package org.apache.sentry.provider.db.service.thrift;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Splitter;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.sentry.SentryUserException;
import org.apache.sentry.provider.common.GroupMappingService;
import org.apache.sentry.provider.db.SentryAccessDeniedException;
import org.apache.sentry.provider.db.SentryAlreadyExistsException;
import org.apache.sentry.provider.db.SentryInvalidInputException;
import org.apache.sentry.provider.db.SentryNoSuchObjectException;
import org.apache.sentry.provider.db.service.persistent.CommitContext;
import org.apache.sentry.provider.db.service.persistent.SentryStore;
import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyService;
import org.apache.sentry.service.thrift.ServiceConstants;
import org.apache.sentry.service.thrift.Status;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.class */
public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
    private static final Logger LOGGER = LoggerFactory.getLogger(SentryPolicyStoreProcessor.class);
    public static final String SENTRY_POLICY_SERVICE_NAME = "SentryPolicyService";
    private final String name;
    private final Configuration conf;
    private final SentryStore sentryStore;
    private final NotificationHandlerInvoker notificationHandlerInvoker;
    private final ImmutableSet<String> adminGroups;
    private boolean isReady;

    public SentryPolicyStoreProcessor(String str, Configuration configuration) throws Exception {
        this.name = str;
        this.conf = configuration;
        this.notificationHandlerInvoker = new NotificationHandlerInvoker(configuration, createHandlers(configuration));
        this.isReady = false;
        this.sentryStore = new SentryStore(configuration);
        this.isReady = true;
        this.adminGroups = ImmutableSet.copyOf(toTrimedLower(Sets.newHashSet(configuration.getStrings(ServiceConstants.ServerConfig.ADMIN_GROUPS, new String[0]))));
    }

    public void stop() {
        if (this.isReady) {
            this.sentryStore.stop();
        }
    }

    @VisibleForTesting
    static List<NotificationHandler> createHandlers(Configuration configuration) throws SentryConfigurationException {
        ArrayList newArrayList = Lists.newArrayList();
        for (String str : Splitter.onPattern("[\\s,]").trimResults().omitEmptyStrings().split(configuration.get(PolicyStoreConstants.PolicyStoreServerConfig.NOTIFICATION_HANDLERS, ""))) {
            try {
                Class<?> cls = Class.forName(str);
                if (!NotificationHandler.class.isAssignableFrom(cls)) {
                    throw new SentryConfigurationException("Class " + str + " is not a " + NotificationHandler.class.getName());
                }
                Preconditions.checkNotNull(cls, "Error class cannot be null");
                try {
                    newArrayList.add((NotificationHandler) cls.getConstructor(Configuration.class).newInstance(configuration));
                } catch (Exception e) {
                    throw new SentryConfigurationException("Error attempting to create " + str, e);
                }
            } catch (ClassNotFoundException e2) {
                throw new SentryConfigurationException("Value " + str + " is not a class", e2);
            }
        }
        return newArrayList;
    }

    @VisibleForTesting
    public Configuration getSentryStoreConf() {
        return this.conf;
    }

    private static Set<String> toTrimedLower(Set<String> set) {
        HashSet newHashSet = Sets.newHashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            newHashSet.add(it.next().trim().toLowerCase());
        }
        return newHashSet;
    }

    private void authorize(String str, Set<String> set) throws SentryAccessDeniedException {
        Set<String> trimedLower = toTrimedLower(set);
        if (Sets.intersection(this.adminGroups, trimedLower).isEmpty()) {
            LOGGER.warn("User: " + str + " is part of " + trimedLower + " which does not, intersect admin groups " + this.adminGroups);
            throw new SentryAccessDeniedException("Access denied to " + str);
        }
    }

