package org.apache.sentry.provider.db.service.persistent;

import com.codahale.metrics.Gauge;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.UUID;
import javax.jdo.JDODataStoreException;
import javax.jdo.JDOHelper;
import javax.jdo.PersistenceManager;
import javax.jdo.PersistenceManagerFactory;
import javax.jdo.Query;
import javax.jdo.Transaction;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.sentry.SentryUserException;
import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.apache.sentry.provider.common.ProviderConstants;
import org.apache.sentry.provider.db.SentryAccessDeniedException;
import org.apache.sentry.provider.db.SentryAlreadyExistsException;
import org.apache.sentry.provider.db.SentryGrantDeniedException;
import org.apache.sentry.provider.db.SentryInvalidInputException;
import org.apache.sentry.provider.db.SentryNoSuchObjectException;
import org.apache.sentry.provider.db.log.util.Constants;
import org.apache.sentry.provider.db.service.model.MSentryGroup;
import org.apache.sentry.provider.db.service.model.MSentryPrivilege;
import org.apache.sentry.provider.db.service.model.MSentryRole;
import org.apache.sentry.provider.db.service.model.MSentryVersion;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor;
import org.apache.sentry.provider.db.service.thrift.TSentryActiveRoleSet;
import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable;
import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
import org.apache.sentry.provider.db.service.thrift.TSentryPrivilegeMap;
import org.apache.sentry.provider.db.service.thrift.TSentryRole;
import org.apache.sentry.service.thrift.ServiceConstants;
import org.datanucleus.store.rdbms.exceptions.MissingTableException;

/* loaded from: input_file:org/apache/sentry/provider/db/service/persistent/SentryStore.class */
public class SentryStore {
    private static final UUID SERVER_UUID = UUID.randomUUID();
    public static String NULL_COL = "__NULL__";
    static final String DEFAULT_DATA_DIR = "sentry_policy_db";
    private long commitSequenceId = 0;
    private final PersistenceManagerFactory pmf;
    private Configuration conf;

    public SentryStore(Configuration configuration) throws SentryNoSuchObjectException, SentryAccessDeniedException {
        this.conf = configuration;
        Properties properties = new Properties();
        properties.putAll(ServiceConstants.ServerConfig.SENTRY_STORE_DEFAULTS);
        String trim = configuration.get(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_URL, "").trim();
        Preconditions.checkArgument(!trim.isEmpty(), "Required parameter sentry.store.jdbc.url missing");
        String trim2 = configuration.get(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_USER, "Sentry").trim();
        String trim3 = configuration.get(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_PASS, "Sentry").trim();
        String str = configuration.get(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_DRIVER, ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_DRIVER_DEFAULT);
        properties.setProperty(ServiceConstants.ServerConfig.JAVAX_JDO_URL, trim);
        properties.setProperty(ServiceConstants.ServerConfig.JAVAX_JDO_USER, trim2);
        properties.setProperty(ServiceConstants.ServerConfig.JAVAX_JDO_PASS, trim3);
        properties.setProperty(ServiceConstants.ServerConfig.JAVAX_JDO_DRIVER_NAME, str);
        Iterator it = configuration.iterator();
        while (it.hasNext()) {
            Map.Entry entry = (Map.Entry) it.next();
            String str2 = (String) entry.getKey();
            if (str2.startsWith(ServiceConstants.ServerConfig.SENTRY_JAVAX_JDO_PROPERTY_PREFIX) || str2.startsWith(ServiceConstants.ServerConfig.SENTRY_DATANUCLEUS_PROPERTY_PREFIX)) {
                properties.setProperty(StringUtils.removeStart(str2, ServiceConstants.ServerConfig.SENTRY_DB_PROPERTY_PREFIX), (String) entry.getValue());
            }
        }
        boolean equalsIgnoreCase = configuration.get(ServiceConstants.ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "true").equalsIgnoreCase("true");
        if (!equalsIgnoreCase) {
            properties.setProperty("datanucleus.autoCreateSchema", "true");
            properties.setProperty("datanucleus.fixedDatastore", Constants.FALSE);
        }
        this.pmf = JDOHelper.getPersistenceManagerFactory(properties);
        verifySentryStoreSchema(configuration, equalsIgnoreCase);
    }

    private void verifySentryStoreSchema(Configuration configuration, boolean z) throws SentryNoSuchObjectException, SentryAccessDeniedException {
        if (!z) {
            setSentryVersion(SentryStoreSchemaInfo.getSentryVersion(), "Schema version set implicitly");
            return;
        }
        String sentryVersion = getSentryVersion();
        if (!SentryStoreSchemaInfo.getSentryVersion().equals(sentryVersion)) {
            throw new SentryAccessDeniedException("The Sentry store schema version " + sentryVersion + " is different from distribution version " + SentryStoreSchemaInfo.getSentryVersion());
        }
    }

    public synchronized void stop() {
        if (this.pmf != null) {
            this.pmf.close();
        }
    }

    private synchronized PersistenceManager openTransaction() {
        PersistenceManager persistenceManager = this.pmf.getPersistenceManager();
        persistenceManager.currentTransaction().begin();
        return persistenceManager;
    }

    private synchronized CommitContext commitUpdateTransaction(PersistenceManager persistenceManager) {
        commitTransaction(persistenceManager);
        return new CommitContext(SERVER_UUID, incrementGetSequenceId());
    }

    /*  JADX ERROR: Failed to decode insn: 0x0007: MOVE_MULTI, method: org.apache.sentry.provider.db.service.persistent.SentryStore.incrementGetSequenceId():long
        java.lang.ArrayIndexOutOfBoundsException: arraycopy: source index -1 out of bounds for object array[6]
        	at java.base/java.lang.System.arraycopy(Native Method)
        	at jadx.plugins.input.java.data.code.StackState.insert(StackState.java:49)
        	at jadx.plugins.input.java.data.code.CodeDecodeState.insert(CodeDecodeState.java:118)
        	at jadx.plugins.input.java.data.code.JavaInsnsRegister.dup2x1(JavaInsnsRegister.java:313)
        	at jadx.plugins.input.java.data.code.JavaInsnData.decode(JavaInsnData.java:46)
        	at jadx.core.dex.instructions.InsnDecoder.lambda$process$0(InsnDecoder.java:54)
        	at jadx.plugins.input.java.data.code.JavaCodeReader.visitInstructions(JavaCodeReader.java:81)
        	at jadx.core.dex.instructions.InsnDecoder.process(InsnDecoder.java:50)
        	at jadx.core.dex.nodes.MethodNode.load(MethodNode.java:156)
        	at jadx.core.dex.nodes.ClassNode.load(ClassNode.java:443)
        	at jadx.core.ProcessClass.process(ProcessClass.java:70)
        	at jadx.core.ProcessClass.generateCode(ProcessClass.java:110)
        	at jadx.core.dex.nodes.ClassNode.generateClassCode(ClassNode.java:400)
        	at jadx.core.dex.nodes.ClassNode.decompile(ClassNode.java:388)
        	at jadx.core.dex.nodes.ClassNode.getCode(ClassNode.java:338)
        */
    private synchronized long incrementGetSequenceId() {
        /*
            r6 = this;
            r0 = r6
            r1 = r0
            long r1 = r1.commitSequenceId
            r2 = 1
            long r1 = r1 + r2
            // decode failed: arraycopy: source index -1 out of bounds for object array[6]
            r0.commitSequenceId = r1
            return r-1
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.sentry.provider.db.service.persistent.SentryStore.incrementGetSequenceId():long");
    }

