package org.apache.sentry.binding.metastore;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.MetaStoreEventListener;
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.hive.metastore.events.AlterTableEvent;
import org.apache.hadoop.hive.metastore.events.CreateDatabaseEvent;
import org.apache.hadoop.hive.metastore.events.CreateTableEvent;
import org.apache.hadoop.hive.metastore.events.DropDatabaseEvent;
import org.apache.hadoop.hive.metastore.events.DropTableEvent;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.sentry.SentryUserException;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.model.db.Database;
import org.apache.sentry.core.model.db.Server;
import org.apache.sentry.core.model.db.Table;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
import org.apache.sentry.service.thrift.SentryServiceClientFactory;

/* loaded from: input_file:org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.class */
public class SentryMetastorePostEventListener extends MetaStoreEventListener {
    private final SentryServiceClientFactory sentryClientFactory;
    private final HiveAuthzConf authzConf;
    private final Server server;

    public SentryMetastorePostEventListener(Configuration configuration) {
        super(configuration);
        this.sentryClientFactory = new SentryServiceClientFactory();
        this.authzConf = HiveAuthzConf.getAuthzConf(new HiveConf());
        this.server = new Server(this.authzConf.get(HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME.getVar()));
    }

    public void onCreateTable(CreateTableEvent createTableEvent) throws MetaException {
        if (syncWithPolicyStore(HiveAuthzConf.AuthzConfVars.AUTHZ_SYNC_CREATE_WITH_POLICY_STORE) && createTableEvent.getStatus()) {
            dropSentryTablePrivilege(createTableEvent.getTable().getDbName(), createTableEvent.getTable().getTableName());
        }
    }

    public void onDropTable(DropTableEvent dropTableEvent) throws MetaException {
        if (syncWithPolicyStore(HiveAuthzConf.AuthzConfVars.AUTHZ_SYNC_DROP_WITH_POLICY_STORE) && dropTableEvent.getStatus()) {
            dropSentryTablePrivilege(dropTableEvent.getTable().getDbName(), dropTableEvent.getTable().getTableName());
        }
    }

    public void onCreateDatabase(CreateDatabaseEvent createDatabaseEvent) throws MetaException {
        if (syncWithPolicyStore(HiveAuthzConf.AuthzConfVars.AUTHZ_SYNC_CREATE_WITH_POLICY_STORE) && createDatabaseEvent.getStatus()) {
            dropSentryDbPrivileges(createDatabaseEvent.getDatabase().getName());
        }
    }

    public void onDropDatabase(DropDatabaseEvent dropDatabaseEvent) throws MetaException {
        if (syncWithPolicyStore(HiveAuthzConf.AuthzConfVars.AUTHZ_SYNC_DROP_WITH_POLICY_STORE) && dropDatabaseEvent.getStatus()) {
            dropSentryDbPrivileges(dropDatabaseEvent.getDatabase().getName());
        }
    }

    public void onAlterTable(AlterTableEvent alterTableEvent) throws MetaException {
        String str = null;
        String str2 = null;
        if (syncWithPolicyStore(HiveAuthzConf.AuthzConfVars.AUTHZ_SYNC_ALTER_WITH_POLICY_STORE) && alterTableEvent.getStatus()) {
            if (alterTableEvent.getOldTable() != null) {
                str = alterTableEvent.getOldTable().getTableName();
            }
            if (alterTableEvent.getNewTable() != null) {
                str2 = alterTableEvent.getNewTable().getTableName();
            }
            if (str.equalsIgnoreCase(str2)) {
                return;
            }
            renameSentryTablePrivilege(alterTableEvent.getOldTable().getDbName(), str, alterTableEvent.getNewTable().getDbName(), str2);
        }
    }

    private SentryPolicyServiceClient getSentryServiceClient() throws MetaException {
        try {
            return this.sentryClientFactory.create(this.authzConf);
        } catch (Exception e) {
            throw new MetaException("Failed to connect to Sentry service " + e.getMessage());
        }
    }

    private void dropSentryDbPrivileges(String str) throws MetaException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.server);
        arrayList.add(new Database(str));
        try {
            dropSentryPrivileges(arrayList);
        } catch (SentryUserException e) {
            throw new MetaException("Failed to remove Sentry policies for drop DB " + str + " Error: " + e.getMessage());
        } catch (IOException e2) {
            throw new MetaException("Failed to find local user " + e2.getMessage());
        }
    }

    private void dropSentryTablePrivilege(String str, String str2) throws MetaException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.server);
        arrayList.add(new Database(str));
        arrayList.add(new Table(str2));
        try {
            dropSentryPrivileges(arrayList);
        } catch (SentryUserException e) {
            throw new MetaException("Failed to remove Sentry policies for drop table " + str + "." + str2 + " Error: " + e.getMessage());
        } catch (IOException e2) {
            throw new MetaException("Failed to find local user " + e2.getMessage());
        }
    }

    private void dropSentryPrivileges(List<? extends Authorizable> list) throws SentryUserException, IOException, MetaException {
        getSentryServiceClient().dropPrivileges(UserGroupInformation.getCurrentUser().getShortUserName(), list);
    }

    private void renameSentryTablePrivilege(String str, String str2, String str3, String str4) throws MetaException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.server);
        arrayList.add(new Database(str));
        arrayList.add(new Table(str2));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(this.server);
        arrayList2.add(new Database(str3));
        arrayList2.add(new Table(str4));
        try {
            getSentryServiceClient().renamePrivileges(UserGroupInformation.getCurrentUser().getShortUserName(), arrayList, arrayList2);
        } catch (SentryUserException e) {
            throw new MetaException("Failed to remove Sentry policies for rename table " + str + "." + str2 + "to " + str3 + "." + str4 + " Error: " + e.getMessage());
        } catch (IOException e2) {
            throw new MetaException("Failed to find local user " + e2.getMessage());
        }
    }

    private boolean syncWithPolicyStore(HiveAuthzConf.AuthzConfVars authzConfVars) {
        return "true".equalsIgnoreCase(this.authzConf.get(authzConfVars.getVar(), "true"));
    }
}