    /* JADX WARN: Type inference failed for: r8v1, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TCreateSentryRoleResponse create_sentry_role(TCreateSentryRoleRequest tCreateSentryRoleRequest) throws TException {
        TCreateSentryRoleResponse tCreateSentryRoleResponse = new TCreateSentryRoleResponse();
        try {
            authorize(tCreateSentryRoleRequest.getRequestorUserName(), getRequestorGroups(tCreateSentryRoleRequest.getRequestorUserName()));
            CommitContext createSentryRole = this.sentryStore.createSentryRole(tCreateSentryRoleRequest.getRoleName(), tCreateSentryRoleRequest.getRequestorUserName());
            tCreateSentryRoleResponse.setStatus(Status.OK());
            this.notificationHandlerInvoker.create_sentry_role(createSentryRole, tCreateSentryRoleRequest, tCreateSentryRoleResponse);
        } catch (Exception e) {
            String str = "Unknown error for request: " + tCreateSentryRoleRequest + ", message: " + e.getMessage();
            LOGGER.error(str, e);
            tCreateSentryRoleResponse.setStatus(Status.RuntimeError(str, e));
        } catch (SentryAccessDeniedException e2) {
            LOGGER.error(e2.getMessage(), (Throwable) e2);
            tCreateSentryRoleResponse.setStatus(Status.AccessDenied(e2.getMessage(), e2));
        } catch (SentryAlreadyExistsException e3) {
            String str2 = "Role: " + tCreateSentryRoleRequest + " already exists.";
            LOGGER.error(str2, e3);
            tCreateSentryRoleResponse.setStatus(Status.AlreadyExists(str2, e3));
        }
        return tCreateSentryRoleResponse;
    }

    /* JADX WARN: Type inference failed for: r8v2, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege(TAlterSentryRoleGrantPrivilegeRequest tAlterSentryRoleGrantPrivilegeRequest) throws TException {
        TAlterSentryRoleGrantPrivilegeResponse tAlterSentryRoleGrantPrivilegeResponse = new TAlterSentryRoleGrantPrivilegeResponse();
        try {
            authorize(tAlterSentryRoleGrantPrivilegeRequest.getRequestorUserName(), getRequestorGroups(tAlterSentryRoleGrantPrivilegeRequest.getRequestorUserName()));
            CommitContext alterSentryRoleGrantPrivilege = this.sentryStore.alterSentryRoleGrantPrivilege(tAlterSentryRoleGrantPrivilegeRequest.getRoleName(), tAlterSentryRoleGrantPrivilegeRequest.getPrivilege());
            tAlterSentryRoleGrantPrivilegeResponse.setStatus(Status.OK());
            this.notificationHandlerInvoker.alter_sentry_role_grant_privilege(alterSentryRoleGrantPrivilege, tAlterSentryRoleGrantPrivilegeRequest, tAlterSentryRoleGrantPrivilegeResponse);
        } catch (Exception e) {
            String str = "Unknown error for request: " + tAlterSentryRoleGrantPrivilegeRequest + ", message: " + e.getMessage();
            LOGGER.error(str, e);
            tAlterSentryRoleGrantPrivilegeResponse.setStatus(Status.RuntimeError(str, e));
        } catch (SentryAccessDeniedException e2) {
            LOGGER.error(e2.getMessage(), (Throwable) e2);
            tAlterSentryRoleGrantPrivilegeResponse.setStatus(Status.AccessDenied(e2.getMessage(), e2));
        } catch (SentryInvalidInputException e3) {
            LOGGER.error("Invalid input privilege object", e3);
            tAlterSentryRoleGrantPrivilegeResponse.setStatus(Status.InvalidInput("Invalid input privilege object", e3));
        } catch (SentryNoSuchObjectException e4) {
            String str2 = "Role: " + tAlterSentryRoleGrantPrivilegeRequest.getRoleName() + " doesn't exist.";
            LOGGER.error(str2, e4);
            tAlterSentryRoleGrantPrivilegeResponse.setStatus(Status.NoSuchObject(str2, e4));
        }
        return tAlterSentryRoleGrantPrivilegeResponse;
    }

