package org.apache.sentry.binding.util;

import com.google.common.base.Splitter;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.common.JavaUtils;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.api.PrincipalType;
import org.apache.hadoop.hive.ql.hooks.Hook;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.hadoop.hive.ql.security.authorization.PrivilegeType;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.apache.sentry.api.common.ApiConstants;
import org.apache.sentry.api.service.thrift.TSentryGrantOption;
import org.apache.sentry.api.service.thrift.TSentryPrivilege;
import org.apache.sentry.api.service.thrift.TSentryRole;
import org.apache.sentry.binding.hive.HiveAuthzBindingSessionHook;
import org.apache.sentry.binding.hive.SentryOnFailureHookContext;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
import org.apache.sentry.core.common.utils.PathUtils;
import org.apache.sentry.core.model.db.AccessURI;
import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.apache.sentry.core.model.db.Server;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/binding/util/SentryAuthorizerUtil.class */
public class SentryAuthorizerUtil {
    public static final Logger LOG = LoggerFactory.getLogger(SentryAuthorizerUtil.class);
    public static String UNKONWN_GRANTOR = "--";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.sentry.binding.util.SentryAuthorizerUtil$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/sentry/binding/util/SentryAuthorizerUtil$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType;
        static final /* synthetic */ int[] $SwitchMap$org$apache$sentry$api$common$ApiConstants$PrivilegeScope = new int[ApiConstants.PrivilegeScope.values().length];

        static {
            try {
                $SwitchMap$org$apache$sentry$api$common$ApiConstants$PrivilegeScope[ApiConstants.PrivilegeScope.SERVER.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$sentry$api$common$ApiConstants$PrivilegeScope[ApiConstants.PrivilegeScope.DATABASE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$sentry$api$common$ApiConstants$PrivilegeScope[ApiConstants.PrivilegeScope.TABLE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$sentry$api$common$ApiConstants$PrivilegeScope[ApiConstants.PrivilegeScope.COLUMN.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$sentry$api$common$ApiConstants$PrivilegeScope[ApiConstants.PrivilegeScope.URI.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType = new int[HivePrivilegeObject.HivePrivilegeObjectType.values().length];
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.GLOBAL.ordinal()] = 1;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.DATABASE.ordinal()] = 2;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.TABLE_OR_VIEW.ordinal()] = 3;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.LOCAL_URI.ordinal()] = 4;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.DFS_URI.ordinal()] = 5;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.FUNCTION.ordinal()] = 6;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.PARTITION.ordinal()] = 7;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.COLUMN.ordinal()] = 8;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.COMMAND_PARAMS.ordinal()] = 9;
            } catch (NoSuchFieldError e14) {
            }
        }
    }

    public static AccessURI parseURI(String str, boolean z) throws URISyntaxException {
        return new AccessURI(PathUtils.parseURI(SessionState.get().getConf().getVar(HiveConf.ConfVars.METASTOREWAREHOUSE), str, z));
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:4:0x0025. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:18:0x0130 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.util.List<java.util.List<org.apache.sentry.core.model.db.DBModelAuthorizable>> getAuthzHierarchy(org.apache.sentry.core.model.db.Server r5, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject r6) {
        /*
            Method dump skipped, instructions count: 358
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.sentry.binding.util.SentryAuthorizerUtil.getAuthzHierarchy(org.apache.sentry.core.model.db.Server, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject):java.util.List");
    }

    public static Set<List<DBModelAuthorizable>> convert2SentryPrivilegeList(Server server, List<HivePrivilegeObject> list) {
        HashSet hashSet = new HashSet();
        if (list != null && !list.isEmpty()) {
            Iterator<HivePrivilegeObject> it = list.iterator();
            while (it.hasNext()) {
                hashSet.addAll(getAuthzHierarchy(server, it.next()));
            }
        }
        return hashSet;
    }

    public static HiveOperation convert2HiveOperation(String str) {
        try {
            return HiveOperation.valueOf(str);
        } catch (Exception e) {
            return null;
        }
    }

    public static String convert2SentryAction(HivePrivilege hivePrivilege) {
        return PrivilegeType.ALL.name().equals(hivePrivilege.getName()) ? HiveAuthzBindingSessionHook.WILDCARD_ACL_VALUE : hivePrivilege.getName();
    }

    public static HivePrivilege convert2HivePrivilege(String str) {
        return new HivePrivilege(str, (List) null);
    }

    public static List<String> convert2RoleList(Set<TSentryRole> set) {
        ArrayList arrayList = new ArrayList();
        if (set != null && !set.isEmpty()) {
            Iterator<TSentryRole> it = set.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getRoleName());
            }
        }
        return arrayList;
    }

