package org.apache.sentry.provider.db.service.persistent;

import com.codahale.metrics.Gauge;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.Collections2;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.concurrent.TimeUnit;
import javax.jdo.JDODataStoreException;
import javax.jdo.JDOHelper;
import javax.jdo.PersistenceManager;
import javax.jdo.PersistenceManagerFactory;
import javax.jdo.Query;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.sentry.core.common.exception.SentryAccessDeniedException;
import org.apache.sentry.core.common.exception.SentryAlreadyExistsException;
import org.apache.sentry.core.common.exception.SentryGrantDeniedException;
import org.apache.sentry.core.common.exception.SentryInvalidInputException;
import org.apache.sentry.core.common.exception.SentryNoSuchObjectException;
import org.apache.sentry.core.common.exception.SentrySiteConfigurationException;
import org.apache.sentry.core.common.exception.SentryUserException;
import org.apache.sentry.core.common.utils.PathUtils;
import org.apache.sentry.core.common.utils.SentryConstants;
import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.apache.sentry.hdfs.PathsUpdate;
import org.apache.sentry.hdfs.UniquePathsUpdate;
import org.apache.sentry.hdfs.Updateable;
import org.apache.sentry.hdfs.UpdateableAuthzPaths;
import org.apache.sentry.provider.db.service.model.MAuthzPathsMapping;
import org.apache.sentry.provider.db.service.model.MAuthzPathsSnapshotId;
import org.apache.sentry.provider.db.service.model.MPath;
import org.apache.sentry.provider.db.service.model.MSentryChange;
import org.apache.sentry.provider.db.service.model.MSentryGroup;
import org.apache.sentry.provider.db.service.model.MSentryHmsNotification;
import org.apache.sentry.provider.db.service.model.MSentryPathChange;
import org.apache.sentry.provider.db.service.model.MSentryPermChange;
import org.apache.sentry.provider.db.service.model.MSentryPrivilege;
import org.apache.sentry.provider.db.service.model.MSentryRole;
import org.apache.sentry.provider.db.service.model.MSentryUser;
import org.apache.sentry.provider.db.service.model.MSentryUtil;
import org.apache.sentry.provider.db.service.model.MSentryVersion;
import org.apache.sentry.provider.db.service.persistent.QueryParamBuilder;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor;
import org.apache.sentry.provider.db.service.thrift.TSentryActiveRoleSet;
import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable;
import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
import org.apache.sentry.provider.db.service.thrift.TSentryMappingData;
import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
import org.apache.sentry.provider.db.service.thrift.TSentryPrivilegeMap;
import org.apache.sentry.provider.db.service.thrift.TSentryRole;
import org.apache.sentry.provider.db.tools.SentrySchemaHelper;
import org.apache.sentry.service.thrift.CounterWait;
import org.apache.sentry.service.thrift.ServiceConstants;
import org.datanucleus.store.rdbms.exceptions.MissingTableException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/provider/db/service/persistent/SentryStore.class */
public class SentryStore {
    public static final String NULL_COL = "__NULL__";
    public static final int INDEX_GROUP_ROLES_MAP = 0;
    public static final int INDEX_USER_ROLES_MAP = 1;
    public static final String SERVER_NAME = "serverName";
    public static final String DB_NAME = "dbName";
    public static final String TABLE_NAME = "tableName";
    public static final String COLUMN_NAME = "columnName";
    public static final String ACTION = "action";
    public static final String URI = "URI";
    public static final String GRANT_OPTION = "grantOption";
    public static final String ROLE_NAME = "roleName";
    public static final long INIT_CHANGE_ID = 1;
    private static final long EMPTY_CHANGE_ID = 0;
    public static final long EMPTY_NOTIFICATION_ID = 0;
    public static final long EMPTY_PATHS_SNAPSHOT_ID = 0;
    private static final long COUNT_VALUE_UNKNOWN = -1;
    private static final long NOTIFICATION_UNKNOWN = -1;
    private static final String EMPTY_GRANTOR_PRINCIPAL = "--";
    private static final String LOAD_RESULTS_AT_COMMIT = "datanucleus.query.loadResultsAtCommit";
    private final PersistenceManagerFactory pmf;
    private Configuration conf;
    private final TransactionManager tm;
    private boolean persistUpdateDeltas;
    private final CounterWait counterWait;
    private static final Logger LOGGER = LoggerFactory.getLogger(SentryStore.class);
    private static final Set<String> ALL_ACTIONS = Sets.newHashSet(new String[]{"*", "select", "insert", "alter", "create", "drop", "index", "lock"});
    private static final Set<String> PARTIAL_REVOKE_ACTIONS = Sets.newHashSet(new String[]{"*", "ALL".toLowerCase(), "select", "insert"});

    public static Properties getDataNucleusProperties(Configuration configuration) throws SentrySiteConfigurationException, IOException {
        Properties properties = new Properties();
        properties.putAll(ServiceConstants.ServerConfig.SENTRY_STORE_DEFAULTS);
        String trim = configuration.get(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_URL, "").trim();
        Preconditions.checkArgument(!trim.isEmpty(), "Required parameter sentry.store.jdbc.url is missed");
        String trim2 = configuration.get(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_USER, "Sentry").trim();
        char[] password = configuration.getPassword(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_PASS);
        if (password == null) {
            throw new SentrySiteConfigurationException("Error reading sentry.store.jdbc.password");
        }
        String str = new String(password);
        String str2 = configuration.get(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_DRIVER, ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_DRIVER_DEFAULT);
        properties.setProperty(ServiceConstants.ServerConfig.JAVAX_JDO_URL, trim);
        properties.setProperty(ServiceConstants.ServerConfig.JAVAX_JDO_USER, trim2);
        properties.setProperty(ServiceConstants.ServerConfig.JAVAX_JDO_PASS, str);
        properties.setProperty(ServiceConstants.ServerConfig.JAVAX_JDO_DRIVER_NAME, str2);
        if (properties.getProperty(ServiceConstants.ServerConfig.DATANUCLEUS_ISOLATION_LEVEL, "").equals(ServiceConstants.ServerConfig.DATANUCLEUS_REPEATABLE_READ) && trim.contains(SentrySchemaHelper.DB_ORACLE)) {
            String[] split = trim.split(":");
            if (split.length > 1 && split[1].equals(SentrySchemaHelper.DB_ORACLE)) {
                properties.setProperty(ServiceConstants.ServerConfig.DATANUCLEUS_ISOLATION_LEVEL, "read-committed");
            }
        }
        Iterator it = configuration.iterator();
        while (it.hasNext()) {
            Map.Entry entry = (Map.Entry) it.next();
            String str3 = (String) entry.getKey();
            if (str3.startsWith(ServiceConstants.ServerConfig.SENTRY_JAVAX_JDO_PROPERTY_PREFIX) || str3.startsWith(ServiceConstants.ServerConfig.SENTRY_DATANUCLEUS_PROPERTY_PREFIX)) {
                properties.setProperty(StringUtils.removeStart(str3, ServiceConstants.ServerConfig.SENTRY_DB_PROPERTY_PREFIX), (String) entry.getValue());
            }
        }
        properties.setProperty("datanucleus.NontransactionalRead", "false");
        properties.setProperty("datanucleus.NontransactionalWrite", "false");
        return properties;
    }

    public SentryStore(Configuration configuration) throws Exception {
        this.conf = configuration;
        Properties dataNucleusProperties = getDataNucleusProperties(configuration);
        boolean equalsIgnoreCase = configuration.get(ServiceConstants.ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "true").equalsIgnoreCase("true");
        if (!equalsIgnoreCase) {
            dataNucleusProperties.setProperty("datanucleus.schema.autoCreateAll", "true");
            dataNucleusProperties.setProperty("datanucleus.autoCreateSchema", "true");
            dataNucleusProperties.setProperty("datanucleus.fixedDatastore", "false");
        }
        this.pmf = JDOHelper.getPersistenceManagerFactory(dataNucleusProperties);
        this.tm = new TransactionManager(this.pmf, configuration);
        verifySentryStoreSchema(equalsIgnoreCase);
        this.counterWait = new CounterWait(configuration.getInt(ServiceConstants.ServerConfig.SENTRY_NOTIFICATION_SYNC_TIMEOUT_MS, ServiceConstants.ServerConfig.SENTRY_NOTIFICATION_SYNC_TIMEOUT_DEFAULT), TimeUnit.MILLISECONDS);
    }

    public void setPersistUpdateDeltas(boolean z) {
        this.persistUpdateDeltas = z;
    }

    public TransactionManager getTransactionManager() {
        return this.tm;
    }

    public CounterWait getCounterWait() {
        return this.counterWait;
    }

    void verifySentryStoreSchema(boolean z) throws Exception {
        if (!z) {
            setSentryVersion(SentryStoreSchemaInfo.getSentryVersion(), "Schema version set implicitly");
            return;
        }
        String sentryVersion = getSentryVersion();
        if (!SentryStoreSchemaInfo.getSentryVersion().equals(sentryVersion)) {
            throw new SentryAccessDeniedException("The Sentry store schema version " + sentryVersion + " is different from distribution version " + SentryStoreSchemaInfo.getSentryVersion());
        }
    }

    public synchronized void stop() {
        if (this.pmf != null) {
            this.pmf.close();
        }
    }

    public MSentryRole getRole(PersistenceManager persistenceManager, String str) {
        Query newQuery = persistenceManager.newQuery(MSentryRole.class);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, "false");
        newQuery.setFilter("this.roleName == :roleName");
        newQuery.setUnique(true);
        return (MSentryRole) newQuery.execute(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<MSentryRole> getAllRoles(PersistenceManager persistenceManager) {
        Query newQuery = persistenceManager.newQuery(MSentryRole.class);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, "false");
        return (List) newQuery.execute();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String trimAndLower(String str) {
        return str.trim().toLowerCase();
    }

    public void createSentryRole(final String str) throws Exception {
        this.tm.executeTransactionWithRetry(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.1
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                String trimAndLower = SentryStore.this.trimAndLower(str);
                if (SentryStore.this.getRole(persistenceManager, trimAndLower) != null) {
                    throw new SentryAlreadyExistsException("Role: " + trimAndLower);
                }
                persistenceManager.makePersistent(new MSentryRole(trimAndLower));
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <T> Long getCount(final Class<T> cls) {
        try {
            return (Long) this.tm.executeTransaction(new TransactionBlock<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
                public Long execute(PersistenceManager persistenceManager) throws Exception {
                    persistenceManager.setDetachAllOnCommit(false);
                    Query newQuery = persistenceManager.newQuery();
                    newQuery.addExtension(SentryStore.LOAD_RESULTS_AT_COMMIT, "false");
                    newQuery.setClass(cls);
                    newQuery.setResult("count(this)");
                    return (Long) newQuery.execute();
                }
            });
        } catch (Exception e) {
            return -1L;
        }
    }

    public Gauge<Long> getRoleCountGauge() {
        return new Gauge<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.3
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m413getValue() {
                return SentryStore.this.getCount(MSentryRole.class);
            }
        };
    }

    public Gauge<Long> getPrivilegeCountGauge() {
        return new Gauge<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.4
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m414getValue() {
                return SentryStore.this.getCount(MSentryPrivilege.class);
            }
        };
    }

    public Gauge<Long> getGroupCountGauge() {
        return new Gauge<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.5
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m415getValue() {
                return SentryStore.this.getCount(MSentryGroup.class);
            }
        };
    }

