package org.apache.sentry.binding.hive;

import com.google.common.base.Preconditions;
import java.io.Serializable;
import java.security.CodeSource;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.hadoop.hive.ql.exec.DDLTask;
import org.apache.hadoop.hive.ql.exec.SentryFilterDDLTask;
import org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask;
import org.apache.hadoop.hive.ql.exec.Task;
import org.apache.hadoop.hive.ql.exec.Utilities;
import org.apache.hadoop.hive.ql.lib.Node;
import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
import org.apache.hadoop.hive.ql.parse.ASTNode;
import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer;
import org.apache.hadoop.hive.ql.parse.HiveSemanticAnalyzerHookContext;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges;
import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.model.db.Database;
import org.apache.sentry.core.model.db.Table;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/binding/hive/HiveAuthzBindingHook.class */
public class HiveAuthzBindingHook extends HiveAuthzBindingHookBase {
    private static final Logger LOG = LoggerFactory.getLogger(HiveAuthzBindingHook.class);

    public HiveAuthzBindingHook() throws Exception {
        SessionState sessionState = SessionState.get();
        if (sessionState == null) {
            throw new IllegalStateException("Session has not been started");
        }
        SessionState.get().setAuthorizer((HiveAuthorizationProvider) null);
        if (sessionState.getConf() == null) {
            throw new IllegalStateException("Session HiveConf is null");
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:4:0x0018, code lost:
    
        if (r0.isEmpty() != false) goto L6;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static org.apache.sentry.binding.hive.conf.HiveAuthzConf loadAuthzConf(org.apache.hadoop.hive.conf.HiveConf r6) {
        /*
            r0 = 0
            r7 = r0
            r0 = 0
            r8 = r0
            r0 = r6
            java.lang.String r1 = "hive.sentry.conf.url"
            java.lang.String r0 = r0.get(r1)
            r9 = r0
            r0 = r9
            if (r0 == 0) goto L1b
            r0 = r9
            java.lang.String r0 = r0.trim()
            r1 = r0
            r9 = r1
            boolean r0 = r0.isEmpty()
            if (r0 == 0) goto L24
        L1b:
            r0 = r6
            java.lang.String r1 = "hive.access.conf.url"
            java.lang.String r0 = r0.get(r1)
            r9 = r0
            r0 = 1
            r7 = r0
        L24:
            r0 = r9
            if (r0 == 0) goto L34
            r0 = r9
            java.lang.String r0 = r0.trim()
            r1 = r0
            r9 = r1
            boolean r0 = r0.isEmpty()
            if (r0 == 0) goto L54
        L34:
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException
            r1 = r0
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "Configuration key hive.sentry.conf.url value '"
            java.lang.StringBuilder r2 = r2.append(r3)
            r3 = r9
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r3 = "' is invalid."
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r1.<init>(r2)
            throw r0
        L54:
            org.apache.sentry.binding.hive.conf.HiveAuthzConf r0 = new org.apache.sentry.binding.hive.conf.HiveAuthzConf     // Catch: java.net.MalformedURLException -> L67
            r1 = r0
            java.net.URL r2 = new java.net.URL     // Catch: java.net.MalformedURLException -> L67
            r3 = r2
            r4 = r9
            r3.<init>(r4)     // Catch: java.net.MalformedURLException -> L67
            r1.<init>(r2)     // Catch: java.net.MalformedURLException -> L67
            r8 = r0
            goto Lb1
        L67:
            r10 = move-exception
            r0 = r7
            if (r0 == 0) goto L8f
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException
            r1 = r0
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "Configuration key hive.access.conf.url specifies a malformed URL '"
            java.lang.StringBuilder r2 = r2.append(r3)
            r3 = r9
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r3 = "'"
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r3 = r10
            r1.<init>(r2, r3)
            throw r0
        L8f:
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException
            r1 = r0
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "Configuration key hive.sentry.conf.url specifies a malformed URL '"
            java.lang.StringBuilder r2 = r2.append(r3)
            r3 = r9
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r3 = "'"
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r3 = r10
            r1.<init>(r2, r3)
            throw r0
        Lb1:
            r0 = r8
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.sentry.binding.hive.HiveAuthzBindingHook.loadAuthzConf(org.apache.hadoop.hive.conf.HiveConf):org.apache.sentry.binding.hive.conf.HiveAuthzConf");
