package org.apache.sentry.binding.hive.authz;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Splitter;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.io.Serializable;
import java.net.URI;
import java.security.CodeSource;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hive.common.JavaUtils;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.api.FieldSchema;
import org.apache.hadoop.hive.ql.exec.FunctionRegistry;
import org.apache.hadoop.hive.ql.exec.Task;
import org.apache.hadoop.hive.ql.exec.Utilities;
import org.apache.hadoop.hive.ql.hooks.Entity;
import org.apache.hadoop.hive.ql.hooks.Hook;
import org.apache.hadoop.hive.ql.hooks.ReadEntity;
import org.apache.hadoop.hive.ql.hooks.WriteEntity;
import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
import org.apache.hadoop.hive.ql.parse.ASTNode;
import org.apache.hadoop.hive.ql.parse.AbstractSemanticAnalyzerHook;
import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer;
import org.apache.hadoop.hive.ql.parse.HiveSemanticAnalyzerHookContext;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.hadoop.hive.ql.plan.PlanUtils;
import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.apache.sentry.binding.hive.SentryOnFailureHookContext;
import org.apache.sentry.binding.hive.SentryOnFailureHookContextImpl;
import org.apache.sentry.binding.hive.authz.HiveAuthzBinding;
import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.common.utils.PathUtils;
import org.apache.sentry.core.model.db.AccessURI;
import org.apache.sentry.core.model.db.Column;
import org.apache.sentry.core.model.db.DBModelAction;
import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.apache.sentry.core.model.db.Database;
import org.apache.sentry.core.model.db.Table;
import org.apache.sentry.provider.cache.SimplePrivilegeCache;
import org.apache.sentry.provider.common.AuthorizationProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.class */
public abstract class HiveAuthzBindingHookBase extends AbstractSemanticAnalyzerHook {
    protected final HiveAuthzBinding hiveAuthzBinding;
    protected final HiveAuthzConf authzConf;
    protected Table currTab;
    protected List<AccessURI> udfURIs;
    protected AccessURI serdeURI;
    protected AccessURI partitionURI;
    protected AccessURI indexURI;
    protected final List<String> serdeWhiteList;
    protected boolean serdeURIPrivilegesEnabled;
    private static final Logger LOG = LoggerFactory.getLogger(HiveAuthzBindingHookBase.class);
    protected static final HiveAuthzPrivileges columnMetaDataPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().addInputObjectPriviledge(DBModelAuthorizable.AuthorizableType.Column, EnumSet.of(DBModelAction.SELECT, DBModelAction.INSERT)).setOperationScope(HiveAuthzPrivileges.HiveOperationScope.COLUMN).setOperationType(HiveAuthzPrivileges.HiveOperationType.INFO).build();
    protected Database currDB = Database.ALL;
    protected Table currOutTab = null;
    protected Database currOutDB = null;
    protected boolean isDescTableBasic = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.sentry.binding.hive.authz.HiveAuthzBindingHookBase$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$sentry$binding$hive$authz$HiveAuthzPrivileges$HiveOperationScope;
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$hive$ql$hooks$Entity$Type = new int[Entity.Type.values().length];

        static {
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$hooks$Entity$Type[Entity.Type.TABLE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$hooks$Entity$Type[Entity.Type.PARTITION.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$hooks$Entity$Type[Entity.Type.DUMMYPARTITION.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$hooks$Entity$Type[Entity.Type.DFS_DIR.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$hooks$Entity$Type[Entity.Type.LOCAL_DIR.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$hooks$Entity$Type[Entity.Type.DATABASE.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$hooks$Entity$Type[Entity.Type.FUNCTION.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            $SwitchMap$org$apache$sentry$binding$hive$authz$HiveAuthzPrivileges$HiveOperationScope = new int[HiveAuthzPrivileges.HiveOperationScope.values().length];
            try {
                $SwitchMap$org$apache$sentry$binding$hive$authz$HiveAuthzPrivileges$HiveOperationScope[HiveAuthzPrivileges.HiveOperationScope.SERVER.ordinal()] = 1;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$apache$sentry$binding$hive$authz$HiveAuthzPrivileges$HiveOperationScope[HiveAuthzPrivileges.HiveOperationScope.DATABASE.ordinal()] = 2;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$apache$sentry$binding$hive$authz$HiveAuthzPrivileges$HiveOperationScope[HiveAuthzPrivileges.HiveOperationScope.TABLE.ordinal()] = 3;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$apache$sentry$binding$hive$authz$HiveAuthzPrivileges$HiveOperationScope[HiveAuthzPrivileges.HiveOperationScope.FUNCTION.ordinal()] = 4;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$apache$sentry$binding$hive$authz$HiveAuthzPrivileges$HiveOperationScope[HiveAuthzPrivileges.HiveOperationScope.CONNECT.ordinal()] = 5;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$apache$sentry$binding$hive$authz$HiveAuthzPrivileges$HiveOperationScope[HiveAuthzPrivileges.HiveOperationScope.COLUMN.ordinal()] = 6;
            } catch (NoSuchFieldError e13) {
            }
        }
    }