    Gauge<Long> getUserCountGauge() {
        return new Gauge<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.6
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m416getValue() {
                return SentryStore.this.getCount(MSentryUser.class);
            }
        };
    }

    public Gauge<Integer> getHMSWaitersCountGauge() {
        return new Gauge<Integer>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.7
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Integer m417getValue() {
                return Integer.valueOf(SentryStore.this.counterWait.waitersCount());
            }
        };
    }

    public Gauge<Long> getLastNotificationIdGauge() {
        return new Gauge<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.8
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m418getValue() {
                try {
                    return SentryStore.this.getLastProcessedNotificationID();
                } catch (Exception e) {
                    SentryStore.LOGGER.error("Can not read current notificationId", e);
                    return -1L;
                }
            }
        };
    }

    public Gauge<Long> getLastPathsSnapshotIdGauge() {
        return new Gauge<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.9
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m419getValue() {
                try {
                    return Long.valueOf(SentryStore.this.getCurrentAuthzPathsSnapshotID());
                } catch (Exception e) {
                    SentryStore.LOGGER.error("Can not read current paths snapshot ID", e);
                    return -1L;
                }
            }
        };
    }

    public Gauge<Long> getPermChangeIdGauge() {
        return new Gauge<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.10
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m411getValue() {
                try {
                    return (Long) SentryStore.this.tm.executeTransaction(new TransactionBlock<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.10.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
                        public Long execute(PersistenceManager persistenceManager) throws Exception {
                            return SentryStore.getLastProcessedChangeIDCore(persistenceManager, MSentryPermChange.class);
                        }
                    });
                } catch (Exception e) {
                    SentryStore.LOGGER.error("Can not read current permissions change ID", e);
                    return -1L;
                }
            }
        };
    }

    public Gauge<Long> getPathChangeIdGauge() {
        return new Gauge<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.11
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m412getValue() {
                try {
                    return (Long) SentryStore.this.tm.executeTransaction(new TransactionBlock<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.11.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
                        public Long execute(PersistenceManager persistenceManager) throws Exception {
                            return SentryStore.getLastProcessedChangeIDCore(persistenceManager, MSentryPathChange.class);
                        }
                    });
                } catch (Exception e) {
                    SentryStore.LOGGER.error("Can not read current path change ID", e);
                    return -1L;
                }
            }
        };
    }

    @VisibleForTesting
    long countMSentryPrivileges() {
        return getCount(MSentryPrivilege.class).longValue();
    }

    @VisibleForTesting
    void clearAllTables() {
        try {
            this.tm.executeTransaction(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.12
                @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
                public Object execute(PersistenceManager persistenceManager) throws Exception {
                    persistenceManager.newQuery(MSentryRole.class).deletePersistentAll();
                    persistenceManager.newQuery(MSentryGroup.class).deletePersistentAll();
                    persistenceManager.newQuery(MSentryUser.class).deletePersistentAll();
                    persistenceManager.newQuery(MSentryPrivilege.class).deletePersistentAll();
                    persistenceManager.newQuery(MSentryPermChange.class).deletePersistentAll();
                    persistenceManager.newQuery(MSentryPathChange.class).deletePersistentAll();
                    persistenceManager.newQuery(MAuthzPathsMapping.class).deletePersistentAll();
                    persistenceManager.newQuery(MPath.class).deletePersistentAll();
                    persistenceManager.newQuery(MSentryHmsNotification.class).deletePersistentAll();
                    persistenceManager.newQuery(MAuthzPathsSnapshotId.class).deletePersistentAll();
                    return null;
                }
            });
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
        }
    }

    @VisibleForTesting
    <T extends MSentryChange> void purgeDeltaChangeTableCore(Class<T> cls, PersistenceManager persistenceManager, long j) {
        Preconditions.checkArgument(j >= 0, "changes to keep must be a non-negative number");
        long longValue = getLastProcessedChangeIDCore(persistenceManager, cls).longValue() - j;
        Query newQuery = persistenceManager.newQuery(cls);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, "false");
        newQuery.setFilter("changeID <= maxChangedIdDeleted");
        newQuery.declareParameters("long maxChangedIdDeleted");
        long deletePersistentAll = newQuery.deletePersistentAll(new Object[]{Long.valueOf(longValue)});
        if (deletePersistentAll > 0) {
            LOGGER.info(String.format("Purged %d of %s to changeID=%d", Long.valueOf(deletePersistentAll), cls.getSimpleName(), Long.valueOf(longValue)));
        }
    }

    @VisibleForTesting
    protected void purgeNotificationIdTableCore(PersistenceManager persistenceManager, long j) {
        Preconditions.checkArgument(j > 0, "You need to keep at least one entry in SENTRY_HMS_NOTIFICATION_ID table");
        long longValue = getLastProcessedNotificationIDCore(persistenceManager).longValue();
        Query newQuery = persistenceManager.newQuery(MSentryHmsNotification.class);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, "false");
        newQuery.setFilter("notificationId <= maxNotificationIdDeleted");
        newQuery.declareParameters("long maxNotificationIdDeleted");
        long deletePersistentAll = newQuery.deletePersistentAll(new Object[]{Long.valueOf(longValue - j)});
        if (deletePersistentAll > 0) {
            LOGGER.info("Purged {} of {}", Long.valueOf(deletePersistentAll), MSentryHmsNotification.class.getSimpleName());
        }
    }

    public void purgeDeltaChangeTables() {
        final int i = this.conf.getInt("sentry.server.delta.keep.count", ServiceConstants.ServerConfig.SENTRY_DELTA_KEEP_COUNT_DEFAULT);
        LOGGER.info("Purging MSentryPathUpdate and MSentyPermUpdate tables, leaving {} entries", Integer.valueOf(i));
        try {
            this.tm.executeTransaction(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.13
                @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
                public Object execute(PersistenceManager persistenceManager) throws Exception {
                    persistenceManager.setDetachAllOnCommit(false);
                    SentryStore.this.purgeDeltaChangeTableCore(MSentryPermChange.class, persistenceManager, i);
                    SentryStore.LOGGER.info("MSentryPermChange table has been purged.");
                    SentryStore.this.purgeDeltaChangeTableCore(MSentryPathChange.class, persistenceManager, i);
                    SentryStore.LOGGER.info("MSentryPathUpdate table has been purged.");
                    return null;
                }
            });
        } catch (Exception e) {
            LOGGER.error("Delta change cleaning process encountered an error", e);
        }
    }

    public void purgeNotificationIdTable() {
        final int i = this.conf.getInt("sentry.server.delta.keep.count", 100);
        LOGGER.debug("Purging MSentryHmsNotification table, leaving {} entries", Integer.valueOf(i));
        try {
            this.tm.executeTransaction(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.14
                @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
                public Object execute(PersistenceManager persistenceManager) throws Exception {
                    persistenceManager.setDetachAllOnCommit(false);
                    SentryStore.this.purgeNotificationIdTableCore(persistenceManager, i);
                    return null;
                }
            });
        } catch (Exception e) {
            LOGGER.error("MSentryHmsNotification cleaning process encountered an error", e);
        }
    }

    void alterSentryRoleGrantPrivilege(final String str, final String str2, final TSentryPrivilege tSentryPrivilege) throws Exception {
        this.tm.executeTransactionWithRetry(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.15
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                String trimAndLower = SentryStore.this.trimAndLower(str2);
                SentryStore.this.grantOptionCheck(persistenceManager, str, tSentryPrivilege);
                MSentryPrivilege alterSentryRoleGrantPrivilegeCore = SentryStore.this.alterSentryRoleGrantPrivilegeCore(persistenceManager, trimAndLower, tSentryPrivilege);
                if (alterSentryRoleGrantPrivilegeCore == null) {
                    return null;
                }
                SentryStore.this.convertToTSentryPrivilege(alterSentryRoleGrantPrivilegeCore, tSentryPrivilege);
                return null;
            }
        });
    }

    public void alterSentryRoleGrantPrivileges(String str, String str2, Set<TSentryPrivilege> set) throws Exception {
        Iterator<TSentryPrivilege> it = set.iterator();
        while (it.hasNext()) {
            alterSentryRoleGrantPrivilege(str, str2, it.next());
        }
    }

    synchronized void alterSentryRoleGrantPrivilege(final String str, final String str2, final TSentryPrivilege tSentryPrivilege, Updateable.Update update) throws Exception {
        execute(update, new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.16
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                String trimAndLower = SentryStore.this.trimAndLower(str2);
                SentryStore.this.grantOptionCheck(persistenceManager, str, tSentryPrivilege);
                MSentryPrivilege alterSentryRoleGrantPrivilegeCore = SentryStore.this.alterSentryRoleGrantPrivilegeCore(persistenceManager, trimAndLower, tSentryPrivilege);
                if (alterSentryRoleGrantPrivilegeCore == null) {
                    return null;
                }
                SentryStore.this.convertToTSentryPrivilege(alterSentryRoleGrantPrivilegeCore, tSentryPrivilege);
                return null;
            }
        });
    }

    public void alterSentryRoleGrantPrivileges(String str, String str2, Set<TSentryPrivilege> set, Map<TSentryPrivilege, Updateable.Update> map) throws Exception {
        Preconditions.checkNotNull(map);
        for (TSentryPrivilege tSentryPrivilege : set) {
            Updateable.Update update = map.get(tSentryPrivilege);
            if (update != null) {
                alterSentryRoleGrantPrivilege(str, str2, tSentryPrivilege, update);
            } else {
                alterSentryRoleGrantPrivilege(str, str2, tSentryPrivilege);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public MSentryPrivilege alterSentryRoleGrantPrivilegeCore(PersistenceManager persistenceManager, String str, TSentryPrivilege tSentryPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException {
        MSentryRole role = getRole(persistenceManager, str);
        if (role == null) {
            throw noSuchRole(str);
        }
        if (!isNULL(tSentryPrivilege.getColumnName()) || !isNULL(tSentryPrivilege.getTableName()) || !isNULL(tSentryPrivilege.getDbName())) {
            if ("*".equalsIgnoreCase(tSentryPrivilege.getAction()) || "ALL".equalsIgnoreCase(tSentryPrivilege.getAction())) {
                TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege(tSentryPrivilege);
                tSentryPrivilege2.setAction("select");
                MSentryPrivilege mSentryPrivilege = getMSentryPrivilege(tSentryPrivilege2, persistenceManager);
                tSentryPrivilege2.setAction("insert");
                MSentryPrivilege mSentryPrivilege2 = getMSentryPrivilege(tSentryPrivilege2, persistenceManager);
                if (mSentryPrivilege != null && role.getPrivileges().contains(mSentryPrivilege)) {
                    mSentryPrivilege.removeRole(role);
                    persistenceManager.makePersistent(mSentryPrivilege);
                }
                if (mSentryPrivilege2 != null && role.getPrivileges().contains(mSentryPrivilege2)) {
                    mSentryPrivilege2.removeRole(role);
                    persistenceManager.makePersistent(mSentryPrivilege2);
                }
            } else {
                TSentryPrivilege tSentryPrivilege3 = new TSentryPrivilege(tSentryPrivilege);
                tSentryPrivilege3.setAction("*");
                MSentryPrivilege mSentryPrivilege3 = getMSentryPrivilege(tSentryPrivilege3, persistenceManager);
                tSentryPrivilege3.setAction("ALL");
                MSentryPrivilege mSentryPrivilege4 = getMSentryPrivilege(tSentryPrivilege3, persistenceManager);
                if (mSentryPrivilege3 != null && role.getPrivileges().contains(mSentryPrivilege3)) {
                    return null;
                }
                if (mSentryPrivilege4 != null && role.getPrivileges().contains(mSentryPrivilege4)) {
                    return null;
                }
            }
        }
        MSentryPrivilege mSentryPrivilege5 = getMSentryPrivilege(tSentryPrivilege, persistenceManager);
        if (mSentryPrivilege5 == null) {
            mSentryPrivilege5 = convertToMSentryPrivilege(tSentryPrivilege);
        }
        mSentryPrivilege5.appendRole(role);
        persistenceManager.makePersistent(mSentryPrivilege5);
        return mSentryPrivilege5;
    }