    private void commitTransaction(PersistenceManager persistenceManager) {
        Transaction currentTransaction = persistenceManager.currentTransaction();
        try {
            Preconditions.checkState(currentTransaction.isActive(), "Transaction is not active");
            currentTransaction.commit();
            persistenceManager.close();
        } catch (Throwable th) {
            persistenceManager.close();
            throw th;
        }
    }

    private void rollbackTransaction(PersistenceManager persistenceManager) {
        if (persistenceManager == null || persistenceManager.isClosed()) {
            return;
        }
        Transaction currentTransaction = persistenceManager.currentTransaction();
        if (currentTransaction.isActive()) {
            try {
                currentTransaction.rollback();
                persistenceManager.close();
            } catch (Throwable th) {
                persistenceManager.close();
                throw th;
            }
        }
    }

    private MSentryRole getMSentryRole(PersistenceManager persistenceManager, String str) {
        Query newQuery = persistenceManager.newQuery(MSentryRole.class);
        newQuery.setFilter("this.roleName == t");
        newQuery.declareParameters("java.lang.String t");
        newQuery.setUnique(true);
        return (MSentryRole) newQuery.execute(str);
    }

    private String trimAndLower(String str) {
        return str.trim().toLowerCase();
    }

    public CommitContext createSentryRole(String str) throws SentryAlreadyExistsException {
        String trimAndLower = trimAndLower(str);
        try {
            PersistenceManager openTransaction = openTransaction();
            if (getMSentryRole(openTransaction, trimAndLower) != null) {
                throw new SentryAlreadyExistsException("Role: " + trimAndLower);
            }
            openTransaction.makePersistent(new MSentryRole(trimAndLower, System.currentTimeMillis()));
            CommitContext commitUpdateTransaction = commitUpdateTransaction(openTransaction);
            if (0 != 0) {
                rollbackTransaction(openTransaction);
            }
            return commitUpdateTransaction;
        } catch (Throwable th) {
            if (1 != 0) {
                rollbackTransaction(null);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <T> Long getCount(Class<T> cls) {
        PersistenceManager persistenceManager = null;
        new Long(-1L);
        try {
            persistenceManager = openTransaction();
            Query newQuery = persistenceManager.newQuery();
            newQuery.setClass(cls);
            newQuery.setResult("count(this)");
            Long l = (Long) newQuery.execute();
            commitTransaction(persistenceManager);
            return l;
        } catch (Throwable th) {
            commitTransaction(persistenceManager);
            throw th;
        }
    }

    public Gauge<Long> getRoleCountGauge() {
        return new Gauge<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.1
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m11getValue() {
                return SentryStore.this.getCount(MSentryRole.class);
            }
        };
    }

    public Gauge<Long> getPrivilegeCountGauge() {
        return new Gauge<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.2
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m12getValue() {
                return SentryStore.this.getCount(MSentryPrivilege.class);
            }
        };
    }

    public Gauge<Long> getGroupCountGauge() {
        return new Gauge<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.3
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m13getValue() {
                return SentryStore.this.getCount(MSentryGroup.class);
            }
        };
    }

    public CommitContext alterSentryRoleGrantPrivilege(String str, String str2, TSentryPrivilege tSentryPrivilege) throws SentryUserException {
        boolean z = true;
        PersistenceManager persistenceManager = null;
        String trimAndLower = trimAndLower(str2);
        try {
            persistenceManager = openTransaction();
            grantOptionCheck(persistenceManager, str, tSentryPrivilege);
            MSentryPrivilege alterSentryRoleGrantPrivilegeCore = alterSentryRoleGrantPrivilegeCore(persistenceManager, trimAndLower, tSentryPrivilege);
            if (alterSentryRoleGrantPrivilegeCore != null) {
                convertToTSentryPrivilege(alterSentryRoleGrantPrivilegeCore, tSentryPrivilege);
            }
            CommitContext commitUpdateTransaction = commitUpdateTransaction(persistenceManager);
            z = false;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return commitUpdateTransaction;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    private MSentryPrivilege alterSentryRoleGrantPrivilegeCore(PersistenceManager persistenceManager, String str, TSentryPrivilege tSentryPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException {
        MSentryRole mSentryRole = getMSentryRole(persistenceManager, str);
        if (mSentryRole == null) {
            throw new SentryNoSuchObjectException("Role: " + str);
        }
        if (!isNULL(tSentryPrivilege.getTableName()) || !isNULL(tSentryPrivilege.getDbName())) {
            if (tSentryPrivilege.getAction().equalsIgnoreCase("*")) {
                TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege(tSentryPrivilege);
                tSentryPrivilege2.setAction("select");
                MSentryPrivilege mSentryPrivilege = getMSentryPrivilege(tSentryPrivilege2, persistenceManager);
                tSentryPrivilege2.setAction("insert");
                MSentryPrivilege mSentryPrivilege2 = getMSentryPrivilege(tSentryPrivilege2, persistenceManager);
                if (mSentryPrivilege != null && mSentryRole.getPrivileges().contains(mSentryPrivilege)) {
                    mSentryPrivilege.removeRole(mSentryRole);
                    persistenceManager.makePersistent(mSentryPrivilege);
                }
                if (mSentryPrivilege2 != null && mSentryRole.getPrivileges().contains(mSentryPrivilege2)) {
                    mSentryPrivilege2.removeRole(mSentryRole);
                    persistenceManager.makePersistent(mSentryPrivilege2);
                }
            } else {
                TSentryPrivilege tSentryPrivilege3 = new TSentryPrivilege(tSentryPrivilege);
                tSentryPrivilege3.setAction("*");
                MSentryPrivilege mSentryPrivilege3 = getMSentryPrivilege(tSentryPrivilege3, persistenceManager);
                if (mSentryPrivilege3 != null && mSentryRole.getPrivileges().contains(mSentryPrivilege3)) {
                    return null;
                }
            }
        }
        MSentryPrivilege mSentryPrivilege4 = getMSentryPrivilege(tSentryPrivilege, persistenceManager);
        if (mSentryPrivilege4 == null) {
            mSentryPrivilege4 = convertToMSentryPrivilege(tSentryPrivilege);
        }
        mSentryPrivilege4.appendRole(mSentryRole);
        persistenceManager.makePersistent(mSentryRole);
        persistenceManager.makePersistent(mSentryPrivilege4);
        return mSentryPrivilege4;
    }

