package org.apache.sentry.binding.metastore;

import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.login.LoginException;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.ObjectStore;
import org.apache.hadoop.hive.metastore.api.ColumnStatistics;
import org.apache.hadoop.hive.metastore.api.Database;
import org.apache.hadoop.hive.metastore.api.Index;
import org.apache.hadoop.hive.metastore.api.InvalidObjectException;
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.hive.metastore.api.NoSuchObjectException;
import org.apache.hadoop.hive.metastore.api.Partition;
import org.apache.hadoop.hive.metastore.api.Table;
import org.apache.hadoop.hive.metastore.api.UnknownDBException;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.hadoop.hive.shims.Utils;
import org.apache.sentry.binding.hive.HiveAuthzBindingHookBase;
import org.apache.sentry.binding.hive.authz.HiveAuthzBinding;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;

/* loaded from: input_file:org/apache/sentry/binding/metastore/AuthorizingObjectStore.class */
public class AuthorizingObjectStore extends ObjectStore {
    private static ImmutableSet<String> serviceUsers;
    private static HiveConf hiveConf;
    private static HiveAuthzConf authzConf;
    private static HiveAuthzBinding hiveAuthzBinding;
    private static String NO_ACCESS_MESSAGE_TABLE = "Table does not exist or insufficient privileges to access: ";
    private static String NO_ACCESS_MESSAGE_DATABASE = "Database does not exist or insufficient privileges to access: ";

    public List<String> getDatabases(String str) throws MetaException {
        return filterDatabases(super.getDatabases(str));
    }

    public List<String> getAllDatabases() throws MetaException {
        return filterDatabases(super.getAllDatabases());
    }

    public Database getDatabase(String str) throws NoSuchObjectException {
        Database database = super.getDatabase(str);
        try {
            if (filterDatabases(Lists.newArrayList(new String[]{str})).isEmpty()) {
                throw new NoSuchObjectException(getNoAccessMessageForDB(str));
            }
            return database;
        } catch (MetaException e) {
            throw new NoSuchObjectException("Failed to authorized access to " + str + " : " + e.getMessage());
        }
    }

    public Table getTable(String str, String str2) throws MetaException {
        Table table = super.getTable(str, str2);
        if (table == null || filterTables(str, Lists.newArrayList(new String[]{str2})).isEmpty()) {
            return null;
        }
        return table;
    }

    public Partition getPartition(String str, String str2, List<String> list) throws MetaException, NoSuchObjectException {
        if (filterTables(str, Lists.newArrayList(new String[]{str2})).isEmpty()) {
            throw new NoSuchObjectException(getNoAccessMessageForTable(str, str2));
        }
        return super.getPartition(str, str2, list);
    }

    public List<Partition> getPartitions(String str, String str2, int i) throws MetaException, NoSuchObjectException {
        if (filterTables(str, Lists.newArrayList(new String[]{str2})).isEmpty()) {
            throw new MetaException(getNoAccessMessageForTable(str, str2));
        }
        return super.getPartitions(str, str2, i);
    }

    public List<String> getTables(String str, String str2) throws MetaException {
        return filterTables(str, super.getTables(str, str2));
    }

    public List<Table> getTableObjectsByName(String str, List<String> list) throws MetaException, UnknownDBException {
        return super.getTableObjectsByName(str, filterTables(str, list));
    }

    public List<String> getAllTables(String str) throws MetaException {
        return filterTables(str, super.getAllTables(str));
    }

    public List<String> listTableNamesByFilter(String str, String str2, short s) throws MetaException {
        return filterTables(str, super.listTableNamesByFilter(str, str2, s));
    }

    public List<String> listPartitionNames(String str, String str2, short s) throws MetaException {
        if (filterTables(str, Lists.newArrayList(new String[]{str2})).isEmpty()) {
            throw new MetaException(getNoAccessMessageForTable(str, str2));
        }
        return super.listPartitionNames(str, str2, s);
    }