    void alterSentryRoleRevokePrivilege(final String str, final String str2, final TSentryPrivilege tSentryPrivilege) throws Exception {
        this.tm.executeTransactionWithRetry(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.17
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                String safeTrimLower = SentryStore.safeTrimLower(str2);
                SentryStore.this.grantOptionCheck(persistenceManager, str, tSentryPrivilege);
                SentryStore.this.alterSentryRoleRevokePrivilegeCore(persistenceManager, safeTrimLower, tSentryPrivilege);
                return null;
            }
        });
    }

    public void alterSentryRoleRevokePrivileges(String str, String str2, Set<TSentryPrivilege> set) throws Exception {
        Iterator<TSentryPrivilege> it = set.iterator();
        while (it.hasNext()) {
            alterSentryRoleRevokePrivilege(str, str2, it.next());
        }
    }

    private synchronized void alterSentryRoleRevokePrivilege(final String str, final String str2, final TSentryPrivilege tSentryPrivilege, Updateable.Update update) throws Exception {
        execute(update, new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.18
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                String safeTrimLower = SentryStore.safeTrimLower(str2);
                SentryStore.this.grantOptionCheck(persistenceManager, str, tSentryPrivilege);
                SentryStore.this.alterSentryRoleRevokePrivilegeCore(persistenceManager, safeTrimLower, tSentryPrivilege);
                return null;
            }
        });
    }

    public void alterSentryRoleRevokePrivileges(String str, String str2, Set<TSentryPrivilege> set, Map<TSentryPrivilege, Updateable.Update> map) throws Exception {
        Preconditions.checkNotNull(map);
        for (TSentryPrivilege tSentryPrivilege : set) {
            Updateable.Update update = map.get(tSentryPrivilege);
            if (update != null) {
                alterSentryRoleRevokePrivilege(str, str2, tSentryPrivilege, update);
            } else {
                alterSentryRoleRevokePrivilege(str, str2, tSentryPrivilege);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void alterSentryRoleRevokePrivilegeCore(PersistenceManager persistenceManager, String str, TSentryPrivilege tSentryPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException {
        MSentryRole role = getRole(persistenceManager, str);
        if (role == null) {
            throw noSuchRole(str);
        }
        MSentryPrivilege mSentryPrivilege = getMSentryPrivilege(tSentryPrivilege, persistenceManager);
        MSentryPrivilege convertToMSentryPrivilege = mSentryPrivilege == null ? convertToMSentryPrivilege(tSentryPrivilege) : (MSentryPrivilege) persistenceManager.detachCopy(mSentryPrivilege);
        HashSet hashSet = new HashSet();
        if (convertToMSentryPrivilege.getGrantOption() != null) {
            hashSet.add(convertToMSentryPrivilege);
        } else {
            MSentryPrivilege mSentryPrivilege2 = new MSentryPrivilege(convertToMSentryPrivilege);
            mSentryPrivilege2.setGrantOption(true);
            hashSet.add(mSentryPrivilege2);
            MSentryPrivilege mSentryPrivilege3 = new MSentryPrivilege(convertToMSentryPrivilege);
            mSentryPrivilege3.setGrantOption(false);
            hashSet.add(mSentryPrivilege3);
        }
        populateChildren(persistenceManager, Sets.newHashSet(new String[]{str}), convertToMSentryPrivilege, hashSet);
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            revokePrivilegeFromRole(persistenceManager, tSentryPrivilege, role, (MSentryPrivilege) it.next());
        }
        persistenceManager.makePersistent(role);
    }

    private void revokePartial(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege, MSentryRole mSentryRole, MSentryPrivilege mSentryPrivilege) throws SentryInvalidInputException {
        MSentryPrivilege mSentryPrivilege2 = getMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege), persistenceManager);
        if (mSentryPrivilege2 == null) {
            mSentryPrivilege2 = convertToMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege));
        }
        if (tSentryPrivilege.getAction().equalsIgnoreCase("ALL") || tSentryPrivilege.getAction().equalsIgnoreCase("*")) {
            if (mSentryPrivilege2.getRoles().isEmpty()) {
                return;
            }
            mSentryPrivilege2.removeRole(mSentryRole);
            if (mSentryPrivilege2.getRoles().isEmpty()) {
                persistenceManager.deletePersistent(mSentryPrivilege2);
                return;
            } else {
                persistenceManager.makePersistent(mSentryPrivilege2);
                return;
            }
        }
        if (tSentryPrivilege.getAction().equalsIgnoreCase("select") && !mSentryPrivilege.getAction().equalsIgnoreCase("insert")) {
            revokeRolePartial(persistenceManager, mSentryRole, mSentryPrivilege, mSentryPrivilege2, "insert");
        } else {
            if (!tSentryPrivilege.getAction().equalsIgnoreCase("insert") || mSentryPrivilege.getAction().equalsIgnoreCase("select")) {
                return;
            }
            revokeRolePartial(persistenceManager, mSentryRole, mSentryPrivilege, mSentryPrivilege2, "select");
        }
    }

    private void revokeRolePartial(PersistenceManager persistenceManager, MSentryRole mSentryRole, MSentryPrivilege mSentryPrivilege, MSentryPrivilege mSentryPrivilege2, String str) throws SentryInvalidInputException {
        MSentryPrivilege mSentryPrivilege3 = getMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege2), persistenceManager);
        if (mSentryPrivilege3 != null && !mSentryPrivilege3.getRoles().isEmpty()) {
            mSentryPrivilege3.removeRole(mSentryRole);
            if (mSentryPrivilege3.getRoles().isEmpty()) {
                persistenceManager.deletePersistent(mSentryPrivilege3);
            } else {
                persistenceManager.makePersistent(mSentryPrivilege3);
            }
        }
        mSentryPrivilege.setAction("*");
        MSentryPrivilege mSentryPrivilege4 = getMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege), persistenceManager);
        if (mSentryPrivilege4 == null || !mSentryRole.getPrivileges().contains(mSentryPrivilege4)) {
            return;
        }
        mSentryPrivilege4.removeRole(mSentryRole);
        if (mSentryPrivilege4.getRoles().isEmpty()) {
            persistenceManager.deletePersistent(mSentryPrivilege4);
        } else {
            persistenceManager.makePersistent(mSentryPrivilege4);
        }
        mSentryPrivilege.setAction(str);
        MSentryPrivilege mSentryPrivilege5 = getMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege), persistenceManager);
        if (mSentryPrivilege5 == null) {
            mSentryPrivilege5 = convertToMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege));
            mSentryRole.appendPrivilege(mSentryPrivilege5);
        }
        mSentryPrivilege5.appendRole(mSentryRole);
        persistenceManager.makePersistent(mSentryPrivilege5);
    }

    private void revokePrivilegeFromRole(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege, MSentryRole mSentryRole, MSentryPrivilege mSentryPrivilege) throws SentryInvalidInputException {
        if (PARTIAL_REVOKE_ACTIONS.contains(mSentryPrivilege.getAction())) {
            revokePartial(persistenceManager, tSentryPrivilege, mSentryRole, mSentryPrivilege);
            return;
        }
        MSentryPrivilege mSentryPrivilege2 = getMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege), persistenceManager);
        if (mSentryPrivilege2 == null || mSentryPrivilege2.getRoles().isEmpty()) {
            return;
        }
        mSentryPrivilege2.removeRole(mSentryRole);
        if (mSentryPrivilege2.getRoles().isEmpty()) {
            persistenceManager.deletePersistent(mSentryPrivilege2);
        } else {
            persistenceManager.makePersistent(mSentryPrivilege2);
        }
    }

    private void populateChildren(PersistenceManager persistenceManager, Set<String> set, MSentryPrivilege mSentryPrivilege, Collection<MSentryPrivilege> collection) throws SentryInvalidInputException {
        Preconditions.checkNotNull(persistenceManager);
        if (isNULL(mSentryPrivilege.getServerName()) && isNULL(mSentryPrivilege.getDbName()) && isNULL(mSentryPrivilege.getTableName())) {
            return;
        }
        for (MSentryPrivilege mSentryPrivilege2 : getChildPrivileges(persistenceManager, set, mSentryPrivilege)) {
            if (!isNULL(mSentryPrivilege2.getDbName()) && !isNULL(mSentryPrivilege2.getTableName()) && !isNULL(mSentryPrivilege2.getColumnName())) {
                populateChildren(persistenceManager, set, mSentryPrivilege2, collection);
            }
            if (!mSentryPrivilege.isActionALL()) {
                if (mSentryPrivilege2.isActionALL()) {
                    mSentryPrivilege2.setAction(mSentryPrivilege.getAction());
                }
                if (!mSentryPrivilege.implies(mSentryPrivilege2)) {
                }
            }
            collection.add(mSentryPrivilege2);
        }
    }

    private Set<MSentryPrivilege> getChildPrivileges(PersistenceManager persistenceManager, Set<String> set, MSentryPrivilege mSentryPrivilege) throws SentryInvalidInputException {
        if (!isNULL(mSentryPrivilege.getColumnName()) || !isNULL(mSentryPrivilege.getURI())) {
            return Collections.emptySet();
        }
        Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
        QueryParamBuilder add = QueryParamBuilder.addRolesFilter(newQuery, null, set).add(SERVER_NAME, mSentryPrivilege.getServerName());
        if (isNULL(mSentryPrivilege.getDbName())) {
            add.newChild().addNotNull(DB_NAME).addNotNull(URI);
        } else {
            add.add(DB_NAME, mSentryPrivilege.getDbName());
            if (isNULL(mSentryPrivilege.getTableName())) {
                add.addNotNull("tableName");
            } else {
                add.add("tableName", mSentryPrivilege.getTableName()).addNotNull(COLUMN_NAME);
            }
        }
        newQuery.setFilter(add.toString());
        newQuery.setResult("privilegeScope, serverName, dbName, tableName, columnName, URI, action, grantOption");
        List<Object[]> list = (List) newQuery.executeWithMap(add.getArguments());
        HashSet hashSet = new HashSet(list.size());
        for (Object[] objArr : list) {
            hashSet.add(new MSentryPrivilege((String) objArr[0], (String) objArr[1], (String) objArr[2], (String) objArr[3], (String) objArr[4], (String) objArr[5], (String) objArr[6], (Boolean) objArr[7]));
        }
        return hashSet;
    }