    /* JADX WARN: Type inference failed for: r8v2, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TAlterSentryRoleRevokePrivilegeResponse alter_sentry_role_revoke_privilege(TAlterSentryRoleRevokePrivilegeRequest tAlterSentryRoleRevokePrivilegeRequest) throws TException {
        TAlterSentryRoleRevokePrivilegeResponse tAlterSentryRoleRevokePrivilegeResponse = new TAlterSentryRoleRevokePrivilegeResponse();
        try {
            authorize(tAlterSentryRoleRevokePrivilegeRequest.getRequestorUserName(), getRequestorGroups(tAlterSentryRoleRevokePrivilegeRequest.getRequestorUserName()));
            CommitContext alterSentryRoleRevokePrivilege = this.sentryStore.alterSentryRoleRevokePrivilege(tAlterSentryRoleRevokePrivilegeRequest.getRoleName(), tAlterSentryRoleRevokePrivilegeRequest.getPrivilege());
            tAlterSentryRoleRevokePrivilegeResponse.setStatus(Status.OK());
            this.notificationHandlerInvoker.alter_sentry_role_revoke_privilege(alterSentryRoleRevokePrivilege, tAlterSentryRoleRevokePrivilegeRequest, tAlterSentryRoleRevokePrivilegeResponse);
        } catch (Exception e) {
            String str = "Unknown error for request: " + tAlterSentryRoleRevokePrivilegeRequest + ", message: " + e.getMessage();
            LOGGER.error(str, e);
            tAlterSentryRoleRevokePrivilegeResponse.setStatus(Status.RuntimeError(str, e));
        } catch (SentryAccessDeniedException e2) {
            LOGGER.error(e2.getMessage(), (Throwable) e2);
            tAlterSentryRoleRevokePrivilegeResponse.setStatus(Status.AccessDenied(e2.getMessage(), e2));
        } catch (SentryInvalidInputException e3) {
            LOGGER.error("Invalid input privilege object", e3);
            tAlterSentryRoleRevokePrivilegeResponse.setStatus(Status.InvalidInput("Invalid input privilege object", e3));
        } catch (SentryNoSuchObjectException e4) {
            String str2 = "Privilege: " + tAlterSentryRoleRevokePrivilegeRequest.getPrivilege().getPrivilegeName() + " doesn't exist.";
            LOGGER.error(str2, e4);
            tAlterSentryRoleRevokePrivilegeResponse.setStatus(Status.NoSuchObject(str2, e4));
        }
        return tAlterSentryRoleRevokePrivilegeResponse;
    }

    /* JADX WARN: Type inference failed for: r9v1, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TDropSentryRoleResponse drop_sentry_role(TDropSentryRoleRequest tDropSentryRoleRequest) throws TException {
        TDropSentryRoleResponse tDropSentryRoleResponse = new TDropSentryRoleResponse();
        try {
            authorize(tDropSentryRoleRequest.getRequestorUserName(), getRequestorGroups(tDropSentryRoleRequest.getRequestorUserName()));
            CommitContext dropSentryRole = this.sentryStore.dropSentryRole(tDropSentryRoleRequest.getRoleName());
            tDropSentryRoleResponse.setStatus(Status.OK());
            this.notificationHandlerInvoker.drop_sentry_role(dropSentryRole, tDropSentryRoleRequest, tDropSentryRoleResponse);
        } catch (Exception e) {
            String str = "Unknown error for request: " + tDropSentryRoleRequest + ", message: " + e.getMessage();
            LOGGER.error(str, e);
            tDropSentryRoleResponse.setStatus(Status.RuntimeError(str, e));
        } catch (SentryAccessDeniedException e2) {
            LOGGER.error(e2.getMessage(), (Throwable) e2);
            tDropSentryRoleResponse.setStatus(Status.AccessDenied(e2.getMessage(), e2));
        } catch (SentryNoSuchObjectException e3) {
            String str2 = "Role :" + tDropSentryRoleRequest + " does not exist.";
            LOGGER.error(str2, e3);
            tDropSentryRoleResponse.setStatus(Status.NoSuchObject(str2, e3));
        }
        return tDropSentryRoleResponse;
    }

    /* JADX WARN: Type inference failed for: r8v1, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups(TAlterSentryRoleAddGroupsRequest tAlterSentryRoleAddGroupsRequest) throws TException {
        TAlterSentryRoleAddGroupsResponse tAlterSentryRoleAddGroupsResponse = new TAlterSentryRoleAddGroupsResponse();
        try {
            authorize(tAlterSentryRoleAddGroupsRequest.getRequestorUserName(), getRequestorGroups(tAlterSentryRoleAddGroupsRequest.getRequestorUserName()));
            CommitContext alterSentryRoleAddGroups = this.sentryStore.alterSentryRoleAddGroups(tAlterSentryRoleAddGroupsRequest.getRequestorUserName(), tAlterSentryRoleAddGroupsRequest.getRoleName(), tAlterSentryRoleAddGroupsRequest.getGroups());
            tAlterSentryRoleAddGroupsResponse.setStatus(Status.OK());
            this.notificationHandlerInvoker.alter_sentry_role_add_groups(alterSentryRoleAddGroups, tAlterSentryRoleAddGroupsRequest, tAlterSentryRoleAddGroupsResponse);
        } catch (Exception e) {
            String str = "Unknown error for request: " + tAlterSentryRoleAddGroupsRequest + ", message: " + e.getMessage();
            LOGGER.error(str, e);
            tAlterSentryRoleAddGroupsResponse.setStatus(Status.RuntimeError(str, e));
        } catch (SentryAccessDeniedException e2) {
            LOGGER.error(e2.getMessage(), (Throwable) e2);
            tAlterSentryRoleAddGroupsResponse.setStatus(Status.AccessDenied(e2.getMessage(), e2));
        } catch (SentryNoSuchObjectException e3) {
            String str2 = "Role: " + tAlterSentryRoleAddGroupsRequest + " does not exist.";
            LOGGER.error(str2, e3);
            tAlterSentryRoleAddGroupsResponse.setStatus(Status.NoSuchObject(str2, e3));
        }
        return tAlterSentryRoleAddGroupsResponse;
    }

