package org.apache.sentry.provider.db.generic;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.exception.SentryConfigurationException;
import org.apache.sentry.core.common.exception.SentryUserException;
import org.apache.sentry.provider.common.CacheProvider;
import org.apache.sentry.provider.common.ProviderBackend;
import org.apache.sentry.provider.common.ProviderBackendContext;
import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory;
import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole;
import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter;
import org.apache.sentry.service.thrift.ServiceConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/provider/db/generic/SentryGenericProviderBackend.class */
public class SentryGenericProviderBackend extends CacheProvider implements ProviderBackend {
    private static final Logger LOGGER = LoggerFactory.getLogger(SentryGenericProviderBackend.class);
    private final Configuration conf;
    private volatile boolean initialized = false;
    private String componentType;
    private String serviceName;
    private boolean enableCaching;
    private String privilegeConverter;

    public SentryGenericProviderBackend(Configuration configuration, String str) throws Exception {
        this.conf = configuration;
        this.enableCaching = configuration.getBoolean(ServiceConstants.ClientConfig.ENABLE_CACHING, false);
        this.privilegeConverter = configuration.get(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER);
        setServiceName(configuration.get(ServiceConstants.ClientConfig.SERVICE_NAME));
        setComponentType(configuration.get(ServiceConstants.ClientConfig.COMPONENT_TYPE));
    }

    public void initialize(ProviderBackendContext providerBackendContext) {
        if (this.initialized) {
            throw new IllegalStateException("SentryGenericProviderBackend has already been initialized, cannot be initialized twice");
        }
        Preconditions.checkNotNull(this.serviceName, "Service name is not defined. Use configuration parameter: " + this.conf.get(ServiceConstants.ClientConfig.SERVICE_NAME));
        Preconditions.checkNotNull(this.componentType, "Component type is not defined. Use configuration parameter: " + this.conf.get(ServiceConstants.ClientConfig.COMPONENT_TYPE));
        if (this.enableCaching) {
            if (this.privilegeConverter == null) {
                throw new SentryConfigurationException("sentry.provider.backend.generic.privilege.converter not configured.");
            }
            try {
                Constructor<?> declaredConstructor = Class.forName(this.privilegeConverter).getDeclaredConstructor(String.class, String.class);
                declaredConstructor.setAccessible(true);
                TSentryPrivilegeConverter tSentryPrivilegeConverter = (TSentryPrivilegeConverter) declaredConstructor.newInstance(getComponentType(), getServiceName());
                LOGGER.debug("Starting Updateable Cache");
                UpdatableCache updatableCache = new UpdatableCache(this.conf, getComponentType(), getServiceName(), tSentryPrivilegeConverter);
                try {
                    updatableCache.startUpdateThread(true);
                    super.initialize(updatableCache);
                } catch (Exception e) {
                    throw new RuntimeException("Failed to get privileges from Sentry to build cache.", e);
                }
            } catch (ClassNotFoundException | IllegalAccessException | InstantiationException | NoSuchMethodException | InvocationTargetException e2) {
                throw new RuntimeException("Failed to create privilege converter of type " + this.privilegeConverter, e2);
            }
        }
        this.initialized = true;
    }

    private SentryGenericServiceClient getClient() throws Exception {
        return SentryGenericServiceClientFactory.create(this.conf);
    }

    public ImmutableSet<String> getPrivileges(Set<String> set, ActiveRoleSet activeRoleSet, Authorizable... authorizableArr) {
        if (!this.initialized) {
            throw new IllegalStateException("SentryGenericProviderBackend has not been properly initialized");
        }
        if (this.enableCaching) {
            return super.getPrivileges(set, activeRoleSet, authorizableArr);
        }
        try {
            SentryGenericServiceClient client = getClient();
            Throwable th = null;
            try {
                try {
                    ImmutableSet<String> copyOf = ImmutableSet.copyOf(client.listPrivilegesForProvider(this.componentType, this.serviceName, activeRoleSet, set, Arrays.asList(authorizableArr)));
                    if (client != null) {
                        if (0 != 0) {
                            try {
                                client.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            client.close();
                        }
                    }
                    return copyOf;
                } finally {
                }
            } catch (Throwable th3) {
                if (client != null) {
                    if (th != null) {
                        try {
                            client.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        client.close();
                    }
                }
                throw th3;
            }
        } catch (Exception e) {
            LOGGER.error("Unable to obtain client:" + e.getMessage(), e);
            return ImmutableSet.of();
        } catch (SentryUserException e2) {
            LOGGER.error("Unable to obtain privileges from server: " + e2.getMessage(), e2);
            return ImmutableSet.of();
        }
    }

    public ImmutableSet<String> getRoles(Set<String> set, ActiveRoleSet activeRoleSet) {
        if (!this.initialized) {
            throw new IllegalStateException("SentryGenericProviderBackend has not been properly initialized");
        }
        if (this.enableCaching) {
            return super.getRoles(set, activeRoleSet);
        }
        try {
            SentryGenericServiceClient client = getClient();
            Throwable th = null;
            try {
                try {
                    HashSet newHashSet = Sets.newHashSet();
                    String shortUserName = UserGroupInformation.getCurrentUser().getShortUserName();
                    Iterator<String> it = set.iterator();
                    while (it.hasNext()) {
                        newHashSet.addAll(client.listRolesByGroupName(shortUserName, it.next(), getComponentType()));
                    }
                    Sets.SetView newHashSet2 = Sets.newHashSet();
                    Iterator it2 = newHashSet.iterator();
                    while (it2.hasNext()) {
                        newHashSet2.add(((TSentryRole) it2.next()).getRoleName());
                    }
                    ImmutableSet<String> copyOf = ImmutableSet.copyOf(activeRoleSet.isAll() ? newHashSet2 : Sets.intersection(newHashSet2, activeRoleSet.getRoles()));
                    if (client != null) {
                        if (0 != 0) {
                            try {
                                client.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            client.close();
                        }
                    }
                    return copyOf;
                } finally {
                }
            } catch (Throwable th3) {
                if (client != null) {
                    if (th != null) {
                        try {
                            client.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        client.close();
                    }
                }
                throw th3;
            }
        } catch (Exception e) {
            LOGGER.error("Unable to obtain client:" + e.getMessage(), e);
            return ImmutableSet.of();
        } catch (SentryUserException e2) {
            LOGGER.error("Unable to obtain roles from server: " + e2.getMessage(), e2);
            return ImmutableSet.of();
        }
    }

    public void validatePolicy(boolean z) throws SentryConfigurationException {
        if (!this.initialized) {
            throw new IllegalStateException("SentryGenericProviderBackend has not been properly initialized");
        }
    }

    public ImmutableSet<String> getPrivileges(Set<String> set, Set<String> set2, ActiveRoleSet activeRoleSet, Authorizable... authorizableArr) {
        return getPrivileges(set, activeRoleSet, new Authorizable[0]);
    }

    public void close() {
    }

    public void setComponentType(String str) {
        this.componentType = str;
    }

    public String getComponentType() {
        return this.componentType;
    }

    public String getServiceName() {
        return this.serviceName;
    }

    public void setServiceName(String str) {
        this.serviceName = str;
    }
}