    private List<MSentryPrivilege> getMSentryPrivileges(TSentryPrivilege tSentryPrivilege, PersistenceManager persistenceManager) {
        Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
        QueryParamBuilder newQueryParamBuilder = QueryParamBuilder.newQueryParamBuilder();
        newQueryParamBuilder.add(SERVER_NAME, tSentryPrivilege.getServerName()).add(ACTION, tSentryPrivilege.getAction());
        if (!isNULL(tSentryPrivilege.getDbName())) {
            newQueryParamBuilder.add(DB_NAME, tSentryPrivilege.getDbName());
            if (!isNULL(tSentryPrivilege.getTableName())) {
                newQueryParamBuilder.add("tableName", tSentryPrivilege.getTableName());
                if (!isNULL(tSentryPrivilege.getColumnName())) {
                    newQueryParamBuilder.add(COLUMN_NAME, tSentryPrivilege.getColumnName());
                }
            }
        } else if (!isNULL(tSentryPrivilege.getURI())) {
            newQueryParamBuilder.add(URI, tSentryPrivilege.getURI(), true);
        }
        newQuery.setFilter(newQueryParamBuilder.toString());
        return (List) newQuery.executeWithMap(newQueryParamBuilder.getArguments());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public MSentryPrivilege getMSentryPrivilege(TSentryPrivilege tSentryPrivilege, PersistenceManager persistenceManager) {
        Boolean bool = null;
        if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE)) {
            bool = true;
        } else if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.FALSE)) {
            bool = false;
        }
        QueryParamBuilder newQueryParamBuilder = QueryParamBuilder.newQueryParamBuilder();
        newQueryParamBuilder.add(SERVER_NAME, tSentryPrivilege.getServerName()).add(DB_NAME, tSentryPrivilege.getDbName()).add("tableName", tSentryPrivilege.getTableName()).add(COLUMN_NAME, tSentryPrivilege.getColumnName()).add(URI, tSentryPrivilege.getURI(), true).addObject(GRANT_OPTION, bool).add(ACTION, tSentryPrivilege.getAction());
        Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
        newQuery.setUnique(true);
        newQuery.setFilter(newQueryParamBuilder.toString());
        return (MSentryPrivilege) newQuery.executeWithMap(newQueryParamBuilder.getArguments());
    }

    public void dropSentryRole(final String str) throws Exception {
        this.tm.executeTransactionWithRetry(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.19
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                SentryStore.this.dropSentryRoleCore(persistenceManager, str);
                return null;
            }
        });
    }

    public synchronized void dropSentryRole(final String str, Updateable.Update update) throws Exception {
        execute(update, new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.20
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                SentryStore.this.dropSentryRoleCore(persistenceManager, str);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void dropSentryRoleCore(PersistenceManager persistenceManager, String str) throws SentryNoSuchObjectException {
        String trimAndLower = trimAndLower(str);
        MSentryRole role = getRole(persistenceManager, trimAndLower);
        if (role == null) {
            throw noSuchRole(trimAndLower);
        }
        removePrivileges(persistenceManager, role);
        persistenceManager.deletePersistent(role);
    }

    private void removePrivileges(PersistenceManager persistenceManager, MSentryRole mSentryRole) {
        ArrayList<MSentryPrivilege> arrayList = new ArrayList(mSentryRole.getPrivileges());
        ArrayList arrayList2 = new ArrayList(0);
        mSentryRole.removePrivileges();
        mSentryRole.removeGMPrivileges();
        for (MSentryPrivilege mSentryPrivilege : arrayList) {
            if (mSentryPrivilege.getRoles().isEmpty()) {
                arrayList2.add(mSentryPrivilege);
            }
        }
        if (arrayList2.isEmpty()) {
            return;
        }
        persistenceManager.deletePersistentAll(arrayList2);
    }

    public void alterSentryRoleAddGroups(String str, final String str2, final Set<TSentryGroup> set) throws Exception {
        this.tm.executeTransactionWithRetry(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.21
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                SentryStore.this.alterSentryRoleAddGroupsCore(persistenceManager, str2, set);
                return null;
            }
        });
    }

    public synchronized void alterSentryRoleAddGroups(String str, final String str2, final Set<TSentryGroup> set, Updateable.Update update) throws Exception {
        execute(update, new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.22
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                SentryStore.this.alterSentryRoleAddGroupsCore(persistenceManager, str2, set);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void alterSentryRoleAddGroupsCore(PersistenceManager persistenceManager, String str, Set<TSentryGroup> set) throws SentryNoSuchObjectException {
        String trimAndLower = trimAndLower(str);
        MSentryRole role = getRole(persistenceManager, trimAndLower);
        if (role == null) {
            throw noSuchRole(trimAndLower);
        }
        Query newQuery = persistenceManager.newQuery(MSentryGroup.class);
        newQuery.setFilter("this.groupName == :groupName");
        newQuery.setUnique(true);
        ArrayList newArrayList = Lists.newArrayList();
        Iterator<TSentryGroup> it = set.iterator();
        while (it.hasNext()) {
            String trim = it.next().getGroupName().trim();
            MSentryGroup mSentryGroup = (MSentryGroup) newQuery.execute(trim);
            if (mSentryGroup == null) {
                mSentryGroup = new MSentryGroup(trim, System.currentTimeMillis(), Sets.newHashSet(new MSentryRole[]{role}));
            }
            mSentryGroup.appendRole(role);
            newArrayList.add(mSentryGroup);
        }
        persistenceManager.makePersistentAll(newArrayList);
    }

    public void alterSentryRoleAddUsers(final String str, final Set<String> set) throws Exception {
        this.tm.executeTransactionWithRetry(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.23
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                SentryStore.this.alterSentryRoleAddUsersCore(persistenceManager, str, set);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void alterSentryRoleAddUsersCore(PersistenceManager persistenceManager, String str, Set<String> set) throws SentryNoSuchObjectException {
        String trimAndLower = trimAndLower(str);
        MSentryRole role = getRole(persistenceManager, trimAndLower);
        if (role == null) {
            throw noSuchRole(trimAndLower);
        }
        Query newQuery = persistenceManager.newQuery(MSentryUser.class);
        newQuery.setFilter("this.userName == :userName");
        newQuery.setUnique(true);
        ArrayList newArrayList = Lists.newArrayList();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            String trim = it.next().trim();
            MSentryUser mSentryUser = (MSentryUser) newQuery.execute(trim);
            if (mSentryUser == null) {
                mSentryUser = new MSentryUser(trim, System.currentTimeMillis(), Sets.newHashSet(new MSentryRole[]{role}));
            }
            mSentryUser.appendRole(role);
            newArrayList.add(mSentryUser);
        }
        persistenceManager.makePersistentAll(newArrayList);
    }

    public void alterSentryRoleDeleteUsers(final String str, final Set<String> set) throws Exception {
        this.tm.executeTransactionWithRetry(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.24
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                String trimAndLower = SentryStore.this.trimAndLower(str);
                MSentryRole role = SentryStore.this.getRole(persistenceManager, trimAndLower);
                if (role == null) {
                    throw SentryStore.noSuchRole(trimAndLower);
                }
                Query newQuery = persistenceManager.newQuery(MSentryUser.class);
                newQuery.setFilter("this.userName == :userName");
                newQuery.setUnique(true);
                ArrayList newArrayList = Lists.newArrayList();
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    MSentryUser mSentryUser = (MSentryUser) newQuery.execute(((String) it.next()).trim());
                    if (mSentryUser != null) {
                        mSentryUser.removeRole(role);
                        newArrayList.add(mSentryUser);
                    }
                }
                persistenceManager.makePersistentAll(newArrayList);
                return null;
            }
        });
    }

    public void alterSentryRoleDeleteGroups(final String str, final Set<TSentryGroup> set) throws Exception {
        this.tm.executeTransactionWithRetry(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.25
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                String trimAndLower = SentryStore.this.trimAndLower(str);
                MSentryRole role = SentryStore.this.getRole(persistenceManager, trimAndLower);
                if (role == null) {
                    throw SentryStore.noSuchRole(trimAndLower);
                }
                Query newQuery = persistenceManager.newQuery(MSentryGroup.class);
                newQuery.setFilter("this.groupName == :groupName");
                newQuery.setUnique(true);
                ArrayList newArrayList = Lists.newArrayList();
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    MSentryGroup mSentryGroup = (MSentryGroup) newQuery.execute(((TSentryGroup) it.next()).getGroupName().trim());
                    if (mSentryGroup != null) {
                        mSentryGroup.removeRole(role);
                        newArrayList.add(mSentryGroup);
                    }
                }
                persistenceManager.makePersistentAll(newArrayList);
                return null;
            }
        });
    }

    public synchronized void alterSentryRoleDeleteGroups(final String str, final Set<TSentryGroup> set, Updateable.Update update) throws Exception {
        execute(update, new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.26
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                String trimAndLower = SentryStore.this.trimAndLower(str);
                MSentryRole role = SentryStore.this.getRole(persistenceManager, trimAndLower);
                if (role == null) {
                    throw SentryStore.noSuchRole(trimAndLower);
                }
                Query newQuery = persistenceManager.newQuery(MSentryGroup.class);
                newQuery.setFilter("this.groupName == :groupName");
                newQuery.setUnique(true);
                ArrayList newArrayList = Lists.newArrayList();
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    MSentryGroup mSentryGroup = (MSentryGroup) newQuery.execute(((TSentryGroup) it.next()).getGroupName().trim());
                    if (mSentryGroup != null) {
                        mSentryGroup.removeRole(role);
                        newArrayList.add(mSentryGroup);
                    }
                }
                persistenceManager.makePersistentAll(newArrayList);
                return null;
            }
        });
    }

    @VisibleForTesting
    public MSentryRole getMSentryRoleByName(final String str) throws Exception {
        return (MSentryRole) this.tm.executeTransaction(new TransactionBlock<MSentryRole>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.27
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public MSentryRole execute(PersistenceManager persistenceManager) throws Exception {
                String trimAndLower = SentryStore.this.trimAndLower(str);
                MSentryRole role = SentryStore.this.getRole(persistenceManager, trimAndLower);
                if (role == null) {
                    throw SentryStore.noSuchRole(trimAndLower);
                }
                return role;
            }
        });
    }

    @VisibleForTesting
    MSentryPrivilege findMSentryPrivilegeFromTSentryPrivilege(final TSentryPrivilege tSentryPrivilege) throws Exception {
        return (MSentryPrivilege) this.tm.executeTransaction(new TransactionBlock<MSentryPrivilege>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.28
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public MSentryPrivilege execute(PersistenceManager persistenceManager) throws Exception {
                return SentryStore.this.getMSentryPrivilege(tSentryPrivilege, persistenceManager);
            }
        });
    }

