package org.apache.hadoop.hive.ql.security.authorization.plugin.fallback;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
import org.apache.hadoop.hive.ql.security.authorization.plugin.AbstractHiveAuthorizer;
import org.apache.hadoop.hive.ql.security.authorization.plugin.DisallowTransformHook;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant;
import org.apache.hadoop.hive.ql.security.authorization.plugin.SettableConfigUpdater;
import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.Operation2Privilege;
import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLAuthorizationUtils;
import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLPrivTypeGrant;

/* loaded from: input_file:WEB-INF/lib/hive-exec-2.3.6-mapr-2110-r3-core.jar:org/apache/hadoop/hive/ql/security/authorization/plugin/fallback/FallbackHiveAuthorizer.class */
public class FallbackHiveAuthorizer extends AbstractHiveAuthorizer {
    private static final Log LOG = LogFactory.getLog(FallbackHiveAuthorizer.class);
    private final HiveAuthzSessionContext sessionCtx;
    private final HiveAuthenticationProvider authenticator;
    private String[] admins;

    /* JADX INFO: Access modifiers changed from: package-private */
    public FallbackHiveAuthorizer(HiveConf hiveConf, HiveAuthenticationProvider hiveAuthenticationProvider, HiveAuthzSessionContext hiveAuthzSessionContext) {
        this.admins = null;
        this.authenticator = hiveAuthenticationProvider;
        this.sessionCtx = applyTestSettings(hiveAuthzSessionContext, hiveConf);
        if (hiveConf.getVar(HiveConf.ConfVars.USERS_IN_ADMIN_ROLE) != null) {
            this.admins = hiveConf.getVar(HiveConf.ConfVars.USERS_IN_ADMIN_ROLE).split(",");
        }
    }

    static HiveAuthzSessionContext applyTestSettings(HiveAuthzSessionContext hiveAuthzSessionContext, HiveConf hiveConf) {
        if (!hiveConf.getBoolVar(HiveConf.ConfVars.HIVE_TEST_AUTHORIZATION_SQLSTD_HS2_MODE) || hiveAuthzSessionContext.getClientType() != HiveAuthzSessionContext.CLIENT_TYPE.HIVECLI) {
            return hiveAuthzSessionContext;
        }
        HiveAuthzSessionContext.Builder builder = new HiveAuthzSessionContext.Builder(hiveAuthzSessionContext);
        builder.setClientType(HiveAuthzSessionContext.CLIENT_TYPE.HIVESERVER2);
        return builder.build();
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public HiveAuthorizer.VERSION getVersion() {
        return HiveAuthorizer.VERSION.V1;
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public void grantPrivileges(List<HivePrincipal> list, List<HivePrivilege> list2, HivePrivilegeObject hivePrivilegeObject, HivePrincipal hivePrincipal, boolean z) throws HiveAuthzPluginException {
        throw new HiveAuthzPluginException("grantPrivileges not implemented in FallbackHiveAuthorizer");
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public void revokePrivileges(List<HivePrincipal> list, List<HivePrivilege> list2, HivePrivilegeObject hivePrivilegeObject, HivePrincipal hivePrincipal, boolean z) throws HiveAuthzPluginException {
        throw new HiveAuthzPluginException("revokePrivileges not implemented in FallbackHiveAuthorizer");
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public void createRole(String str, HivePrincipal hivePrincipal) throws HiveAuthzPluginException {
        throw new HiveAuthzPluginException("createRole not implemented in FallbackHiveAuthorizer");
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public void dropRole(String str) throws HiveAuthzPluginException, HiveAccessControlException {
        throw new HiveAuthzPluginException("dropRole not implemented in FallbackHiveAuthorizer");
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public List<HiveRoleGrant> getPrincipalGrantInfoForRole(String str) throws HiveAuthzPluginException, HiveAccessControlException {
        throw new HiveAuthzPluginException("getPrincipalGrantInfoForRole not implemented in FallbackHiveAuthorizer");
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal hivePrincipal) throws HiveAuthzPluginException, HiveAccessControlException {
        throw new HiveAuthzPluginException("getRoleGrantInfoForPrincipal not implemented in FallbackHiveAuthorizer");
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public void grantRole(List<HivePrincipal> list, List<String> list2, boolean z, HivePrincipal hivePrincipal) throws HiveAuthzPluginException, HiveAccessControlException {
        throw new HiveAuthzPluginException("grantRole not implemented in FallbackHiveAuthorizer");
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public void revokeRole(List<HivePrincipal> list, List<String> list2, boolean z, HivePrincipal hivePrincipal) throws HiveAuthzPluginException, HiveAccessControlException {
        throw new HiveAuthzPluginException("revokeRole not implemented in FallbackHiveAuthorizer");
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public void checkPrivileges(HiveOperationType hiveOperationType, List<HivePrivilegeObject> list, List<HivePrivilegeObject> list2, HiveAuthzContext hiveAuthzContext) throws HiveAuthzPluginException, HiveAccessControlException {
        String userName = this.authenticator.getUserName();
        ArrayList arrayList = new ArrayList();
        checkPrivileges(hiveOperationType, list, userName, Operation2Privilege.IOType.INPUT, arrayList);
        checkPrivileges(hiveOperationType, list2, userName, Operation2Privilege.IOType.OUTPUT, arrayList);
        SQLAuthorizationUtils.assertNoDeniedPermissions(new HivePrincipal(userName, HivePrincipal.HivePrincipalType.USER), hiveOperationType, arrayList);
    }

