package org.apache.sentry.binding.hive.authz;

import java.security.CodeSource;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.commons.cli.GnuParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.OptionGroup;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.ql.Driver;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.processors.CommandProcessorResponse;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.apache.log4j.Level;
import org.apache.log4j.LogManager;
import org.apache.sentry.Command;
import org.apache.sentry.binding.hive.SentryPolicyFileFormatFactory;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.common.exception.SentryConfigurationException;
import org.apache.sentry.core.model.db.Server;
import org.apache.sentry.provider.common.AuthorizationProvider;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
import org.apache.sentry.service.thrift.SentryServiceClientFactory;

/* loaded from: input_file:org/apache/sentry/binding/hive/authz/SentryConfigTool.class */
public class SentryConfigTool {
    private String sentrySiteFile = null;
    private String policyFile = null;
    private String query = null;
    private String jdbcURL = null;
    private String user = null;
    private String passWord = null;
    private String importPolicyFilePath = null;
    private String exportPolicyFilePath = null;
    private String objectPath = null;
    private boolean listPrivs = false;
    private boolean validate = false;
    private boolean importOverwriteRole = false;
    private HiveConf hiveConf = null;
    private HiveAuthzConf authzConf = null;
    private AuthorizationProvider sentryProvider = null;

    /* loaded from: input_file:org/apache/sentry/binding/hive/authz/SentryConfigTool$CommandImpl.class */
    public static class CommandImpl implements Command {
        public void run(String[] strArr) throws Exception {
            SentryConfigTool sentryConfigTool = new SentryConfigTool();
            try {
                sentryConfigTool.parseArgs(strArr);
                sentryConfigTool.setupConfig();
                if (sentryConfigTool.isValidate()) {
                    sentryConfigTool.validatePolicy();
                }
                if (!StringUtils.isEmpty(sentryConfigTool.getImportPolicyFilePath())) {
                    sentryConfigTool.importPolicy();
                }
                if (!StringUtils.isEmpty(sentryConfigTool.getExportPolicyFilePath())) {
                    sentryConfigTool.exportPolicy();
                }
                if (sentryConfigTool.isListPrivs()) {
                    sentryConfigTool.listPrivs();
                }
                if (sentryConfigTool.getQuery() != null) {
                    if (sentryConfigTool.getJdbcURL() != null) {
                        sentryConfigTool.verifyRemoteQuery(sentryConfigTool.getQuery());
                    } else {
                        sentryConfigTool.verifyLocalQuery(sentryConfigTool.getQuery());
                    }
                }
            } catch (Exception e) {
                System.out.println("Sentry tool reported Errors: " + e.getMessage());
                e.printStackTrace(System.out);
                System.exit(1);
            }
        }
    }

    public AuthorizationProvider getSentryProvider() {
        return this.sentryProvider;
    }

    public void setSentryProvider(AuthorizationProvider authorizationProvider) {
        this.sentryProvider = authorizationProvider;
    }

    public HiveConf getHiveConf() {
        return this.hiveConf;
    }

    public void setHiveConf(HiveConf hiveConf) {
        this.hiveConf = hiveConf;
    }

    public HiveAuthzConf getAuthzConf() {
        return this.authzConf;
    }

    public void setAuthzConf(HiveAuthzConf hiveAuthzConf) {
        this.authzConf = hiveAuthzConf;
    }

    public boolean isValidate() {
        return this.validate;
    }

    public void setValidate(boolean z) {
        this.validate = z;
    }

    public String getImportPolicyFilePath() {
        return this.importPolicyFilePath;
    }

    public void setImportPolicyFilePath(String str) {
        this.importPolicyFilePath = str;
    }

    public String getObjectPath() {
        return this.objectPath;
    }

    public void setObjectPath(String str) {
        this.objectPath = str;
    }

    public String getExportPolicyFilePath() {
        return this.exportPolicyFilePath;
    }

    public void setExportPolicyFilePath(String str) {
        this.exportPolicyFilePath = str;
    }

    public String getSentrySiteFile() {
        return this.sentrySiteFile;
    }

    public void setSentrySiteFile(String str) {
        this.sentrySiteFile = str;
    }

