class SentryStore {
    static final String DEFAULT_DATA_DIR = "sentry_policy_db";
    private long commitSequenceId = 0;
    private final PersistenceManagerFactory pmf;
    private Configuration conf;
    private PrivCleaner privCleaner;
    private Thread privCleanerThread;
    private static final UUID SERVER_UUID = UUID.randomUUID();
    private static final Logger LOGGER = LoggerFactory.getLogger(SentryStore.class);
    public static String NULL_COL = "__NULL__";
    private static final Set<String> ALL_ACTIONS = Sets.newHashSet(new String[]{"*", "select", "insert", "alter", "create", "drop", "index", "lock"});
    private static final Set<String> PARTIAL_REVOKE_ACTIONS = Sets.newHashSet(new String[]{"*", "ALL".toLowerCase(), "select", "insert"});

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/sentry/provider/db/service/persistent/SentryStore$PrivCleaner.class */
    public class PrivCleaner implements Runnable {
        private static final int NOTIFY_THRESHOLD = 50;
        private int currentNotifies = 0;
        private boolean exitRequired = false;
        private final Lock lock = new ReentrantLock();
        private final Condition cond = this.lock.newCondition();

        private PrivCleaner() {
        }

        @Override // java.lang.Runnable
        public void run() {
            while (true) {
                this.lock.lock();
                try {
                    if (this.exitRequired) {
                        return;
                    }
                    while (this.currentNotifies <= NOTIFY_THRESHOLD) {
                        try {
                            this.cond.await();
                        } catch (InterruptedException e) {
                        }
                        if (this.exitRequired) {
                            return;
                        }
                    }
                    this.currentNotifies = 0;
                    this.lock.unlock();
                    try {
                        removeOrphanedPrivileges();
                    } catch (Exception e2) {
                        SentryStore.LOGGER.warn("Privilege cleaning thread encountered an error: " + e2.getMessage());
                    }
                } finally {
                    this.lock.unlock();
                }
            }
        }

        public void incPrivRemoval(int i) {
            if (SentryStore.this.privCleanerThread != null) {
                try {
                    this.lock.lock();
                    this.currentNotifies += i;
                    if (this.currentNotifies > NOTIFY_THRESHOLD) {
                        this.cond.signal();
                    }
                } finally {
                    this.lock.unlock();
                }
            }
        }

        public void incPrivRemoval() {
            incPrivRemoval(1);
        }

        public void exit() {
            if (SentryStore.this.privCleanerThread != null) {
                this.lock.lock();
                try {
                    this.exitRequired = true;
                    this.cond.signal();
                } finally {
                    this.lock.unlock();
                }
            }
        }

        /* JADX WARN: Finally extract failed */
        private void removeOrphanedPrivileges() {
            boolean z = true;
            int i = 0;
            ArrayList arrayList = new ArrayList();
            PersistenceManager persistenceManager = SentryStore.this.pmf.getPersistenceManager();
            try {
                Transaction currentTransaction = persistenceManager.currentTransaction();
                currentTransaction.begin();
                currentTransaction.setRollbackOnly();
                Query newQuery = persistenceManager.newQuery("javax.jdo.query.SQL", "select DB_PRIVILEGE_ID from SENTRY_DB_PRIVILEGE p where not exists ( select 1 from SENTRY_ROLE_DB_PRIVILEGE_MAP d where p.DB_PRIVILEGE_ID != d.DB_PRIVILEGE_ID )");
                newQuery.setClass(MSentryPrivilege.class);
                Iterator it = ((List) newQuery.execute()).iterator();
                while (it.hasNext()) {
                    arrayList.add(persistenceManager.getObjectId((MSentryPrivilege) it.next()));
                }
                currentTransaction.rollback();
                z = false;
                if (0 == 0 || !persistenceManager.currentTransaction().isActive()) {
                    SentryStore.LOGGER.debug("Found {} potential orphans", Integer.valueOf(arrayList.size()));
                } else {
                    persistenceManager.currentTransaction().rollback();
                }
                if (arrayList.isEmpty()) {
                    persistenceManager.close();
                    return;
                }
                Preconditions.checkState(0 == 0);
                boolean z2 = true;
                try {
                    Transaction currentTransaction2 = persistenceManager.currentTransaction();
                    currentTransaction2.begin();
                    persistenceManager.refreshAll();
                    Iterator it2 = arrayList.iterator();
                    while (it2.hasNext()) {
                        MSentryPrivilege mSentryPrivilege = (MSentryPrivilege) persistenceManager.getObjectById(it2.next());
                        if (mSentryPrivilege.getRoles().isEmpty()) {
                            persistenceManager.deletePersistent(mSentryPrivilege);
                            i++;
                        }
                    }
                    currentTransaction2.commit();
                    persistenceManager.close();
                    z2 = false;
                    if (0 != 0) {
                        SentryStore.this.rollbackTransaction(persistenceManager);
                    } else {
                        SentryStore.LOGGER.debug("Cleaned up {} orphaned privileges", Integer.valueOf(i));
                    }
                } catch (Throwable th) {
                    if (z2) {
                        SentryStore.this.rollbackTransaction(persistenceManager);
                    } else {
                        SentryStore.LOGGER.debug("Cleaned up {} orphaned privileges", Integer.valueOf(i));
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                if (z && persistenceManager.currentTransaction().isActive()) {
                    persistenceManager.currentTransaction().rollback();
                } else {
                    SentryStore.LOGGER.debug("Found {} potential orphans", Integer.valueOf(arrayList.size()));
                }
                throw th2;
            }
        }
    }

    public SentryStore(Configuration configuration) throws SentryNoSuchObjectException, SentryAccessDeniedException, SentryConfigurationException, IOException {
        this.privCleaner = null;
        this.privCleanerThread = null;
        this.conf = configuration;
        Properties properties = new Properties();
        properties.putAll(ServiceConstants.ServerConfig.SENTRY_STORE_DEFAULTS);
        String trim = configuration.get(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_URL, "").trim();
        Preconditions.checkArgument(!trim.isEmpty(), "Required parameter sentry.store.jdbc.url is missed");
        String trim2 = configuration.get(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_USER, ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_USER_DEFAULT).trim();
        char[] password = configuration.getPassword(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_PASS);
        if (password == null) {
            throw new SentryConfigurationException("Error reading sentry.store.jdbc.password");
        }
        String str = new String(password);
        String str2 = configuration.get(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_DRIVER, ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_DRIVER_DEFAULT);
        properties.setProperty(ServiceConstants.ServerConfig.JAVAX_JDO_URL, trim);
        properties.setProperty(ServiceConstants.ServerConfig.JAVAX_JDO_USER, trim2);
        properties.setProperty(ServiceConstants.ServerConfig.JAVAX_JDO_PASS, str);
        properties.setProperty(ServiceConstants.ServerConfig.JAVAX_JDO_DRIVER_NAME, str2);
        Iterator it = configuration.iterator();
        while (it.hasNext()) {
            Map.Entry entry = (Map.Entry) it.next();
            String str3 = (String) entry.getKey();
            if (str3.startsWith(ServiceConstants.ServerConfig.SENTRY_JAVAX_JDO_PROPERTY_PREFIX) || str3.startsWith(ServiceConstants.ServerConfig.SENTRY_DATANUCLEUS_PROPERTY_PREFIX)) {
                properties.setProperty(StringUtils.removeStart(str3, ServiceConstants.ServerConfig.SENTRY_DB_PROPERTY_PREFIX), (String) entry.getValue());
            }
        }
        boolean equalsIgnoreCase = configuration.get(ServiceConstants.ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "true").equalsIgnoreCase("true");
        if (!equalsIgnoreCase) {
            properties.setProperty("datanucleus.schema.autoCreateAll", "true");
            properties.setProperty("datanucleus.autoCreateSchema", "true");
            properties.setProperty("datanucleus.fixedDatastore", "false");
        }
        properties.setProperty("datanucleus.NontransactionalRead", "false");
        properties.setProperty("datanucleus.NontransactionalWrite", "false");
        this.pmf = JDOHelper.getPersistenceManagerFactory(properties);
        verifySentryStoreSchema(equalsIgnoreCase);
        this.privCleaner = new PrivCleaner();
        if (configuration.get(ServiceConstants.ServerConfig.SENTRY_STORE_ORPHANED_PRIVILEGE_REMOVAL, "false").equalsIgnoreCase("true")) {
            this.privCleanerThread = new Thread(this.privCleaner);
            this.privCleanerThread.start();
        }
    }

    private void verifySentryStoreSchema(boolean z) throws SentryNoSuchObjectException, SentryAccessDeniedException {
        if (!z) {
            setSentryVersion(SentryStoreSchemaInfo.getSentryVersion(), "Schema version set implicitly");
            return;
        }
        String sentryVersion = getSentryVersion();
        if (!SentryStoreSchemaInfo.getSentryVersion().equals(sentryVersion)) {
            throw new SentryAccessDeniedException("The Sentry store schema version " + sentryVersion + " is different from distribution version " + SentryStoreSchemaInfo.getSentryVersion());
        }
    }

    public synchronized void stop() {
        if (this.privCleanerThread != null) {
            this.privCleaner.exit();
            try {
                this.privCleanerThread.join();
            } catch (InterruptedException e) {
            }
        }
        if (this.pmf != null) {
            this.pmf.close();
        }
    }

    public synchronized PersistenceManager openTransaction() {
        PersistenceManager persistenceManager = this.pmf.getPersistenceManager();
        persistenceManager.currentTransaction().begin();
        return persistenceManager;
    }

    public synchronized CommitContext commitUpdateTransaction(PersistenceManager persistenceManager) {
        commitTransaction(persistenceManager);
        return new CommitContext(SERVER_UUID, incrementGetSequenceId());
    }