    public List<String> listPartitionNamesByFilter(String str, String str2, String str3, short s) throws MetaException {
        if (filterTables(str, Lists.newArrayList(new String[]{str2})).isEmpty()) {
            throw new MetaException(getNoAccessMessageForTable(str, str2));
        }
        return super.listPartitionNamesByFilter(str, str2, str3, s);
    }

    public Index getIndex(String str, String str2, String str3) throws MetaException {
        if (filterTables(str, Lists.newArrayList(new String[]{str2})).isEmpty()) {
            throw new MetaException(getNoAccessMessageForTable(str, str2));
        }
        return super.getIndex(str, str2, str3);
    }

    public List<Index> getIndexes(String str, String str2, int i) throws MetaException {
        if (filterTables(str, Lists.newArrayList(new String[]{str2})).isEmpty()) {
            throw new MetaException(getNoAccessMessageForTable(str, str2));
        }
        return super.getIndexes(str, str2, i);
    }

    public List<String> listIndexNames(String str, String str2, short s) throws MetaException {
        if (filterTables(str, Lists.newArrayList(new String[]{str2})).isEmpty()) {
            throw new MetaException(getNoAccessMessageForTable(str, str2));
        }
        return super.listIndexNames(str, str2, s);
    }

    public List<Partition> getPartitionsByFilter(String str, String str2, String str3, short s) throws MetaException, NoSuchObjectException {
        if (filterTables(str, Lists.newArrayList(new String[]{str2})).isEmpty()) {
            throw new MetaException(getNoAccessMessageForTable(str, str2));
        }
        return super.getPartitionsByFilter(str, str2, str3, s);
    }

    public List<Partition> getPartitionsByNames(String str, String str2, List<String> list) throws MetaException, NoSuchObjectException {
        if (filterTables(str, Lists.newArrayList(new String[]{str2})).isEmpty()) {
            throw new MetaException(getNoAccessMessageForTable(str, str2));
        }
        return super.getPartitionsByNames(str, str2, list);
    }

    public Partition getPartitionWithAuth(String str, String str2, List<String> list, String str3, List<String> list2) throws MetaException, NoSuchObjectException, InvalidObjectException {
        if (filterTables(str, Lists.newArrayList(new String[]{str2})).isEmpty()) {
            throw new MetaException(getNoAccessMessageForTable(str, str2));
        }
        return super.getPartitionWithAuth(str, str2, list, str3, list2);
    }

    public List<Partition> getPartitionsWithAuth(String str, String str2, short s, String str3, List<String> list) throws MetaException, NoSuchObjectException, InvalidObjectException {
        if (filterTables(str, Lists.newArrayList(new String[]{str2})).isEmpty()) {
            throw new MetaException(getNoAccessMessageForTable(str, str2));
        }
        return super.getPartitionsWithAuth(str, str2, s, str3, list);
    }

    public List<String> listPartitionNamesPs(String str, String str2, List<String> list, short s) throws MetaException, NoSuchObjectException {
        if (filterTables(str, Lists.newArrayList(new String[]{str2})).isEmpty()) {
            throw new MetaException(getNoAccessMessageForTable(str, str2));
        }
        return super.listPartitionNamesPs(str, str2, list, s);
    }

    public List<Partition> listPartitionsPsWithAuth(String str, String str2, List<String> list, short s, String str3, List<String> list2) throws MetaException, InvalidObjectException, NoSuchObjectException {
        if (filterTables(str, Lists.newArrayList(new String[]{str2})).isEmpty()) {
            throw new MetaException(getNoAccessMessageForTable(str, str2));
        }
        return super.listPartitionsPsWithAuth(str, str2, list, s, str3, list2);
    }

    public ColumnStatistics getTableColumnStatistics(String str, String str2, List<String> list) throws MetaException, NoSuchObjectException {
        if (filterTables(str, Lists.newArrayList(new String[]{str2})).isEmpty()) {
            throw new MetaException(getNoAccessMessageForTable(str, str2));
        }
        return super.getTableColumnStatistics(str, str2, list);
    }