    public String getPolicyFile() {
        return this.policyFile;
    }

    public void setPolicyFile(String str) {
        this.policyFile = str;
    }

    public String getQuery() {
        return this.query;
    }

    public void setQuery(String str) {
        this.query = str;
    }

    public String getJdbcURL() {
        return this.jdbcURL;
    }

    public void setJdbcURL(String str) {
        this.jdbcURL = str;
    }

    public String getUser() {
        return this.user;
    }

    public void setUser(String str) {
        this.user = str;
    }

    public String getPassWord() {
        return this.passWord;
    }

    public void setPassWord(String str) {
        this.passWord = str;
    }

    public boolean isListPrivs() {
        return this.listPrivs;
    }

    public void setListPrivs(boolean z) {
        this.listPrivs = z;
    }

    public boolean isImportOverwriteRole() {
        return this.importOverwriteRole;
    }

    public void setImportOverwriteRole(boolean z) {
        this.importOverwriteRole = z;
    }

    public void setupConfig() throws Exception {
        System.out.println("Configuration: ");
        CodeSource codeSource = SentryConfigTool.class.getProtectionDomain().getCodeSource();
        if (codeSource != null) {
            System.out.println("Sentry package jar: " + codeSource.getLocation());
        }
        if (getPolicyFile() != null) {
            System.setProperty(HiveAuthzConf.AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), getPolicyFile());
        }
        System.setProperty(HiveAuthzConf.AuthzConfVars.SENTRY_TESTING_MODE.getVar(), "true");
        setHiveConf(new HiveConf(SessionState.class));
        getHiveConf().setVar(HiveConf.ConfVars.SEMANTIC_ANALYZER_HOOK, HiveAuthzBindingHookBase.class.getName());
        try {
            System.out.println("Hive config: " + HiveConf.getHiveSiteLocation());
            if (getSentrySiteFile() != null) {
                getHiveConf().set("hive.sentry.conf.url", getSentrySiteFile());
            }
            setAuthzConf(HiveAuthzConf.getAuthzConf(getHiveConf()));
            System.out.println("Sentry config: " + getAuthzConf().getHiveAuthzSiteFile());
            System.out.println("Sentry Policy: " + getAuthzConf().get(HiveAuthzConf.AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar()));
            System.out.println("Sentry server: " + getAuthzConf().get(HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME.getVar()));
            setSentryProvider(getAuthorizationProvider());
        } catch (NullPointerException e) {
            throw new SentryConfigurationException("Didn't find a hive-site.xml");
        }
    }

    private AuthorizationProvider getAuthorizationProvider() throws IllegalStateException, SentryConfigurationException {
        try {
            return HiveAuthzBinding.getAuthProvider(getHiveConf(), this.authzConf, new Server(getAuthzConf().get(HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME.getVar())).getName());
        } catch (Exception e) {
            throw new IllegalStateException("Couldn't load sentry provider ", e);
        } catch (SentryConfigurationException e2) {
            printConfigErrors(e2);
            throw e2;
        }
    }

    public void validatePolicy() throws Exception {
        try {
            getSentryProvider().validateResource(true);
            System.out.println("No errors found in the policy file");
        } catch (SentryConfigurationException e) {
            printConfigErrors(e);
            throw e;
        }
    }

    public void importPolicy() throws Exception {
        String property = System.getProperty("user.name", "");
        Map parse = SentryPolicyFileFormatFactory.createFileFormatter(this.authzConf).parse(this.importPolicyFilePath, this.authzConf);
        SentryPolicyServiceClient create = SentryServiceClientFactory.create(getAuthzConf());
        Throwable th = null;
        try {
            try {
                create.importPolicy(parse, property, this.importOverwriteRole);
                if (create != null) {
                    if (0 == 0) {
                        create.close();
                        return;
                    }
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (create != null) {
                if (th != null) {
                    try {
                        create.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    create.close();
                }
            }
            throw th4;
        }
    }

    public void exportPolicy() throws Exception {
        String property = System.getProperty("user.name", "");
        SentryPolicyServiceClient create = SentryServiceClientFactory.create(getAuthzConf());
        Throwable th = null;
        try {
            try {
                SentryPolicyFileFormatFactory.createFileFormatter(this.authzConf).write(this.exportPolicyFilePath, create.exportPolicy(property, this.objectPath));
                if (create != null) {
                    if (0 == 0) {
                        create.close();
                        return;
                    }
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (create != null) {
                if (th != null) {
                    try {
                        create.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    create.close();
                }
            }
            throw th4;
        }
    }