    /*  JADX ERROR: Failed to decode insn: 0x0007: MOVE_MULTI, method: org.apache.sentry.provider.db.service.persistent.SentryStore.incrementGetSequenceId():long
        java.lang.ArrayIndexOutOfBoundsException: arraycopy: source index -1 out of bounds for object array[6]
        	at java.base/java.lang.System.arraycopy(Native Method)
        	at jadx.plugins.input.java.data.code.StackState.insert(StackState.java:49)
        	at jadx.plugins.input.java.data.code.CodeDecodeState.insert(CodeDecodeState.java:118)
        	at jadx.plugins.input.java.data.code.JavaInsnsRegister.dup2x1(JavaInsnsRegister.java:313)
        	at jadx.plugins.input.java.data.code.JavaInsnData.decode(JavaInsnData.java:46)
        	at jadx.core.dex.instructions.InsnDecoder.lambda$process$0(InsnDecoder.java:54)
        	at jadx.plugins.input.java.data.code.JavaCodeReader.visitInstructions(JavaCodeReader.java:81)
        	at jadx.core.dex.instructions.InsnDecoder.process(InsnDecoder.java:50)
        	at jadx.core.dex.nodes.MethodNode.load(MethodNode.java:156)
        	at jadx.core.dex.nodes.ClassNode.load(ClassNode.java:443)
        	at jadx.core.ProcessClass.process(ProcessClass.java:70)
        	at jadx.core.ProcessClass.generateCode(ProcessClass.java:110)
        	at jadx.core.dex.nodes.ClassNode.generateClassCode(ClassNode.java:400)
        	at jadx.core.dex.nodes.ClassNode.decompile(ClassNode.java:388)
        	at jadx.core.dex.nodes.ClassNode.getCode(ClassNode.java:338)
        */
    private synchronized long incrementGetSequenceId() {
        /*
            r6 = this;
            r0 = r6
            r1 = r0
            long r1 = r1.commitSequenceId
            r2 = 1
            long r1 = r1 + r2
            // decode failed: arraycopy: source index -1 out of bounds for object array[6]
            r0.commitSequenceId = r1
            return r-1
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.sentry.provider.db.service.persistent.SentryStore.incrementGetSequenceId():long");
    }

    public void commitTransaction(PersistenceManager persistenceManager) {
        Transaction currentTransaction = persistenceManager.currentTransaction();
        try {
            Preconditions.checkState(currentTransaction.isActive(), "Transaction is not active");
            currentTransaction.commit();
        } finally {
            persistenceManager.close();
        }
    }

    public void rollbackTransaction(PersistenceManager persistenceManager) {
        if (persistenceManager == null || persistenceManager.isClosed()) {
            return;
        }
        Transaction currentTransaction = persistenceManager.currentTransaction();
        if (currentTransaction.isActive()) {
            try {
                currentTransaction.rollback();
            } finally {
                persistenceManager.close();
            }
        }
    }

    public MSentryRole getMSentryRole(PersistenceManager persistenceManager, String str) {
        Query newQuery = persistenceManager.newQuery(MSentryRole.class);
        newQuery.setFilter("this.roleName == t");
        newQuery.declareParameters("java.lang.String t");
        newQuery.setUnique(true);
        return (MSentryRole) newQuery.execute(str);
    }

    private String trimAndLower(String str) {
        return str.trim().toLowerCase();
    }

    public CommitContext createSentryRole(String str) throws SentryAlreadyExistsException {
        String trimAndLower = trimAndLower(str);
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            createSentryRoleCore(persistenceManager, trimAndLower);
            CommitContext commitUpdateTransaction = commitUpdateTransaction(persistenceManager);
            z = false;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return commitUpdateTransaction;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    private void createSentryRoleCore(PersistenceManager persistenceManager, String str) throws SentryAlreadyExistsException {
        if (getMSentryRole(persistenceManager, str) != null) {
            throw new SentryAlreadyExistsException("Role: " + str);
        }
        persistenceManager.makePersistent(new MSentryRole(str, System.currentTimeMillis()));
    }

    private <T> Long getCount(Class<T> cls) {
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            Query newQuery = persistenceManager.newQuery();
            newQuery.setClass(cls);
            newQuery.setResult("count(this)");
            Long l = (Long) newQuery.execute();
            if (persistenceManager != null) {
                commitTransaction(persistenceManager);
            }
            return l;
        } catch (Throwable th) {
            if (persistenceManager != null) {
                commitTransaction(persistenceManager);
            }
            throw th;
        }
    }

    public Gauge<Long> getRoleCountGauge() {
        return new Gauge<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.1
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m399getValue() {
                return SentryStore.this.getCount(MSentryRole.class);
            }
        };
    }

    public Gauge<Long> getPrivilegeCountGauge() {
        return new Gauge<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.2
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m400getValue() {
                return SentryStore.this.getCount(MSentryPrivilege.class);
            }
        };
    }

    public Gauge<Long> getGroupCountGauge() {
        return new Gauge<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.3
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m401getValue() {
                return SentryStore.this.getCount(MSentryGroup.class);
            }
        };
    }

    @VisibleForTesting
    long countMSentryPrivileges() {
        return getCount(MSentryPrivilege.class).longValue();
    }

    @VisibleForTesting
    void clearAllTables() {
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            persistenceManager.newQuery(MSentryRole.class).deletePersistentAll();
            persistenceManager.newQuery(MSentryGroup.class).deletePersistentAll();
            persistenceManager.newQuery(MSentryPrivilege.class).deletePersistentAll();
            commitUpdateTransaction(persistenceManager);
            z = false;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    public CommitContext alterSentryRoleGrantPrivilege(String str, String str2, TSentryPrivilege tSentryPrivilege) throws SentryUserException {
        return alterSentryRoleGrantPrivileges(str, str2, Sets.newHashSet(new TSentryPrivilege[]{tSentryPrivilege}));
    }

    public CommitContext alterSentryRoleGrantPrivileges(String str, String str2, Set<TSentryPrivilege> set) throws SentryUserException {
        boolean z = true;
        PersistenceManager persistenceManager = null;
        String trimAndLower = trimAndLower(str2);
        try {
            persistenceManager = openTransaction();
            for (TSentryPrivilege tSentryPrivilege : set) {
                grantOptionCheck(persistenceManager, str, tSentryPrivilege);
                MSentryPrivilege alterSentryRoleGrantPrivilegeCore = alterSentryRoleGrantPrivilegeCore(persistenceManager, trimAndLower, tSentryPrivilege);
                if (alterSentryRoleGrantPrivilegeCore != null) {
                    convertToTSentryPrivilege(alterSentryRoleGrantPrivilegeCore, tSentryPrivilege);
                }
            }
            CommitContext commitUpdateTransaction = commitUpdateTransaction(persistenceManager);
            z = false;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return commitUpdateTransaction;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    private MSentryPrivilege alterSentryRoleGrantPrivilegeCore(PersistenceManager persistenceManager, String str, TSentryPrivilege tSentryPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException {
        MSentryRole mSentryRole = getMSentryRole(persistenceManager, str);
        if (mSentryRole == null) {
            throw new SentryNoSuchObjectException("Role: " + str + " doesn't exist");
        }
        if (!isNULL(tSentryPrivilege.getColumnName()) || !isNULL(tSentryPrivilege.getTableName()) || !isNULL(tSentryPrivilege.getDbName())) {
            if ("*".equalsIgnoreCase(tSentryPrivilege.getAction()) || "ALL".equalsIgnoreCase(tSentryPrivilege.getAction())) {
                TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege(tSentryPrivilege);
                tSentryPrivilege2.setAction("select");
                MSentryPrivilege mSentryPrivilege = getMSentryPrivilege(tSentryPrivilege2, persistenceManager);
                tSentryPrivilege2.setAction("insert");
                MSentryPrivilege mSentryPrivilege2 = getMSentryPrivilege(tSentryPrivilege2, persistenceManager);
                if (mSentryPrivilege != null && mSentryRole.getPrivileges().contains(mSentryPrivilege)) {
                    mSentryPrivilege.removeRole(mSentryRole);
                    this.privCleaner.incPrivRemoval();
                    persistenceManager.makePersistent(mSentryPrivilege);
                }
                if (mSentryPrivilege2 != null && mSentryRole.getPrivileges().contains(mSentryPrivilege2)) {
                    mSentryPrivilege2.removeRole(mSentryRole);
                    this.privCleaner.incPrivRemoval();
                    persistenceManager.makePersistent(mSentryPrivilege2);
                }
            } else {
                TSentryPrivilege tSentryPrivilege3 = new TSentryPrivilege(tSentryPrivilege);
                tSentryPrivilege3.setAction("*");
                MSentryPrivilege mSentryPrivilege3 = getMSentryPrivilege(tSentryPrivilege3, persistenceManager);
                tSentryPrivilege3.setAction("ALL");
                MSentryPrivilege mSentryPrivilege4 = getMSentryPrivilege(tSentryPrivilege3, persistenceManager);
                if (mSentryPrivilege3 != null && mSentryRole.getPrivileges().contains(mSentryPrivilege3)) {
                    return null;
                }
                if (mSentryPrivilege4 != null && mSentryRole.getPrivileges().contains(mSentryPrivilege4)) {
                    return null;
                }
            }
        }
        MSentryPrivilege mSentryPrivilege5 = getMSentryPrivilege(tSentryPrivilege, persistenceManager);
        if (mSentryPrivilege5 == null) {
            mSentryPrivilege5 = convertToMSentryPrivilege(tSentryPrivilege);
        }
        mSentryPrivilege5.appendRole(mSentryRole);
        persistenceManager.makePersistent(mSentryRole);
        persistenceManager.makePersistent(mSentryPrivilege5);
        return mSentryPrivilege5;
    }

    public CommitContext alterSentryRoleRevokePrivilege(String str, String str2, TSentryPrivilege tSentryPrivilege) throws SentryUserException {
        return alterSentryRoleRevokePrivileges(str, str2, Sets.newHashSet(new TSentryPrivilege[]{tSentryPrivilege}));
    }