    public HiveAuthzBindingHookBase() throws Exception {
        SessionState sessionState = SessionState.get();
        if (sessionState == null) {
            throw new IllegalStateException("Session has not been started");
        }
        SessionState.get().setAuthorizer((HiveAuthorizationProvider) null);
        HiveConf conf = sessionState.getConf();
        if (conf == null) {
            throw new IllegalStateException("Session HiveConf is null");
        }
        this.authzConf = loadAuthzConf(conf);
        this.udfURIs = Lists.newArrayList();
        this.hiveAuthzBinding = new HiveAuthzBinding(conf, this.authzConf);
        this.serdeWhiteList = Arrays.asList(this.authzConf.get("hive.sentry.serde.whitelist", "org.apache.hadoop.hive.serde2").split(","));
        this.serdeURIPrivilegesEnabled = this.authzConf.getBoolean("hive.sentry.turn.on.serde.uri.privileges", false);
        FunctionRegistry.setupPermissionsForBuiltinUDFs("", "reflect,reflect2,java_method");
    }

    /* JADX WARN: Code restructure failed: missing block: B:4:0x0018, code lost:
    
        if (r0.isEmpty() != false) goto L6;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static org.apache.sentry.binding.hive.conf.HiveAuthzConf loadAuthzConf(org.apache.hadoop.hive.conf.HiveConf r6) {
        /*
            r0 = 0
            r7 = r0
            r0 = 0
            r8 = r0
            r0 = r6
            java.lang.String r1 = "hive.sentry.conf.url"
            java.lang.String r0 = r0.get(r1)
            r9 = r0
            r0 = r9
            if (r0 == 0) goto L1b
            r0 = r9
            java.lang.String r0 = r0.trim()
            r1 = r0
            r9 = r1
            boolean r0 = r0.isEmpty()
            if (r0 == 0) goto L24
        L1b:
            r0 = r6
            java.lang.String r1 = "hive.access.conf.url"
            java.lang.String r0 = r0.get(r1)
            r9 = r0
            r0 = 1
            r7 = r0
        L24:
            r0 = r9
            if (r0 == 0) goto L34
            r0 = r9
            java.lang.String r0 = r0.trim()
            r1 = r0
            r9 = r1
            boolean r0 = r0.isEmpty()
            if (r0 == 0) goto L54
        L34:
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException
            r1 = r0
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "Configuration key hive.sentry.conf.url value '"
            java.lang.StringBuilder r2 = r2.append(r3)
            r3 = r9
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r3 = "' is invalid."
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r1.<init>(r2)
            throw r0
        L54:
            org.apache.sentry.binding.hive.conf.HiveAuthzConf r0 = new org.apache.sentry.binding.hive.conf.HiveAuthzConf     // Catch: java.net.MalformedURLException -> L67
            r1 = r0
            java.net.URL r2 = new java.net.URL     // Catch: java.net.MalformedURLException -> L67
            r3 = r2
            r4 = r9
            r3.<init>(r4)     // Catch: java.net.MalformedURLException -> L67
            r1.<init>(r2)     // Catch: java.net.MalformedURLException -> L67
            r8 = r0
            goto Lb1
        L67:
            r10 = move-exception
            r0 = r7
            if (r0 == 0) goto L8f
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException
            r1 = r0
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "Configuration key hive.access.conf.url specifies a malformed URL '"
            java.lang.StringBuilder r2 = r2.append(r3)
            r3 = r9
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r3 = "'"
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r3 = r10
            r1.<init>(r2, r3)
            throw r0
        L8f:
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException
            r1 = r0
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "Configuration key hive.sentry.conf.url specifies a malformed URL '"
            java.lang.StringBuilder r2 = r2.append(r3)
            r3 = r9
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r3 = "'"
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r3 = r10
            r1.<init>(r2, r3)
            throw r0
        Lb1:
            r0 = r8
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.sentry.binding.hive.authz.HiveAuthzBindingHookBase.loadAuthzConf(org.apache.hadoop.hive.conf.HiveConf):org.apache.sentry.binding.hive.conf.HiveAuthzConf");
    }