    public CommitContext alterSentryRoleRevokePrivilege(String str, String str2, TSentryPrivilege tSentryPrivilege) throws SentryUserException {
        boolean z = true;
        PersistenceManager persistenceManager = null;
        String safeTrimLower = safeTrimLower(str2);
        try {
            persistenceManager = openTransaction();
            grantOptionCheck(persistenceManager, str, tSentryPrivilege);
            alterSentryRoleRevokePrivilegeCore(persistenceManager, safeTrimLower, tSentryPrivilege);
            CommitContext commitUpdateTransaction = commitUpdateTransaction(persistenceManager);
            z = false;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return commitUpdateTransaction;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    private void alterSentryRoleRevokePrivilegeCore(PersistenceManager persistenceManager, String str, TSentryPrivilege tSentryPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException {
        Query newQuery = persistenceManager.newQuery(MSentryRole.class);
        newQuery.setFilter("this.roleName == t");
        newQuery.declareParameters("java.lang.String t");
        newQuery.setUnique(true);
        MSentryRole mSentryRole = (MSentryRole) newQuery.execute(str);
        if (mSentryRole == null) {
            throw new SentryNoSuchObjectException("Role: " + str);
        }
        persistenceManager.newQuery(MSentryPrivilege.class);
        MSentryPrivilege mSentryPrivilege = getMSentryPrivilege(tSentryPrivilege, persistenceManager);
        MSentryPrivilege convertToMSentryPrivilege = mSentryPrivilege == null ? convertToMSentryPrivilege(tSentryPrivilege) : (MSentryPrivilege) persistenceManager.detachCopy(mSentryPrivilege);
        HashSet newHashSet = Sets.newHashSet();
        if (convertToMSentryPrivilege.getGrantOption() != null) {
            newHashSet.add(convertToMSentryPrivilege);
        } else {
            MSentryPrivilege mSentryPrivilege2 = new MSentryPrivilege(convertToMSentryPrivilege);
            mSentryPrivilege2.setGrantOption(true);
            newHashSet.add(mSentryPrivilege2);
            MSentryPrivilege mSentryPrivilege3 = new MSentryPrivilege(convertToMSentryPrivilege);
            mSentryPrivilege3.setGrantOption(false);
            newHashSet.add(mSentryPrivilege3);
        }
        populateChildren(Sets.newHashSet(new String[]{str}), convertToMSentryPrivilege, newHashSet);
        Iterator<MSentryPrivilege> it = newHashSet.iterator();
        while (it.hasNext()) {
            revokePartial(persistenceManager, tSentryPrivilege, mSentryRole, it.next());
        }
        persistenceManager.makePersistent(mSentryRole);
    }

    private void revokePartial(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege, MSentryRole mSentryRole, MSentryPrivilege mSentryPrivilege) throws SentryInvalidInputException {
        MSentryPrivilege mSentryPrivilege2 = getMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege), persistenceManager);
        if (mSentryPrivilege2 == null) {
            mSentryPrivilege2 = convertToMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege));
        }
        if (tSentryPrivilege.getAction().equalsIgnoreCase("ALL") || tSentryPrivilege.getAction().equalsIgnoreCase("*")) {
            mSentryPrivilege2.removeRole(mSentryRole);
            persistenceManager.makePersistent(mSentryPrivilege2);
        } else if (tSentryPrivilege.getAction().equalsIgnoreCase("select") && !mSentryPrivilege.getAction().equalsIgnoreCase("insert")) {
            revokeRolePartial(persistenceManager, mSentryRole, mSentryPrivilege, mSentryPrivilege2, "insert");
        } else {
            if (!tSentryPrivilege.getAction().equalsIgnoreCase("insert") || mSentryPrivilege.getAction().equalsIgnoreCase("select")) {
                return;
            }
            revokeRolePartial(persistenceManager, mSentryRole, mSentryPrivilege, mSentryPrivilege2, "select");
        }
    }

    private void revokeRolePartial(PersistenceManager persistenceManager, MSentryRole mSentryRole, MSentryPrivilege mSentryPrivilege, MSentryPrivilege mSentryPrivilege2, String str) throws SentryInvalidInputException {
        mSentryPrivilege2.removeRole(mSentryRole);
        persistenceManager.makePersistent(mSentryPrivilege2);
        mSentryPrivilege.setAction("*");
        MSentryPrivilege mSentryPrivilege3 = getMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege), persistenceManager);
        if (mSentryPrivilege3 == null || !mSentryRole.getPrivileges().contains(mSentryPrivilege3)) {
            return;
        }
        mSentryPrivilege3.removeRole(mSentryRole);
        persistenceManager.makePersistent(mSentryPrivilege3);
        mSentryPrivilege.setAction(str);
        MSentryPrivilege mSentryPrivilege4 = getMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege), persistenceManager);
        if (mSentryPrivilege4 == null) {
            mSentryPrivilege4 = convertToMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege));
            mSentryRole.appendPrivilege(mSentryPrivilege4);
        }
        mSentryPrivilege4.appendRole(mSentryRole);
        persistenceManager.makePersistent(mSentryPrivilege4);
    }

    private void populateChildren(Set<String> set, MSentryPrivilege mSentryPrivilege, Set<MSentryPrivilege> set2) throws SentryInvalidInputException {
        if (isNULL(mSentryPrivilege.getServerName()) && isNULL(mSentryPrivilege.getDbName())) {
            return;
        }
        for (MSentryPrivilege mSentryPrivilege2 : getChildPrivileges(set, mSentryPrivilege)) {
            if (!isNULL(mSentryPrivilege2.getDbName()) && !isNULL(mSentryPrivilege2.getTableName())) {
                populateChildren(set, mSentryPrivilege2, set2);
            }
            if (!mSentryPrivilege.isActionALL()) {
                if (mSentryPrivilege2.isActionALL()) {
                    mSentryPrivilege2.setAction(mSentryPrivilege.getAction());
                }
                if (!mSentryPrivilege.implies(mSentryPrivilege2)) {
                }
            }
            set2.add(mSentryPrivilege2);
        }
    }

    private Set<MSentryPrivilege> getChildPrivileges(Set<String> set, MSentryPrivilege mSentryPrivilege) throws SentryInvalidInputException {
        if (!isNULL(mSentryPrivilege.getTableName()) || !isNULL(mSentryPrivilege.getURI())) {
            return new HashSet();
        }
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
            newQuery.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role");
            LinkedList linkedList = new LinkedList();
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                linkedList.add("role.roleName == \"" + it.next().trim().toLowerCase() + "\"");
            }
            StringBuilder sb = new StringBuilder("roles.contains(role) && (" + Joiner.on(" || ").join(linkedList) + ")");
            sb.append(" && serverName == \"" + mSentryPrivilege.getServerName() + "\"");
            if (isNULL(mSentryPrivilege.getDbName())) {
                sb.append(" && (dbName != \"__NULL__\" || URI != \"__NULL__\")");
            } else {
                sb.append(" && dbName == \"" + mSentryPrivilege.getDbName() + "\"");
                sb.append(" && tableName != \"__NULL__\"");
            }
            newQuery.setFilter(sb.toString());
            newQuery.setResult("privilegeScope, serverName, dbName, tableName, URI, action, grantOption");
            HashSet hashSet = new HashSet();
            for (Object[] objArr : (List) newQuery.execute()) {
                MSentryPrivilege mSentryPrivilege2 = new MSentryPrivilege();
                mSentryPrivilege2.setPrivilegeScope((String) objArr[0]);
                mSentryPrivilege2.setServerName((String) objArr[1]);
                mSentryPrivilege2.setDbName((String) objArr[2]);
                mSentryPrivilege2.setTableName((String) objArr[3]);
                mSentryPrivilege2.setURI((String) objArr[4]);
                mSentryPrivilege2.setAction((String) objArr[5]);
                mSentryPrivilege2.setGrantOption((Boolean) objArr[6]);
                hashSet.add(mSentryPrivilege2);
            }
            z = false;
            commitTransaction(persistenceManager);
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return hashSet;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    private MSentryPrivilege getMSentryPrivilege(TSentryPrivilege tSentryPrivilege, PersistenceManager persistenceManager) {
        Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
        newQuery.setFilter("this.serverName == \"" + toNULLCol(safeTrimLower(tSentryPrivilege.getServerName())) + "\" && this.dbName == \"" + toNULLCol(safeTrimLower(tSentryPrivilege.getDbName())) + "\" && this.tableName == \"" + toNULLCol(safeTrimLower(tSentryPrivilege.getTableName())) + "\" && this.URI == \"" + toNULLCol(tSentryPrivilege.getURI()) + "\" && this.grantOption == grantOption && this.action == \"" + toNULLCol(tSentryPrivilege.getAction().toLowerCase()) + "\"");
        newQuery.declareParameters("Boolean grantOption");
        newQuery.setUnique(true);
        Boolean bool = null;
        if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE)) {
            bool = true;
        } else if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.FALSE)) {
            bool = false;
        }
        Object execute = newQuery.execute(bool);
        if (execute != null) {
            return (MSentryPrivilege) execute;
        }
        return null;
    }

