package org.apache.hadoop.hive.ql.security.authorization.command;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.hadoop.hive.ql.exec.TableScanOperator;
import org.apache.hadoop.hive.ql.hooks.Entity;
import org.apache.hadoop.hive.ql.hooks.ReadEntity;
import org.apache.hadoop.hive.ql.hooks.WriteEntity;
import org.apache.hadoop.hive.ql.metadata.Hive;
import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.metadata.Partition;
import org.apache.hadoop.hive.ql.metadata.Table;
import org.apache.hadoop.hive.ql.optimizer.ppr.PartitionPruner;
import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer;
import org.apache.hadoop.hive.ql.parse.ImportSemanticAnalyzer;
import org.apache.hadoop.hive.ql.parse.ParseContext;
import org.apache.hadoop.hive.ql.parse.SemanticAnalyzer;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider;
import org.apache.hadoop.hive.ql.security.authorization.Privilege;
import org.apache.hadoop.hive.ql.session.SessionState;

/* loaded from: input_file:org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV1.class */
final class CommandAuthorizerV1 {
    private CommandAuthorizerV1() {
        throw new UnsupportedOperationException("CommandAuthorizerV1 should not be instantiated");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void doAuthorization(HiveOperation hiveOperation, BaseSemanticAnalyzer baseSemanticAnalyzer, SessionState sessionState, Set<ReadEntity> set, Set<WriteEntity> set2) throws HiveException {
        if (hiveOperation == null) {
            throw new HiveException("Operation should not be null");
        }
        Hive db = baseSemanticAnalyzer.getDb();
        HiveAuthorizationProvider authorizer = sessionState.getAuthorizer();
        authorizeOperation(hiveOperation, baseSemanticAnalyzer, db, authorizer);
        authorizeOutputs(hiveOperation, set2, db, authorizer);
        authorizeInputs(hiveOperation, baseSemanticAnalyzer, set, authorizer);
    }

    private static void authorizeOperation(HiveOperation hiveOperation, BaseSemanticAnalyzer baseSemanticAnalyzer, Hive hive, HiveAuthorizationProvider hiveAuthorizationProvider) throws HiveException {
        if (hiveOperation.equals(HiveOperation.CREATEDATABASE)) {
            hiveAuthorizationProvider.authorize(hiveOperation.getInputRequiredPrivileges(), hiveOperation.getOutputRequiredPrivileges());
            return;
        }
        if (hiveOperation.equals(HiveOperation.CREATETABLE_AS_SELECT) || hiveOperation.equals(HiveOperation.CREATETABLE)) {
            hiveAuthorizationProvider.authorize(hive.getDatabase(SessionState.get().getCurrentDatabase()), (Privilege[]) null, HiveOperation.CREATETABLE_AS_SELECT.getOutputRequiredPrivileges());
        } else {
            if (!hiveOperation.equals(HiveOperation.IMPORT) || ((ImportSemanticAnalyzer) baseSemanticAnalyzer).existsTable()) {
                return;
            }
            hiveAuthorizationProvider.authorize(hive.getDatabase(SessionState.get().getCurrentDatabase()), (Privilege[]) null, HiveOperation.CREATETABLE_AS_SELECT.getOutputRequiredPrivileges());
        }
    }

    private static void authorizeOutputs(HiveOperation hiveOperation, Set<WriteEntity> set, Hive hive, HiveAuthorizationProvider hiveAuthorizationProvider) throws HiveException {
        if (CollectionUtils.isEmpty(set)) {
            return;
        }
        for (WriteEntity writeEntity : set) {
            if (!writeEntity.isDummy() && !writeEntity.isPathType()) {
                if (writeEntity.getType() == Entity.Type.DATABASE) {
                    if (!hiveOperation.equals(HiveOperation.IMPORT)) {
                        hiveAuthorizationProvider.authorize(writeEntity.getDatabase(), (Privilege[]) null, hiveOperation.getOutputRequiredPrivileges());
                    }
                } else if (writeEntity.getType() == Entity.Type.PARTITION && hive.getPartition(writeEntity.getTable(), writeEntity.getPartition().getSpec(), false) != null) {
                    hiveAuthorizationProvider.authorize(writeEntity.getPartition(), (Privilege[]) null, hiveOperation.getOutputRequiredPrivileges());
                } else if (writeEntity.getTable() != null) {
                    hiveAuthorizationProvider.authorize(writeEntity.getTable(), (Privilege[]) null, hiveOperation.getOutputRequiredPrivileges());
                }
            }
        }
    }