    public abstract ASTNode preAnalyze(HiveSemanticAnalyzerHookContext hiveSemanticAnalyzerHookContext, ASTNode aSTNode) throws SemanticException;

    public abstract void postAnalyze(HiveSemanticAnalyzerHookContext hiveSemanticAnalyzerHookContext, List<Task<? extends Serializable>> list) throws SemanticException;

    /* JADX INFO: Access modifiers changed from: protected */
    public void executeOnFailureHooks(HiveSemanticAnalyzerHookContext hiveSemanticAnalyzerHookContext, HiveOperation hiveOperation, AuthorizationException authorizationException) {
        SentryOnFailureHookContextImpl sentryOnFailureHookContextImpl = new SentryOnFailureHookContextImpl(hiveSemanticAnalyzerHookContext.getCommand(), hiveSemanticAnalyzerHookContext.getInputs(), hiveSemanticAnalyzerHookContext.getOutputs(), hiveOperation, this.currDB, this.currTab, this.udfURIs, (AccessURI) null, hiveSemanticAnalyzerHookContext.getUserName(), hiveSemanticAnalyzerHookContext.getIpAddress(), authorizationException, hiveSemanticAnalyzerHookContext.getConf());
        try {
            Iterator it = getHooks(this.authzConf.get(HiveAuthzConf.AuthzConfVars.AUTHZ_ONFAILURE_HOOKS.getVar(), "").trim()).iterator();
            while (it.hasNext()) {
                ((Hook) it.next()).run(sentryOnFailureHookContextImpl);
            }
        } catch (Exception e) {
            LOG.error("Error executing hook:", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<String> getFunctionJars(ASTNode aSTNode) {
        ASTNode firstChildWithType = aSTNode.getFirstChildWithType(887);
        ArrayList arrayList = new ArrayList();
        if (firstChildWithType != null) {
            for (int i = 0; i < firstChildWithType.getChildCount(); i++) {
                ASTNode child = firstChildWithType.getChild(i);
                ASTNode child2 = child.getChild(0);
                ASTNode child3 = child.getChild(1);
                if (child2.getType() == 801) {
                    arrayList.add(PlanUtils.stripQuotes(child3.getText()));
                }
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @VisibleForTesting
    public static AccessURI extractPartition(ASTNode aSTNode) throws SemanticException {
        for (int i = 0; i < aSTNode.getChildCount(); i++) {
            ASTNode child = aSTNode.getChild(i);
            if (child.getToken().getType() == 854 && child.getChildCount() == 1) {
                return parseURI(BaseSemanticAnalyzer.unescapeSQLString(child.getChild(0).getText()));
            }
        }
        return null;
    }

    @VisibleForTesting
    public static AccessURI parseURI(String str) throws SemanticException {
        return parseURI(str, false);
    }