    public CommitContext dropSentryRole(String str) throws SentryNoSuchObjectException {
        String lowerCase = str.trim().toLowerCase();
        try {
            PersistenceManager openTransaction = openTransaction();
            Query newQuery = openTransaction.newQuery(MSentryRole.class);
            newQuery.setFilter("this.roleName == t");
            newQuery.declareParameters("java.lang.String t");
            newQuery.setUnique(true);
            MSentryRole mSentryRole = (MSentryRole) newQuery.execute(lowerCase);
            if (mSentryRole == null) {
                throw new SentryNoSuchObjectException("Role " + lowerCase);
            }
            openTransaction.retrieve(mSentryRole);
            mSentryRole.removePrivileges();
            openTransaction.deletePersistent(mSentryRole);
            CommitContext commitUpdateTransaction = commitUpdateTransaction(openTransaction);
            if (0 != 0) {
                rollbackTransaction(openTransaction);
            }
            return commitUpdateTransaction;
        } catch (Throwable th) {
            if (1 != 0) {
                rollbackTransaction(null);
            }
            throw th;
        }
    }

    public CommitContext alterSentryRoleAddGroups(String str, String str2, Set<TSentryGroup> set) throws SentryNoSuchObjectException {
        String lowerCase = str2.trim().toLowerCase();
        try {
            PersistenceManager openTransaction = openTransaction();
            Query newQuery = openTransaction.newQuery(MSentryRole.class);
            newQuery.setFilter("this.roleName == t");
            newQuery.declareParameters("java.lang.String t");
            newQuery.setUnique(true);
            MSentryRole mSentryRole = (MSentryRole) newQuery.execute(lowerCase);
            if (mSentryRole == null) {
                throw new SentryNoSuchObjectException("Role: " + lowerCase);
            }
            Query newQuery2 = openTransaction.newQuery(MSentryGroup.class);
            newQuery2.setFilter("this.groupName == t");
            newQuery2.declareParameters("java.lang.String t");
            newQuery2.setUnique(true);
            ArrayList newArrayList = Lists.newArrayList();
            Iterator<TSentryGroup> it = set.iterator();
            while (it.hasNext()) {
                String trim = it.next().getGroupName().trim();
                MSentryGroup mSentryGroup = (MSentryGroup) newQuery2.execute(trim);
                if (mSentryGroup == null) {
                    mSentryGroup = new MSentryGroup(trim, System.currentTimeMillis(), Sets.newHashSet(new MSentryRole[]{mSentryRole}));
                }
                mSentryGroup.appendRole(mSentryRole);
                newArrayList.add(mSentryGroup);
            }
            openTransaction.makePersistentAll(newArrayList);
            CommitContext commitUpdateTransaction = commitUpdateTransaction(openTransaction);
            if (0 != 0) {
                rollbackTransaction(openTransaction);
            }
            return commitUpdateTransaction;
        } catch (Throwable th) {
            if (1 != 0) {
                rollbackTransaction(null);
            }
            throw th;
        }
    }

    public CommitContext alterSentryRoleDeleteGroups(String str, Set<TSentryGroup> set) throws SentryNoSuchObjectException {
        String lowerCase = str.trim().toLowerCase();
        try {
            PersistenceManager openTransaction = openTransaction();
            Query newQuery = openTransaction.newQuery(MSentryRole.class);
            newQuery.setFilter("this.roleName == t");
            newQuery.declareParameters("java.lang.String t");
            newQuery.setUnique(true);
            MSentryRole mSentryRole = (MSentryRole) newQuery.execute(lowerCase);
            if (mSentryRole == null) {
                throw new SentryNoSuchObjectException("Role: " + lowerCase);
            }
            Query newQuery2 = openTransaction.newQuery(MSentryGroup.class);
            newQuery2.setFilter("this.groupName == t");
            newQuery2.declareParameters("java.lang.String t");
            newQuery2.setUnique(true);
            ArrayList newArrayList = Lists.newArrayList();
            Iterator<TSentryGroup> it = set.iterator();
            while (it.hasNext()) {
                MSentryGroup mSentryGroup = (MSentryGroup) newQuery2.execute(it.next().getGroupName().trim());
                if (mSentryGroup != null) {
                    mSentryGroup.removeRole(mSentryRole);
                    newArrayList.add(mSentryGroup);
                }
            }
            openTransaction.makePersistentAll(newArrayList);
            CommitContext commitUpdateTransaction = commitUpdateTransaction(openTransaction);
            if (0 != 0) {
                rollbackTransaction(openTransaction);
            }
            return commitUpdateTransaction;
        } catch (Throwable th) {
            if (1 != 0) {
                rollbackTransaction(null);
            }
            throw th;
        }
    }

    @VisibleForTesting
    MSentryRole getMSentryRoleByName(String str) throws SentryNoSuchObjectException {
        String lowerCase = str.trim().toLowerCase();
        try {
            PersistenceManager openTransaction = openTransaction();
            Query newQuery = openTransaction.newQuery(MSentryRole.class);
            newQuery.setFilter("this.roleName == t");
            newQuery.declareParameters("java.lang.String t");
            newQuery.setUnique(true);
            MSentryRole mSentryRole = (MSentryRole) newQuery.execute(lowerCase);
            if (mSentryRole == null) {
                throw new SentryNoSuchObjectException("Role " + lowerCase);
            }
            openTransaction.retrieve(mSentryRole);
            commitTransaction(openTransaction);
            if (0 != 0) {
                rollbackTransaction(openTransaction);
            }
            return mSentryRole;
        } catch (Throwable th) {
            if (1 != 0) {
                rollbackTransaction(null);
            }
            throw th;
        }
    }