    public List<ColumnStatistics> getPartitionColumnStatistics(String str, String str2, List<String> list, List<String> list2) throws MetaException, NoSuchObjectException {
        if (filterTables(str, Lists.newArrayList(new String[]{str2})).isEmpty()) {
            throw new MetaException(getNoAccessMessageForTable(str, str2));
        }
        return super.getPartitionColumnStatistics(str, str2, list, list2);
    }

    private List<String> filterDatabases(List<String> list) throws MetaException {
        if (!needsAuthorization(getUserName())) {
            return list;
        }
        try {
            return HiveAuthzBindingHookBase.filterShowDatabases(getHiveAuthzBinding(), list, HiveOperation.SHOWDATABASES, getUserName());
        } catch (SemanticException e) {
            throw new MetaException("Error getting DB list " + e.getMessage());
        }
    }

    protected List<String> filterTables(String str, List<String> list) throws MetaException {
        if (!needsAuthorization(getUserName())) {
            return list;
        }
        try {
            return HiveAuthzBindingHookBase.filterShowTables(getHiveAuthzBinding(), list, HiveOperation.SHOWTABLES, getUserName(), str);
        } catch (SemanticException e) {
            throw new MetaException("Error getting Table list " + e.getMessage());
        }
    }

    private HiveAuthzBinding getHiveAuthzBinding() throws MetaException {
        if (hiveAuthzBinding == null) {
            try {
                hiveAuthzBinding = new HiveAuthzBinding(HiveAuthzBinding.HiveHook.HiveMetaStore, getHiveConf(), getAuthzConf());
            } catch (Exception e) {
                throw new MetaException("Failed to load Hive binding " + e.getMessage());
            }
        }
        return hiveAuthzBinding;
    }

    private ImmutableSet<String> getServiceUsers() throws MetaException {
        if (serviceUsers == null) {
            serviceUsers = ImmutableSet.copyOf(toTrimed(Sets.newHashSet(getAuthzConf().getStrings(HiveAuthzConf.AuthzConfVars.AUTHZ_METASTORE_SERVICE_USERS.getVar(), new String[]{""}))));
        }
        return serviceUsers;
    }

    private HiveConf getHiveConf() {
        if (hiveConf == null) {
            hiveConf = new HiveConf(getConf(), getClass());
        }
        return hiveConf;
    }

    private HiveAuthzConf getAuthzConf() throws MetaException {
        if (authzConf == null) {
            String str = getConf().get("hive.sentry.conf.url");
            if (str != null) {
                String trim = str.trim();
                str = trim;
                if (!trim.isEmpty()) {
                    try {
                        authzConf = new HiveAuthzConf(new URL(str));
                    } catch (MalformedURLException e) {
                        throw new MetaException("Configuration key hive.sentry.conf.url specifies a malformed URL '" + str + "' " + e.getMessage());
                    }
                }
            }
            throw new MetaException("Configuration key hive.sentry.conf.url value '" + str + "' is invalid.");
        }
        return authzConf;
    }

    private String getUserName() throws MetaException {
        try {
            return Utils.getUGI().getShortUserName();
        } catch (IOException e) {
            throw new MetaException("Failed to get username " + e.getMessage());
        } catch (LoginException e2) {
            throw new MetaException("Failed to get username " + e2.getMessage());
        }
    }

    private boolean needsAuthorization(String str) throws MetaException {
        return !getServiceUsers().contains(str.trim());
    }

    private static Set<String> toTrimed(Set<String> set) {
        HashSet newHashSet = Sets.newHashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            newHashSet.add(it.next().trim());
        }
        return newHashSet;
    }

    protected String getNoAccessMessageForTable(String str, String str2) {
        return NO_ACCESS_MESSAGE_TABLE + "<" + str + ">.<" + str2 + ">";
    }

    private String getNoAccessMessageForDB(String str) {
        return NO_ACCESS_MESSAGE_DATABASE + "<" + str + ">";
    }
}
