package org.apache.sentry.sqoop.authz;

import java.util.List;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.common.exception.SentryUserException;
import org.apache.sentry.sqoop.PrincipalDesc;
import org.apache.sentry.sqoop.SentrySqoopError;
import org.apache.sentry.sqoop.binding.SqoopAuthBinding;
import org.apache.sentry.sqoop.binding.SqoopAuthBindingSingleton;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.model.MPrincipal;
import org.apache.sqoop.model.MPrivilege;
import org.apache.sqoop.security.AuthorizationValidator;
import org.apache.sqoop.security.SecurityError;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/sqoop/authz/SentryAuthorizationValidator.class */
public class SentryAuthorizationValidator extends AuthorizationValidator {
    private static final Logger LOG = LoggerFactory.getLogger(SentryAuthorizationValidator.class);
    private final SqoopAuthBinding binding = SqoopAuthBindingSingleton.getInstance().getAuthBinding();

    public void checkPrivileges(MPrincipal mPrincipal, List<MPrivilege> list) throws SqoopException {
        if (list == null || list.isEmpty()) {
            return;
        }
        PrincipalDesc principalDesc = new PrincipalDesc(mPrincipal.getName(), mPrincipal.getType());
        if (principalDesc.getType() != PrincipalDesc.PrincipalType.USER) {
            throw new SqoopException(SecurityError.AUTH_0014, SentrySqoopError.AUTHORIZE_CHECK_NOT_SUPPORT_FOR_PRINCIPAL);
        }
        for (MPrivilege mPrivilege : list) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Going to authorize check on privilege : " + mPrivilege + " for principal: " + mPrincipal);
            }
            try {
                if (!this.binding.authorize(new Subject(principalDesc.getName()), mPrivilege)) {
                    throw new SqoopException(SecurityError.AUTH_0014, "User " + principalDesc.getName() + " does not have privileges for : " + mPrivilege.toString());
                }
            } catch (SentryUserException e) {
                throw new SqoopException(SecurityError.AUTH_0014, "User " + principalDesc.getName() + " with privilege " + mPrivilege.toString() + " could not be authorized because the following error: " + e.getMessage());
            }
        }
    }
}