    private boolean hasAnyServerPrivileges(Set<String> set, String str) {
        if (set.size() == 0 || set == null) {
            return false;
        }
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
            newQuery.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role");
            LinkedList linkedList = new LinkedList();
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                linkedList.add("role.roleName == \"" + it.next().trim().toLowerCase() + "\"");
            }
            StringBuilder sb = new StringBuilder("roles.contains(role) && (" + Joiner.on(" || ").join(linkedList) + ") ");
            sb.append("&& serverName == \"" + str + "\"");
            newQuery.setFilter(sb.toString());
            newQuery.setResult("count(this)");
            Long l = (Long) newQuery.execute();
            z = false;
            commitTransaction(persistenceManager);
            boolean z2 = l.longValue() > 0;
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return z2;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    List<MSentryPrivilege> getMSentryPrivileges(Set<String> set, TSentryAuthorizable tSentryAuthorizable) {
        if (set.size() == 0 || set == null) {
            return new ArrayList();
        }
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
            newQuery.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role");
            LinkedList linkedList = new LinkedList();
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                linkedList.add("role.roleName == \"" + it.next().trim().toLowerCase() + "\"");
            }
            StringBuilder sb = new StringBuilder("roles.contains(role) && (" + Joiner.on(" || ").join(linkedList) + ") ");
            if (tSentryAuthorizable != null && tSentryAuthorizable.getServer() != null) {
                sb.append("&& serverName == \"" + tSentryAuthorizable.getServer().toLowerCase() + "\"");
                if (tSentryAuthorizable.getDb() != null) {
                    sb.append(" && ((dbName == \"" + tSentryAuthorizable.getDb().toLowerCase() + "\") || (dbName == \"__NULL__\")) && (URI == \"__NULL__\")");
                    if (tSentryAuthorizable.getTable() != null && !"*".equalsIgnoreCase(tSentryAuthorizable.getTable())) {
                        sb.append(" && ((tableName == \"" + tSentryAuthorizable.getTable().toLowerCase() + "\") || (tableName == \"__NULL__\")) && (URI == \"__NULL__\")");
                    }
                }
                if (tSentryAuthorizable.getUri() != null) {
                    sb.append(" && ((URI != \"__NULL__\") && (\"" + tSentryAuthorizable.getUri() + "\".startsWith(URI)) || (URI == \"__NULL__\")) && (dbName == \"__NULL__\")");
                }
            }
            newQuery.setFilter(sb.toString());
            List<MSentryPrivilege> list = (List) newQuery.execute();
            z = false;
            commitTransaction(persistenceManager);
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return list;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    List<MSentryPrivilege> getMSentryPrivilegesByAuth(Set<String> set, TSentryAuthorizable tSentryAuthorizable) {
        try {
            PersistenceManager openTransaction = openTransaction();
            Query newQuery = openTransaction.newQuery(MSentryPrivilege.class);
            StringBuilder sb = new StringBuilder();
            if (set.size() == 0 || set == null) {
                sb.append(" !roles.isEmpty() ");
            } else {
                newQuery.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role");
                LinkedList linkedList = new LinkedList();
                Iterator<String> it = set.iterator();
                while (it.hasNext()) {
                    linkedList.add("role.roleName == \"" + it.next().trim().toLowerCase() + "\"");
                }
                sb.append("roles.contains(role) && (" + Joiner.on(" || ").join(linkedList) + ") ");
            }
            if (tSentryAuthorizable.getServer() == null) {
                ArrayList arrayList = new ArrayList();
                if (1 != 0) {
                    rollbackTransaction(openTransaction);
                }
                return arrayList;
            }
            sb.append("&& serverName == \"" + tSentryAuthorizable.getServer().toLowerCase() + "\"");
            if (tSentryAuthorizable.getDb() != null) {
                sb.append(" && (dbName == \"" + tSentryAuthorizable.getDb().toLowerCase() + "\") && (URI == \"__NULL__\")");
                if (tSentryAuthorizable.getTable() != null) {
                    sb.append(" && (tableName == \"" + tSentryAuthorizable.getTable().toLowerCase() + "\")");
                } else {
                    sb.append(" && (tableName == \"__NULL__\")");
                }
            } else if (tSentryAuthorizable.getUri() != null) {
                sb.append(" && (URI != \"__NULL__\") && (\"" + tSentryAuthorizable.getUri() + "\".startsWith(URI)) && (dbName == \"__NULL__\")");
            } else {
                sb.append(" && (dbName == \"__NULL__\") && (URI == \"__NULL__\")");
            }
            openTransaction.getFetchGroup(MSentryPrivilege.class, "fetchRole").addMember("roles");
            openTransaction.getFetchPlan().addGroup("fetchRole");
            newQuery.setFilter(sb.toString());
            List<MSentryPrivilege> list = (List) newQuery.execute();
            commitTransaction(openTransaction);
            if (0 != 0) {
                rollbackTransaction(openTransaction);
            }
            return list;
        } catch (Throwable th) {
            if (1 != 0) {
                rollbackTransaction(null);
            }
            throw th;
        }
    }

    public TSentryPrivilegeMap listSentryPrivilegesByAuthorizable(Set<String> set, TSentryActiveRoleSet tSentryActiveRoleSet, TSentryAuthorizable tSentryAuthorizable, boolean z) throws SentryInvalidInputException {
        TreeMap newTreeMap = Maps.newTreeMap();
        Set<String> newHashSet = Sets.newHashSet();
        if (set != null && !set.isEmpty()) {
            newHashSet = getRolesToQuery(set, new TSentryActiveRoleSet(true, null));
        }
        if (tSentryActiveRoleSet != null && !tSentryActiveRoleSet.isAll()) {
            Iterator<String> it = tSentryActiveRoleSet.getRoles().iterator();
            while (it.hasNext()) {
                newHashSet.add(it.next().toLowerCase());
            }
        }
        if (z || !newHashSet.isEmpty()) {
            for (MSentryPrivilege mSentryPrivilege : getMSentryPrivilegesByAuth(newHashSet, tSentryAuthorizable)) {
                for (MSentryRole mSentryRole : mSentryPrivilege.getRoles()) {
                    TSentryPrivilege convertToTSentryPrivilege = convertToTSentryPrivilege(mSentryPrivilege);
                    if (newTreeMap.containsKey(mSentryRole.getRoleName())) {
                        ((Set) newTreeMap.get(mSentryRole.getRoleName())).add(convertToTSentryPrivilege);
                    } else {
                        TreeSet newTreeSet = Sets.newTreeSet();
                        newTreeSet.add(convertToTSentryPrivilege);
                        newTreeMap.put(mSentryRole.getRoleName(), newTreeSet);
                    }
                }
            }
        }
        return new TSentryPrivilegeMap(newTreeMap);
    }

    private Set<MSentryPrivilege> getMSentryPrivilegesByRoleName(String str) throws SentryNoSuchObjectException {
        return getMSentryRoleByName(str).getPrivileges();
    }

    public Set<TSentryPrivilege> getAllTSentryPrivilegesByRoleName(String str) throws SentryNoSuchObjectException {
        return convertToTSentryPrivileges(getMSentryPrivilegesByRoleName(str));
    }

    public Set<TSentryPrivilege> getTSentryPrivileges(Set<String> set, TSentryAuthorizable tSentryAuthorizable) throws SentryInvalidInputException {
        if (tSentryAuthorizable.getServer() == null) {
            throw new SentryInvalidInputException("serverName cannot be null !!");
        }
        if (tSentryAuthorizable.getTable() != null && tSentryAuthorizable.getDb() == null) {
            throw new SentryInvalidInputException("dbName cannot be null when tableName is present !!");
        }
        if (tSentryAuthorizable.getUri() == null && tSentryAuthorizable.getDb() == null) {
            throw new SentryInvalidInputException("One of uri or dbName must not be null !!");
        }
        return convertToTSentryPrivileges(getMSentryPrivileges(set, tSentryAuthorizable));
    }

