package org.apache.drill.exec.store.hive;

import com.google.common.collect.ImmutableList;
import java.util.Collections;
import java.util.List;
import org.apache.drill.common.exceptions.DrillRuntimeException;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.IMetaStoreClient;
import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.metadata.HiveUtils;
import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/drill/exec/store/hive/HiveAuthorizationHelper.class */
public class HiveAuthorizationHelper {
    private static final Logger logger = LoggerFactory.getLogger(HiveAuthorizationHelper.class);
    final boolean authzEnabled;
    final HiveAuthorizer authorizerV2;

    public HiveAuthorizationHelper(final IMetaStoreClient iMetaStoreClient, HiveConf hiveConf, String str) {
        this.authzEnabled = hiveConf.getBoolVar(HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED);
        if (!this.authzEnabled) {
            this.authorizerV2 = null;
            return;
        }
        try {
            HiveConf hiveConf2 = new HiveConf(hiveConf);
            hiveConf2.set("user.name", str);
            HiveAuthenticationProvider authenticator = HiveUtils.getAuthenticator(hiveConf2, HiveConf.ConfVars.HIVE_AUTHENTICATOR_MANAGER);
            SessionState sessionState = new SessionState(hiveConf2, str);
            SessionState.start(sessionState);
            authenticator.setSessionState(sessionState);
            HiveAuthorizerFactory authorizerFactory = HiveUtils.getAuthorizerFactory(hiveConf2, HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER);
            HiveAuthzSessionContext.Builder builder = new HiveAuthzSessionContext.Builder();
            builder.setClientType(HiveAuthzSessionContext.CLIENT_TYPE.HIVESERVER2);
            this.authorizerV2 = authorizerFactory.createHiveAuthorizer(new HiveMetastoreClientFactory() { // from class: org.apache.drill.exec.store.hive.HiveAuthorizationHelper.1
                public IMetaStoreClient getHiveMetastoreClient() throws HiveAuthzPluginException {
                    return iMetaStoreClient;
                }
            }, hiveConf, authenticator, builder.build());
            this.authorizerV2.applyAuthorizationConfigPolicy(hiveConf2);
            logger.trace("Hive authorization enabled");
        } catch (HiveException e) {
            throw new DrillRuntimeException("Failed to initialize Hive authorization components: " + e.getMessage(), e);
        }
    }

    public void authorizeShowDatabases() throws HiveAccessControlException {
        if (this.authzEnabled) {
            authorize(HiveOperationType.SHOWDATABASES, Collections.EMPTY_LIST, Collections.EMPTY_LIST, "SHOW DATABASES");
        }
    }

    public void authorizeShowTables(String str) throws HiveAccessControlException {
        if (this.authzEnabled) {
            authorize(HiveOperationType.SHOWTABLES, ImmutableList.of(new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.DATABASE, str, (String) null)), Collections.EMPTY_LIST, "SHOW TABLES");
        }
    }

    public void authorizeReadTable(String str, String str2) throws HiveAccessControlException {
        if (this.authzEnabled) {
            authorize(HiveOperationType.QUERY, ImmutableList.of(new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.TABLE_OR_VIEW, str, str2)), Collections.EMPTY_LIST, "READ TABLE");
        }
    }

    private void authorize(HiveOperationType hiveOperationType, List<HivePrivilegeObject> list, List<HivePrivilegeObject> list2, String str) throws HiveAccessControlException {
        try {
            HiveAuthzContext.Builder builder = new HiveAuthzContext.Builder();
            builder.setUserIpAddress("Not available");
            builder.setCommandString(str);
            this.authorizerV2.checkPrivileges(hiveOperationType, list, list2, builder.build());
        } catch (Exception e) {
            throw new DrillRuntimeException("Failed to use the Hive authorization components: " + e.getMessage(), e);
        } catch (HiveAccessControlException e2) {
            throw e2;
        }
    }
}