    public CommitContext alterSentryRoleRevokePrivileges(String str, String str2, Set<TSentryPrivilege> set) throws SentryUserException {
        boolean z = true;
        PersistenceManager persistenceManager = null;
        String safeTrimLower = safeTrimLower(str2);
        try {
            persistenceManager = openTransaction();
            for (TSentryPrivilege tSentryPrivilege : set) {
                grantOptionCheck(persistenceManager, str, tSentryPrivilege);
                alterSentryRoleRevokePrivilegeCore(persistenceManager, safeTrimLower, tSentryPrivilege);
            }
            CommitContext commitUpdateTransaction = commitUpdateTransaction(persistenceManager);
            z = false;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return commitUpdateTransaction;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    private void alterSentryRoleRevokePrivilegeCore(PersistenceManager persistenceManager, String str, TSentryPrivilege tSentryPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException {
        Query newQuery = persistenceManager.newQuery(MSentryRole.class);
        newQuery.setFilter("this.roleName == t");
        newQuery.declareParameters("java.lang.String t");
        newQuery.setUnique(true);
        MSentryRole mSentryRole = (MSentryRole) newQuery.execute(str);
        if (mSentryRole == null) {
            throw new SentryNoSuchObjectException("Role: " + str + " doesn't exist");
        }
        persistenceManager.newQuery(MSentryPrivilege.class);
        MSentryPrivilege mSentryPrivilege = getMSentryPrivilege(tSentryPrivilege, persistenceManager);
        MSentryPrivilege convertToMSentryPrivilege = mSentryPrivilege == null ? convertToMSentryPrivilege(tSentryPrivilege) : (MSentryPrivilege) persistenceManager.detachCopy(mSentryPrivilege);
        HashSet newHashSet = Sets.newHashSet();
        if (convertToMSentryPrivilege.getGrantOption() != null) {
            newHashSet.add(convertToMSentryPrivilege);
        } else {
            MSentryPrivilege mSentryPrivilege2 = new MSentryPrivilege(convertToMSentryPrivilege);
            mSentryPrivilege2.setGrantOption(true);
            newHashSet.add(mSentryPrivilege2);
            MSentryPrivilege mSentryPrivilege3 = new MSentryPrivilege(convertToMSentryPrivilege);
            mSentryPrivilege3.setGrantOption(false);
            newHashSet.add(mSentryPrivilege3);
        }
        populateChildren(persistenceManager, Sets.newHashSet(new String[]{str}), convertToMSentryPrivilege, newHashSet);
        Iterator<MSentryPrivilege> it = newHashSet.iterator();
        while (it.hasNext()) {
            revokePrivilegeFromRole(persistenceManager, tSentryPrivilege, mSentryRole, it.next());
        }
        persistenceManager.makePersistent(mSentryRole);
    }

    private void revokePartial(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege, MSentryRole mSentryRole, MSentryPrivilege mSentryPrivilege) throws SentryInvalidInputException {
        MSentryPrivilege mSentryPrivilege2 = getMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege), persistenceManager);
        if (mSentryPrivilege2 == null) {
            mSentryPrivilege2 = convertToMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege));
        }
        if (tSentryPrivilege.getAction().equalsIgnoreCase("ALL") || tSentryPrivilege.getAction().equalsIgnoreCase("*")) {
            mSentryPrivilege2.removeRole(mSentryRole);
            this.privCleaner.incPrivRemoval();
            persistenceManager.makePersistent(mSentryPrivilege2);
        } else if (tSentryPrivilege.getAction().equalsIgnoreCase("select") && !mSentryPrivilege.getAction().equalsIgnoreCase("insert")) {
            revokeRolePartial(persistenceManager, mSentryRole, mSentryPrivilege, mSentryPrivilege2, "insert");
        } else {
            if (!tSentryPrivilege.getAction().equalsIgnoreCase("insert") || mSentryPrivilege.getAction().equalsIgnoreCase("select")) {
                return;
            }
            revokeRolePartial(persistenceManager, mSentryRole, mSentryPrivilege, mSentryPrivilege2, "select");
        }
    }

    private void revokeRolePartial(PersistenceManager persistenceManager, MSentryRole mSentryRole, MSentryPrivilege mSentryPrivilege, MSentryPrivilege mSentryPrivilege2, String str) throws SentryInvalidInputException {
        mSentryPrivilege2.removeRole(mSentryRole);
        this.privCleaner.incPrivRemoval();
        persistenceManager.makePersistent(mSentryPrivilege2);
        mSentryPrivilege.setAction("*");
        MSentryPrivilege mSentryPrivilege3 = getMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege), persistenceManager);
        if (mSentryPrivilege3 == null || !mSentryRole.getPrivileges().contains(mSentryPrivilege3)) {
            return;
        }
        mSentryPrivilege3.removeRole(mSentryRole);
        this.privCleaner.incPrivRemoval();
        persistenceManager.makePersistent(mSentryPrivilege3);
        mSentryPrivilege.setAction(str);
        MSentryPrivilege mSentryPrivilege4 = getMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege), persistenceManager);
        if (mSentryPrivilege4 == null) {
            mSentryPrivilege4 = convertToMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege));
            mSentryRole.appendPrivilege(mSentryPrivilege4);
        }
        mSentryPrivilege4.appendRole(mSentryRole);
        persistenceManager.makePersistent(mSentryPrivilege4);
    }

    private void revokePrivilegeFromRole(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege, MSentryRole mSentryRole, MSentryPrivilege mSentryPrivilege) throws SentryInvalidInputException {
        if (PARTIAL_REVOKE_ACTIONS.contains(mSentryPrivilege.getAction())) {
            revokePartial(persistenceManager, tSentryPrivilege, mSentryRole, mSentryPrivilege);
            return;
        }
        MSentryPrivilege mSentryPrivilege2 = getMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege), persistenceManager);
        if (mSentryPrivilege2 != null) {
            mSentryPrivilege.removeRole(mSentryRole);
            this.privCleaner.incPrivRemoval();
            persistenceManager.makePersistent(mSentryPrivilege2);
        }
    }

    private void populateChildren(PersistenceManager persistenceManager, Set<String> set, MSentryPrivilege mSentryPrivilege, Set<MSentryPrivilege> set2) throws SentryInvalidInputException {
        Preconditions.checkNotNull(persistenceManager);
        if (isNULL(mSentryPrivilege.getServerName()) && isNULL(mSentryPrivilege.getDbName()) && isNULL(mSentryPrivilege.getTableName())) {
            return;
        }
        for (MSentryPrivilege mSentryPrivilege2 : getChildPrivileges(persistenceManager, set, mSentryPrivilege)) {
            if (!isNULL(mSentryPrivilege2.getDbName()) && !isNULL(mSentryPrivilege2.getTableName()) && !isNULL(mSentryPrivilege2.getColumnName())) {
                populateChildren(persistenceManager, set, mSentryPrivilege2, set2);
            }
            if (!mSentryPrivilege.isActionALL()) {
                if (mSentryPrivilege2.isActionALL()) {
                    mSentryPrivilege2.setAction(mSentryPrivilege.getAction());
                }
                if (!mSentryPrivilege.implies(mSentryPrivilege2)) {
                }
            }
            set2.add(mSentryPrivilege2);
        }
    }

    private Set<MSentryPrivilege> getChildPrivileges(PersistenceManager persistenceManager, Set<String> set, MSentryPrivilege mSentryPrivilege) throws SentryInvalidInputException {
        if (!isNULL(mSentryPrivilege.getColumnName()) || !isNULL(mSentryPrivilege.getURI())) {
            return new HashSet();
        }
        Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
        newQuery.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role");
        LinkedList linkedList = new LinkedList();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            linkedList.add("role.roleName == \"" + it.next().trim().toLowerCase() + "\"");
        }
        StringBuilder sb = new StringBuilder("roles.contains(role) && (" + Joiner.on(" || ").join(linkedList) + ")");
        sb.append(" && serverName == \"" + mSentryPrivilege.getServerName() + "\"");
        if (isNULL(mSentryPrivilege.getDbName())) {
            sb.append(" && (dbName != \"__NULL__\" || URI != \"__NULL__\")");
        } else {
            sb.append(" && dbName == \"" + mSentryPrivilege.getDbName() + "\"");
            if (isNULL(mSentryPrivilege.getTableName())) {
                sb.append(" && tableName != \"__NULL__\"");
            } else {
                sb.append(" && tableName == \"" + mSentryPrivilege.getTableName() + "\"");
                sb.append(" && columnName != \"__NULL__\"");
            }
        }
        newQuery.setFilter(sb.toString());
        newQuery.setResult("privilegeScope, serverName, dbName, tableName, columnName, URI, action, grantOption");
        HashSet hashSet = new HashSet();
        for (Object[] objArr : (List) newQuery.execute()) {
            MSentryPrivilege mSentryPrivilege2 = new MSentryPrivilege();
            mSentryPrivilege2.setPrivilegeScope((String) objArr[0]);
            mSentryPrivilege2.setServerName((String) objArr[1]);
            mSentryPrivilege2.setDbName((String) objArr[2]);
            mSentryPrivilege2.setTableName((String) objArr[3]);
            mSentryPrivilege2.setColumnName((String) objArr[4]);
            mSentryPrivilege2.setURI((String) objArr[5]);
            mSentryPrivilege2.setAction((String) objArr[6]);
            mSentryPrivilege2.setGrantOption((Boolean) objArr[7]);
            hashSet.add(mSentryPrivilege2);
        }
        return hashSet;
    }