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x0009. Please report as an issue. */
    public ASTNode preAnalyze(HiveSemanticAnalyzerHookContext hiveSemanticAnalyzerHookContext, ASTNode aSTNode) throws SemanticException {
        CodeSource codeSource;
        switch (aSTNode.getToken().getType()) {
            case 586:
            case 635:
            case 657:
            case 665:
            case 834:
                this.currDB = new Database(BaseSemanticAnalyzer.unescapeIdentifier(aSTNode.getChild(0).getText()));
                return aSTNode;
            case 588:
                this.currTab = extractTable((ASTNode) aSTNode.getChild(0));
                this.currDB = extractDatabase((ASTNode) aSTNode.getChild(0));
                return aSTNode;
            case 589:
                Iterator it = aSTNode.getChildren().iterator();
                while (it.hasNext()) {
                    ASTNode aSTNode2 = (Node) it.next();
                    if ("TOK_ALTERTABLE_SERIALIZER".equals(aSTNode2.getText())) {
                        setSerdeURI(BaseSemanticAnalyzer.unescapeSQLString(aSTNode2.getChild(0).getText()));
                        this.currDB = getCanonicalDb();
                    }
                    if ("TOK_ALTERTABLE_RENAME".equals(aSTNode2.getText())) {
                        this.currDB = extractDatabase((ASTNode) aSTNode.getChild(0));
                        this.currOutDB = extractDatabase((ASTNode) aSTNode2.getChild(0));
                    }
                }
                return aSTNode;
            case 590:
            case 597:
            case 604:
            case 606:
            case 607:
            case 609:
            case 804:
            case 806:
            case 816:
                this.currTab = extractTable((ASTNode) aSTNode.getChild(0));
                this.currDB = extractDatabase((ASTNode) aSTNode.getChild(0));
                return aSTNode;
            case 591:
                this.currTab = extractTable((ASTNode) aSTNode.getChild(0));
                this.currDB = extractDatabase((ASTNode) aSTNode.getChild(0));
                this.partitionURI = extractPartition(aSTNode);
                return aSTNode;
            case 611:
            case 617:
            case 618:
            case 619:
            case 621:
            case 622:
            case 637:
            case 667:
            case 670:
            case 671:
            case 725:
            case 809:
            case 881:
                this.currTab = extractTable((ASTNode) aSTNode.getFirstChildWithType(863));
                this.currDB = extractDatabase((ASTNode) aSTNode.getChild(0));
                return aSTNode;
            case 636:
                String unescapeSQLString = BaseSemanticAnalyzer.unescapeSQLString(aSTNode.getChild(1).getText());
                try {
                    codeSource = Class.forName(unescapeSQLString, true, Utilities.getSessionSpecifiedClassLoader()).getProtectionDomain().getCodeSource();
                } catch (ClassNotFoundException e) {
                    List functionJars = getFunctionJars(aSTNode);
                    if (functionJars.isEmpty()) {
                        throw new SemanticException("Error retrieving udf class:" + e.getMessage(), e);
                    }
                    Iterator it2 = functionJars.iterator();
                    while (it2.hasNext()) {
                        this.udfURIs.add(parseURI((String) it2.next(), false));
                    }
                }
                if (codeSource == null) {
                    throw new SemanticException("Could not resolve the jar for UDF class " + unescapeSQLString);
                }
                String path = codeSource.getLocation().getPath();
                if (path == null || path.isEmpty()) {
                    throw new SemanticException("Could not find the jar for UDF class " + unescapeSQLString + "to validate privileges");
                }
                this.udfURIs.add(parseURI(codeSource.getLocation().toString(), true));
                this.currDB = Database.ALL;
                return aSTNode;
            case 641:
                Iterator it3 = aSTNode.getChildren().iterator();
                while (it3.hasNext()) {
                    ASTNode aSTNode3 = (Node) it3.next();
                    if ("TOK_TABLESERIALIZER".equals(aSTNode3.getText())) {
                        setSerdeURI(BaseSemanticAnalyzer.unescapeSQLString(aSTNode3.getChild(0).getChild(0).getText()));
                    }
                }
            case 642:
                this.currDB = extractDatabase((ASTNode) aSTNode.getChild(0));
                return aSTNode;
            case 659:
                this.currDB = getCanonicalDb();
                this.isDescTableBasic = aSTNode.getChildCount() == 1;
                return aSTNode;
            case 666:
                this.currDB = Database.ALL;
                return aSTNode;
            case 722:
                this.currDB = new Database(BaseSemanticAnalyzer.unescapeIdentifier(aSTNode.getChild(1).getChild(0).getChild(0).getText()));
                return aSTNode;
            case 728:
                extractDbTableNameFromTOKTABLE((ASTNode) aSTNode.getChild(1));
                return aSTNode;
            case 815:
                this.currDB = extractDatabase((ASTNode) aSTNode.getChild(0));
                int childCount = aSTNode.getChildCount();
                int i = 1;
                while (true) {
                    if (i < childCount) {
                        ASTNode child = aSTNode.getChild(i);
                        if (child.getToken().getType() == 26) {
                            this.currDB = new Database(child.getText());
                        } else {
                            i++;
                        }
                    }
                }
                this.currTab = Table.ALL;
                return aSTNode;
            case 876:
                Preconditions.checkArgument(aSTNode.getChildCount() == 1);
                Preconditions.checkArgument(aSTNode.getChild(0).getChildCount() >= 1);
                ASTNode aSTNode4 = (ASTNode) aSTNode.getChild(0).getChild(0);
                Preconditions.checkArgument(aSTNode4.getChildCount() >= 1);
                if (aSTNode4.getChildCount() == 1) {
                    this.currOutDB = extractDatabase((ASTNode) aSTNode.getChild(0));
                    this.currOutTab = extractTable((ASTNode) aSTNode4.getChild(0));
                } else {
                    extractDbTableNameFromTOKTABLE(aSTNode4);
                }
                return aSTNode;
            default:
                this.currDB = getCanonicalDb();
                return aSTNode;
        }
    }

    public void postAnalyze(HiveSemanticAnalyzerHookContext hiveSemanticAnalyzerHookContext, List<Task<? extends Serializable>> list) throws SemanticException {
        HiveOperation currentHiveStmtOp = getCurrentHiveStmtOp();
        HiveAuthzPrivileges hiveAuthzPrivileges = HiveAuthzPrivilegesMap.getHiveAuthzPrivileges(currentHiveStmtOp);
        Subject currentSubject = getCurrentSubject(hiveSemanticAnalyzerHookContext);
        Set<String> groups = this.hiveAuthzBinding.getGroups(currentSubject);
        for (Task<? extends Serializable> task : list) {
            if (task instanceof SentryGrantRevokeTask) {
                SentryGrantRevokeTask sentryGrantRevokeTask = (SentryGrantRevokeTask) task;
                sentryGrantRevokeTask.setHiveAuthzBinding(this.hiveAuthzBinding);
                sentryGrantRevokeTask.setAuthzConf(this.authzConf);
                sentryGrantRevokeTask.setSubject(currentSubject);
                sentryGrantRevokeTask.setSubjectGroups(groups);
                sentryGrantRevokeTask.setIpAddress(hiveSemanticAnalyzerHookContext.getIpAddress());
                sentryGrantRevokeTask.setOperation(currentHiveStmtOp);
            }
        }
        if (hiveAuthzPrivileges == null) {
            return;
        }
        for (int i = 0; i < list.size(); i++) {
            try {
                try {
                    DDLTask dDLTask = (Task) list.get(i);
                    if ((dDLTask instanceof DDLTask) && dDLTask.getWork().getShowColumnsDesc() != null) {
                        SentryFilterDDLTask sentryFilterDDLTask = new SentryFilterDDLTask(this.hiveAuthzBinding, currentSubject, currentHiveStmtOp);
                        sentryFilterDDLTask.copyDDLTask(dDLTask);
                        list.set(i, sentryFilterDDLTask);
                    }
                } catch (AuthorizationException e) {
                    executeOnFailureHooks(hiveSemanticAnalyzerHookContext, currentHiveStmtOp, e);
                    StringBuilder sb = new StringBuilder();
                    Iterator it = this.hiveAuthzBinding.getLastQueryPrivilegeErrors().iterator();
                    while (it.hasNext()) {
                        sb.append((String) it.next());
                        sb.append(";");
                    }
                    String sb2 = sb.toString();
                    SessionState.get().getConf().set("sentry.hive.authorization.errors", sb2);
                    String str = "No valid privileges\n Required privileges for this query: " + sb2;
                    String str2 = "No valid privileges\n " + e.getMessage() + "\n The required privileges: " + sb2;
                    LOG.info(str);
                    throw new SemanticException(str2, e);
                }
            } finally {
                this.hiveAuthzBinding.close();
            }
        }
        authorizeWithHiveBindings(hiveSemanticAnalyzerHookContext, hiveAuthzPrivileges, currentHiveStmtOp);
        this.hiveAuthzBinding.close();
        if ("true".equalsIgnoreCase(hiveSemanticAnalyzerHookContext.getConf().get("sentry.hive.mock.compilation"))) {
            throw new SemanticException("sentry.hive.mock.error Mock query compilation aborted. Set sentry.hive.mock.compilation to 'false' for normal query processing");
        }
    }
}