    @VisibleForTesting
    List<MSentryPrivilege> getAllMSentryPrivileges() throws Exception {
        return (List) this.tm.executeTransaction(new TransactionBlock<List<MSentryPrivilege>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.29
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public List<MSentryPrivilege> execute(PersistenceManager persistenceManager) throws Exception {
                return SentryStore.this.getAllMSentryPrivilegesCore(persistenceManager);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<MSentryPrivilege> getAllMSentryPrivilegesCore(PersistenceManager persistenceManager) {
        return (List) persistenceManager.newQuery(MSentryPrivilege.class).execute();
    }

    private boolean hasAnyServerPrivileges(final Set<String> set, final String str) throws Exception {
        if (set == null || set.isEmpty()) {
            return false;
        }
        return ((Boolean) this.tm.executeTransaction(new TransactionBlock<Boolean>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.30
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Boolean execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
                newQuery.addExtension(SentryStore.LOAD_RESULTS_AT_COMMIT, "false");
                QueryParamBuilder addRolesFilter = QueryParamBuilder.addRolesFilter(newQuery, null, set);
                addRolesFilter.add(SentryStore.SERVER_NAME, str);
                newQuery.setFilter(addRolesFilter.toString());
                newQuery.setResult("count(this)");
                return Boolean.valueOf(((Long) newQuery.executeWithMap(addRolesFilter.getArguments())).longValue() > 0);
            }
        })).booleanValue();
    }

    private List<MSentryPrivilege> getMSentryPrivileges(final Set<String> set, final TSentryAuthorizable tSentryAuthorizable) throws Exception {
        return (set == null || set.isEmpty()) ? Collections.emptyList() : (List) this.tm.executeTransaction(new TransactionBlock<List<MSentryPrivilege>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.31
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public List<MSentryPrivilege> execute(PersistenceManager persistenceManager) throws Exception {
                Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
                QueryParamBuilder addRolesFilter = QueryParamBuilder.addRolesFilter(newQuery, null, set);
                if (tSentryAuthorizable != null && tSentryAuthorizable.getServer() != null) {
                    addRolesFilter.add(SentryStore.SERVER_NAME, tSentryAuthorizable.getServer());
                    if (tSentryAuthorizable.getDb() != null) {
                        addRolesFilter.addNull(SentryStore.URI).newChild().add(SentryStore.DB_NAME, tSentryAuthorizable.getDb()).addNull(SentryStore.DB_NAME);
                        if (tSentryAuthorizable.getTable() != null && !"*".equalsIgnoreCase(tSentryAuthorizable.getTable())) {
                            if (!"+".equalsIgnoreCase(tSentryAuthorizable.getTable())) {
                                addRolesFilter.addNull(SentryStore.URI).newChild().add("tableName", tSentryAuthorizable.getTable()).addNull("tableName");
                            }
                            if (tSentryAuthorizable.getColumn() != null && !"*".equalsIgnoreCase(tSentryAuthorizable.getColumn()) && !"+".equalsIgnoreCase(tSentryAuthorizable.getColumn())) {
                                addRolesFilter.addNull(SentryStore.URI).newChild().add(SentryStore.COLUMN_NAME, tSentryAuthorizable.getColumn()).addNull(SentryStore.COLUMN_NAME);
                            }
                        }
                    }
                    if (tSentryAuthorizable.getUri() != null) {
                        addRolesFilter.addNull(SentryStore.DB_NAME).newChild().addNull(SentryStore.URI).newChild().addNotNull(SentryStore.URI).addCustomParam("\"" + tSentryAuthorizable.getUri() + "\".startsWith(:URI)", SentryStore.URI, tSentryAuthorizable.getUri());
                    }
                }
                newQuery.setFilter(addRolesFilter.toString());
                return (List) newQuery.executeWithMap(addRolesFilter.getArguments());
            }
        });
    }

    private List<MSentryPrivilege> getMSentryPrivilegesByAuth(final Set<String> set, final TSentryAuthorizable tSentryAuthorizable) throws Exception {
        return (List) this.tm.executeTransaction(new TransactionBlock<List<MSentryPrivilege>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.32
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public List<MSentryPrivilege> execute(PersistenceManager persistenceManager) throws Exception {
                Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
                QueryParamBuilder newQueryParamBuilder = QueryParamBuilder.newQueryParamBuilder();
                if (set == null || set.isEmpty()) {
                    newQueryParamBuilder.addString("!roles.isEmpty()");
                } else {
                    QueryParamBuilder.addRolesFilter(newQuery, newQueryParamBuilder, set);
                }
                if (tSentryAuthorizable.getServer() == null) {
                    return Collections.emptyList();
                }
                newQueryParamBuilder.add(SentryStore.SERVER_NAME, tSentryAuthorizable.getServer());
                if (tSentryAuthorizable.getDb() != null) {
                    newQueryParamBuilder.add(SentryStore.DB_NAME, tSentryAuthorizable.getDb()).addNull(SentryStore.URI);
                    if (tSentryAuthorizable.getTable() != null) {
                        newQueryParamBuilder.add("tableName", tSentryAuthorizable.getTable());
                    } else {
                        newQueryParamBuilder.addNull("tableName");
                    }
                } else if (tSentryAuthorizable.getUri() != null) {
                    newQueryParamBuilder.addNotNull(SentryStore.URI).addNull(SentryStore.DB_NAME).addCustomParam("(:authURI.startsWith(URI))", "authURI", tSentryAuthorizable.getUri());
                } else {
                    newQueryParamBuilder.addNull(SentryStore.DB_NAME).addNull(SentryStore.URI);
                }
                persistenceManager.getFetchGroup(MSentryPrivilege.class, "fetchRole").addMember("roles");
                persistenceManager.getFetchPlan().addGroup("fetchRole");
                newQuery.setFilter(newQueryParamBuilder.toString());
                return (List) newQuery.executeWithMap(newQueryParamBuilder.getArguments());
            }
        });
    }

    public TSentryPrivilegeMap listSentryPrivilegesByAuthorizable(Set<String> set, TSentryActiveRoleSet tSentryActiveRoleSet, TSentryAuthorizable tSentryAuthorizable, boolean z) throws Exception {
        TreeMap newTreeMap = Maps.newTreeMap();
        Set<String> rolesToQuery = getRolesToQuery(set, null, new TSentryActiveRoleSet(true, null));
        if (tSentryActiveRoleSet != null && !tSentryActiveRoleSet.isAll()) {
            Iterator<String> it = tSentryActiveRoleSet.getRoles().iterator();
            while (it.hasNext()) {
                rolesToQuery.add(it.next().toLowerCase());
            }
        }
        if (z || !rolesToQuery.isEmpty()) {
            for (MSentryPrivilege mSentryPrivilege : getMSentryPrivilegesByAuth(rolesToQuery, tSentryAuthorizable)) {
                for (MSentryRole mSentryRole : mSentryPrivilege.getRoles()) {
                    TSentryPrivilege convertToTSentryPrivilege = convertToTSentryPrivilege(mSentryPrivilege);
                    if (newTreeMap.containsKey(mSentryRole.getRoleName())) {
                        ((Set) newTreeMap.get(mSentryRole.getRoleName())).add(convertToTSentryPrivilege);
                    } else {
                        TreeSet newTreeSet = Sets.newTreeSet();
                        newTreeSet.add(convertToTSentryPrivilege);
                        newTreeMap.put(mSentryRole.getRoleName(), newTreeSet);
                    }
                }
            }
        }
        return new TSentryPrivilegeMap(newTreeMap);
    }

    private Set<MSentryPrivilege> getMSentryPrivilegesByRoleName(String str) throws Exception {
        return getMSentryRoleByName(str).getPrivileges();
    }

    public Set<TSentryPrivilege> getAllTSentryPrivilegesByRoleName(String str) throws Exception {
        return convertToTSentryPrivileges(getMSentryPrivilegesByRoleName(str));
    }

    public Set<TSentryPrivilege> getTSentryPrivileges(Set<String> set, TSentryAuthorizable tSentryAuthorizable) throws Exception {
        if (tSentryAuthorizable.getServer() == null) {
            throw new SentryInvalidInputException("serverName cannot be null !!");
        }
        if (tSentryAuthorizable.getTable() != null && tSentryAuthorizable.getDb() == null) {
            throw new SentryInvalidInputException("dbName cannot be null when tableName is present !!");
        }
        if (tSentryAuthorizable.getColumn() != null && tSentryAuthorizable.getTable() == null) {
            throw new SentryInvalidInputException("tableName cannot be null when columnName is present !!");
        }
        if (tSentryAuthorizable.getUri() == null && tSentryAuthorizable.getDb() == null) {
            throw new SentryInvalidInputException("One of uri or dbName must not be null !!");
        }
        return convertToTSentryPrivileges(getMSentryPrivileges(set, tSentryAuthorizable));
    }

    public Set<TSentryRole> getTSentryRolesByGroupName(final Set<String> set, final boolean z) throws Exception {
        return set.isEmpty() ? Collections.emptySet() : (Set) this.tm.executeTransaction(new TransactionBlock<Set<TSentryRole>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.33
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Set<TSentryRole> execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                HashSet hashSet = new HashSet(1024);
                HashSet hashSet2 = new HashSet(1024);
                for (String str : set) {
                    if (str == null) {
                        Iterator it = SentryStore.this.getAllRoles(persistenceManager).iterator();
                        while (it.hasNext()) {
                            hashSet2.add(SentryStore.this.convertToTSentryRole((MSentryRole) it.next()));
                        }
                        return hashSet2;
                    }
                    String trim = str.trim();
                    Query newQuery = persistenceManager.newQuery(MSentryGroup.class);
                    newQuery.setFilter("this.groupName == :groupName");
                    newQuery.setUnique(true);
                    MSentryGroup mSentryGroup = (MSentryGroup) newQuery.execute(trim);
                    if (mSentryGroup != null) {
                        for (MSentryRole mSentryRole : mSentryGroup.getRoles()) {
                            if (hashSet.add(mSentryRole.getRoleName())) {
                                hashSet2.add(SentryStore.this.convertToTSentryRole(mSentryRole));
                            }
                        }
                    } else if (!z) {
                        throw SentryStore.noSuchGroup(trim);
                    }
                    newQuery.closeAll();
                }
                return hashSet2;
            }
        });
    }

    public Set<String> getRoleNamesForGroups(final Set<String> set) throws Exception {
        return (set == null || set.isEmpty()) ? ImmutableSet.of() : (Set) this.tm.executeTransaction(new TransactionBlock<Set<String>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.34
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Set<String> execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                return SentryStore.this.getRoleNamesForGroupsCore(persistenceManager, set);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Set<String> getRoleNamesForGroupsCore(PersistenceManager persistenceManager, Set<String> set) {
        return convertToRoleNameSet(getRolesForGroups(persistenceManager, set));
    }

    public Set<String> getRoleNamesForUsers(final Set<String> set) throws Exception {
        return (set == null || set.isEmpty()) ? ImmutableSet.of() : (Set) this.tm.executeTransaction(new TransactionBlock<Set<String>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.35
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Set<String> execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                return SentryStore.this.getRoleNamesForUsersCore(persistenceManager, set);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Set<String> getRoleNamesForUsersCore(PersistenceManager persistenceManager, Set<String> set) {
        return convertToRoleNameSet(getRolesForUsers(persistenceManager, set));
    }

    public Set<TSentryRole> getTSentryRolesByUserNames(final Set<String> set) throws Exception {
        return (Set) this.tm.executeTransaction(new TransactionBlock<Set<TSentryRole>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.36
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Set<TSentryRole> execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                return SentryStore.this.convertToTSentryRoles(SentryStore.this.getRolesForUsers(persistenceManager, set));
            }
        });
    }

    public Set<MSentryRole> getRolesForGroups(PersistenceManager persistenceManager, Set<String> set) {
        HashSet newHashSet = Sets.newHashSet();
        if (set != null) {
            Query newQuery = persistenceManager.newQuery(MSentryGroup.class);
            newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, "false");
            newQuery.setFilter(":p1.contains(this.groupName)");
            List list = (List) newQuery.execute(set.toArray());
            if (list != null) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    newHashSet.addAll(((MSentryGroup) it.next()).getRoles());
                }
            }
        }
        return newHashSet;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Set<MSentryRole> getRolesForUsers(PersistenceManager persistenceManager, Set<String> set) {
        HashSet newHashSet = Sets.newHashSet();
        if (set != null) {
            Query newQuery = persistenceManager.newQuery(MSentryUser.class);
            newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, "false");
            newQuery.setFilter(":p1.contains(this.userName)");
            List list = (List) newQuery.execute(set.toArray());
            if (list != null) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    newHashSet.addAll(((MSentryUser) it.next()).getRoles());
                }
            }
        }
        return newHashSet;
    }