    private Set<MSentryRole> getMSentryRolesByGroupName(String str) throws SentryNoSuchObjectException {
        Set<MSentryRole> roles;
        try {
            PersistenceManager openTransaction = openTransaction();
            if (str == null) {
                roles = new HashSet((List) openTransaction.newQuery(MSentryRole.class).execute());
            } else {
                Query newQuery = openTransaction.newQuery(MSentryGroup.class);
                String trim = str.trim();
                newQuery.setFilter("this.groupName == t");
                newQuery.declareParameters("java.lang.String t");
                newQuery.setUnique(true);
                MSentryGroup mSentryGroup = (MSentryGroup) newQuery.execute(trim);
                if (mSentryGroup == null) {
                    throw new SentryNoSuchObjectException("Group " + trim);
                }
                openTransaction.retrieve(mSentryGroup);
                roles = mSentryGroup.getRoles();
            }
            Iterator<MSentryRole> it = roles.iterator();
            while (it.hasNext()) {
                openTransaction.retrieve(it.next());
            }
            commitTransaction(openTransaction);
            Set<MSentryRole> set = roles;
            if (0 != 0) {
                rollbackTransaction(openTransaction);
            }
            return set;
        } catch (Throwable th) {
            if (1 != 0) {
                rollbackTransaction(null);
            }
            throw th;
        }
    }

    public Set<TSentryRole> getTSentryRolesByGroupName(Set<String> set, boolean z) throws SentryNoSuchObjectException {
        HashSet newHashSet = Sets.newHashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            try {
                newHashSet.addAll(getMSentryRolesByGroupName(it.next()));
            } catch (SentryNoSuchObjectException e) {
                if (!z) {
                    throw e;
                }
            }
        }
        return convertToTSentryRoles(newHashSet);
    }

    public Set<String> getRoleNamesForGroups(Set<String> set) {
        HashSet hashSet = new HashSet();
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            Query newQuery = persistenceManager.newQuery(MSentryGroup.class);
            newQuery.setFilter("this.groupName == t");
            newQuery.declareParameters("java.lang.String t");
            newQuery.setUnique(true);
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                MSentryGroup mSentryGroup = (MSentryGroup) newQuery.execute(it.next().trim());
                if (mSentryGroup != null) {
                    Iterator<MSentryRole> it2 = mSentryGroup.getRoles().iterator();
                    while (it2.hasNext()) {
                        hashSet.add(it2.next().getRoleName());
                    }
                }
            }
            z = false;
            commitTransaction(persistenceManager);
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return hashSet;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    private Set<MSentryRole> getRolesForGroups(PersistenceManager persistenceManager, Set<String> set) {
        HashSet hashSet = new HashSet();
        Query newQuery = persistenceManager.newQuery(MSentryGroup.class);
        newQuery.setFilter("this.groupName == t");
        newQuery.declareParameters("java.lang.String t");
        newQuery.setUnique(true);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            MSentryGroup mSentryGroup = (MSentryGroup) newQuery.execute(it.next().trim());
            if (mSentryGroup != null) {
                hashSet.addAll(mSentryGroup.getRoles());
            }
        }
        return hashSet;
    }

    public Set<String> listAllSentryPrivilegesForProvider(Set<String> set, TSentryActiveRoleSet tSentryActiveRoleSet) throws SentryInvalidInputException {
        return listSentryPrivilegesForProvider(set, tSentryActiveRoleSet, null);
    }

    public Set<String> listSentryPrivilegesForProvider(Set<String> set, TSentryActiveRoleSet tSentryActiveRoleSet, TSentryAuthorizable tSentryAuthorizable) throws SentryInvalidInputException {
        HashSet newHashSet = Sets.newHashSet();
        Iterator<MSentryPrivilege> it = getMSentryPrivileges(getRolesToQuery(set, tSentryActiveRoleSet), tSentryAuthorizable).iterator();
        while (it.hasNext()) {
            newHashSet.add(toAuthorizable(it.next()));
        }
        return newHashSet;
    }

    public boolean hasAnyServerPrivileges(Set<String> set, TSentryActiveRoleSet tSentryActiveRoleSet, String str) {
        return hasAnyServerPrivileges(getRolesToQuery(set, tSentryActiveRoleSet), str);
    }

    private Set<String> getRolesToQuery(Set<String> set, TSentryActiveRoleSet tSentryActiveRoleSet) {
        Set<String> trimedLower = toTrimedLower(tSentryActiveRoleSet.getRoles());
        Sets.SetView trimedLower2 = toTrimedLower(getRoleNamesForGroups(set));
        return tSentryActiveRoleSet.isAll() ? trimedLower2 : Sets.intersection(trimedLower, trimedLower2);
    }

    @VisibleForTesting
    static String toAuthorizable(MSentryPrivilege mSentryPrivilege) {
        ArrayList arrayList = new ArrayList(4);
        arrayList.add(ProviderConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.Server.name().toLowerCase(), mSentryPrivilege.getServerName(), new Object[0]));
        if (!isNULL(mSentryPrivilege.getURI())) {
            arrayList.add(ProviderConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.URI.name().toLowerCase(), mSentryPrivilege.getURI(), new Object[0]));
        } else if (!isNULL(mSentryPrivilege.getDbName())) {
            arrayList.add(ProviderConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.Db.name().toLowerCase(), mSentryPrivilege.getDbName(), new Object[0]));
            if (!isNULL(mSentryPrivilege.getTableName())) {
                arrayList.add(ProviderConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.Table.name().toLowerCase(), mSentryPrivilege.getTableName(), new Object[0]));
            }
        }
        if (!isNULL(mSentryPrivilege.getAction()) && !mSentryPrivilege.getAction().equalsIgnoreCase("*")) {
            arrayList.add(ProviderConstants.KV_JOINER.join("action".toLowerCase(), mSentryPrivilege.getAction(), new Object[0]));
        }
        return ProviderConstants.AUTHORIZABLE_JOINER.join(arrayList);
    }

    @VisibleForTesting
    static Set<String> toTrimedLower(Set<String> set) {
        if (null == set) {
            return new HashSet();
        }
        HashSet newHashSet = Sets.newHashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            newHashSet.add(it.next().trim().toLowerCase());
        }
        return newHashSet;
    }

    private Set<TSentryPrivilege> convertToTSentryPrivileges(Collection<MSentryPrivilege> collection) {
        HashSet hashSet = new HashSet();
        Iterator<MSentryPrivilege> it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add(convertToTSentryPrivilege(it.next()));
        }
        return hashSet;
    }

    private Set<TSentryRole> convertToTSentryRoles(Set<MSentryRole> set) {
        HashSet hashSet = new HashSet();
        Iterator<MSentryRole> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(convertToTSentryRole(it.next()));
        }
        return hashSet;
    }

    private TSentryRole convertToTSentryRole(MSentryRole mSentryRole) {
        TSentryRole tSentryRole = new TSentryRole();
        tSentryRole.setRoleName(mSentryRole.getRoleName());
        tSentryRole.setGrantorPrincipal("--");
        HashSet hashSet = new HashSet();
        Iterator<MSentryGroup> it = mSentryRole.getGroups().iterator();
        while (it.hasNext()) {
            hashSet.add(convertToTSentryGroup(it.next()));
        }
        tSentryRole.setGroups(hashSet);
        return tSentryRole;
    }

    private TSentryGroup convertToTSentryGroup(MSentryGroup mSentryGroup) {
        TSentryGroup tSentryGroup = new TSentryGroup();
        tSentryGroup.setGroupName(mSentryGroup.getGroupName());
        return tSentryGroup;
    }