    private List<MSentryPrivilege> getMSentryPrivileges(TSentryPrivilege tSentryPrivilege, PersistenceManager persistenceManager) {
        Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
        StringBuilder sb = new StringBuilder("this.serverName == \"" + toNULLCol(safeTrimLower(tSentryPrivilege.getServerName())) + "\" ");
        if (!isNULL(tSentryPrivilege.getDbName())) {
            sb.append("&& this.dbName == \"" + toNULLCol(safeTrimLower(tSentryPrivilege.getDbName())) + "\" ");
            if (!isNULL(tSentryPrivilege.getTableName())) {
                sb.append("&& this.tableName == \"" + toNULLCol(safeTrimLower(tSentryPrivilege.getTableName())) + "\" ");
                if (!isNULL(tSentryPrivilege.getColumnName())) {
                    sb.append("&& this.columnName == \"" + toNULLCol(safeTrimLower(tSentryPrivilege.getColumnName())) + "\" ");
                }
            }
        } else if (!isNULL(tSentryPrivilege.getURI())) {
            sb.append("&& this.URI == \"" + toNULLCol(safeTrim(tSentryPrivilege.getURI())) + "\" ");
        }
        sb.append("&& this.action == \"" + toNULLCol(safeTrimLower(tSentryPrivilege.getAction())) + "\"");
        newQuery.setFilter(sb.toString());
        return (List) newQuery.execute();
    }

    private MSentryPrivilege getMSentryPrivilege(TSentryPrivilege tSentryPrivilege, PersistenceManager persistenceManager) {
        Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
        newQuery.setFilter("this.serverName == \"" + toNULLCol(safeTrimLower(tSentryPrivilege.getServerName())) + "\" && this.dbName == \"" + toNULLCol(safeTrimLower(tSentryPrivilege.getDbName())) + "\" && this.tableName == \"" + toNULLCol(safeTrimLower(tSentryPrivilege.getTableName())) + "\" && this.columnName == \"" + toNULLCol(safeTrimLower(tSentryPrivilege.getColumnName())) + "\" && this.URI == \"" + toNULLCol(safeTrim(tSentryPrivilege.getURI())) + "\" && this.grantOption == grantOption && this.action == \"" + toNULLCol(safeTrimLower(tSentryPrivilege.getAction())) + "\"");
        newQuery.declareParameters("Boolean grantOption");
        newQuery.setUnique(true);
        Boolean bool = null;
        if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE)) {
            bool = true;
        } else if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.FALSE)) {
            bool = false;
        }
        Object execute = newQuery.execute(bool);
        if (execute != null) {
            return (MSentryPrivilege) execute;
        }
        return null;
    }

    public CommitContext dropSentryRole(String str) throws SentryNoSuchObjectException {
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            dropSentryRoleCore(persistenceManager, str);
            CommitContext commitUpdateTransaction = commitUpdateTransaction(persistenceManager);
            z = false;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return commitUpdateTransaction;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    private void dropSentryRoleCore(PersistenceManager persistenceManager, String str) throws SentryNoSuchObjectException {
        String lowerCase = str.trim().toLowerCase();
        Query newQuery = persistenceManager.newQuery(MSentryRole.class);
        newQuery.setFilter("this.roleName == t");
        newQuery.declareParameters("java.lang.String t");
        newQuery.setUnique(true);
        MSentryRole mSentryRole = (MSentryRole) newQuery.execute(lowerCase);
        if (mSentryRole == null) {
            throw new SentryNoSuchObjectException("Role: " + lowerCase + " doesn't exist");
        }
        persistenceManager.retrieve(mSentryRole);
        int size = mSentryRole.getPrivileges().size();
        mSentryRole.removePrivileges();
        mSentryRole.removeGMPrivileges();
        this.privCleaner.incPrivRemoval(size);
        persistenceManager.deletePersistent(mSentryRole);
    }

    public CommitContext alterSentryRoleAddGroups(String str, String str2, Set<TSentryGroup> set) throws SentryNoSuchObjectException {
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            alterSentryRoleAddGroupsCore(persistenceManager, str2, set);
            CommitContext commitUpdateTransaction = commitUpdateTransaction(persistenceManager);
            z = false;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return commitUpdateTransaction;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    private void alterSentryRoleAddGroupsCore(PersistenceManager persistenceManager, String str, Set<TSentryGroup> set) throws SentryNoSuchObjectException {
        String lowerCase = str.trim().toLowerCase();
        Query newQuery = persistenceManager.newQuery(MSentryRole.class);
        newQuery.setFilter("this.roleName == t");
        newQuery.declareParameters("java.lang.String t");
        newQuery.setUnique(true);
        MSentryRole mSentryRole = (MSentryRole) newQuery.execute(lowerCase);
        if (mSentryRole == null) {
            throw new SentryNoSuchObjectException("Role: " + lowerCase + " doesn't exist");
        }
        Query newQuery2 = persistenceManager.newQuery(MSentryGroup.class);
        newQuery2.setFilter("this.groupName == t");
        newQuery2.declareParameters("java.lang.String t");
        newQuery2.setUnique(true);
        ArrayList newArrayList = Lists.newArrayList();
        Iterator<TSentryGroup> it = set.iterator();
        while (it.hasNext()) {
            String trim = it.next().getGroupName().trim();
            MSentryGroup mSentryGroup = (MSentryGroup) newQuery2.execute(trim);
            if (mSentryGroup == null) {
                mSentryGroup = new MSentryGroup(trim, System.currentTimeMillis(), Sets.newHashSet(new MSentryRole[]{mSentryRole}));
            }
            mSentryGroup.appendRole(mSentryRole);
            newArrayList.add(mSentryGroup);
        }
        persistenceManager.makePersistentAll(newArrayList);
    }

    public CommitContext alterSentryRoleDeleteGroups(String str, Set<TSentryGroup> set) throws SentryNoSuchObjectException {
        String lowerCase = str.trim().toLowerCase();
        try {
            PersistenceManager openTransaction = openTransaction();
            Query newQuery = openTransaction.newQuery(MSentryRole.class);
            newQuery.setFilter("this.roleName == t");
            newQuery.declareParameters("java.lang.String t");
            newQuery.setUnique(true);
            MSentryRole mSentryRole = (MSentryRole) newQuery.execute(lowerCase);
            if (mSentryRole == null) {
                throw new SentryNoSuchObjectException("Role: " + lowerCase + " doesn't exist");
            }
            Query newQuery2 = openTransaction.newQuery(MSentryGroup.class);
            newQuery2.setFilter("this.groupName == t");
            newQuery2.declareParameters("java.lang.String t");
            newQuery2.setUnique(true);
            ArrayList newArrayList = Lists.newArrayList();
            Iterator<TSentryGroup> it = set.iterator();
            while (it.hasNext()) {
                MSentryGroup mSentryGroup = (MSentryGroup) newQuery2.execute(it.next().getGroupName().trim());
                if (mSentryGroup != null) {
                    mSentryGroup.removeRole(mSentryRole);
                    newArrayList.add(mSentryGroup);
                }
            }
            openTransaction.makePersistentAll(newArrayList);
            CommitContext commitUpdateTransaction = commitUpdateTransaction(openTransaction);
            if (0 != 0) {
                rollbackTransaction(openTransaction);
            }
            return commitUpdateTransaction;
        } catch (Throwable th) {
            if (1 != 0) {
                rollbackTransaction(null);
            }
            throw th;
        }
    }

    @VisibleForTesting
    MSentryRole getMSentryRoleByName(String str) throws SentryNoSuchObjectException {
        String lowerCase = str.trim().toLowerCase();
        try {
            PersistenceManager openTransaction = openTransaction();
            Query newQuery = openTransaction.newQuery(MSentryRole.class);
            newQuery.setFilter("this.roleName == t");
            newQuery.declareParameters("java.lang.String t");
            newQuery.setUnique(true);
            MSentryRole mSentryRole = (MSentryRole) newQuery.execute(lowerCase);
            if (mSentryRole == null) {
                throw new SentryNoSuchObjectException("Role: " + lowerCase + " doesn't exist");
            }
            openTransaction.retrieve(mSentryRole);
            commitTransaction(openTransaction);
            if (0 != 0) {
                rollbackTransaction(openTransaction);
            }
            return mSentryRole;
        } catch (Throwable th) {
            if (1 != 0) {
                rollbackTransaction(null);
            }
            throw th;
        }
    }