    Set<String> listAllSentryPrivilegesForProvider(Set<String> set, Set<String> set2, TSentryActiveRoleSet tSentryActiveRoleSet) throws Exception {
        return listSentryPrivilegesForProvider(set, set2, tSentryActiveRoleSet, null);
    }

    public Set<String> listSentryPrivilegesForProvider(Set<String> set, Set<String> set2, TSentryActiveRoleSet tSentryActiveRoleSet, TSentryAuthorizable tSentryAuthorizable) throws Exception {
        HashSet newHashSet = Sets.newHashSet();
        Iterator<MSentryPrivilege> it = getMSentryPrivileges(getRolesToQuery(set, set2, tSentryActiveRoleSet), tSentryAuthorizable).iterator();
        while (it.hasNext()) {
            newHashSet.add(toAuthorizable(it.next()));
        }
        return newHashSet;
    }

    public boolean hasAnyServerPrivileges(Set<String> set, Set<String> set2, TSentryActiveRoleSet tSentryActiveRoleSet, String str) throws Exception {
        return hasAnyServerPrivileges(getRolesToQuery(set, set2, tSentryActiveRoleSet), str);
    }

    private Set<String> getRolesToQuery(final Set<String> set, final Set<String> set2, final TSentryActiveRoleSet tSentryActiveRoleSet) throws Exception {
        return (Set) this.tm.executeTransaction(new TransactionBlock<Set<String>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.37
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Set<String> execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                Set<String> trimedLower = SentryStore.toTrimedLower(tSentryActiveRoleSet.getRoles());
                HashSet newHashSet = Sets.newHashSet();
                newHashSet.addAll(SentryStore.toTrimedLower(SentryStore.this.getRoleNamesForGroupsCore(persistenceManager, set)));
                newHashSet.addAll(SentryStore.toTrimedLower(SentryStore.this.getRoleNamesForUsersCore(persistenceManager, set2)));
                return tSentryActiveRoleSet.isAll() ? newHashSet : Sets.intersection(trimedLower, newHashSet);
            }
        });
    }

    @VisibleForTesting
    static String toAuthorizable(MSentryPrivilege mSentryPrivilege) {
        ArrayList arrayList = new ArrayList(4);
        arrayList.add(SentryConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.Server.name().toLowerCase(), mSentryPrivilege.getServerName(), new Object[0]));
        if (!isNULL(mSentryPrivilege.getURI())) {
            arrayList.add(SentryConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.URI.name().toLowerCase(), mSentryPrivilege.getURI(), new Object[0]));
        } else if (!isNULL(mSentryPrivilege.getDbName())) {
            arrayList.add(SentryConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.Db.name().toLowerCase(), mSentryPrivilege.getDbName(), new Object[0]));
            if (!isNULL(mSentryPrivilege.getTableName())) {
                arrayList.add(SentryConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.Table.name().toLowerCase(), mSentryPrivilege.getTableName(), new Object[0]));
                if (!isNULL(mSentryPrivilege.getColumnName())) {
                    arrayList.add(SentryConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.Column.name().toLowerCase(), mSentryPrivilege.getColumnName(), new Object[0]));
                }
            }
        }
        if (!isNULL(mSentryPrivilege.getAction()) && !mSentryPrivilege.getAction().equalsIgnoreCase("*")) {
            arrayList.add(SentryConstants.KV_JOINER.join(ACTION.toLowerCase(), mSentryPrivilege.getAction(), new Object[0]));
        }
        return SentryConstants.AUTHORIZABLE_JOINER.join(arrayList);
    }

    @VisibleForTesting
    public static Set<String> toTrimedLower(Set<String> set) {
        if (set == null || set.isEmpty()) {
            return Collections.emptySet();
        }
        HashSet newHashSet = Sets.newHashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            newHashSet.add(it.next().trim().toLowerCase());
        }
        return newHashSet;
    }

    private Set<TSentryPrivilege> convertToTSentryPrivileges(Collection<MSentryPrivilege> collection) {
        if (collection.isEmpty()) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet(collection.size());
        Iterator<MSentryPrivilege> it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add(convertToTSentryPrivilege(it.next()));
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Set<TSentryRole> convertToTSentryRoles(Set<MSentryRole> set) {
        if (set.isEmpty()) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet(set.size());
        Iterator<MSentryRole> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(convertToTSentryRole(it.next()));
        }
        return hashSet;
    }

    private Set<String> convertToRoleNameSet(Set<MSentryRole> set) {
        if (set.isEmpty()) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet(set.size());
        Iterator<MSentryRole> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getRoleName());
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public TSentryRole convertToTSentryRole(MSentryRole mSentryRole) {
        String intern = mSentryRole.getRoleName().intern();
        Set<MSentryGroup> groups = mSentryRole.getGroups();
        HashSet hashSet = new HashSet(groups.size());
        Iterator<MSentryGroup> it = groups.iterator();
        while (it.hasNext()) {
            hashSet.add(convertToTSentryGroup(it.next()));
        }
        return new TSentryRole(intern, hashSet, EMPTY_GRANTOR_PRINCIPAL);
    }

    private TSentryGroup convertToTSentryGroup(MSentryGroup mSentryGroup) {
        return new TSentryGroup(mSentryGroup.getGroupName().intern());
    }

    TSentryPrivilege convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege) {
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        convertToTSentryPrivilege(mSentryPrivilege, tSentryPrivilege);
        return tSentryPrivilege;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege, TSentryPrivilege tSentryPrivilege) {
        tSentryPrivilege.setCreateTime(mSentryPrivilege.getCreateTime());
        tSentryPrivilege.setAction(fromNULLCol(mSentryPrivilege.getAction()));
        tSentryPrivilege.setPrivilegeScope(mSentryPrivilege.getPrivilegeScope());
        tSentryPrivilege.setServerName(fromNULLCol(mSentryPrivilege.getServerName()));
        tSentryPrivilege.setDbName(fromNULLCol(mSentryPrivilege.getDbName()));
        tSentryPrivilege.setTableName(fromNULLCol(mSentryPrivilege.getTableName()));
        tSentryPrivilege.setColumnName(fromNULLCol(mSentryPrivilege.getColumnName()));
        tSentryPrivilege.setURI(fromNULLCol(mSentryPrivilege.getURI()));
        if (mSentryPrivilege.getGrantOption() != null) {
            tSentryPrivilege.setGrantOption(TSentryGrantOption.valueOf(mSentryPrivilege.getGrantOption().toString().toUpperCase()));
        } else {
            tSentryPrivilege.setGrantOption(TSentryGrantOption.UNSET);
        }
    }

    private MSentryPrivilege convertToMSentryPrivilege(TSentryPrivilege tSentryPrivilege) throws SentryInvalidInputException {
        MSentryPrivilege mSentryPrivilege = new MSentryPrivilege();
        mSentryPrivilege.setServerName(toNULLCol(safeTrimLower(tSentryPrivilege.getServerName())));
        mSentryPrivilege.setDbName(toNULLCol(safeTrimLower(tSentryPrivilege.getDbName())));
        mSentryPrivilege.setTableName(toNULLCol(safeTrimLower(tSentryPrivilege.getTableName())));
        mSentryPrivilege.setColumnName(toNULLCol(safeTrimLower(tSentryPrivilege.getColumnName())));
        mSentryPrivilege.setPrivilegeScope(safeTrim(tSentryPrivilege.getPrivilegeScope()));
        mSentryPrivilege.setAction(toNULLCol(safeTrimLower(tSentryPrivilege.getAction())));
        mSentryPrivilege.setCreateTime(System.currentTimeMillis());
        mSentryPrivilege.setURI(toNULLCol(safeTrim(tSentryPrivilege.getURI())));
        if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.UNSET)) {
            mSentryPrivilege.setGrantOption(null);
        } else {
            mSentryPrivilege.setGrantOption(Boolean.valueOf(tSentryPrivilege.getGrantOption().toString()));
        }
        return mSentryPrivilege;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String safeTrim(String str) {
        if (str == null) {
            return null;
        }
        return str.trim();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String safeTrimLower(String str) {
        if (str == null) {
            return null;
        }
        return str.trim().toLowerCase();
    }

    String getSentryVersion() throws Exception {
        return getMSentryVersion().getSchemaVersion();
    }

    void setSentryVersion(final String str, final String str2) throws Exception {
        this.tm.executeTransaction(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.38
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                MSentryVersion mSentryVersion;
                try {
                    mSentryVersion = SentryStore.this.getMSentryVersion();
                    if (str.equals(mSentryVersion.getSchemaVersion())) {
                        return null;
                    }
                } catch (SentryNoSuchObjectException e) {
                    mSentryVersion = new MSentryVersion();
                }
                mSentryVersion.setSchemaVersion(str);
                mSentryVersion.setVersionComment(str2);
                persistenceManager.makePersistent(mSentryVersion);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public MSentryVersion getMSentryVersion() throws Exception {
        return (MSentryVersion) this.tm.executeTransaction(new TransactionBlock<MSentryVersion>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.39
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public MSentryVersion execute(PersistenceManager persistenceManager) throws Exception {
                try {
                    List list = (List) persistenceManager.newQuery(MSentryVersion.class).execute();
                    persistenceManager.retrieveAll(list);
                    if (list.isEmpty()) {
                        throw new SentryNoSuchObjectException("Matching Version");
                    }
                    if (list.size() > 1) {
                        throw new SentryAccessDeniedException("Metastore contains multiple versions");
                    }
                    return (MSentryVersion) list.get(0);
                } catch (JDODataStoreException e) {
                    if (e.getCause() instanceof MissingTableException) {
                        throw new SentryAccessDeniedException("Version table not found. The sentry store is not set or corrupt ");
                    }
                    throw e;
                }
            }
        });
    }

    public void dropPrivilege(final TSentryAuthorizable tSentryAuthorizable) throws Exception {
        this.tm.executeTransactionWithRetry(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.40
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                TSentryPrivilege sentryPrivilege = SentryStore.this.toSentryPrivilege(tSentryAuthorizable);
                try {
                    if (SentryStore.this.isMultiActionsSupported(sentryPrivilege)) {
                        Iterator it = SentryStore.ALL_ACTIONS.iterator();
                        while (it.hasNext()) {
                            sentryPrivilege.setAction((String) it.next());
                            SentryStore.this.dropPrivilegeForAllRoles(persistenceManager, new TSentryPrivilege(sentryPrivilege));
                        }
                    } else {
                        SentryStore.this.dropPrivilegeForAllRoles(persistenceManager, new TSentryPrivilege(sentryPrivilege));
                    }
                    return null;
                } catch (JDODataStoreException e) {
                    throw new SentryInvalidInputException("Failed to get privileges: " + e.getMessage());
                }
            }
        });
    }

    public synchronized void dropPrivilege(final TSentryAuthorizable tSentryAuthorizable, Updateable.Update update) throws Exception {
        execute(update, new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.41
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                TSentryPrivilege sentryPrivilege = SentryStore.this.toSentryPrivilege(tSentryAuthorizable);
                try {
                    if (SentryStore.this.isMultiActionsSupported(sentryPrivilege)) {
                        Iterator it = SentryStore.ALL_ACTIONS.iterator();
                        while (it.hasNext()) {
                            sentryPrivilege.setAction((String) it.next());
                            SentryStore.this.dropPrivilegeForAllRoles(persistenceManager, new TSentryPrivilege(sentryPrivilege));
                        }
                    } else {
                        SentryStore.this.dropPrivilegeForAllRoles(persistenceManager, new TSentryPrivilege(sentryPrivilege));
                    }
                    return null;
                } catch (JDODataStoreException e) {
                    throw new SentryInvalidInputException("Failed to get privileges: " + e.getMessage());
                }
            }
        });
    }