    /* JADX WARN: Type inference failed for: r8v1, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups(TAlterSentryRoleDeleteGroupsRequest tAlterSentryRoleDeleteGroupsRequest) throws TException {
        TAlterSentryRoleDeleteGroupsResponse tAlterSentryRoleDeleteGroupsResponse = new TAlterSentryRoleDeleteGroupsResponse();
        try {
            authorize(tAlterSentryRoleDeleteGroupsRequest.getRequestorUserName(), getRequestorGroups(tAlterSentryRoleDeleteGroupsRequest.getRequestorUserName()));
            CommitContext alterSentryRoleDeleteGroups = this.sentryStore.alterSentryRoleDeleteGroups(tAlterSentryRoleDeleteGroupsRequest.getRoleName(), tAlterSentryRoleDeleteGroupsRequest.getGroups());
            tAlterSentryRoleDeleteGroupsResponse.setStatus(Status.OK());
            this.notificationHandlerInvoker.alter_sentry_role_delete_groups(alterSentryRoleDeleteGroups, tAlterSentryRoleDeleteGroupsRequest, tAlterSentryRoleDeleteGroupsResponse);
        } catch (Exception e) {
            String str = "Unknown error adding groups to role: " + tAlterSentryRoleDeleteGroupsRequest;
            LOGGER.error(str, e);
            tAlterSentryRoleDeleteGroupsResponse.setStatus(Status.RuntimeError(str, e));
        } catch (SentryAccessDeniedException e2) {
            LOGGER.error(e2.getMessage(), (Throwable) e2);
            tAlterSentryRoleDeleteGroupsResponse.setStatus(Status.AccessDenied(e2.getMessage(), e2));
        } catch (SentryNoSuchObjectException e3) {
            String str2 = "Role: " + tAlterSentryRoleDeleteGroupsRequest + " does not exist.";
            LOGGER.error(str2, e3);
            tAlterSentryRoleDeleteGroupsResponse.setStatus(Status.NoSuchObject(str2, e3));
        }
        return tAlterSentryRoleDeleteGroupsResponse;
    }

    /* JADX WARN: Type inference failed for: r12v1, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TListSentryRolesResponse list_sentry_roles_by_group(TListSentryRolesRequest tListSentryRolesRequest) throws TException {
        TListSentryRolesResponse tListSentryRolesResponse = new TListSentryRolesResponse();
        Set<TSentryRole> hashSet = new HashSet();
        Set<String> hashSet2 = new HashSet();
        boolean z = false;
        try {
            if ("*".equalsIgnoreCase(tListSentryRolesRequest.getGroupName())) {
                hashSet2 = getRequestorGroups(tListSentryRolesRequest.getRequestorUserName());
                z = true;
            } else {
                authorize(tListSentryRolesRequest.getRequestorUserName(), getRequestorGroups(tListSentryRolesRequest.getRequestorUserName()));
                hashSet2.add(tListSentryRolesRequest.getGroupName());
            }
            hashSet = this.sentryStore.getTSentryRolesByGroupName(hashSet2, z);
            tListSentryRolesResponse.setRoles(hashSet);
            tListSentryRolesResponse.setStatus(Status.OK());
        } catch (Exception e) {
            String str = "Unknown error for request: " + tListSentryRolesRequest + ", message: " + e.getMessage();
            LOGGER.error(str, e);
            tListSentryRolesResponse.setStatus(Status.RuntimeError(str, e));
        } catch (SentryAccessDeniedException e2) {
            LOGGER.error(e2.getMessage(), (Throwable) e2);
            tListSentryRolesResponse.setStatus(Status.AccessDenied(e2.getMessage(), e2));
        } catch (SentryNoSuchObjectException e3) {
            tListSentryRolesResponse.setRoles(hashSet);
            String str2 = "Role: " + tListSentryRolesRequest + " couldn't be retrieved.";
            LOGGER.error(str2, e3);
            tListSentryRolesResponse.setStatus(Status.NoSuchObject(str2, e3));
        }
        return tListSentryRolesResponse;
    }