    private boolean hasAnyServerPrivileges(Set<String> set, String str) {
        if (set == null || set.isEmpty()) {
            return false;
        }
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
            newQuery.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role");
            LinkedList linkedList = new LinkedList();
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                linkedList.add("role.roleName == \"" + it.next().trim().toLowerCase() + "\"");
            }
            newQuery.setFilter(("roles.contains(role) && (" + Joiner.on(" || ").join(linkedList) + ") ") + ("&& serverName == \"" + str.trim().toLowerCase() + "\""));
            newQuery.setResult("count(this)");
            Long l = (Long) newQuery.execute();
            z = false;
            commitTransaction(persistenceManager);
            boolean z2 = l.longValue() > 0;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return z2;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    List<MSentryPrivilege> getMSentryPrivileges(Set<String> set, TSentryAuthorizable tSentryAuthorizable) {
        if (set == null || set.isEmpty()) {
            return new ArrayList();
        }
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
            newQuery.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role");
            LinkedList linkedList = new LinkedList();
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                linkedList.add("role.roleName == \"" + it.next().trim().toLowerCase() + "\"");
            }
            StringBuilder sb = new StringBuilder("roles.contains(role) && (" + Joiner.on(" || ").join(linkedList) + ") ");
            if (tSentryAuthorizable != null && tSentryAuthorizable.getServer() != null) {
                sb.append("&& serverName == \"" + tSentryAuthorizable.getServer().toLowerCase() + "\"");
                if (tSentryAuthorizable.getDb() != null) {
                    sb.append(" && ((dbName == \"" + tSentryAuthorizable.getDb().toLowerCase().replace("`", "") + "\") || (dbName == \"__NULL__\")) && (URI == \"__NULL__\")");
                    if (tSentryAuthorizable.getTable() != null && !"*".equalsIgnoreCase(tSentryAuthorizable.getTable())) {
                        if (!"+".equalsIgnoreCase(tSentryAuthorizable.getTable())) {
                            sb.append(" && ((tableName == \"" + tSentryAuthorizable.getTable().toLowerCase() + "\") || (tableName == \"__NULL__\")) && (URI == \"__NULL__\")");
                        }
                        if (tSentryAuthorizable.getColumn() != null && !"*".equalsIgnoreCase(tSentryAuthorizable.getColumn()) && !"+".equalsIgnoreCase(tSentryAuthorizable.getColumn())) {
                            sb.append(" && ((columnName == \"" + tSentryAuthorizable.getColumn().toLowerCase() + "\") || (columnName == \"__NULL__\")) && (URI == \"__NULL__\")");
                        }
                    }
                }
                if (tSentryAuthorizable.getUri() != null) {
                    sb.append(" && ((URI != \"__NULL__\") && (\"" + tSentryAuthorizable.getUri() + "\".startsWith(URI)) || (URI == \"__NULL__\")) && (dbName == \"__NULL__\")");
                }
            }
            newQuery.setFilter(sb.toString());
            List<MSentryPrivilege> list = (List) newQuery.execute();
            z = false;
            commitTransaction(persistenceManager);
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return list;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    List<MSentryPrivilege> getMSentryPrivilegesByAuth(Set<String> set, TSentryAuthorizable tSentryAuthorizable) {
        try {
            PersistenceManager openTransaction = openTransaction();
            Query newQuery = openTransaction.newQuery(MSentryPrivilege.class);
            StringBuilder sb = new StringBuilder();
            if (set == null || set.isEmpty()) {
                sb.append(" !roles.isEmpty() ");
            } else {
                newQuery.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role");
                LinkedList linkedList = new LinkedList();
                Iterator<String> it = set.iterator();
                while (it.hasNext()) {
                    linkedList.add("role.roleName == \"" + it.next().trim().toLowerCase() + "\"");
                }
                sb.append("roles.contains(role) && (" + Joiner.on(" || ").join(linkedList) + ") ");
            }
            if (tSentryAuthorizable.getServer() == null) {
                ArrayList arrayList = new ArrayList();
                if (1 != 0) {
                    rollbackTransaction(openTransaction);
                }
                return arrayList;
            }
            sb.append("&& serverName == \"" + tSentryAuthorizable.getServer().toLowerCase() + "\"");
            if (tSentryAuthorizable.getDb() != null) {
                sb.append(" && (dbName == \"" + tSentryAuthorizable.getDb().toLowerCase() + "\") && (URI == \"__NULL__\")");
                if (tSentryAuthorizable.getTable() != null) {
                    sb.append(" && (tableName == \"" + tSentryAuthorizable.getTable().toLowerCase() + "\")");
                } else {
                    sb.append(" && (tableName == \"__NULL__\")");
                }
            } else if (tSentryAuthorizable.getUri() != null) {
                sb.append(" && (URI != \"__NULL__\") && (\"" + tSentryAuthorizable.getUri() + "\".startsWith(URI)) && (dbName == \"__NULL__\")");
            } else {
                sb.append(" && (dbName == \"__NULL__\") && (URI == \"__NULL__\")");
            }
            openTransaction.getFetchGroup(MSentryPrivilege.class, "fetchRole").addMember("roles");
            openTransaction.getFetchPlan().addGroup("fetchRole");
            newQuery.setFilter(sb.toString());
            List<MSentryPrivilege> list = (List) newQuery.execute();
            commitTransaction(openTransaction);
            if (0 != 0) {
                rollbackTransaction(openTransaction);
            }
            return list;
        } catch (Throwable th) {
            if (1 != 0) {
                rollbackTransaction(null);
            }
            throw th;
        }
    }

    public TSentryPrivilegeMap listSentryPrivilegesByAuthorizable(Set<String> set, TSentryActiveRoleSet tSentryActiveRoleSet, TSentryAuthorizable tSentryAuthorizable, boolean z) throws SentryInvalidInputException {
        TreeMap newTreeMap = Maps.newTreeMap();
        Set<String> newHashSet = Sets.newHashSet();
        if (set != null && !set.isEmpty()) {
            newHashSet = getRolesToQuery(set, new TSentryActiveRoleSet(true, null));
        }
        if (tSentryActiveRoleSet != null && !tSentryActiveRoleSet.isAll()) {
            Iterator<String> it = tSentryActiveRoleSet.getRoles().iterator();
            while (it.hasNext()) {
                newHashSet.add(it.next().toLowerCase());
            }
        }
        if (z || !newHashSet.isEmpty()) {
            for (MSentryPrivilege mSentryPrivilege : getMSentryPrivilegesByAuth(newHashSet, tSentryAuthorizable)) {
                for (MSentryRole mSentryRole : mSentryPrivilege.getRoles()) {
                    TSentryPrivilege convertToTSentryPrivilege = convertToTSentryPrivilege(mSentryPrivilege);
                    if (newTreeMap.containsKey(mSentryRole.getRoleName())) {
                        ((Set) newTreeMap.get(mSentryRole.getRoleName())).add(convertToTSentryPrivilege);
                    } else {
                        TreeSet newTreeSet = Sets.newTreeSet();
                        newTreeSet.add(convertToTSentryPrivilege);
                        newTreeMap.put(mSentryRole.getRoleName(), newTreeSet);
                    }
                }
            }
        }
        return new TSentryPrivilegeMap(newTreeMap);
    }

    private Set<MSentryPrivilege> getMSentryPrivilegesByRoleName(String str) throws SentryNoSuchObjectException {
        return getMSentryRoleByName(str).getPrivileges();
    }

    public Set<TSentryPrivilege> getAllTSentryPrivilegesByRoleName(String str) throws SentryNoSuchObjectException {
        return convertToTSentryPrivileges(getMSentryPrivilegesByRoleName(str));
    }

    public Set<TSentryPrivilege> getTSentryPrivileges(Set<String> set, TSentryAuthorizable tSentryAuthorizable) throws SentryInvalidInputException {
        if (tSentryAuthorizable.getServer() == null) {
            throw new SentryInvalidInputException("serverName cannot be null !!");
        }
        if (tSentryAuthorizable.getTable() != null && tSentryAuthorizable.getDb() == null) {
            throw new SentryInvalidInputException("dbName cannot be null when tableName is present !!");
        }
        if (tSentryAuthorizable.getColumn() != null && tSentryAuthorizable.getTable() == null) {
            throw new SentryInvalidInputException("tableName cannot be null when columnName is present !!");
        }
        if (tSentryAuthorizable.getUri() == null && tSentryAuthorizable.getDb() == null) {
            throw new SentryInvalidInputException("One of uri or dbName must not be null !!");
        }
        return convertToTSentryPrivileges(getMSentryPrivileges(set, tSentryAuthorizable));
    }

    private Set<MSentryRole> getMSentryRolesByGroupName(String str) throws SentryNoSuchObjectException {
        Set<MSentryRole> roles;
        try {
            PersistenceManager openTransaction = openTransaction();
            if (str == null) {
                roles = new HashSet((List) openTransaction.newQuery(MSentryRole.class).execute());
            } else {
                Query newQuery = openTransaction.newQuery(MSentryGroup.class);
                String trim = str.trim();
                newQuery.setFilter("this.groupName == t");
                newQuery.declareParameters("java.lang.String t");
                newQuery.setUnique(true);
                MSentryGroup mSentryGroup = (MSentryGroup) newQuery.execute(trim);
                if (mSentryGroup == null) {
                    throw new SentryNoSuchObjectException("Group: " + trim + " doesn't exist");
                }
                openTransaction.retrieve(mSentryGroup);
                roles = mSentryGroup.getRoles();
            }
            Iterator<MSentryRole> it = roles.iterator();
            while (it.hasNext()) {
                openTransaction.retrieve(it.next());
            }
            commitTransaction(openTransaction);
            Set<MSentryRole> set = roles;
            if (0 != 0) {
                rollbackTransaction(openTransaction);
            }
            return set;
        } catch (Throwable th) {
            if (1 != 0) {
                rollbackTransaction(null);
            }
            throw th;
        }
    }

    public Set<TSentryRole> getTSentryRolesByGroupName(Set<String> set, boolean z) throws SentryNoSuchObjectException {
        HashSet newHashSet = Sets.newHashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            try {
                newHashSet.addAll(getMSentryRolesByGroupName(it.next()));
            } catch (SentryNoSuchObjectException e) {
                if (!z) {
                    throw e;
                }
            }
        }
        return convertToTSentryRoles(newHashSet);
    }

    public Set<String> getRoleNamesForGroups(Set<String> set) {
        HashSet hashSet = new HashSet();
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            Query newQuery = persistenceManager.newQuery(MSentryGroup.class);
            newQuery.setFilter("this.groupName == t");
            newQuery.declareParameters("java.lang.String t");
            newQuery.setUnique(true);
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                MSentryGroup mSentryGroup = (MSentryGroup) newQuery.execute(it.next().trim());
                if (mSentryGroup != null) {
                    Iterator<MSentryRole> it2 = mSentryGroup.getRoles().iterator();
                    while (it2.hasNext()) {
                        hashSet.add(it2.next().getRoleName());
                    }
                }
            }
            z = false;
            commitTransaction(persistenceManager);
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return hashSet;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    public Set<MSentryRole> getRolesForGroups(PersistenceManager persistenceManager, Set<String> set) {
        HashSet hashSet = new HashSet();
        Query newQuery = persistenceManager.newQuery(MSentryGroup.class);
        newQuery.setFilter("this.groupName == t");
        newQuery.declareParameters("java.lang.String t");
        newQuery.setUnique(true);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            MSentryGroup mSentryGroup = (MSentryGroup) newQuery.execute(it.next().trim());
            if (mSentryGroup != null) {
                hashSet.addAll(mSentryGroup.getRoles());
            }
        }
        return hashSet;
    }

