package org.apache.sentry.provider.db.generic.service.thrift;

import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.sentry.SentryUserException;
import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.SentryConfigurationException;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.provider.common.ProviderBackend;
import org.apache.sentry.provider.common.ProviderBackendContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/provider/db/generic/service/thrift/SearchProviderBackend.class */
public class SearchProviderBackend implements ProviderBackend {
    private static final Logger LOGGER = LoggerFactory.getLogger(SearchProviderBackend.class);
    private final Configuration conf;
    private volatile boolean initialized = false;
    private final Subject subject = new Subject(UserGroupInformation.getCurrentUser().getShortUserName());

    public SearchProviderBackend(Configuration configuration, String str) throws Exception {
        this.conf = configuration;
    }

    public void initialize(ProviderBackendContext providerBackendContext) {
        if (this.initialized) {
            throw new IllegalStateException("SearchProviderBackend has already been initialized, cannot be initialized twice");
        }
        this.initialized = true;
    }

    public ImmutableSet<String> getPrivileges(Set<String> set, ActiveRoleSet activeRoleSet, Authorizable... authorizableArr) {
        if (!this.initialized) {
            throw new IllegalStateException("SearchProviderBackend has not been properly initialized");
        }
        SearchPolicyServiceClient searchPolicyServiceClient = null;
        try {
            try {
                searchPolicyServiceClient = getClient();
                ImmutableSet<String> copyOf = ImmutableSet.copyOf(searchPolicyServiceClient.listPrivilegesForProvider(activeRoleSet, set, Arrays.asList(authorizableArr)));
                if (searchPolicyServiceClient != null) {
                    searchPolicyServiceClient.close();
                }
                return copyOf;
            } catch (Exception e) {
                LOGGER.error("Unable to obtain client:" + e.getMessage(), e);
                if (searchPolicyServiceClient != null) {
                    searchPolicyServiceClient.close();
                }
                return ImmutableSet.of();
            } catch (SentryUserException e2) {
                LOGGER.error("Unable to obtain privileges from server: " + e2.getMessage(), e2);
                if (searchPolicyServiceClient != null) {
                    searchPolicyServiceClient.close();
                }
                return ImmutableSet.of();
            }
        } catch (Throwable th) {
            if (searchPolicyServiceClient != null) {
                searchPolicyServiceClient.close();
            }
            throw th;
        }
    }

    public ImmutableSet<String> getRoles(Set<String> set, ActiveRoleSet activeRoleSet) {
        if (!this.initialized) {
            throw new IllegalStateException("SearchProviderBackend has not been properly initialized");
        }
        SearchPolicyServiceClient searchPolicyServiceClient = null;
        try {
            try {
                try {
                    HashSet newHashSet = Sets.newHashSet();
                    searchPolicyServiceClient = getClient();
                    Iterator<String> it = set.iterator();
                    while (it.hasNext()) {
                        newHashSet.addAll(searchPolicyServiceClient.listRolesByGroupName(this.subject.getName(), it.next()));
                    }
                    Sets.SetView newHashSet2 = Sets.newHashSet();
                    Iterator it2 = newHashSet.iterator();
                    while (it2.hasNext()) {
                        newHashSet2.add(((TSentryRole) it2.next()).getRoleName());
                    }
                    ImmutableSet<String> copyOf = ImmutableSet.copyOf(activeRoleSet.isAll() ? newHashSet2 : Sets.intersection(newHashSet2, activeRoleSet.getRoles()));
                    if (searchPolicyServiceClient != null) {
                        searchPolicyServiceClient.close();
                    }
                    return copyOf;
                } catch (Exception e) {
                    LOGGER.error("Unable to obtain client:" + e.getMessage(), e);
                    if (searchPolicyServiceClient != null) {
                        searchPolicyServiceClient.close();
                    }
                    return ImmutableSet.of();
                }
            } catch (SentryUserException e2) {
                LOGGER.error("Unable to obtain roles from server: " + e2.getMessage(), e2);
                if (searchPolicyServiceClient != null) {
                    searchPolicyServiceClient.close();
                }
                return ImmutableSet.of();
            }
        } catch (Throwable th) {
            if (searchPolicyServiceClient != null) {
                searchPolicyServiceClient.close();
            }
            throw th;
        }
    }

    public SearchPolicyServiceClient getClient() throws Exception {
        return new SearchPolicyServiceClient(this.conf);
    }

    public void validatePolicy(boolean z) throws SentryConfigurationException {
        if (!this.initialized) {
            throw new IllegalStateException("Backend has not been properly initialized");
        }
    }

    public void close() {
    }
}