    public static HivePrivilegeInfo convert2HivePrivilegeInfo(TSentryPrivilege tSentryPrivilege, HivePrincipal hivePrincipal) {
        return new HivePrivilegeInfo(hivePrincipal, convert2HivePrivilege(tSentryPrivilege.getAction()), convert2HivePrivilegeObject(tSentryPrivilege), new HivePrincipal(UNKONWN_GRANTOR, HivePrincipal.HivePrincipalType.ROLE), tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE), (int) TimeUnit.SECONDS.convert(tSentryPrivilege.getCreateTime(), TimeUnit.MILLISECONDS));
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x0010. Please report as an issue. */
    public static HivePrivilegeObject convert2HivePrivilegeObject(TSentryPrivilege tSentryPrivilege) {
        HivePrivilegeObject hivePrivilegeObject = null;
        switch (AnonymousClass1.$SwitchMap$org$apache$sentry$api$common$ApiConstants$PrivilegeScope[ApiConstants.PrivilegeScope.valueOf(tSentryPrivilege.getPrivilegeScope()).ordinal()]) {
            case 1:
                hivePrivilegeObject = new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.GLOBAL, HiveAuthzBindingSessionHook.WILDCARD_ACL_VALUE, (String) null);
                return hivePrivilegeObject;
            case 2:
                hivePrivilegeObject = new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.DATABASE, tSentryPrivilege.getDbName(), (String) null);
                return hivePrivilegeObject;
            case 3:
                hivePrivilegeObject = new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.TABLE_OR_VIEW, tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName());
                return hivePrivilegeObject;
            case 4:
                hivePrivilegeObject = new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.COLUMN, tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), (List) null, tSentryPrivilege.getColumnName());
                return hivePrivilegeObject;
            case 5:
                String uri = tSentryPrivilege.getURI();
                try {
                    uri = uri.replace("'", "").replace("\"", "");
                    hivePrivilegeObject = new HivePrivilegeObject(isLocalUri(uri) ? HivePrivilegeObject.HivePrivilegeObjectType.LOCAL_URI : HivePrivilegeObject.HivePrivilegeObjectType.DFS_URI, uri, (String) null);
                } catch (URISyntaxException e) {
                    throw new RuntimeException(uri + "is not a URI");
                }
            default:
                LOG.warn("Unknown PrivilegeScope: " + ApiConstants.PrivilegeScope.valueOf(tSentryPrivilege.getPrivilegeScope()));
                return hivePrivilegeObject;
        }
    }

    public static boolean isLocalUri(String str) throws URISyntaxException {
        return new URI(str).getScheme().equalsIgnoreCase("file");
    }

    public static HiveRoleGrant convert2HiveRoleGrant(TSentryRole tSentryRole) {
        HiveRoleGrant hiveRoleGrant = new HiveRoleGrant();
        hiveRoleGrant.setRoleName(tSentryRole.getRoleName());
        hiveRoleGrant.setPrincipalName(tSentryRole.getRoleName());
        hiveRoleGrant.setPrincipalType(PrincipalType.ROLE.name());
        hiveRoleGrant.setGrantOption(false);
        hiveRoleGrant.setGrantor(tSentryRole.getGrantorPrincipal());
        hiveRoleGrant.setGrantorType(PrincipalType.USER.name());
        return hiveRoleGrant;
    }

    public static void executeOnFailureHooks(SentryOnFailureHookContext sentryOnFailureHookContext, Configuration configuration) {
        try {
            Iterator<Hook> it = getHooks(configuration.get(HiveAuthzConf.AuthzConfVars.AUTHZ_ONFAILURE_HOOKS.getVar(), "").trim()).iterator();
            while (it.hasNext()) {
                ((Hook) it.next()).run(sentryOnFailureHookContext);
            }
        } catch (Exception e) {
            LOG.error("Error executing hook:", e);
        }
    }

    public static List<Hook> getHooks(String str) throws Exception {
        return getHooks(str, Hook.class);
    }

    public static <T extends Hook> List<T> getHooks(String str, Class<T> cls) throws Exception {
        ArrayList arrayList = new ArrayList();
        if (str.isEmpty()) {
            return arrayList;
        }
        for (String str2 : Splitter.on(",").omitEmptyStrings().trimResults().split(str)) {
            try {
                arrayList.add((Hook) Class.forName(str2, true, JavaUtils.getClassLoader()).newInstance());
            } catch (ClassNotFoundException e) {
                LOG.error(str2 + " Class not found:" + e.getMessage());
                throw e;
            }
        }
        return arrayList;
    }
}