    public Set<String> listAllSentryPrivilegesForProvider(Set<String> set, TSentryActiveRoleSet tSentryActiveRoleSet) throws SentryInvalidInputException {
        return listSentryPrivilegesForProvider(set, tSentryActiveRoleSet, null);
    }

    public Set<String> listSentryPrivilegesForProvider(Set<String> set, TSentryActiveRoleSet tSentryActiveRoleSet, TSentryAuthorizable tSentryAuthorizable) throws SentryInvalidInputException {
        HashSet newHashSet = Sets.newHashSet();
        Iterator<MSentryPrivilege> it = getMSentryPrivileges(getRolesToQuery(set, tSentryActiveRoleSet), tSentryAuthorizable).iterator();
        while (it.hasNext()) {
            newHashSet.add(toAuthorizable(it.next()));
        }
        return newHashSet;
    }

    public boolean hasAnyServerPrivileges(Set<String> set, TSentryActiveRoleSet tSentryActiveRoleSet, String str) {
        return hasAnyServerPrivileges(getRolesToQuery(set, tSentryActiveRoleSet), str);
    }

    private Set<String> getRolesToQuery(Set<String> set, TSentryActiveRoleSet tSentryActiveRoleSet) {
        Set<String> trimedLower = toTrimedLower(tSentryActiveRoleSet.getRoles());
        Sets.SetView trimedLower2 = toTrimedLower(getRoleNamesForGroups(set));
        return tSentryActiveRoleSet.isAll() ? trimedLower2 : Sets.intersection(trimedLower, trimedLower2);
    }

    @VisibleForTesting
    static String toAuthorizable(MSentryPrivilege mSentryPrivilege) {
        ArrayList arrayList = new ArrayList(4);
        arrayList.add(PolicyConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.Server.name().toLowerCase(), mSentryPrivilege.getServerName(), new Object[0]));
        if (!isNULL(mSentryPrivilege.getURI())) {
            arrayList.add(PolicyConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.URI.name().toLowerCase(), mSentryPrivilege.getURI(), new Object[0]));
        } else if (!isNULL(mSentryPrivilege.getDbName())) {
            arrayList.add(PolicyConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.Db.name().toLowerCase(), mSentryPrivilege.getDbName(), new Object[0]));
            if (!isNULL(mSentryPrivilege.getTableName())) {
                arrayList.add(PolicyConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.Table.name().toLowerCase(), mSentryPrivilege.getTableName(), new Object[0]));
                if (!isNULL(mSentryPrivilege.getColumnName())) {
                    arrayList.add(PolicyConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.Column.name().toLowerCase(), mSentryPrivilege.getColumnName(), new Object[0]));
                }
            }
        }
        if (!isNULL(mSentryPrivilege.getAction()) && !mSentryPrivilege.getAction().equalsIgnoreCase("*")) {
            arrayList.add(PolicyConstants.KV_JOINER.join("action".toLowerCase(), mSentryPrivilege.getAction(), new Object[0]));
        }
        return PolicyConstants.AUTHORIZABLE_JOINER.join(arrayList);
    }

    @VisibleForTesting
    static Set<String> toTrimedLower(Set<String> set) {
        if (null == set) {
            return new HashSet();
        }
        HashSet newHashSet = Sets.newHashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            newHashSet.add(it.next().trim().toLowerCase());
        }
        return newHashSet;
    }

    private Set<TSentryPrivilege> convertToTSentryPrivileges(Collection<MSentryPrivilege> collection) {
        HashSet hashSet = new HashSet();
        Iterator<MSentryPrivilege> it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add(convertToTSentryPrivilege(it.next()));
        }
        return hashSet;
    }

    private Set<TSentryRole> convertToTSentryRoles(Set<MSentryRole> set) {
        HashSet hashSet = new HashSet();
        Iterator<MSentryRole> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(convertToTSentryRole(it.next()));
        }
        return hashSet;
    }

    private TSentryRole convertToTSentryRole(MSentryRole mSentryRole) {
        TSentryRole tSentryRole = new TSentryRole();
        tSentryRole.setRoleName(mSentryRole.getRoleName());
        tSentryRole.setGrantorPrincipal("--");
        HashSet hashSet = new HashSet();
        Iterator<MSentryGroup> it = mSentryRole.getGroups().iterator();
        while (it.hasNext()) {
            hashSet.add(convertToTSentryGroup(it.next()));
        }
        tSentryRole.setGroups(hashSet);
        return tSentryRole;
    }

    private TSentryGroup convertToTSentryGroup(MSentryGroup mSentryGroup) {
        TSentryGroup tSentryGroup = new TSentryGroup();
        tSentryGroup.setGroupName(mSentryGroup.getGroupName());
        return tSentryGroup;
    }

    protected TSentryPrivilege convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege) {
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        convertToTSentryPrivilege(mSentryPrivilege, tSentryPrivilege);
        return tSentryPrivilege;
    }

    private void convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege, TSentryPrivilege tSentryPrivilege) {
        tSentryPrivilege.setCreateTime(mSentryPrivilege.getCreateTime());
        tSentryPrivilege.setAction(fromNULLCol(mSentryPrivilege.getAction()));
        tSentryPrivilege.setPrivilegeScope(mSentryPrivilege.getPrivilegeScope());
        tSentryPrivilege.setServerName(fromNULLCol(mSentryPrivilege.getServerName()));
        tSentryPrivilege.setDbName(fromNULLCol(mSentryPrivilege.getDbName()));
        tSentryPrivilege.setTableName(fromNULLCol(mSentryPrivilege.getTableName()));
        tSentryPrivilege.setColumnName(fromNULLCol(mSentryPrivilege.getColumnName()));
        tSentryPrivilege.setURI(fromNULLCol(mSentryPrivilege.getURI()));
        if (mSentryPrivilege.getGrantOption() != null) {
            tSentryPrivilege.setGrantOption(TSentryGrantOption.valueOf(mSentryPrivilege.getGrantOption().toString().toUpperCase()));
        } else {
            tSentryPrivilege.setGrantOption(TSentryGrantOption.UNSET);
        }
    }

    private MSentryPrivilege convertToMSentryPrivilege(TSentryPrivilege tSentryPrivilege) throws SentryInvalidInputException {
        MSentryPrivilege mSentryPrivilege = new MSentryPrivilege();
        mSentryPrivilege.setServerName(toNULLCol(safeTrimLower(tSentryPrivilege.getServerName())));
        mSentryPrivilege.setDbName(toNULLCol(safeTrimLower(tSentryPrivilege.getDbName())));
        mSentryPrivilege.setTableName(toNULLCol(safeTrimLower(tSentryPrivilege.getTableName())));
        mSentryPrivilege.setColumnName(toNULLCol(safeTrimLower(tSentryPrivilege.getColumnName())));
        mSentryPrivilege.setPrivilegeScope(safeTrim(tSentryPrivilege.getPrivilegeScope()));
        mSentryPrivilege.setAction(toNULLCol(safeTrimLower(tSentryPrivilege.getAction())));
        mSentryPrivilege.setCreateTime(System.currentTimeMillis());
        mSentryPrivilege.setURI(toNULLCol(safeTrim(tSentryPrivilege.getURI())));
        if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.UNSET)) {
            mSentryPrivilege.setGrantOption(null);
        } else {
            mSentryPrivilege.setGrantOption(Boolean.valueOf(tSentryPrivilege.getGrantOption().toString()));
        }
        return mSentryPrivilege;
    }

    private static String safeTrim(String str) {
        if (str == null) {
            return null;
        }
        return str.trim();
    }

    private static String safeTrimLower(String str) {
        if (str == null) {
            return null;
        }
        return str.trim().toLowerCase();
    }

    public String getSentryVersion() throws SentryNoSuchObjectException, SentryAccessDeniedException {
        return getMSentryVersion().getSchemaVersion();
    }

    public void setSentryVersion(String str, String str2) throws SentryNoSuchObjectException, SentryAccessDeniedException {
        MSentryVersion mSentryVersion;
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            mSentryVersion = getMSentryVersion();
            if (str.equals(mSentryVersion.getSchemaVersion())) {
                return;
            }
        } catch (SentryNoSuchObjectException e) {
            mSentryVersion = new MSentryVersion();
        }
        mSentryVersion.setSchemaVersion(str);
        mSentryVersion.setVersionComment(str2);
        try {
            persistenceManager = openTransaction();
            persistenceManager.makePersistent(mSentryVersion);
            z = false;
            commitTransaction(persistenceManager);
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    private MSentryVersion getMSentryVersion() throws SentryNoSuchObjectException, SentryAccessDeniedException {
        try {
            try {
                PersistenceManager openTransaction = openTransaction();
                List list = (List) openTransaction.newQuery(MSentryVersion.class).execute();
                openTransaction.retrieveAll(list);
                commitTransaction(openTransaction);
                if (list.isEmpty()) {
                    throw new SentryNoSuchObjectException("No matching version found");
                }
                if (list.size() > 1) {
                    throw new SentryAccessDeniedException("Metastore contains multiple versions");
                }
                MSentryVersion mSentryVersion = (MSentryVersion) list.get(0);
                if (0 != 0) {
                    rollbackTransaction(openTransaction);
                }
                return mSentryVersion;
            } catch (JDODataStoreException e) {
                if (e.getCause() instanceof MissingTableException) {
                    throw new SentryAccessDeniedException("Version table not found. The sentry store is not set or corrupt ");
                }
                throw e;
            }
        } catch (Throwable th) {
            if (1 != 0) {
                rollbackTransaction(null);
            }
            throw th;
        }
    }