    private void checkPrivileges(HiveOperationType hiveOperationType, List<HivePrivilegeObject> list, String str, Operation2Privilege.IOType iOType, List<String> list2) {
        if (list == null) {
            return;
        }
        boolean z = false;
        if (this.admins != null && this.admins.length > 0) {
            z = Arrays.asList(this.admins).contains(str);
        }
        if (z) {
            return;
        }
        if (Operation2Privilege.isAdminPrivOperation(hiveOperationType)) {
            list2.add(SQLPrivTypeGrant.ADMIN_PRIV.toString() + " on " + iOType);
            return;
        }
        boolean z2 = false;
        Iterator<HivePrivilegeObject> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (it.next().getType() == HivePrivilegeObject.HivePrivilegeObjectType.LOCAL_URI) {
                z2 = true;
                break;
            }
        }
        if (!z2) {
            switch (hiveOperationType) {
                case ADD:
                case DFS:
                case COMPILE:
                    z2 = true;
                    break;
            }
        }
        if (z2) {
            list2.add("ADMIN");
        }
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public List<HivePrivilegeObject> filterListCmdObjects(List<HivePrivilegeObject> list, HiveAuthzContext hiveAuthzContext) {
        return list;
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public List<String> getAllRoles() throws HiveAuthzPluginException {
        throw new HiveAuthzPluginException("getAllRoles not implemented in FallbackHiveAuthorizer");
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public List<HivePrivilegeInfo> showPrivileges(HivePrincipal hivePrincipal, HivePrivilegeObject hivePrivilegeObject) throws HiveAuthzPluginException {
        throw new HiveAuthzPluginException("showPrivileges not implemented in FallbackHiveAuthorizer");
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public void setCurrentRole(String str) throws HiveAuthzPluginException {
        throw new HiveAuthzPluginException("setCurrentRole not implemented in FallbackHiveAuthorizer");
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public List<String> getCurrentRoleNames() throws HiveAuthzPluginException {
        throw new HiveAuthzPluginException("getCurrentRoleNames not implemented in FallbackHiveAuthorizer");
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException {
        if (this.sessionCtx.getClientType() == HiveAuthzSessionContext.CLIENT_TYPE.HIVESERVER2 && hiveConf.getBoolVar(HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED)) {
            String trim = hiveConf.getVar(HiveConf.ConfVars.PREEXECHOOKS).trim();
            String name = trim.isEmpty() ? DisallowTransformHook.class.getName() : trim + "," + DisallowTransformHook.class.getName();
            LOG.debug("Configuring hooks : " + name);
            hiveConf.setVar(HiveConf.ConfVars.PREEXECHOOKS, name);
            SettableConfigUpdater.setHiveConfWhiteList(hiveConf);
            String var = hiveConf.getVar(HiveConf.ConfVars.HIVE_SERVER2_BUILTIN_UDF_BLACKLIST);
            if (var == null || !var.trim().equals("reflect,reflect2,java_method")) {
                return;
            }
            hiveConf.setVar(HiveConf.ConfVars.HIVE_SERVER2_BUILTIN_UDF_BLACKLIST, "reflect,reflect2,java_method,in_file");
        }
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public List<HivePrivilegeObject> applyRowFilterAndColumnMasking(HiveAuthzContext hiveAuthzContext, List<HivePrivilegeObject> list) throws SemanticException {
        return list;
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
    public boolean needTransform() {
        return false;
    }
}