    public void listPrivs() throws Exception {
        getSentryProvider().validateResource(true);
        System.out.println("Available privileges for user " + getUser() + ":");
        Set listPrivilegesForSubject = getSentryProvider().listPrivilegesForSubject(new Subject(getUser()));
        Iterator it = listPrivilegesForSubject.iterator();
        while (it.hasNext()) {
            System.out.println("\t" + ((String) it.next()));
        }
        if (listPrivilegesForSubject.isEmpty()) {
            System.out.println("\t*** No permissions available ***");
        }
    }

    public void verifyLocalQuery(String str) throws Exception {
        SessionState sessionState = new SessionState(getHiveConf());
        SessionState.start(sessionState);
        Driver driver = new Driver(sessionState.getConf(), getUser());
        CommandProcessorResponse compileAndRespond = driver.compileAndRespond(str);
        if (compileAndRespond.getResponseCode() != 0) {
            if (compileAndRespond.getErrorMessage().contains("No valid privileges")) {
                printMissingPerms(getHiveConf().get("sentry.hive.authorization.errors"));
            }
            throw new SemanticException("Compilation error: " + compileAndRespond.getErrorMessage());
        }
        driver.close();
        System.out.println("User " + getUser() + " has privileges to run the query");
    }

    public void verifyRemoteQuery(String str) throws Exception {
        Class.forName("org.apache.hive.jdbc.HiveDriver");
        Connection connection = DriverManager.getConnection(getJdbcURL(), getUser(), getPassWord());
        Statement createStatement = connection.createStatement();
        if (!isSentryEnabledOnHiveServer(createStatement)) {
            throw new IllegalStateException("Sentry is not enabled on HiveServer2");
        }
        createStatement.execute("set sentry.hive.mock.compilation=true");
        try {
            try {
                createStatement.execute(str);
                if (!createStatement.isClosed()) {
                    createStatement.close();
                }
                connection.close();
            } catch (SQLException e) {
                String message = e.getMessage();
                if (!message.contains("sentry.hive.mock.error")) {
                    if (!message.contains("No valid privileges")) {
                        throw e;
                    }
                    printMissingPerms(readConfig(createStatement, "sentry.hive.authorization.errors"));
                    throw e;
                }
                System.out.println("User " + readConfig(createStatement, "hive.sentry.subject.name") + " has privileges to run the query");
                if (!createStatement.isClosed()) {
                    createStatement.close();
                }
                connection.close();
            }
        } catch (Throwable th) {
            if (!createStatement.isClosed()) {
                createStatement.close();
            }
            connection.close();
            throw th;
        }
    }

    private boolean isSentryEnabledOnHiveServer(Statement statement) throws SQLException {
        String upperCase = readConfig(statement, HiveConf.ConfVars.HIVE_SERVER2_SESSION_HOOK.varname).toUpperCase();
        return upperCase.contains("org.apache.sentry.binding.hive".toUpperCase()) && upperCase.contains("HiveAuthzBindingSessionHook".toUpperCase());
    }

    private String readConfig(Statement statement, String str) throws SQLException {
        ResultSet executeQuery = statement.executeQuery("set " + str);
        Throwable th = null;
        try {
            try {
                if (!executeQuery.next()) {
                    if (executeQuery != null) {
                        if (0 != 0) {
                            try {
                                executeQuery.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            executeQuery.close();
                        }
                    }
                    return null;
                }
                String string = executeQuery.getString(1);
                executeQuery.close();
                String substring = string.substring(string.indexOf("=") + 1);
                if (executeQuery != null) {
                    if (0 != 0) {
                        try {
                            executeQuery.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        executeQuery.close();
                    }
                }
                return substring;
            } finally {
            }
        } catch (Throwable th4) {
            if (executeQuery != null) {
                if (th != null) {
                    try {
                        executeQuery.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    executeQuery.close();
                }
            }
            throw th4;
        }
    }

    private void printConfigErrors(SentryConfigurationException sentryConfigurationException) throws SentryConfigurationException {
        System.out.println(" *** Found configuration problems *** ");
        Iterator it = sentryConfigurationException.getConfigErrors().iterator();
        while (it.hasNext()) {
            System.out.println("ERROR: " + ((String) it.next()));
        }
        Iterator it2 = sentryConfigurationException.getConfigWarnings().iterator();
        while (it2.hasNext()) {
            System.out.println("Warning: " + ((String) it2.next()));
        }
    }