    @VisibleForTesting
    public static AccessURI parseURI(String str, boolean z) throws SemanticException {
        try {
            HiveConf conf = SessionState.get().getConf();
            String var = conf.getVar(HiveConf.ConfVars.METASTOREWAREHOUSE);
            Path path = new Path(var);
            if (path.isAbsoluteAndSchemeAuthorityNull()) {
                var = path.makeQualified(FileSystem.getDefaultUri(conf), path).toUri().toString();
            }
            return new AccessURI(PathUtils.parseURI(var, str, z));
        } catch (Exception e) {
            throw new SemanticException("Error parsing URI " + str + ": " + e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Database getCanonicalDb() {
        return new Database(SessionState.get().getCurrentDatabase());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void extractDbTableNameFromTOKTABLE(ASTNode aSTNode) throws SemanticException {
        String[] qualifiedTableName = BaseSemanticAnalyzer.getQualifiedTableName(aSTNode);
        Preconditions.checkArgument(qualifiedTableName.length == 2, "BaseSemanticAnalyzer.getQualifiedTableName should return an array with dbName and tableName");
        this.currOutDB = new Database(qualifiedTableName[0]);
        this.currOutTab = new Table(qualifiedTableName[1]);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Database extractDatabase(ASTNode aSTNode) throws SemanticException {
        String unescapedName = BaseSemanticAnalyzer.getUnescapedName(aSTNode);
        return unescapedName.contains(".") ? new Database(unescapedName.split("\\.")[0]) : getCanonicalDb();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Table extractTable(ASTNode aSTNode) throws SemanticException {
        String unescapedName = BaseSemanticAnalyzer.getUnescapedName(aSTNode);
        return unescapedName.contains(".") ? new Table(unescapedName.split("\\.")[1]) : new Table(unescapedName);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static AccessURI extractTableLocation(ASTNode aSTNode) throws SemanticException {
        ASTNode firstChildWithType = aSTNode.getFirstChildWithType(959);
        if (firstChildWithType == null) {
            LOG.debug("Token HiveParser.TOK_TABLELOCATION not found in ast. This means command does not have a location clause");
            return null;
        }
        if (firstChildWithType.getChildCount() == 1) {
            return parseURI(BaseSemanticAnalyzer.unescapeSQLString(firstChildWithType.getChild(0).getText()));
        }
        LOG.error("Found Token HiveParser.TOK_TABLELOCATION, but was expecting the URI as its only child. This means it is possible that permissions on the URI are not checked for this command ");
        return null;
    }