    private static void authorizeInputs(HiveOperation hiveOperation, BaseSemanticAnalyzer baseSemanticAnalyzer, Set<ReadEntity> set, HiveAuthorizationProvider hiveAuthorizationProvider) throws HiveException {
        if (CollectionUtils.isEmpty(set)) {
            return;
        }
        Map<String, Boolean> tableUsePartLevelAuth = getTableUsePartLevelAuth(set);
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        getTablePartitionUsedColumns(hiveOperation, baseSemanticAnalyzer, hashMap, hashMap2, tableUsePartLevelAuth);
        HashSet hashSet = new HashSet();
        for (ReadEntity readEntity : set) {
            if (!readEntity.isDummy() && !readEntity.isPathType() && readEntity.isDirect()) {
                if (readEntity.getType() == Entity.Type.DATABASE) {
                    hiveAuthorizationProvider.authorize(readEntity.getDatabase(), hiveOperation.getInputRequiredPrivileges(), (Privilege[]) null);
                } else {
                    Table table = readEntity.getTable();
                    if (table.isView() && (baseSemanticAnalyzer instanceof SemanticAnalyzer)) {
                        hashMap.put(table, baseSemanticAnalyzer.getColumnAccessInfo().getTableToColumnAccessMap().get(table.getCompleteName()));
                    }
                    if (readEntity.getPartition() != null) {
                        Partition partition = readEntity.getPartition();
                        table = partition.getTable();
                        if (Boolean.TRUE.equals(tableUsePartLevelAuth.get(table.getTableName()))) {
                            List<String> list = (List) hashMap2.get(partition);
                            if (list == null || list.size() <= 0) {
                                hiveAuthorizationProvider.authorize(partition, hiveOperation.getInputRequiredPrivileges(), (Privilege[]) null);
                            } else {
                                hiveAuthorizationProvider.authorize(partition.getTable(), partition, list, hiveOperation.getInputRequiredPrivileges(), null);
                            }
                        }
                    }
                    authorizeTable(hiveOperation, hiveAuthorizationProvider, tableUsePartLevelAuth, hashMap, hashSet, table);
                }
            }
        }
    }

    private static Map<String, Boolean> getTableUsePartLevelAuth(Set<ReadEntity> set) {
        HashMap hashMap = new HashMap();
        for (ReadEntity readEntity : set) {
            if (!readEntity.isDummy() && !readEntity.isPathType() && readEntity.getType() != Entity.Type.DATABASE) {
                Table table = readEntity.getTable();
                if (readEntity.getPartition() != null || (table != null && table.isPartitioned())) {
                    String tableName = table.getTableName();
                    if (hashMap.get(tableName) == null) {
                        if (table.getParameters().get("PARTITION_LEVEL_PRIVILEGE") != null && "TRUE".equalsIgnoreCase(table.getParameters().get("PARTITION_LEVEL_PRIVILEGE"))) {
                            hashMap.put(tableName, Boolean.TRUE);
                        } else {
                            hashMap.put(tableName, Boolean.FALSE);
                        }
                    }
                }
            }
        }
        return hashMap;
    }

    private static void getTablePartitionUsedColumns(HiveOperation hiveOperation, BaseSemanticAnalyzer baseSemanticAnalyzer, Map<Table, List<String>> map, Map<Partition, List<String>> map2, Map<String, Boolean> map3) throws HiveException {
        if (hiveOperation.equals(HiveOperation.CREATETABLE_AS_SELECT) || hiveOperation.equals(HiveOperation.QUERY)) {
            SemanticAnalyzer semanticAnalyzer = (SemanticAnalyzer) baseSemanticAnalyzer;
            ParseContext parseContext = semanticAnalyzer.getParseContext();
            for (Map.Entry<String, TableScanOperator> entry : semanticAnalyzer.getParseContext().getTopOps().entrySet()) {
                TableScanOperator value = entry.getValue();
                if (!value.isInsideView()) {
                    Table tableMetadata = value.getConf().getTableMetadata();
                    ArrayList arrayList = new ArrayList();
                    Iterator<Integer> it = value.getNeededColumnIDs().iterator();
                    while (it.hasNext()) {
                        arrayList.add(tableMetadata.getCols().get(it.next().intValue()).getName());
                    }
                    if (tableMetadata.isPartitioned() && Boolean.TRUE.equals(map3.get(tableMetadata.getTableName()))) {
                        for (Partition partition : PartitionPruner.prune(value, parseContext, entry.getKey()).getPartitions()) {
                            List<String> list = map2.get(partition);
                            if (list == null) {
                                list = new ArrayList();
                            }
                            list.addAll(arrayList);
                            map2.put(partition, list);
                        }
                    } else {
                        List<String> list2 = map.get(tableMetadata);
                        if (list2 == null) {
                            list2 = new ArrayList();
                        }
                        list2.addAll(arrayList);
                        map.put(tableMetadata, list2);
                    }
                }
            }
        }
    }

    private static void authorizeTable(HiveOperation hiveOperation, HiveAuthorizationProvider hiveAuthorizationProvider, Map<String, Boolean> map, Map<Table, List<String>> map2, Set<String> set, Table table) throws HiveException {
        if (table == null || set.contains(table.getTableName()) || Boolean.TRUE.equals(map.get(table.getTableName()))) {
            return;
        }
        List<String> list = map2.get(table);
        if (list == null || list.size() <= 0) {
            hiveAuthorizationProvider.authorize(table, hiveOperation.getInputRequiredPrivileges(), (Privilege[]) null);
        } else {
            hiveAuthorizationProvider.authorize(table, null, list, hiveOperation.getInputRequiredPrivileges(), null);
        }
        set.add(table.getTableName());
    }
}