    private void printMissingPerms(String str) {
        if (str == null || str.isEmpty()) {
            return;
        }
        System.out.println("*** Query compilation failed ***");
        String[] split = str.replaceFirst(".*No valid privileges", "").split(";");
        System.out.println("Required privileges for given query:");
        for (String str2 : split) {
            System.out.println(" \t " + str2);
        }
    }

    private void usage(Options options) {
        new HelpFormatter().printHelp("sentry --command config-tool", options);
        System.exit(-1);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void parseArgs(String[] strArr) {
        boolean z = false;
        Options options = new Options();
        Option option = new Option("h", "help", false, "Print usage");
        option.setRequired(false);
        Option option2 = new Option("v", "validate", false, "Validate policy file");
        option2.setRequired(false);
        Option option3 = new Option("e", "query", true, "Query privilege verification, requires -u");
        option3.setRequired(false);
        Option option4 = new Option("l", "listPerms", false, "list permissions for given user, requires -u");
        option4.setRequired(false);
        Option option5 = new Option("listPrivs", false, "list privileges for given user, requires -u");
        option5.setRequired(false);
        Option option6 = new Option("I", "import", true, "Import policy file");
        option6.setRequired(false);
        Option option7 = new Option("E", "export", true, "Export policy file");
        option7.setRequired(false);
        OptionGroup optionGroup = new OptionGroup();
        optionGroup.addOption(option);
        optionGroup.addOption(option2);
        optionGroup.addOption(option3);
        optionGroup.addOption(option4);
        optionGroup.addOption(option5);
        optionGroup.addOption(option6);
        optionGroup.addOption(option7);
        optionGroup.setRequired(true);
        options.addOptionGroup(optionGroup);
        Option option8 = new Option("j", "jdbcURL", true, "JDBC URL");
        option8.setRequired(false);
        options.addOption(option8);
        Option option9 = new Option("s", "sentry-site", true, "sentry-site file path");
        option9.setRequired(false);
        options.addOption(option9);
        Option option10 = new Option("i", "policyIni", true, "Policy file path");
        option10.setRequired(false);
        options.addOption(option10);
        Option option11 = new Option("u", "user", true, "user name");
        option11.setRequired(false);
        options.addOption(option11);
        Option option12 = new Option("p", "password", true, "Password");
        option11.setRequired(false);
        options.addOption(option12);
        Option option13 = new Option("d", "debug", false, "enable debug output");
        option13.setRequired(false);
        options.addOption(option13);
        Option option14 = new Option("o", "overwrite", false, "enable import overwrite");
        option14.setRequired(false);
        options.addOption(option14);
        Option option15 = new Option("b", "objectPath", false, "The path of the object whose privileges will be exported");
        option15.setRequired(false);
        options.addOption(option15);
        try {
            for (Option option16 : new GnuParser().parse(options, strArr).getOptions()) {
                if (option16.getOpt().equals("s")) {
                    setSentrySiteFile(option16.getValue());
                } else if (option16.getOpt().equals("i")) {
                    setPolicyFile(option16.getValue());
                } else if (option16.getOpt().equals("e")) {
                    setQuery(option16.getValue());
                } else if (option16.getOpt().equals("j")) {
                    setJdbcURL(option16.getValue());
                } else if (option16.getOpt().equals("u")) {
                    setUser(option16.getValue());
                } else if (option16.getOpt().equals("p")) {
                    setPassWord(option16.getValue());
                } else if (option16.getOpt().equals("l") || option16.getOpt().equals("listPrivs")) {
                    setListPrivs(true);
                } else if (option16.getOpt().equals("v")) {
                    setValidate(true);
                } else if (option16.getOpt().equals("I")) {
                    setImportPolicyFilePath(option16.getValue());
                } else if (option16.getOpt().equals("E")) {
                    setExportPolicyFilePath(option16.getValue());
                } else if (option16.getOpt().equals("h")) {
                    usage(options);
                } else if (option16.getOpt().equals("d")) {
                    z = true;
                } else if (option16.getOpt().equals("o")) {
                    setImportOverwriteRole(true);
                } else if (option16.getOpt().equals("b")) {
                    setObjectPath(option16.getValue());
                }
            }
        } catch (ParseException e) {
            usage(options);
        }
        if (isListPrivs() && getUser() == null) {
            throw new ParseException("Can't use -l without -u ");
        }
        if (getQuery() != null && getUser() == null) {
            throw new ParseException("Must use -u with -e ");
        }
        if (z) {
            return;
        }
        LogManager.getRootLogger().setLevel(Level.OFF);
    }
}