    public static void runFailureHook(SentryOnFailureHookContext sentryOnFailureHookContext, String str) {
        try {
            Iterator it = getHooks(str).iterator();
            while (it.hasNext()) {
                ((Hook) it.next()).run(sentryOnFailureHookContext);
            }
        } catch (Exception e) {
            LOG.error("Error executing hook:", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void authorizeWithHiveBindings(HiveSemanticAnalyzerHookContext hiveSemanticAnalyzerHookContext, HiveAuthzPrivileges hiveAuthzPrivileges, HiveOperation hiveOperation) throws AuthorizationException {
        HiveAuthzBinding hiveAuthzBinding;
        Set<ReadEntity> inputs = hiveSemanticAnalyzerHookContext.getInputs();
        Set<WriteEntity> outputs = hiveSemanticAnalyzerHookContext.getOutputs();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (LOG.isDebugEnabled()) {
            LOG.debug("stmtAuthObject.getOperationScope() = " + hiveAuthzPrivileges.getOperationScope());
            LOG.debug("context.getInputs() = " + hiveSemanticAnalyzerHookContext.getInputs());
            LOG.debug("context.getOutputs() = " + hiveSemanticAnalyzerHookContext.getOutputs());
        }
        if (this.isDescTableBasic) {
            hiveAuthzPrivileges = columnMetaDataPrivilege;
        }
        switch (AnonymousClass1.$SwitchMap$org$apache$sentry$binding$hive$authz$HiveAuthzPrivileges$HiveOperationScope[hiveAuthzPrivileges.getOperationScope().ordinal()]) {
            case 1:
                ArrayList arrayList3 = new ArrayList();
                arrayList3.add(this.hiveAuthzBinding.getAuthServer());
                arrayList.add(arrayList3);
                break;
            case 2:
                ArrayList arrayList4 = new ArrayList();
                arrayList4.add(this.hiveAuthzBinding.getAuthServer());
                arrayList4.add(this.currDB);
                arrayList.add(arrayList4);
                if (this.currOutDB != null) {
                    ArrayList arrayList5 = new ArrayList();
                    arrayList5.add(this.hiveAuthzBinding.getAuthServer());
                    arrayList5.add(this.currOutDB);
                    arrayList2.add(arrayList5);
                } else {
                    arrayList2.add(arrayList4);
                }
                getInputHierarchyFromInputs(arrayList, inputs);
                if (this.serdeURI != null) {
                    ArrayList arrayList6 = new ArrayList();
                    arrayList6.add(this.hiveAuthzBinding.getAuthServer());
                    arrayList6.add(this.serdeURI);
                    arrayList2.add(arrayList6);
                    break;
                }
                break;
            case 3:
                if (this.partitionURI != null) {
                    arrayList.add(ImmutableList.of(this.hiveAuthzBinding.getAuthServer(), this.partitionURI));
                }
                if (this.indexURI != null) {
                    arrayList2.add(ImmutableList.of(this.hiveAuthzBinding.getAuthServer(), this.indexURI));
                }
                getInputHierarchyFromInputs(arrayList, inputs);
                for (WriteEntity writeEntity : outputs) {
                    if (!filterWriteEntity(writeEntity)) {
                        ArrayList arrayList7 = new ArrayList();
                        arrayList7.add(this.hiveAuthzBinding.getAuthServer());
                        arrayList7.addAll(getAuthzHierarchyFromEntity(writeEntity));
                        arrayList2.add(arrayList7);
                    }
                }
                if (this.currTab != null) {
                    ArrayList arrayList8 = new ArrayList();
                    arrayList8.add(this.hiveAuthzBinding.getAuthServer());
                    arrayList8.add(this.currDB);
                    arrayList8.add(this.currTab);
                    arrayList.add(arrayList8);
                }
                if (this.currOutTab != null) {
                    ArrayList arrayList9 = new ArrayList();
                    arrayList9.add(this.hiveAuthzBinding.getAuthServer());
                    arrayList9.add(this.currOutDB);
                    arrayList9.add(this.currOutTab);
                    arrayList2.add(arrayList9);
                }
                if (this.serdeURI != null) {
                    ArrayList arrayList10 = new ArrayList();
                    arrayList10.add(this.hiveAuthzBinding.getAuthServer());
                    arrayList10.add(this.serdeURI);
                    arrayList2.add(arrayList10);
                    break;
                }
                break;
            case 4:
                if (!this.udfURIs.isEmpty()) {
                    ArrayList arrayList11 = new ArrayList();
                    arrayList11.add(this.hiveAuthzBinding.getAuthServer());
                    arrayList11.addAll(this.udfURIs);
                    arrayList.add(arrayList11);
                    for (WriteEntity writeEntity2 : outputs) {
                        ArrayList arrayList12 = new ArrayList();
                        arrayList12.add(this.hiveAuthzBinding.getAuthServer());
                        arrayList12.addAll(getAuthzHierarchyFromEntity(writeEntity2));
                        arrayList2.add(arrayList12);
                    }
                    break;
                }
                break;
            case 5:
                ArrayList arrayList13 = new ArrayList();
                arrayList13.add(this.hiveAuthzBinding.getAuthServer());
                Table table = Table.ALL;
                Column column = Column.ALL;
                if ("default".equalsIgnoreCase(this.currDB.getName()) && "false".equalsIgnoreCase(this.authzConf.get(HiveAuthzConf.AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), "false"))) {
                    this.currDB = Database.ALL;
                    table = Table.SOME;
                }
                arrayList13.add(this.currDB);
                arrayList13.add(table);
                arrayList13.add(column);
                arrayList.add(arrayList13);
                arrayList2.add(arrayList13);
                break;
            case 6:
                for (ReadEntity readEntity : inputs) {
                    if (readEntity.getAccessedColumns() == null || readEntity.getAccessedColumns().isEmpty()) {
                        ArrayList arrayList14 = new ArrayList();
                        arrayList14.add(this.hiveAuthzBinding.getAuthServer());
                        arrayList14.addAll(getAuthzHierarchyFromEntity(readEntity));
                        arrayList14.add(Column.ALL);
                        arrayList.add(arrayList14);
                    } else {
                        addColumnHierarchy(arrayList, readEntity);
                    }
                }
                break;
            default:
                throw new AuthorizationException("Unknown operation scope type " + hiveAuthzPrivileges.getOperationScope().toString());
        }
        try {
            hiveAuthzBinding = getHiveBindingWithPrivilegeCache(this.hiveAuthzBinding, hiveSemanticAnalyzerHookContext.getUserName());
        } catch (SemanticException e) {
            hiveAuthzBinding = this.hiveAuthzBinding;
        }
        hiveAuthzBinding.authorize(hiveOperation, hiveAuthzPrivileges, getCurrentSubject(hiveSemanticAnalyzerHookContext), arrayList, arrayList2);
    }