    private TSentryPrivilege convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege) {
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        convertToTSentryPrivilege(mSentryPrivilege, tSentryPrivilege);
        return tSentryPrivilege;
    }

    private void convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege, TSentryPrivilege tSentryPrivilege) {
        tSentryPrivilege.setCreateTime(mSentryPrivilege.getCreateTime());
        tSentryPrivilege.setAction(fromNULLCol(mSentryPrivilege.getAction()));
        tSentryPrivilege.setPrivilegeScope(mSentryPrivilege.getPrivilegeScope());
        tSentryPrivilege.setServerName(fromNULLCol(mSentryPrivilege.getServerName()));
        tSentryPrivilege.setDbName(fromNULLCol(mSentryPrivilege.getDbName()));
        tSentryPrivilege.setTableName(fromNULLCol(mSentryPrivilege.getTableName()));
        tSentryPrivilege.setURI(fromNULLCol(mSentryPrivilege.getURI()));
        if (mSentryPrivilege.getGrantOption() != null) {
            tSentryPrivilege.setGrantOption(TSentryGrantOption.valueOf(mSentryPrivilege.getGrantOption().toString().toUpperCase()));
        } else {
            tSentryPrivilege.setGrantOption(TSentryGrantOption.UNSET);
        }
    }

    private MSentryPrivilege convertToMSentryPrivilege(TSentryPrivilege tSentryPrivilege) throws SentryInvalidInputException {
        MSentryPrivilege mSentryPrivilege = new MSentryPrivilege();
        mSentryPrivilege.setServerName(toNULLCol(safeTrimLower(tSentryPrivilege.getServerName())));
        mSentryPrivilege.setDbName(toNULLCol(safeTrimLower(tSentryPrivilege.getDbName())));
        mSentryPrivilege.setTableName(toNULLCol(safeTrimLower(tSentryPrivilege.getTableName())));
        mSentryPrivilege.setPrivilegeScope(safeTrim(tSentryPrivilege.getPrivilegeScope()));
        mSentryPrivilege.setAction(toNULLCol(safeTrimLower(tSentryPrivilege.getAction())));
        mSentryPrivilege.setCreateTime(System.currentTimeMillis());
        mSentryPrivilege.setURI(toNULLCol(safeTrim(tSentryPrivilege.getURI())));
        if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.UNSET)) {
            mSentryPrivilege.setGrantOption(null);
        } else {
            mSentryPrivilege.setGrantOption(Boolean.valueOf(tSentryPrivilege.getGrantOption().toString()));
        }
        return mSentryPrivilege;
    }

    private static String safeTrim(String str) {
        if (str == null) {
            return null;
        }
        return str.trim();
    }

    private static String safeTrimLower(String str) {
        if (str == null) {
            return null;
        }
        return str.trim().toLowerCase();
    }

    public String getSentryVersion() throws SentryNoSuchObjectException, SentryAccessDeniedException {
        return getMSentryVersion().getSchemaVersion();
    }

    public void setSentryVersion(String str, String str2) throws SentryNoSuchObjectException, SentryAccessDeniedException {
        MSentryVersion mSentryVersion;
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            mSentryVersion = getMSentryVersion();
            if (str.equals(mSentryVersion.getSchemaVersion())) {
                return;
            }
        } catch (SentryNoSuchObjectException e) {
            mSentryVersion = new MSentryVersion();
        }
        mSentryVersion.setSchemaVersion(str);
        mSentryVersion.setVersionComment(str2);
        try {
            persistenceManager = openTransaction();
            persistenceManager.makePersistent(mSentryVersion);
            z = false;
            commitTransaction(persistenceManager);
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    private MSentryVersion getMSentryVersion() throws SentryNoSuchObjectException, SentryAccessDeniedException {
        try {
            try {
                PersistenceManager openTransaction = openTransaction();
                List list = (List) openTransaction.newQuery(MSentryVersion.class).execute();
                openTransaction.retrieveAll(list);
                commitTransaction(openTransaction);
                if (list.isEmpty()) {
                    throw new SentryNoSuchObjectException("No matching version found");
                }
                if (list.size() > 1) {
                    throw new SentryAccessDeniedException("Metastore contains multiple versions");
                }
                MSentryVersion mSentryVersion = (MSentryVersion) list.get(0);
                if (0 != 0) {
                    rollbackTransaction(openTransaction);
                }
                return mSentryVersion;
            } catch (JDODataStoreException e) {
                if (e.getCause() instanceof MissingTableException) {
                    throw new SentryAccessDeniedException("Version table not found. The sentry store is not set or corrupt ");
                }
                throw e;
            }
        } catch (Throwable th) {
            if (1 != 0) {
                rollbackTransaction(null);
            }
            throw th;
        }
    }

    public void dropPrivilege(TSentryAuthorizable tSentryAuthorizable) throws SentryNoSuchObjectException, SentryInvalidInputException {
        PersistenceManager persistenceManager = null;
        boolean z = true;
        TSentryPrivilege sentryPrivilege = toSentryPrivilege(tSentryAuthorizable);
        try {
            try {
                persistenceManager = openTransaction();
                if (isMultiActionsSupported(sentryPrivilege)) {
                    Iterator it = Sets.newHashSet(new String[]{"*", "select", "insert"}).iterator();
                    while (it.hasNext()) {
                        sentryPrivilege.setAction((String) it.next());
                        dropPrivilegeForAllRoles(persistenceManager, new TSentryPrivilege(sentryPrivilege));
                    }
                } else {
                    dropPrivilegeForAllRoles(persistenceManager, new TSentryPrivilege(sentryPrivilege));
                }
                z = false;
                commitTransaction(persistenceManager);
                if (0 != 0) {
                    rollbackTransaction(persistenceManager);
                }
            } catch (JDODataStoreException e) {
                throw new SentryInvalidInputException("Failed to get privileges: " + e.getMessage());
            }
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    public void renamePrivilege(TSentryAuthorizable tSentryAuthorizable, TSentryAuthorizable tSentryAuthorizable2) throws SentryNoSuchObjectException, SentryInvalidInputException {
        PersistenceManager persistenceManager = null;
        boolean z = true;
        TSentryPrivilege sentryPrivilege = toSentryPrivilege(tSentryAuthorizable);
        TSentryPrivilege sentryPrivilege2 = toSentryPrivilege(tSentryAuthorizable2);
        try {
            try {
                persistenceManager = openTransaction();
                if (isMultiActionsSupported(sentryPrivilege)) {
                    Iterator it = Sets.newHashSet(new String[]{"*", "select", "insert"}).iterator();
                    while (it.hasNext()) {
                        String str = (String) it.next();
                        sentryPrivilege.setAction(str);
                        sentryPrivilege2.setAction(str);
                        renamePrivilegeForAllRoles(persistenceManager, sentryPrivilege, sentryPrivilege2);
                    }
                } else {
                    renamePrivilegeForAllRoles(persistenceManager, sentryPrivilege, sentryPrivilege2);
                }
                z = false;
                commitTransaction(persistenceManager);
                if (0 != 0) {
                    rollbackTransaction(persistenceManager);
                }
            } catch (JDODataStoreException e) {
                throw new SentryInvalidInputException("Failed to get privileges: " + e.getMessage());
            }
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    private boolean isMultiActionsSupported(TSentryPrivilege tSentryPrivilege) {
        return tSentryPrivilege.getDbName() != null;
    }