    public void renamePrivilege(final TSentryAuthorizable tSentryAuthorizable, final TSentryAuthorizable tSentryAuthorizable2) throws Exception {
        this.tm.executeTransactionWithRetry(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.42
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                TSentryPrivilege sentryPrivilege = SentryStore.this.toSentryPrivilege(tSentryAuthorizable);
                TSentryPrivilege sentryPrivilege2 = SentryStore.this.toSentryPrivilege(tSentryAuthorizable2);
                try {
                    if (SentryStore.this.isMultiActionsSupported(sentryPrivilege)) {
                        for (String str : SentryStore.ALL_ACTIONS) {
                            sentryPrivilege.setAction(str);
                            sentryPrivilege2.setAction(str);
                            SentryStore.this.renamePrivilegeForAllRoles(persistenceManager, sentryPrivilege, sentryPrivilege2);
                        }
                    } else {
                        SentryStore.this.renamePrivilegeForAllRoles(persistenceManager, sentryPrivilege, sentryPrivilege2);
                    }
                    return null;
                } catch (JDODataStoreException e) {
                    throw new SentryInvalidInputException("Failed to get privileges: " + e.getMessage());
                }
            }
        });
    }

    public synchronized void renamePrivilege(final TSentryAuthorizable tSentryAuthorizable, final TSentryAuthorizable tSentryAuthorizable2, Updateable.Update update) throws Exception {
        execute(update, new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.43
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                TSentryPrivilege sentryPrivilege = SentryStore.this.toSentryPrivilege(tSentryAuthorizable);
                TSentryPrivilege sentryPrivilege2 = SentryStore.this.toSentryPrivilege(tSentryAuthorizable2);
                try {
                    if (SentryStore.this.isMultiActionsSupported(sentryPrivilege)) {
                        for (String str : SentryStore.ALL_ACTIONS) {
                            sentryPrivilege.setAction(str);
                            sentryPrivilege2.setAction(str);
                            SentryStore.this.renamePrivilegeForAllRoles(persistenceManager, sentryPrivilege, sentryPrivilege2);
                        }
                    } else {
                        SentryStore.this.renamePrivilegeForAllRoles(persistenceManager, sentryPrivilege, sentryPrivilege2);
                    }
                    return null;
                } catch (JDODataStoreException e) {
                    throw new SentryInvalidInputException("Failed to get privileges: " + e.getMessage());
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isMultiActionsSupported(TSentryPrivilege tSentryPrivilege) {
        return tSentryPrivilege.getDbName() != null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void renamePrivilegeForAllRoles(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege, TSentryPrivilege tSentryPrivilege2) throws SentryNoSuchObjectException, SentryInvalidInputException {
        dropOrRenamePrivilegeForAllRoles(persistenceManager, tSentryPrivilege, tSentryPrivilege2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void dropPrivilegeForAllRoles(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException {
        dropOrRenamePrivilegeForAllRoles(persistenceManager, tSentryPrivilege, null);
    }

    private void dropOrRenamePrivilegeForAllRoles(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege, TSentryPrivilege tSentryPrivilege2) throws SentryNoSuchObjectException, SentryInvalidInputException {
        HashSet<MSentryRole> hashSet = new HashSet();
        Iterator<MSentryPrivilege> it = getMSentryPrivileges(tSentryPrivilege, persistenceManager).iterator();
        while (it.hasNext()) {
            hashSet.addAll(ImmutableSet.copyOf(it.next().getRoles()));
        }
        if (tSentryPrivilege2 == null) {
            Iterator it2 = hashSet.iterator();
            while (it2.hasNext()) {
                alterSentryRoleRevokePrivilegeCore(persistenceManager, ((MSentryRole) it2.next()).getRoleName(), tSentryPrivilege);
            }
            return;
        }
        MSentryPrivilege mSentryPrivilege = getMSentryPrivilege(tSentryPrivilege, persistenceManager);
        if (mSentryPrivilege != null) {
            mSentryPrivilege = (MSentryPrivilege) persistenceManager.detachCopy(mSentryPrivilege);
        }
        for (MSentryRole mSentryRole : hashSet) {
            HashSet hashSet2 = new HashSet();
            if (mSentryPrivilege != null) {
                hashSet2.add(mSentryPrivilege);
                populateChildren(persistenceManager, Sets.newHashSet(new String[]{mSentryRole.getRoleName()}), mSentryPrivilege, hashSet2);
            } else {
                populateChildren(persistenceManager, Sets.newHashSet(new String[]{mSentryRole.getRoleName()}), convertToMSentryPrivilege(tSentryPrivilege), hashSet2);
            }
            alterSentryRoleRevokePrivilegeCore(persistenceManager, mSentryRole.getRoleName(), tSentryPrivilege);
            Iterator<MSentryPrivilege> it3 = hashSet2.iterator();
            while (it3.hasNext()) {
                TSentryPrivilege convertToTSentryPrivilege = convertToTSentryPrivilege(it3.next());
                if (tSentryPrivilege2.getPrivilegeScope().equals(ServiceConstants.PrivilegeScope.DATABASE.name())) {
                    convertToTSentryPrivilege.setDbName(tSentryPrivilege2.getDbName());
                } else if (tSentryPrivilege2.getPrivilegeScope().equals(ServiceConstants.PrivilegeScope.TABLE.name())) {
                    convertToTSentryPrivilege.setTableName(tSentryPrivilege2.getTableName());
                }
                alterSentryRoleGrantPrivilegeCore(persistenceManager, mSentryRole.getRoleName(), convertToTSentryPrivilege);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tSentryAuthorizable) throws SentryInvalidInputException {
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setDbName(fromNULLCol(tSentryAuthorizable.getDb()));
        tSentryPrivilege.setServerName(fromNULLCol(tSentryAuthorizable.getServer()));
        tSentryPrivilege.setTableName(fromNULLCol(tSentryAuthorizable.getTable()));
        tSentryPrivilege.setColumnName(fromNULLCol(tSentryAuthorizable.getColumn()));
        tSentryPrivilege.setURI(fromNULLCol(tSentryAuthorizable.getUri()));
        tSentryPrivilege.setPrivilegeScope((!isNULL(tSentryPrivilege.getColumnName()) ? ServiceConstants.PrivilegeScope.COLUMN : !isNULL(tSentryPrivilege.getTableName()) ? ServiceConstants.PrivilegeScope.TABLE : !isNULL(tSentryPrivilege.getDbName()) ? ServiceConstants.PrivilegeScope.DATABASE : !isNULL(tSentryPrivilege.getURI()) ? ServiceConstants.PrivilegeScope.URI : ServiceConstants.PrivilegeScope.SERVER).name());
        tSentryPrivilege.setAction("*");
        return tSentryPrivilege;
    }

    public static String toNULLCol(String str) {
        return Strings.isNullOrEmpty(str) ? NULL_COL : str;
    }

    private static String fromNULLCol(String str) {
        return isNULL(str) ? "" : str;
    }

    public static boolean isNULL(String str) {
        return Strings.isNullOrEmpty(str) || str.equals(NULL_COL);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void grantOptionCheck(PersistenceManager persistenceManager, String str, TSentryPrivilege tSentryPrivilege) throws SentryUserException {
        MSentryPrivilege convertToMSentryPrivilege = convertToMSentryPrivilege(tSentryPrivilege);
        if (str == null) {
            throw new SentryInvalidInputException("grantorPrincipal should not be null");
        }
        Set<String> groupsFromUserName = SentryPolicyStoreProcessor.getGroupsFromUserName(this.conf, str);
        Set<String> adminGroups = getAdminGroups();
        boolean z = false;
        if (groupsFromUserName != null && !adminGroups.isEmpty()) {
            Iterator<String> it = groupsFromUserName.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                } else if (adminGroups.contains(it.next())) {
                    z = true;
                    break;
                }
            }
        }
        if (z) {
            return;
        }
        boolean z2 = false;
        Set<MSentryRole> rolesForGroups = getRolesForGroups(persistenceManager, groupsFromUserName);
        rolesForGroups.addAll(getRolesForUsers(persistenceManager, Sets.newHashSet(new String[]{str})));
        Iterator<MSentryRole> it2 = rolesForGroups.iterator();
        while (it2.hasNext()) {
            Set<MSentryPrivilege> privileges = it2.next().getPrivileges();
            if (privileges != null && !privileges.isEmpty()) {
                Iterator<MSentryPrivilege> it3 = privileges.iterator();
                while (true) {
                    if (it3.hasNext()) {
                        MSentryPrivilege next = it3.next();
                        if (next.getGrantOption().booleanValue() && next.implies(convertToMSentryPrivilege)) {
                            z2 = true;
                            break;
                        }
                    }
                }
            }
        }
        if (!z2) {
            throw new SentryGrantDeniedException(str + " has no grant!");
        }
    }

    private Set<String> getAdminGroups() {
        return Sets.newHashSet(this.conf.getStrings(ServiceConstants.ServerConfig.ADMIN_GROUPS, new String[0]));
    }

    public PermissionsImage retrieveFullPermssionsImage() throws Exception {
        return (PermissionsImage) this.tm.executeTransaction(new TransactionBlock<PermissionsImage>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.44
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public PermissionsImage execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                return new PermissionsImage(SentryStore.this.retrieveFullRoleImageCore(persistenceManager), SentryStore.this.retrieveFullPrivilegeImageCore(persistenceManager), SentryStore.getLastProcessedChangeIDCore(persistenceManager, MSentryPermChange.class).longValue());
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, Map<String, String>> retrieveFullPrivilegeImageCore(PersistenceManager persistenceManager) throws Exception {
        persistenceManager.setDetachAllOnCommit(false);
        HashMap hashMap = new HashMap();
        Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, "false");
        QueryParamBuilder newQueryParamBuilder = QueryParamBuilder.newQueryParamBuilder();
        newQueryParamBuilder.addNotNull(SERVER_NAME).addNotNull(DB_NAME).addNull(URI);
        newQuery.setFilter(newQueryParamBuilder.toString());
        newQuery.setOrdering("serverName ascending, dbName ascending, tableName ascending");
        for (MSentryPrivilege mSentryPrivilege : (List) newQuery.executeWithMap(newQueryParamBuilder.getArguments())) {
            String dbName = mSentryPrivilege.getDbName();
            if (!isNULL(mSentryPrivilege.getTableName())) {
                dbName = dbName + "." + mSentryPrivilege.getTableName();
            }
            Map map = (Map) hashMap.get(dbName);
            if (map == null) {
                map = new HashMap();
                hashMap.put(dbName, map);
            }
            for (MSentryRole mSentryRole : mSentryPrivilege.getRoles()) {
                String str = (String) map.get(mSentryRole.getRoleName());
                if (str == null) {
                    map.put(mSentryRole.getRoleName(), mSentryPrivilege.getAction().toUpperCase());
                } else {
                    map.put(mSentryRole.getRoleName(), str + "," + mSentryPrivilege.getAction().toUpperCase());
                }
            }
        }
        newQuery.closeAll();
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, List<String>> retrieveFullRoleImageCore(PersistenceManager persistenceManager) throws Exception {
        persistenceManager.setDetachAllOnCommit(false);
        Query newQuery = persistenceManager.newQuery(MSentryGroup.class);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, "false");
        List<MSentryGroup> list = (List) newQuery.execute();
        if (list.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        for (MSentryGroup mSentryGroup : list) {
            for (MSentryRole mSentryRole : mSentryGroup.getRoles()) {
                List list2 = (List) hashMap.get(mSentryRole.getRoleName());
                if (list2 == null) {
                    list2 = new ArrayList();
                    hashMap.put(mSentryRole.getRoleName(), list2);
                }
                list2.add(mSentryGroup.getGroupName());
            }
        }
        newQuery.closeAll();
        return hashMap;
    }