    private List<DBModelAuthorizable> getAuthzHierarchyFromEntity(Entity entity) {
        ArrayList arrayList = new ArrayList();
        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$ql$hooks$Entity$Type[entity.getType().ordinal()]) {
            case 1:
                arrayList.add(new Database(entity.getTable().getDbName()));
                arrayList.add(new Table(entity.getTable().getTableName()));
                break;
            case 2:
            case 3:
                arrayList.add(new Database(entity.getPartition().getTable().getDbName()));
                arrayList.add(new Table(entity.getPartition().getTable().getTableName()));
                break;
            case 4:
            case 5:
                try {
                    arrayList.add(parseURI(entity.toString(), entity.getType().equals(Entity.Type.LOCAL_DIR)));
                    break;
                } catch (Exception e) {
                    throw new AuthorizationException("Failed to get File URI", e);
                }
            case 6:
            case 7:
                break;
            default:
                throw new UnsupportedOperationException("Unsupported entity type " + entity.getType().name());
        }
        return arrayList;
    }

    protected void addColumnHierarchy(List<List<DBModelAuthorizable>> list, ReadEntity readEntity) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.hiveAuthzBinding.getAuthServer());
        arrayList.addAll(getAuthzHierarchyFromEntity(readEntity));
        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$ql$hooks$Entity$Type[readEntity.getType().ordinal()]) {
            case 1:
            case 2:
                for (String str : readEntity.getAccessedColumns()) {
                    ArrayList arrayList2 = new ArrayList(arrayList);
                    arrayList2.add(new Column(str));
                    list.add(arrayList2);
                }
                return;
            default:
                list.add(arrayList);
                return;
        }
    }

    protected void getInputHierarchyFromInputs(List<List<DBModelAuthorizable>> list, Set<ReadEntity> set) {
        for (ReadEntity readEntity : set) {
            if (!isChildTabForView(readEntity) && !isDummyEntity(readEntity)) {
                if (readEntity.getAccessedColumns() == null || readEntity.getAccessedColumns().isEmpty()) {
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(this.hiveAuthzBinding.getAuthServer());
                    arrayList.addAll(getAuthzHierarchyFromEntity(readEntity));
                    list.add(arrayList);
                } else {
                    addColumnHierarchy(list, readEntity);
                }
            }
        }
    }

    private boolean filterWriteEntity(WriteEntity writeEntity) throws AuthorizationException {
        if (writeEntity.isTempURI()) {
            return true;
        }
        try {
            if (!writeEntity.getTyp().equals(Entity.Type.DFS_DIR) && !writeEntity.getTyp().equals(Entity.Type.LOCAL_DIR)) {
                return false;
            }
            HiveConf conf = SessionState.get().getConf();
            String var = conf.getVar(HiveConf.ConfVars.METASTOREWAREHOUSE);
            URI uri = new URI(PathUtils.parseDFSURI(var, conf.getVar(HiveConf.ConfVars.SCRATCHDIR)));
            URI uri2 = new URI(PathUtils.parseDFSURI(var, writeEntity.getLocation().getPath()));
            LOG.debug("scratchURI = " + uri + ", requestURI = " + uri2);
            if (PathUtils.impliesURI(uri, uri2)) {
                return true;
            }
            URI uri3 = new URI(PathUtils.parseLocalURI(conf.getVar(HiveConf.ConfVars.LOCALSCRATCHDIR)));
            URI uri4 = new URI(PathUtils.parseLocalURI(writeEntity.getLocation().getPath()));
            LOG.debug("localScratchURI = " + uri3 + ", localRequestURI = " + uri4);
            return PathUtils.impliesURI(uri3, uri4);
        } catch (Exception e) {
            throw new AuthorizationException("Failed to extract uri details", e);
        }
    }