    /* JADX WARN: Type inference failed for: r11v1, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TListSentryPrivilegesResponse list_sentry_privileges_by_role(TListSentryPrivilegesRequest tListSentryPrivilegesRequest) throws TException {
        TListSentryPrivilegesResponse tListSentryPrivilegesResponse = new TListSentryPrivilegesResponse();
        Set<TSentryPrivilege> hashSet = new HashSet();
        try {
            authorize(tListSentryPrivilegesRequest.getRequestorUserName(), getRequestorGroups(tListSentryPrivilegesRequest.getRequestorUserName()));
            if (tListSentryPrivilegesRequest.isSetAuthorizableHierarchy()) {
                hashSet = this.sentryStore.getTSentryPrivileges(Sets.newHashSet(new String[]{tListSentryPrivilegesRequest.getRoleName()}), tListSentryPrivilegesRequest.getAuthorizableHierarchy());
            } else {
                hashSet = this.sentryStore.getAllTSentryPrivilegesByRoleName(tListSentryPrivilegesRequest.getRoleName());
            }
            tListSentryPrivilegesResponse.setPrivileges(hashSet);
            tListSentryPrivilegesResponse.setStatus(Status.OK());
        } catch (Exception e) {
            String str = "Unknown error for request: " + tListSentryPrivilegesRequest + ", message: " + e.getMessage();
            LOGGER.error(str, e);
            tListSentryPrivilegesResponse.setStatus(Status.RuntimeError(str, e));
        } catch (SentryAccessDeniedException e2) {
            LOGGER.error(e2.getMessage(), (Throwable) e2);
            tListSentryPrivilegesResponse.setStatus(Status.AccessDenied(e2.getMessage(), e2));
        } catch (SentryNoSuchObjectException e3) {
            tListSentryPrivilegesResponse.setPrivileges(hashSet);
            String str2 = "Privilege: " + tListSentryPrivilegesRequest + " couldn't be retrieved.";
            LOGGER.error(str2, e3);
            tListSentryPrivilegesResponse.setStatus(Status.NoSuchObject(str2, e3));
        }
        return tListSentryPrivilegesResponse;
    }

    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TListSentryPrivilegesForProviderResponse list_sentry_privileges_for_provider(TListSentryPrivilegesForProviderRequest tListSentryPrivilegesForProviderRequest) throws TException {
        TListSentryPrivilegesForProviderResponse tListSentryPrivilegesForProviderResponse = new TListSentryPrivilegesForProviderResponse();
        tListSentryPrivilegesForProviderResponse.setPrivileges(new HashSet());
        try {
            Set<String> listSentryPrivilegesForProvider = this.sentryStore.listSentryPrivilegesForProvider(tListSentryPrivilegesForProviderRequest.getGroups(), tListSentryPrivilegesForProviderRequest.getRoleSet(), tListSentryPrivilegesForProviderRequest.getAuthorizableHierarchy());
            tListSentryPrivilegesForProviderResponse.setPrivileges(listSentryPrivilegesForProvider);
            if ((listSentryPrivilegesForProvider == null || listSentryPrivilegesForProvider.size() == 0) && tListSentryPrivilegesForProviderRequest.getAuthorizableHierarchy() != null && this.sentryStore.hasAnyServerPrivileges(tListSentryPrivilegesForProviderRequest.getGroups(), tListSentryPrivilegesForProviderRequest.getRoleSet(), tListSentryPrivilegesForProviderRequest.getAuthorizableHierarchy().getServer())) {
                tListSentryPrivilegesForProviderResponse.setPrivileges(Sets.newHashSet(new String[]{"server=+"}));
            }
            tListSentryPrivilegesForProviderResponse.setStatus(Status.OK());
        } catch (Exception e) {
            String str = "Unknown error for request: " + tListSentryPrivilegesForProviderRequest + ", message: " + e.getMessage();
            LOGGER.error(str, e);
            tListSentryPrivilegesForProviderResponse.setStatus(Status.RuntimeError(str, e));
        }
        return tListSentryPrivilegesForProviderResponse;
    }

