package org.apache.sentry.binding.hive.authz;

import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;

/* loaded from: input_file:org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerFactory.class */
public class SentryHiveAuthorizerFactory implements HiveAuthorizerFactory {
    public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory hiveMetastoreClientFactory, HiveConf hiveConf, HiveAuthenticationProvider hiveAuthenticationProvider, HiveAuthzSessionContext hiveAuthzSessionContext) throws HiveAuthzPluginException {
        HiveAuthzConf loadAuthzConf = HiveAuthzBindingHookBase.loadAuthzConf(hiveConf);
        try {
            return new SentryHiveAuthorizerImpl(new DefaultSentryAccessController(hiveConf, loadAuthzConf, hiveAuthenticationProvider, applyTestSettings(hiveAuthzSessionContext, hiveConf)), new DefaultSentryValidator(hiveConf, loadAuthzConf, hiveAuthenticationProvider));
        } catch (Exception e) {
            throw new HiveAuthzPluginException(e);
        }
    }

    private HiveAuthzSessionContext applyTestSettings(HiveAuthzSessionContext hiveAuthzSessionContext, HiveConf hiveConf) {
        if (!hiveConf.getBoolVar(HiveConf.ConfVars.HIVE_TEST_AUTHORIZATION_SQLSTD_HS2_MODE) || hiveAuthzSessionContext.getClientType() != HiveAuthzSessionContext.CLIENT_TYPE.HIVECLI) {
            return hiveAuthzSessionContext;
        }
        HiveAuthzSessionContext.Builder builder = new HiveAuthzSessionContext.Builder(hiveAuthzSessionContext);
        builder.setClientType(HiveAuthzSessionContext.CLIENT_TYPE.HIVESERVER2);
        return builder.build();
    }
}
