package org.apache.sentry.sqoop.authz;

import java.util.List;
import org.apache.log4j.Logger;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.sqoop.PrincipalDesc;
import org.apache.sentry.sqoop.SentrySqoopError;
import org.apache.sentry.sqoop.binding.SqoopAuthBinding;
import org.apache.sentry.sqoop.binding.SqoopAuthBindingSingleton;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.model.MPrincipal;
import org.apache.sqoop.model.MPrivilege;
import org.apache.sqoop.model.MResource;
import org.apache.sqoop.model.MRole;
import org.apache.sqoop.security.AuthorizationAccessController;
import org.apache.sqoop.security.SecurityError;

/* loaded from: input_file:org/apache/sentry/sqoop/authz/SentryAccessController.class */
public class SentryAccessController extends AuthorizationAccessController {
    private static final Logger LOG = Logger.getLogger(SentryAccessController.class);
    private final SqoopAuthBinding binding = SqoopAuthBindingSingleton.getInstance().getAuthBinding();

    private Subject getSubject() {
        return new Subject(SentryAuthorizationHandler.getAuthenticator().getUserName());
    }

    public void createRole(MRole mRole) throws SqoopException {
        this.binding.createRole(getSubject(), mRole.getName());
    }

    public void dropRole(MRole mRole) throws SqoopException {
        this.binding.dropRole(getSubject(), mRole.getName());
    }

    public List<MRole> getAllRoles() throws SqoopException {
        return this.binding.listAllRoles(getSubject());
    }

    public List<MPrincipal> getPrincipalsByRole(MRole mRole) throws SqoopException {
        throw new SqoopException(SecurityError.AUTH_0014, SentrySqoopError.NOT_IMPLEMENT_YET);
    }

    public List<MPrivilege> getPrivilegesByPrincipal(MPrincipal mPrincipal, MResource mResource) throws SqoopException {
        PrincipalDesc fromStr = PrincipalDesc.fromStr(mPrincipal.getName(), mPrincipal.getType());
        if (fromStr.getType() != PrincipalDesc.PrincipalType.ROLE) {
            throw new SqoopException(SecurityError.AUTH_0014, SentrySqoopError.SHOW_PRIVILEGE_NOT_SUPPORTED_FOR_PRINCIPAL + fromStr.getType().name());
        }
        return this.binding.listPrivilegeByRole(getSubject(), fromStr.getName(), mResource);
    }

    public List<MRole> getRolesByPrincipal(MPrincipal mPrincipal) throws SqoopException {
        PrincipalDesc fromStr = PrincipalDesc.fromStr(mPrincipal.getName(), mPrincipal.getType());
        if (fromStr.getType() != PrincipalDesc.PrincipalType.GROUP) {
            throw new SqoopException(SecurityError.AUTH_0014, SentrySqoopError.SHOW_GRANT_NOT_SUPPORTED_FOR_PRINCIPAL + fromStr.getType().name());
        }
        return this.binding.listRolesByGroup(getSubject(), fromStr.getName());
    }

    public void grantPrivileges(List<MPrincipal> list, List<MPrivilege> list2) throws SqoopException {
        for (MPrincipal mPrincipal : list) {
            PrincipalDesc fromStr = PrincipalDesc.fromStr(mPrincipal.getName(), mPrincipal.getType());
            if (fromStr.getType() != PrincipalDesc.PrincipalType.ROLE) {
                throw new SqoopException(SecurityError.AUTH_0014, SentrySqoopError.GRANT_REVOKE_PRIVILEGE_NOT_SUPPORT_FOR_PRINCIPAL + fromStr.getType().name());
            }
            for (MPrivilege mPrivilege : list2) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Going to grant privilege : " + mPrivilege + " to principal: " + mPrincipal);
                }
                this.binding.grantPrivilege(getSubject(), mPrincipal.getName(), mPrivilege);
            }
        }
    }

    public void grantRole(List<MPrincipal> list, List<MRole> list2) throws SqoopException {
        for (MPrincipal mPrincipal : list) {
            PrincipalDesc fromStr = PrincipalDesc.fromStr(mPrincipal.getName(), mPrincipal.getType());
            if (fromStr.getType() != PrincipalDesc.PrincipalType.GROUP) {
                throw new SqoopException(SecurityError.AUTH_0014, SentrySqoopError.GRANT_REVOKE_ROLE_NOT_SUPPORT_FOR_PRINCIPAL + fromStr.getType().name());
            }
            for (MRole mRole : list2) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Going to grant role : " + mRole.getName() + " to principal: " + mPrincipal);
                }
                this.binding.grantGroupToRole(getSubject(), mPrincipal.getName(), mRole);
            }
        }
    }

    public void removeResource(MResource mResource) throws SqoopException {
        this.binding.dropPrivilege(mResource);
    }

    public void revokePrivileges(List<MPrincipal> list, List<MPrivilege> list2) throws SqoopException {
        for (MPrincipal mPrincipal : list) {
            PrincipalDesc fromStr = PrincipalDesc.fromStr(mPrincipal.getName(), mPrincipal.getType());
            if (fromStr.getType() != PrincipalDesc.PrincipalType.ROLE) {
                throw new SqoopException(SecurityError.AUTH_0014, SentrySqoopError.GRANT_REVOKE_PRIVILEGE_NOT_SUPPORT_FOR_PRINCIPAL + fromStr.getType().name());
            }
            for (MPrivilege mPrivilege : list2) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Going to revoke privilege : " + mPrivilege + " from principal: " + mPrincipal);
                }
                this.binding.revokePrivilege(getSubject(), mPrincipal.getName(), mPrivilege);
            }
        }
    }

    public void revokeRole(List<MPrincipal> list, List<MRole> list2) throws SqoopException {
        for (MPrincipal mPrincipal : list) {
            PrincipalDesc fromStr = PrincipalDesc.fromStr(mPrincipal.getName(), mPrincipal.getType());
            if (fromStr.getType() != PrincipalDesc.PrincipalType.GROUP) {
                throw new SqoopException(SecurityError.AUTH_0014, SentrySqoopError.GRANT_REVOKE_ROLE_NOT_SUPPORT_FOR_PRINCIPAL + fromStr.getType().name());
            }
            for (MRole mRole : list2) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Going to revoke role : " + mRole.getName() + " from principal: " + mPrincipal);
                }
                this.binding.revokeGroupfromRole(getSubject(), mPrincipal.getName(), mRole);
            }
        }
    }

    public void updateResource(MResource mResource, MResource mResource2) throws SqoopException {
        this.binding.renamePrivilege(getSubject(), mResource, mResource2);
    }
}