    public void dropPrivilege(TSentryAuthorizable tSentryAuthorizable) throws SentryNoSuchObjectException, SentryInvalidInputException {
        PersistenceManager persistenceManager = null;
        boolean z = true;
        TSentryPrivilege sentryPrivilege = toSentryPrivilege(tSentryAuthorizable);
        try {
            try {
                persistenceManager = openTransaction();
                if (isMultiActionsSupported(sentryPrivilege)) {
                    Iterator<String> it = ALL_ACTIONS.iterator();
                    while (it.hasNext()) {
                        sentryPrivilege.setAction(it.next());
                        dropPrivilegeForAllRoles(persistenceManager, new TSentryPrivilege(sentryPrivilege));
                    }
                } else {
                    dropPrivilegeForAllRoles(persistenceManager, new TSentryPrivilege(sentryPrivilege));
                }
                z = false;
                commitTransaction(persistenceManager);
                if (0 != 0) {
                    rollbackTransaction(persistenceManager);
                }
            } catch (JDODataStoreException e) {
                throw new SentryInvalidInputException("Failed to get privileges: " + e.getMessage());
            }
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    public void renamePrivilege(TSentryAuthorizable tSentryAuthorizable, TSentryAuthorizable tSentryAuthorizable2) throws SentryNoSuchObjectException, SentryInvalidInputException {
        PersistenceManager persistenceManager = null;
        boolean z = true;
        TSentryPrivilege sentryPrivilege = toSentryPrivilege(tSentryAuthorizable);
        TSentryPrivilege sentryPrivilege2 = toSentryPrivilege(tSentryAuthorizable2);
        try {
            try {
                persistenceManager = openTransaction();
                if (isMultiActionsSupported(sentryPrivilege)) {
                    for (String str : ALL_ACTIONS) {
                        sentryPrivilege.setAction(str);
                        sentryPrivilege2.setAction(str);
                        renamePrivilegeForAllRoles(persistenceManager, sentryPrivilege, sentryPrivilege2);
                    }
                } else {
                    renamePrivilegeForAllRoles(persistenceManager, sentryPrivilege, sentryPrivilege2);
                }
                z = false;
                commitTransaction(persistenceManager);
                if (0 != 0) {
                    rollbackTransaction(persistenceManager);
                }
            } catch (JDODataStoreException e) {
                throw new SentryInvalidInputException("Failed to get privileges: " + e.getMessage());
            }
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    private boolean isMultiActionsSupported(TSentryPrivilege tSentryPrivilege) {
        return tSentryPrivilege.getDbName() != null;
    }

    private void renamePrivilegeForAllRoles(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege, TSentryPrivilege tSentryPrivilege2) throws SentryNoSuchObjectException, SentryInvalidInputException {
        dropOrRenamePrivilegeForAllRoles(persistenceManager, tSentryPrivilege, tSentryPrivilege2);
    }

    private void dropPrivilegeForAllRoles(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException {
        dropOrRenamePrivilegeForAllRoles(persistenceManager, tSentryPrivilege, null);
    }

    private void dropOrRenamePrivilegeForAllRoles(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege, TSentryPrivilege tSentryPrivilege2) throws SentryNoSuchObjectException, SentryInvalidInputException {
        HashSet newHashSet = Sets.newHashSet();
        List<MSentryPrivilege> mSentryPrivileges = getMSentryPrivileges(tSentryPrivilege, persistenceManager);
        if (mSentryPrivileges != null && !mSentryPrivileges.isEmpty()) {
            Iterator<MSentryPrivilege> it = mSentryPrivileges.iterator();
            while (it.hasNext()) {
                newHashSet.addAll(ImmutableSet.copyOf(it.next().getRoles()));
            }
        }
        MSentryPrivilege mSentryPrivilege = getMSentryPrivilege(tSentryPrivilege, persistenceManager);
        Iterator it2 = newHashSet.iterator();
        while (it2.hasNext()) {
            MSentryRole mSentryRole = (MSentryRole) it2.next();
            HashSet newHashSet2 = Sets.newHashSet();
            if (mSentryPrivilege != null) {
                newHashSet2.add(mSentryPrivilege);
                populateChildren(persistenceManager, Sets.newHashSet(new String[]{mSentryRole.getRoleName()}), mSentryPrivilege, newHashSet2);
            } else {
                populateChildren(persistenceManager, Sets.newHashSet(new String[]{mSentryRole.getRoleName()}), convertToMSentryPrivilege(tSentryPrivilege), newHashSet2);
            }
            alterSentryRoleRevokePrivilegeCore(persistenceManager, mSentryRole.getRoleName(), tSentryPrivilege);
            if (tSentryPrivilege2 != null) {
                Iterator<MSentryPrivilege> it3 = newHashSet2.iterator();
                while (it3.hasNext()) {
                    TSentryPrivilege convertToTSentryPrivilege = convertToTSentryPrivilege(it3.next());
                    if (tSentryPrivilege2.getPrivilegeScope().equals(ServiceConstants.PrivilegeScope.DATABASE.name())) {
                        convertToTSentryPrivilege.setDbName(tSentryPrivilege2.getDbName());
                    } else if (tSentryPrivilege2.getPrivilegeScope().equals(ServiceConstants.PrivilegeScope.TABLE.name())) {
                        convertToTSentryPrivilege.setTableName(tSentryPrivilege2.getTableName());
                    }
                    alterSentryRoleGrantPrivilegeCore(persistenceManager, mSentryRole.getRoleName(), convertToTSentryPrivilege);
                }
            }
        }
    }

    private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tSentryAuthorizable) throws SentryInvalidInputException {
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setDbName(fromNULLCol(tSentryAuthorizable.getDb()));
        tSentryPrivilege.setServerName(fromNULLCol(tSentryAuthorizable.getServer()));
        tSentryPrivilege.setTableName(fromNULLCol(tSentryAuthorizable.getTable()));
        tSentryPrivilege.setColumnName(fromNULLCol(tSentryAuthorizable.getColumn()));
        tSentryPrivilege.setURI(fromNULLCol(tSentryAuthorizable.getUri()));
        tSentryPrivilege.setPrivilegeScope((!isNULL(tSentryPrivilege.getColumnName()) ? ServiceConstants.PrivilegeScope.COLUMN : !isNULL(tSentryPrivilege.getTableName()) ? ServiceConstants.PrivilegeScope.TABLE : !isNULL(tSentryPrivilege.getDbName()) ? ServiceConstants.PrivilegeScope.DATABASE : !isNULL(tSentryPrivilege.getURI()) ? ServiceConstants.PrivilegeScope.URI : ServiceConstants.PrivilegeScope.SERVER).name());
        tSentryPrivilege.setAction("*");
        return tSentryPrivilege;
    }

    public static String toNULLCol(String str) {
        return Strings.isNullOrEmpty(str) ? NULL_COL : str;
    }

    public static String fromNULLCol(String str) {
        return isNULL(str) ? "" : str;
    }

    public static boolean isNULL(String str) {
        return Strings.isNullOrEmpty(str) || str.equals(NULL_COL);
    }

    private void grantOptionCheck(PersistenceManager persistenceManager, String str, TSentryPrivilege tSentryPrivilege) throws SentryUserException {
        MSentryPrivilege convertToMSentryPrivilege = convertToMSentryPrivilege(tSentryPrivilege);
        if (str == null) {
            throw new SentryInvalidInputException("grantorPrincipal should not be null");
        }
        Set<String> groupsFromUserName = SentryPolicyStoreProcessor.getGroupsFromUserName(this.conf, str);
        if (groupsFromUserName == null || groupsFromUserName.isEmpty()) {
            throw new SentryGrantDeniedException(str + " has no grant!");
        }
        Set<String> adminGroups = getAdminGroups();
        boolean z = false;
        if (adminGroups != null && !adminGroups.isEmpty()) {
            Iterator<String> it = groupsFromUserName.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                } else if (adminGroups.contains(it.next())) {
                    z = true;
                    break;
                }
            }
        }
        if (z) {
            return;
        }
        boolean z2 = false;
        Set<MSentryRole> rolesForGroups = getRolesForGroups(persistenceManager, groupsFromUserName);
        if (rolesForGroups != null && !rolesForGroups.isEmpty()) {
            Iterator<MSentryRole> it2 = rolesForGroups.iterator();
            while (it2.hasNext()) {
                Set<MSentryPrivilege> privileges = it2.next().getPrivileges();
                if (privileges != null && !privileges.isEmpty()) {
                    Iterator<MSentryPrivilege> it3 = privileges.iterator();
                    while (true) {
                        if (it3.hasNext()) {
                            MSentryPrivilege next = it3.next();
                            if (next.getGrantOption().booleanValue() && next.implies(convertToMSentryPrivilege)) {
                                z2 = true;
                                break;
                            }
                        }
                    }
                }
            }
        }
        if (!z2) {
            throw new SentryGrantDeniedException(str + " has no grant!");
        }
    }

    private Set<String> getAdminGroups() {
        return Sets.newHashSet(this.conf.getStrings(ServiceConstants.ServerConfig.ADMIN_GROUPS, new String[0]));
    }