    private void renamePrivilegeForAllRoles(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege, TSentryPrivilege tSentryPrivilege2) throws SentryNoSuchObjectException, SentryInvalidInputException {
        dropOrRenamePrivilegeForAllRoles(persistenceManager, tSentryPrivilege, tSentryPrivilege2);
    }

    private void dropPrivilegeForAllRoles(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException {
        dropOrRenamePrivilegeForAllRoles(persistenceManager, tSentryPrivilege, null);
    }

    private void dropOrRenamePrivilegeForAllRoles(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege, TSentryPrivilege tSentryPrivilege2) throws SentryNoSuchObjectException, SentryInvalidInputException {
        HashSet newHashSet = Sets.newHashSet();
        MSentryPrivilege mSentryPrivilege = getMSentryPrivilege(tSentryPrivilege, persistenceManager);
        if (mSentryPrivilege != null) {
            newHashSet.addAll(ImmutableSet.copyOf(mSentryPrivilege.getRoles()));
        }
        Iterator it = newHashSet.iterator();
        while (it.hasNext()) {
            MSentryRole mSentryRole = (MSentryRole) it.next();
            alterSentryRoleRevokePrivilegeCore(persistenceManager, mSentryRole.getRoleName(), tSentryPrivilege);
            if (tSentryPrivilege2 != null) {
                alterSentryRoleGrantPrivilegeCore(persistenceManager, mSentryRole.getRoleName(), tSentryPrivilege2);
            }
        }
    }

    private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tSentryAuthorizable) throws SentryInvalidInputException {
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setDbName(fromNULLCol(tSentryAuthorizable.getDb()));
        tSentryPrivilege.setServerName(fromNULLCol(tSentryAuthorizable.getServer()));
        tSentryPrivilege.setTableName(fromNULLCol(tSentryAuthorizable.getTable()));
        tSentryPrivilege.setURI(fromNULLCol(tSentryAuthorizable.getUri()));
        tSentryPrivilege.setPrivilegeScope((!isNULL(tSentryPrivilege.getTableName()) ? ServiceConstants.PrivilegeScope.TABLE : !isNULL(tSentryPrivilege.getDbName()) ? ServiceConstants.PrivilegeScope.DATABASE : !isNULL(tSentryPrivilege.getURI()) ? ServiceConstants.PrivilegeScope.URI : ServiceConstants.PrivilegeScope.SERVER).name());
        tSentryPrivilege.setAction("*");
        return tSentryPrivilege;
    }

    public static String toNULLCol(String str) {
        return Strings.isNullOrEmpty(str) ? NULL_COL : str;
    }

    public static String fromNULLCol(String str) {
        return isNULL(str) ? "" : str;
    }

    public static boolean isNULL(String str) {
        return Strings.isNullOrEmpty(str) || str.equals(NULL_COL);
    }

    private void grantOptionCheck(PersistenceManager persistenceManager, String str, TSentryPrivilege tSentryPrivilege) throws SentryUserException {
        MSentryPrivilege convertToMSentryPrivilege = convertToMSentryPrivilege(tSentryPrivilege);
        if (str == null) {
            throw new SentryInvalidInputException("grantorPrincipal should not be null");
        }
        Set<String> groupsFromUserName = SentryPolicyStoreProcessor.getGroupsFromUserName(this.conf, str);
        if (groupsFromUserName == null || groupsFromUserName.isEmpty()) {
            throw new SentryGrantDeniedException(str + " has no grant!");
        }
        Set<String> adminGroups = getAdminGroups();
        boolean z = false;
        if (adminGroups != null && !adminGroups.isEmpty()) {
            Iterator<String> it = groupsFromUserName.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                } else if (adminGroups.contains(it.next())) {
                    z = true;
                    break;
                }
            }
        }
        if (z) {
            return;
        }
        boolean z2 = false;
        Set<MSentryRole> rolesForGroups = getRolesForGroups(persistenceManager, groupsFromUserName);
        if (rolesForGroups != null && !rolesForGroups.isEmpty()) {
            Iterator<MSentryRole> it2 = rolesForGroups.iterator();
            while (it2.hasNext()) {
                Set<MSentryPrivilege> privileges = it2.next().getPrivileges();
                if (privileges != null && !privileges.isEmpty()) {
                    Iterator<MSentryPrivilege> it3 = privileges.iterator();
                    while (true) {
                        if (it3.hasNext()) {
                            MSentryPrivilege next = it3.next();
                            if (next.getGrantOption().booleanValue() && next.implies(convertToMSentryPrivilege)) {
                                z2 = true;
                                break;
                            }
                        }
                    }
                }
            }
        }
        if (!z2) {
            throw new SentryGrantDeniedException(str + " has no grant!");
        }
    }

    private Set<String> getAdminGroups() {
        return Sets.newHashSet(this.conf.getStrings(ServiceConstants.ServerConfig.ADMIN_GROUPS, new String[0]));
    }

    public Map<String, HashMap<String, String>> retrieveFullPrivilegeImage() {
        HashMap hashMap = new HashMap();
        boolean z = true;
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
            newQuery.setFilter("(serverName != \"__NULL__\") && (dbName != \"__NULL__\") && (URI == \"__NULL__\")".toString());
            newQuery.setOrdering("serverName ascending, dbName ascending, tableName ascending");
            z = false;
            for (MSentryPrivilege mSentryPrivilege : (List) newQuery.execute()) {
                String dbName = mSentryPrivilege.getDbName();
                if (!isNULL(mSentryPrivilege.getTableName())) {
                    dbName = dbName + "." + mSentryPrivilege.getTableName();
                }
                HashMap hashMap2 = (HashMap) hashMap.get(dbName);
                if (hashMap2 == null) {
                    hashMap2 = new HashMap();
                    hashMap.put(dbName, hashMap2);
                }
                for (MSentryRole mSentryRole : mSentryPrivilege.getRoles()) {
                    String str = (String) hashMap2.get(mSentryRole.getRoleName());
                    if (str == null) {
                        hashMap2.put(mSentryRole.getRoleName(), mSentryPrivilege.getAction().toUpperCase());
                    } else {
                        hashMap2.put(mSentryRole.getRoleName(), str + "," + mSentryPrivilege.getAction().toUpperCase());
                    }
                }
            }
            commitTransaction(persistenceManager);
            if (0 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return hashMap;
        } catch (Throwable th) {
            if (z) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    public Map<String, LinkedList<String>> retrieveFullRoleImage() {
        HashMap hashMap = new HashMap();
        PersistenceManager persistenceManager = null;
        try {
            persistenceManager = openTransaction();
            for (MSentryGroup mSentryGroup : (List) persistenceManager.newQuery(MSentryGroup.class).execute()) {
                for (MSentryRole mSentryRole : mSentryGroup.getRoles()) {
                    LinkedList linkedList = (LinkedList) hashMap.get(mSentryRole.getRoleName());
                    if (linkedList == null) {
                        linkedList = new LinkedList();
                        hashMap.put(mSentryRole.getRoleName(), linkedList);
                    }
                    linkedList.add(mSentryGroup.getGroupName());
                }
            }
            commitTransaction(persistenceManager);
            if (1 != 0) {
                rollbackTransaction(persistenceManager);
            }
            return hashMap;
        } catch (Throwable th) {
            if (1 != 0) {
                rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }
}
