package org.apache.hadoop.hive.ql.parse;

import java.util.Iterator;
import java.util.List;
import jodd.util.StringPool;
import org.antlr.runtime.TokenRewriteStream;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.ql.metadata.HiveUtils;
import org.apache.hadoop.hive.ql.metadata.VirtualColumn;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hive/ql/parse/TableMask.class */
public class TableMask {
    protected final Logger LOG = LoggerFactory.getLogger(TableMask.class);
    HiveAuthorizer authorizer;
    private UnparseTranslator translator;
    private boolean enable;
    private boolean needsRewrite;
    private HiveAuthzContext queryContext;
    private HiveConf conf;

    public TableMask(SemanticAnalyzer semanticAnalyzer, HiveConf hiveConf, boolean z) throws SemanticException {
        try {
            this.authorizer = SessionState.get().getAuthorizerV2();
            this.conf = hiveConf;
            String cmd = semanticAnalyzer.ctx.getCmd();
            SessionState sessionState = SessionState.get();
            HiveAuthzContext.Builder builder = new HiveAuthzContext.Builder();
            builder.setCommandString(cmd);
            builder.setUserIpAddress(sessionState.getUserIpAddress());
            builder.setForwardedAddresses(sessionState.getForwardedAddresses());
            this.queryContext = builder.build();
            if (this.authorizer != null && needTransform() && !z) {
                this.enable = true;
                this.translator = new UnparseTranslator(hiveConf);
                this.translator.enable();
            }
        } catch (Exception e) {
            this.LOG.warn("Failed to initialize masking policy");
            throw new SemanticException(e);
        }
    }

    public List<HivePrivilegeObject> applyRowFilterAndColumnMasking(List<HivePrivilegeObject> list) throws SemanticException {
        return this.authorizer.applyRowFilterAndColumnMasking(this.queryContext, list);
    }

    public boolean isEnabled() throws SemanticException {
        return this.enable;
    }

    public boolean needTransform() throws SemanticException {
        return this.authorizer.needTransform();
    }

    public String create(HivePrivilegeObject hivePrivilegeObject, MaskAndFilterInfo maskAndFilterInfo) throws SemanticException {
        boolean z = false;
        boolean z2 = false;
        StringBuilder sb = new StringBuilder();
        sb.append("(SELECT ");
        boolean z3 = true;
        List<String> cellValueTransformers = hivePrivilegeObject.getCellValueTransformers();
        if (cellValueTransformers != null) {
            if (cellValueTransformers.size() != hivePrivilegeObject.getColumns().size()) {
                throw new SemanticException("Expect " + hivePrivilegeObject.getColumns().size() + " columns in " + hivePrivilegeObject.getObjectName() + ", but only find " + cellValueTransformers.size());
            }
            List<String> list = maskAndFilterInfo.colTypes;
            for (int i = 0; i < cellValueTransformers.size(); i++) {
                String str = cellValueTransformers.get(i);
                if (str == null) {
                    throw new SemanticException("Expect string type CellValueTransformer in " + hivePrivilegeObject.getObjectName() + ", but only find null");
                }
                if (z3) {
                    z3 = false;
                } else {
                    sb.append(", ");
                }
                String str2 = hivePrivilegeObject.getColumns().get(i);
                if (str.equals(str2)) {
                    sb.append(HiveUtils.unparseIdentifier(str2, this.conf));
                } else {
                    sb.append("CAST(" + str + " AS " + list.get(i) + ") AS " + HiveUtils.unparseIdentifier(str2, this.conf));
                    z = true;
                }
            }
        }
        if (!z) {
            sb = new StringBuilder();
            sb.append("(SELECT *");
        }
        if (!maskAndFilterInfo.isView) {
            Iterator<VirtualColumn> it = VirtualColumn.getRegistry(this.conf).iterator();
            while (it.hasNext()) {
                sb.append(", " + it.next().getName());
            }
        }
        sb.append(" FROM ");
        sb.append(HiveUtils.unparseIdentifier(hivePrivilegeObject.getDbname(), this.conf));
        sb.append(StringPool.DOT);
        sb.append(HiveUtils.unparseIdentifier(hivePrivilegeObject.getObjectName(), this.conf));
        sb.append(" " + maskAndFilterInfo.additionalTabInfo);
        String rowFilterExpression = hivePrivilegeObject.getRowFilterExpression();
        if (rowFilterExpression != null) {
            sb.append(" WHERE " + rowFilterExpression);
            z2 = true;
        }
        sb.append(StringPool.RIGHT_BRACKET + HiveUtils.unparseIdentifier(maskAndFilterInfo.alias, this.conf));
        if (!z && !z2) {
            return null;
        }
        this.LOG.debug("TableMask creates `" + sb.toString() + StringPool.BACKTICK);
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addTranslation(ASTNode aSTNode, String str) throws SemanticException {
        this.translator.addTranslation(aSTNode, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void applyTranslations(TokenRewriteStream tokenRewriteStream) throws SemanticException {
        this.translator.applyTranslations(tokenRewriteStream);
    }

    public boolean needsRewrite() {
        return this.needsRewrite;
    }

    public void setNeedsRewrite(boolean z) {
        this.needsRewrite = z;
    }
}