    private Set<String> getRequestorGroups(String str) throws SentryUserException {
        String str2 = this.conf.get(ServiceConstants.ServerConfig.SENTRY_STORE_GROUP_MAPPING, "org.apache.sentry.provider.common.HadoopGroupMappingService");
        String str3 = this.conf.get(ServiceConstants.ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE);
        try {
            Constructor<?> declaredConstructor = Class.forName(str2).getDeclaredConstructor(Configuration.class, String.class);
            declaredConstructor.setAccessible(true);
            return ((GroupMappingService) declaredConstructor.newInstance(this.conf, str3)).getGroups(str);
        } catch (ClassNotFoundException e) {
            throw new SentryUserException("Unable to instantiate group mapping", e);
        } catch (IllegalAccessException e2) {
            throw new SentryUserException("Unable to instantiate group mapping", e2);
        } catch (IllegalArgumentException e3) {
            throw new SentryUserException("Unable to instantiate group mapping", e3);
        } catch (InstantiationException e4) {
            throw new SentryUserException("Unable to instantiate group mapping", e4);
        } catch (NoSuchMethodException e5) {
            throw new SentryUserException("Unable to instantiate group mapping", e5);
        } catch (SecurityException e6) {
            throw new SentryUserException("Unable to instantiate group mapping", e6);
        } catch (InvocationTargetException e7) {
            throw new SentryUserException("Unable to instantiate group mapping", e7);
        }
    }

    /* JADX WARN: Type inference failed for: r7v0, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TDropPrivilegesResponse drop_sentry_privilege(TDropPrivilegesRequest tDropPrivilegesRequest) throws TException {
        TDropPrivilegesResponse tDropPrivilegesResponse = new TDropPrivilegesResponse();
        try {
            authorize(tDropPrivilegesRequest.getRequestorUserName(), this.adminGroups);
            this.sentryStore.dropPrivilege(tDropPrivilegesRequest.getAuthorizable());
            tDropPrivilegesResponse.setStatus(Status.OK());
        } catch (Exception e) {
            String str = "Unknown error for request: " + tDropPrivilegesRequest + ", message: " + e.getMessage();
            LOGGER.error(str, e);
            tDropPrivilegesResponse.setStatus(Status.RuntimeError(str, e));
        } catch (SentryAccessDeniedException e2) {
            LOGGER.error(e2.getMessage(), (Throwable) e2);
            tDropPrivilegesResponse.setStatus(Status.AccessDenied(e2.getMessage(), e2));
        }
        return tDropPrivilegesResponse;
    }

    /* JADX WARN: Type inference failed for: r8v0, types: [java.lang.Throwable, org.apache.sentry.provider.db.SentryAccessDeniedException] */
    @Override // org.apache.sentry.provider.db.service.thrift.SentryPolicyService.Iface
    public TRenamePrivilegesResponse rename_sentry_privilege(TRenamePrivilegesRequest tRenamePrivilegesRequest) throws TException {
        TRenamePrivilegesResponse tRenamePrivilegesResponse = new TRenamePrivilegesResponse();
        try {
            authorize(tRenamePrivilegesRequest.getRequestorUserName(), this.adminGroups);
            this.sentryStore.renamePrivilege(tRenamePrivilegesRequest.getOldAuthorizable(), tRenamePrivilegesRequest.getNewAuthorizable(), tRenamePrivilegesRequest.getRequestorUserName());
            tRenamePrivilegesResponse.setStatus(Status.OK());
        } catch (Exception e) {
            String str = "Unknown error for request: " + tRenamePrivilegesRequest + ", message: " + e.getMessage();
            LOGGER.error(str, e);
            tRenamePrivilegesResponse.setStatus(Status.RuntimeError(str, e));
        } catch (SentryAccessDeniedException e2) {
            LOGGER.error(e2.getMessage(), (Throwable) e2);
            tRenamePrivilegesResponse.setStatus(Status.AccessDenied(e2.getMessage(), e2));
        }
        return tRenamePrivilegesResponse;
    }
}