    public Map<String, HashMap<String, String>> retrieveFullPrivilegeImage() {
        HashMap hashMap = new HashMap();
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
            newQuery.setFilter("(serverName != \"__NULL__\") && (dbName != \"__NULL__\") && (URI == \"__NULL__\")".toString());
            newQuery.setOrdering("serverName ascending, dbName ascending, tableName ascending");
            z = false;
            for (MSentryPrivilege mSentryPrivilege : (List) newQuery.execute()) {
                String dbName = mSentryPrivilege.getDbName();
                if (!isNULL(mSentryPrivilege.getTableName())) {
                    dbName = dbName + "." + mSentryPrivilege.getTableName();
                }
                HashMap hashMap2 = (HashMap) hashMap.get(dbName);
                if (hashMap2 == null) {
                    hashMap2 = new HashMap();
                    hashMap.put(dbName, hashMap2);
                }
                for (MSentryRole mSentryRole : mSentryPrivilege.getRoles()) {
                    String str = (String) hashMap2.get(mSentryRole.getRoleName());
                    if (str == null) {
                        hashMap2.put(mSentryRole.getRoleName(), mSentryPrivilege.getAction().toUpperCase());
                    } else {
                        hashMap2.put(mSentryRole.getRoleName(), str + "," + mSentryPrivilege.getAction().toUpperCase());
                    }
                }
            }
            commitTransaction(persistenceManager);
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return hashMap;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    public Map<String, LinkedList<String>> retrieveFullRoleImage() {
        HashMap hashMap = new HashMap();
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            for (MSentryGroup mSentryGroup : (List) persistenceManager.newQuery(MSentryGroup.class).execute()) {
                for (MSentryRole mSentryRole : mSentryGroup.getRoles()) {
                    LinkedList linkedList = (LinkedList) hashMap.get(mSentryRole.getRoleName());
                    if (linkedList == null) {
                        linkedList = new LinkedList();
                        hashMap.put(mSentryRole.getRoleName(), linkedList);
                    }
                    linkedList.add(mSentryGroup.getGroupName());
                }
            }
            commitTransaction(persistenceManager);
            if (1 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return hashMap;
        } catch (Throwable th) {
            if (1 != 0) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    public Map<String, Set<String>> getGroupNameRoleNamesMap() {
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            List<MSentryGroup> list = (List) persistenceManager.newQuery(MSentryGroup.class).execute();
            HashMap newHashMap = Maps.newHashMap();
            if (list != null) {
                for (MSentryGroup mSentryGroup : list) {
                    String groupName = mSentryGroup.getGroupName();
                    HashSet newHashSet = Sets.newHashSet();
                    Iterator<MSentryRole> it = mSentryGroup.getRoles().iterator();
                    while (it.hasNext()) {
                        newHashSet.add(it.next().getRoleName());
                    }
                    if (newHashSet.size() > 0) {
                        newHashMap.put(groupName, newHashSet);
                    }
                }
            }
            commitTransaction(persistenceManager);
            z = false;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return newHashMap;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    public Map<String, Set<TSentryPrivilege>> getRoleNameTPrivilegesMap() throws Exception {
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            List<MSentryRole> list = (List) persistenceManager.newQuery(MSentryRole.class).execute();
            HashMap newHashMap = Maps.newHashMap();
            if (list != null) {
                for (MSentryRole mSentryRole : list) {
                    Set<TSentryPrivilege> convertToTSentryPrivileges = convertToTSentryPrivileges(mSentryRole.getPrivileges());
                    if (convertToTSentryPrivileges != null && !convertToTSentryPrivileges.isEmpty()) {
                        newHashMap.put(mSentryRole.getRoleName(), convertToTSentryPrivileges);
                    }
                }
            }
            commitTransaction(persistenceManager);
            z = false;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return newHashMap;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    public Set<String> getAllRoleNames() {
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            Set<String> allRoleNames = getAllRoleNames(persistenceManager);
            commitTransaction(persistenceManager);
            z = false;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return allRoleNames;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    private Set<String> getAllRoleNames(PersistenceManager persistenceManager) {
        List list = (List) persistenceManager.newQuery(MSentryRole.class).execute();
        HashSet newHashSet = Sets.newHashSet();
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                newHashSet.add(((MSentryRole) it.next()).getRoleName());
            }
        }
        return newHashSet;
    }

    private Map<String, MSentryGroup> getGroupNameTGroupMap(PersistenceManager persistenceManager) {
        List<MSentryGroup> list = (List) persistenceManager.newQuery(MSentryGroup.class).execute();
        HashMap newHashMap = Maps.newHashMap();
        if (list != null) {
            for (MSentryGroup mSentryGroup : list) {
                newHashMap.put(mSentryGroup.getGroupName(), mSentryGroup);
            }
        }
        return newHashMap;
    }

    private List<MSentryPrivilege> getPrivilegesList(PersistenceManager persistenceManager) {
        List<MSentryPrivilege> list = (List) persistenceManager.newQuery(MSentryPrivilege.class).execute();
        if (list == null) {
            list = Lists.newArrayList();
        }
        return list;
    }

    @VisibleForTesting
    protected Map<String, MSentryRole> getRolesMap() {
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            List<MSentryRole> list = (List) persistenceManager.newQuery(MSentryRole.class).execute();
            HashMap newHashMap = Maps.newHashMap();
            if (list != null) {
                for (MSentryRole mSentryRole : list) {
                    newHashMap.put(mSentryRole.getRoleName(), mSentryRole);
                }
            }
            commitTransaction(persistenceManager);
            z = false;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return newHashMap;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    @VisibleForTesting
    protected Map<String, MSentryGroup> getGroupNameTGroupMap() {
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            Map<String, MSentryGroup> groupNameTGroupMap = getGroupNameTGroupMap(persistenceManager);
            commitTransaction(persistenceManager);
            z = false;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return groupNameTGroupMap;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    @VisibleForTesting
    protected List<MSentryPrivilege> getPrivilegesList() {
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            List<MSentryPrivilege> privilegesList = getPrivilegesList(persistenceManager);
            commitTransaction(persistenceManager);
            z = false;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return privilegesList;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    public void importSentryMetaData(TSentryMappingData tSentryMappingData, boolean z) throws Exception {
        boolean z2 = true;
        PersistenceManager persistenceManager = null;
        TSentryMappingData lowercaseRoleName = lowercaseRoleName(tSentryMappingData);
        try {
            persistenceManager = openTransaction();
            Set<String> allRoleNames = getAllRoleNames(persistenceManager);
            Map<String, Set<TSentryGroup>> covertToRoleNameTGroupsMap = covertToRoleNameTGroupsMap(lowercaseRoleName.getGroupRolesMap());
            Set<String> keySet = covertToRoleNameTGroupsMap.keySet();
            if (z) {
                dropDuplicatedRoleForImport(persistenceManager, allRoleNames, keySet);
                allRoleNames = getAllRoleNames(persistenceManager);
            }
            importSentryRolePrivilegeMapping(persistenceManager, allRoleNames, lowercaseRoleName.getRolePrivilegesMap());
            importSentryGroupRoleMapping(persistenceManager, allRoleNames, covertToRoleNameTGroupsMap);
            commitTransaction(persistenceManager);
            z2 = false;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
        } catch (Throwable th) {
            if (z2) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    private Map<String, Set<TSentryGroup>> covertToRoleNameTGroupsMap(Map<String, Set<String>> map) {
        HashMap newHashMap = Maps.newHashMap();
        if (map != null) {
            for (Map.Entry<String, Set<String>> entry : map.entrySet()) {
                Set<String> value = entry.getValue();
                if (value != null) {
                    for (String str : value) {
                        Set set = (Set) newHashMap.get(str);
                        if (set == null) {
                            set = Sets.newHashSet();
                        }
                        set.add(new TSentryGroup(entry.getKey()));
                        newHashMap.put(str, set);
                    }
                }
            }
        }
        return newHashMap;
    }

    private void importSentryGroupRoleMapping(PersistenceManager persistenceManager, Set<String> set, Map<String, Set<TSentryGroup>> map) throws Exception {
        if (map == null || map.keySet() == null) {
            return;
        }
        for (Map.Entry<String, Set<TSentryGroup>> entry : map.entrySet()) {
            if (!set.contains(entry.getKey())) {
                createSentryRoleCore(persistenceManager, entry.getKey());
            }
            alterSentryRoleAddGroupsCore(persistenceManager, entry.getKey(), entry.getValue());
        }
    }

    private void dropDuplicatedRoleForImport(PersistenceManager persistenceManager, Set<String> set, Set<String> set2) throws Exception {
        Iterator it = Sets.intersection(set, set2).iterator();
        while (it.hasNext()) {
            dropSentryRoleCore(persistenceManager, (String) it.next());
        }
    }

    private TSentryMappingData lowercaseRoleName(TSentryMappingData tSentryMappingData) {
        Map<String, Set<String>> groupRolesMap = tSentryMappingData.getGroupRolesMap();
        Map<String, Set<TSentryPrivilege>> rolePrivilegesMap = tSentryMappingData.getRolePrivilegesMap();
        HashMap newHashMap = Maps.newHashMap();
        HashMap newHashMap2 = Maps.newHashMap();
        for (Map.Entry<String, Set<String>> entry : groupRolesMap.entrySet()) {
            newHashMap.put(entry.getKey(), Sets.newHashSet(Collections2.transform(entry.getValue(), new Function<String, String>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.4
                public String apply(String str) {
                    return str.toString().toLowerCase();
                }
            })));
        }
        for (String str : rolePrivilegesMap.keySet()) {
            newHashMap2.put(str.toLowerCase(), rolePrivilegesMap.get(str));
        }
        tSentryMappingData.setGroupRolesMap(newHashMap);
        tSentryMappingData.setRolePrivilegesMap(newHashMap2);
        return tSentryMappingData;
    }

    private void importSentryRolePrivilegeMapping(PersistenceManager persistenceManager, Set<String> set, Map<String, Set<TSentryPrivilege>> map) throws Exception {
        if (map != null) {
            for (Map.Entry<String, Set<TSentryPrivilege>> entry : map.entrySet()) {
                if (!set.contains(entry.getKey())) {
                    createSentryRoleCore(persistenceManager, entry.getKey());
                    set.add(entry.getKey());
                }
                Iterator<TSentryPrivilege> it = entry.getValue().iterator();
                while (it.hasNext()) {
                    alterSentryRoleGrantPrivilegeCore(persistenceManager, entry.getKey(), it.next());
                }
            }
        }
    }
}