    public static List<String> filterShowTables(HiveAuthzBinding hiveAuthzBinding, List<String> list, HiveOperation hiveOperation, String str, String str2) throws SemanticException {
        ArrayList arrayList = new ArrayList();
        Subject subject = new Subject(str);
        HiveAuthzPrivileges build = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().addInputObjectPriviledge(DBModelAuthorizable.AuthorizableType.Column, EnumSet.of(DBModelAction.SELECT, DBModelAction.INSERT)).setOperationScope(HiveAuthzPrivileges.HiveOperationScope.TABLE).setOperationType(HiveAuthzPrivileges.HiveOperationType.INFO).build();
        HiveAuthzBinding hiveBindingWithPrivilegeCache = getHiveBindingWithPrivilegeCache(hiveAuthzBinding, str);
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            Table table = new Table(it.next());
            Database database = new Database(str2);
            ArrayList arrayList2 = new ArrayList();
            ArrayList arrayList3 = new ArrayList();
            ArrayList arrayList4 = new ArrayList();
            arrayList4.add(hiveAuthzBinding.getAuthServer());
            arrayList4.add(database);
            arrayList4.add(table);
            arrayList4.add(Column.ALL);
            arrayList2.add(arrayList4);
            try {
                hiveBindingWithPrivilegeCache.authorize(hiveOperation, build, subject, arrayList2, arrayList3);
                arrayList.add(table.getName());
            } catch (AuthorizationException e) {
            }
        }
        return arrayList;
    }

    public static List<FieldSchema> filterShowColumns(HiveAuthzBinding hiveAuthzBinding, List<FieldSchema> list, HiveOperation hiveOperation, String str, String str2, String str3) throws SemanticException {
        ArrayList arrayList = new ArrayList();
        Subject subject = new Subject(str);
        HiveAuthzBinding hiveBindingWithPrivilegeCache = getHiveBindingWithPrivilegeCache(hiveAuthzBinding, str);
        Database database = new Database(str3);
        Table table = new Table(str2);
        for (FieldSchema fieldSchema : list) {
            ArrayList arrayList2 = new ArrayList();
            ArrayList arrayList3 = new ArrayList();
            ArrayList arrayList4 = new ArrayList();
            arrayList4.add(hiveAuthzBinding.getAuthServer());
            arrayList4.add(database);
            arrayList4.add(table);
            arrayList4.add(new Column(fieldSchema.getName()));
            arrayList2.add(arrayList4);
            try {
                hiveBindingWithPrivilegeCache.authorize(hiveOperation, columnMetaDataPrivilege, subject, arrayList2, arrayList3);
                arrayList.add(fieldSchema);
            } catch (AuthorizationException e) {
            }
        }
        return arrayList;
    }

    public static List<String> filterShowDatabases(HiveAuthzBinding hiveAuthzBinding, List<String> list, HiveOperation hiveOperation, String str) throws SemanticException {
        ArrayList arrayList = new ArrayList();
        Subject subject = new Subject(str);
        HiveAuthzBinding hiveBindingWithPrivilegeCache = getHiveBindingWithPrivilegeCache(hiveAuthzBinding, str);
        HiveAuthzPrivileges build = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().addInputObjectPriviledge(DBModelAuthorizable.AuthorizableType.Column, EnumSet.of(DBModelAction.SELECT, DBModelAction.INSERT)).addInputObjectPriviledge(DBModelAuthorizable.AuthorizableType.URI, EnumSet.of(DBModelAction.SELECT)).setOperationScope(HiveAuthzPrivileges.HiveOperationScope.CONNECT).setOperationType(HiveAuthzPrivileges.HiveOperationType.QUERY).build();
        for (String str2 : list) {
            if ("default".equalsIgnoreCase(str2) && "false".equalsIgnoreCase(hiveAuthzBinding.getAuthzConf().get(HiveAuthzConf.AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), "false"))) {
                arrayList.add("default");
            } else {
                Database database = new Database(str2);
                ArrayList arrayList2 = new ArrayList();
                ArrayList arrayList3 = new ArrayList();
                ArrayList arrayList4 = new ArrayList();
                arrayList4.add(hiveAuthzBinding.getAuthServer());
                arrayList4.add(database);
                arrayList4.add(Table.ALL);
                arrayList4.add(Column.ALL);
                arrayList2.add(arrayList4);
                try {
                    hiveBindingWithPrivilegeCache.authorize(hiveOperation, build, subject, arrayList2, arrayList3);
                    arrayList.add(database.getName());
                } catch (AuthorizationException e) {
                }
            }
        }
        return arrayList;
    }

    private boolean isChildTabForView(ReadEntity readEntity) {
        if ((!readEntity.getType().equals(Entity.Type.TABLE) && !readEntity.getType().equals(Entity.Type.PARTITION)) || readEntity.getParents() == null || readEntity.getParents().size() <= 0) {
            return false;
        }
        Iterator it = readEntity.getParents().iterator();
        while (it.hasNext()) {
            if (!((ReadEntity) it.next()).getType().equals(Entity.Type.TABLE)) {
                return false;
            }
        }
        return true;
    }

    private static <T extends Hook> List<T> getHooks(String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        if (str.isEmpty()) {
            return arrayList;
        }
        for (String str2 : Splitter.on(",").omitEmptyStrings().trimResults().split(str)) {
            try {
                arrayList.add((Hook) Class.forName(str2, true, JavaUtils.getClassLoader()).newInstance());
            } catch (ClassNotFoundException e) {
                LOG.error(str2 + " Class not found:" + e.getMessage());
                throw e;
            }
        }
        return arrayList;
    }

    private boolean isDummyEntity(Entity entity) {
        return entity.isDummy();
    }

    private static HiveAuthzBinding getHiveBindingWithPrivilegeCache(HiveAuthzBinding hiveAuthzBinding, String str) throws SemanticException {
        AuthorizationProvider currentAuthProvider = hiveAuthzBinding.getCurrentAuthProvider();
        try {
            return new HiveAuthzBinding(HiveAuthzBinding.HiveHook.HiveServer2, hiveAuthzBinding.getHiveConf(), hiveAuthzBinding.getAuthzConf(), new SimplePrivilegeCache(currentAuthProvider.getPolicyEngine().getPrivileges(currentAuthProvider.getGroupMapping().getGroups(str), Sets.newHashSet(new String[]{str}), hiveAuthzBinding.getActiveRoleSet(), new Authorizable[]{hiveAuthzBinding.getAuthServer()})));
        } catch (Exception e) {
            LOG.error("Can not create HiveAuthzBinding with privilege cache.");
            throw new SemanticException(e);
        }
    }

    private static boolean hasPrefixMatch(List<String> list, String str) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (str.startsWith(it.next())) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setSerdeURI(String str) throws SemanticException {
        if (this.serdeURIPrivilegesEnabled && !hasPrefixMatch(this.serdeWhiteList, str)) {
            try {
                CodeSource codeSource = Class.forName(str, true, Utilities.getSessionSpecifiedClassLoader()).getProtectionDomain().getCodeSource();
                if (codeSource == null) {
                    throw new SemanticException("Could not resolve the jar for Serde class " + str);
                }
                String path = codeSource.getLocation().getPath();
                if (path == null || path.isEmpty()) {
                    throw new SemanticException("Could not find the jar for Serde class " + str + "to validate privileges");
                }
                this.serdeURI = parseURI(codeSource.getLocation().toString(), true);
            } catch (ClassNotFoundException e) {
                throw new SemanticException("Error retrieving Serde class:" + e.getMessage(), e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject getCurrentSubject(HiveSemanticAnalyzerHookContext hiveSemanticAnalyzerHookContext) {
        return new Subject(hiveSemanticAnalyzerHookContext.getUserName());
    }
}