    public PathsImage retrieveFullPathsImage() throws Exception {
        return (PathsImage) this.tm.executeTransaction(new TransactionBlock() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.45
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                long longValue = SentryStore.getLastProcessedChangeIDCore(persistenceManager, MSentryPathChange.class).longValue();
                long currentAuthzPathsSnapshotID = SentryStore.getCurrentAuthzPathsSnapshotID(persistenceManager);
                return new PathsImage(SentryStore.this.retrieveFullPathsImageCore(persistenceManager, currentAuthzPathsSnapshotID), longValue, currentAuthzPathsSnapshotID);
            }
        });
    }

    public PathsUpdate retrieveFullPathsImageUpdate(final String[] strArr) throws Exception {
        return (PathsUpdate) this.tm.executeTransaction(new TransactionBlock<PathsUpdate>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.46
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public PathsUpdate execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                long currentAuthzPathsSnapshotID = SentryStore.getCurrentAuthzPathsSnapshotID(persistenceManager);
                PathsUpdate pathsUpdate = new PathsUpdate(SentryStore.getLastProcessedChangeIDCore(persistenceManager, MSentryPathChange.class).longValue(), currentAuthzPathsSnapshotID, true);
                UpdateableAuthzPaths updateableAuthzPaths = new UpdateableAuthzPaths(strArr);
                SentryStore.this.retrieveFullPathsImageCore(persistenceManager, currentAuthzPathsSnapshotID, updateableAuthzPaths);
                pathsUpdate.toThrift().setPathsDump(updateableAuthzPaths.getPathsDump().createPathsDump(true));
                return pathsUpdate;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, Collection<String>> retrieveFullPathsImageCore(PersistenceManager persistenceManager, long j) {
        if (j <= 0) {
            return Collections.emptyMap();
        }
        Query newQuery = persistenceManager.newQuery(MAuthzPathsMapping.class);
        newQuery.setFilter("this.authzSnapshotID == currentSnapshotID");
        newQuery.declareParameters("long currentSnapshotID");
        Collection<MAuthzPathsMapping> collection = (Collection) newQuery.execute(Long.valueOf(j));
        if (collection.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap(collection.size());
        for (MAuthzPathsMapping mAuthzPathsMapping : collection) {
            hashMap.put(mAuthzPathsMapping.getAuthzObjName(), mAuthzPathsMapping.getPathStrings());
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void retrieveFullPathsImageCore(PersistenceManager persistenceManager, long j, UpdateableAuthzPaths updateableAuthzPaths) {
        Query newQuery = persistenceManager.newQuery(MAuthzPathsMapping.class);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, "false");
        newQuery.setFilter("this.authzSnapshotID == currentSnapshotID");
        newQuery.declareParameters("long currentSnapshotID");
        for (MAuthzPathsMapping mAuthzPathsMapping : (Collection) newQuery.execute(Long.valueOf(j))) {
            String authzObjName = mAuthzPathsMapping.getAuthzObjName();
            Iterator<String> it = mAuthzPathsMapping.getPathStrings().iterator();
            while (it.hasNext()) {
                String[] splitPath = PathUtils.splitPath(it.next());
                ArrayList arrayList = new ArrayList(splitPath.length);
                Collections.addAll(arrayList, splitPath);
                updateableAuthzPaths.applyAddChanges(authzObjName, Collections.singletonList(arrayList));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void deleteNotificationsSince(PersistenceManager persistenceManager, long j) {
        Query newQuery = persistenceManager.newQuery(MSentryHmsNotification.class);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, "false");
        newQuery.setFilter("notificationId >= currentNotificationId");
        newQuery.declareParameters("long currentNotificationId");
        long deletePersistentAll = newQuery.deletePersistentAll(new Object[]{Long.valueOf(j)});
        if (deletePersistentAll > 0) {
            LOGGER.info("Purged {} notification entries starting from {}", Long.valueOf(deletePersistentAll), Long.valueOf(j));
        }
    }

    public void persistFullPathsImage(final Map<String, Collection<String>> map, final long j) throws Exception {
        this.tm.executeTransactionWithRetry(new TransactionBlock() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.47
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                SentryStore.this.deleteNotificationsSince(persistenceManager, j + 1);
                persistenceManager.makePersistent(new MSentryHmsNotification(j));
                long currentAuthzPathsSnapshotID = SentryStore.getCurrentAuthzPathsSnapshotID(persistenceManager) + 1;
                persistenceManager.makePersistent(new MAuthzPathsSnapshotId(currentAuthzPathsSnapshotID));
                for (Map.Entry entry : map.entrySet()) {
                    persistenceManager.makePersistent(new MAuthzPathsMapping(currentAuthzPathsSnapshotID, (String) entry.getKey(), (Collection) entry.getValue()));
                }
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static long getCurrentAuthzPathsSnapshotID(PersistenceManager persistenceManager) {
        return getMaxPersistedIDCore(persistenceManager, MAuthzPathsSnapshotId.class, "authzSnapshotID", 0L);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public long getCurrentAuthzPathsSnapshotID() throws Exception {
        return ((Long) this.tm.executeTransaction(new TransactionBlock<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.48
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Long execute(PersistenceManager persistenceManager) throws Exception {
                return Long.valueOf(SentryStore.getCurrentAuthzPathsSnapshotID(persistenceManager));
            }
        })).longValue();
    }

    public void addAuthzPathsMapping(final String str, final Collection<String> collection, UniquePathsUpdate uniquePathsUpdate) throws Exception {
        execute(uniquePathsUpdate, new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.49
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                SentryStore.this.addAuthzPathsMappingCore(persistenceManager, str, collection);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void addAuthzPathsMappingCore(PersistenceManager persistenceManager, String str, Collection<String> collection) {
        long currentAuthzPathsSnapshotID = getCurrentAuthzPathsSnapshotID(persistenceManager);
        if (currentAuthzPathsSnapshotID <= 0) {
            LOGGER.error("AuthzObj: {} cannot be persisted if an paths snapshot ID does not exist yet.");
        }
        MAuthzPathsMapping mAuthzPathsMappingCore = getMAuthzPathsMappingCore(persistenceManager, currentAuthzPathsSnapshotID, str);
        if (mAuthzPathsMappingCore == null) {
            mAuthzPathsMappingCore = new MAuthzPathsMapping(currentAuthzPathsSnapshotID, str, collection);
        } else {
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                mAuthzPathsMappingCore.addPath(new MPath(it.next()));
            }
        }
        persistenceManager.makePersistent(mAuthzPathsMappingCore);
    }

    public void deleteAuthzPathsMapping(final String str, final Iterable<String> iterable, UniquePathsUpdate uniquePathsUpdate) throws Exception {
        execute(uniquePathsUpdate, new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.50
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                SentryStore.this.deleteAuthzPathsMappingCore(persistenceManager, str, iterable);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void deleteAuthzPathsMappingCore(PersistenceManager persistenceManager, String str, Iterable<String> iterable) {
        long currentAuthzPathsSnapshotID = getCurrentAuthzPathsSnapshotID(persistenceManager);
        if (currentAuthzPathsSnapshotID <= 0) {
            LOGGER.error("No paths snapshot ID is found. Cannot delete authzoObj: {}", str);
        }
        MAuthzPathsMapping mAuthzPathsMappingCore = getMAuthzPathsMappingCore(persistenceManager, currentAuthzPathsSnapshotID, str);
        if (mAuthzPathsMappingCore == null) {
            LOGGER.error("nonexistent authzObj: {} on current paths snapshot ID #{}", str, Long.valueOf(currentAuthzPathsSnapshotID));
            return;
        }
        for (String str2 : iterable) {
            MPath path = mAuthzPathsMappingCore.getPath(str2);
            if (path == null) {
                LOGGER.error("nonexistent path: {}", str2);
            } else {
                mAuthzPathsMappingCore.removePath(path);
                persistenceManager.deletePersistent(path);
            }
        }
        persistenceManager.makePersistent(mAuthzPathsMappingCore);
    }

    public void deleteAllAuthzPathsMapping(final String str, UniquePathsUpdate uniquePathsUpdate) throws Exception {
        execute(uniquePathsUpdate, new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.51
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                SentryStore.this.deleteAllAuthzPathsMappingCore(persistenceManager, str);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void deleteAllAuthzPathsMappingCore(PersistenceManager persistenceManager, String str) {
        long currentAuthzPathsSnapshotID = getCurrentAuthzPathsSnapshotID(persistenceManager);
        if (currentAuthzPathsSnapshotID <= 0) {
            LOGGER.error("No paths snapshot ID is found. Cannot delete authzoObj: {}", str);
        }
        MAuthzPathsMapping mAuthzPathsMappingCore = getMAuthzPathsMappingCore(persistenceManager, currentAuthzPathsSnapshotID, str);
        if (mAuthzPathsMappingCore == null) {
            LOGGER.error("nonexistent authzObj: {} on current paths snapshot ID #{}", str, Long.valueOf(currentAuthzPathsSnapshotID));
            return;
        }
        for (MPath mPath : mAuthzPathsMappingCore.getPaths()) {
            mAuthzPathsMappingCore.removePath(mPath);
            persistenceManager.deletePersistent(mPath);
        }
        persistenceManager.deletePersistent(mAuthzPathsMappingCore);
    }

    public void renameAuthzPathsMapping(final String str, final String str2, final String str3, final String str4, UniquePathsUpdate uniquePathsUpdate) throws Exception {
        execute(uniquePathsUpdate, new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.52
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                SentryStore.this.renameAuthzPathsMappingCore(persistenceManager, str, str2, str3, str4);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void renameAuthzPathsMappingCore(PersistenceManager persistenceManager, String str, String str2, String str3, String str4) {
        long currentAuthzPathsSnapshotID = getCurrentAuthzPathsSnapshotID(persistenceManager);
        if (currentAuthzPathsSnapshotID <= 0) {
            LOGGER.error("No paths snapshot ID is found. Cannot rename authzoObj: {}", str);
        }
        MAuthzPathsMapping mAuthzPathsMappingCore = getMAuthzPathsMappingCore(persistenceManager, currentAuthzPathsSnapshotID, str);
        if (mAuthzPathsMappingCore == null) {
            LOGGER.error("nonexistent authzObj: {} on current paths snapshot ID #{}", str, Long.valueOf(currentAuthzPathsSnapshotID));
            return;
        }
        MPath path = mAuthzPathsMappingCore.getPath(str3);
        if (path == null) {
            LOGGER.error("nonexistent path: {}", str3);
        } else {
            mAuthzPathsMappingCore.removePath(path);
            persistenceManager.deletePersistent(path);
        }
        mAuthzPathsMappingCore.addPath(new MPath(str4));
        mAuthzPathsMappingCore.setAuthzObjName(str2);
        persistenceManager.makePersistent(mAuthzPathsMappingCore);
    }

    public void renameAuthzObj(final String str, final String str2, UniquePathsUpdate uniquePathsUpdate) throws Exception {
        execute(uniquePathsUpdate, new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.53
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                SentryStore.this.renameAuthzObjCore(persistenceManager, str, str2);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void renameAuthzObjCore(PersistenceManager persistenceManager, String str, String str2) {
        long currentAuthzPathsSnapshotID = getCurrentAuthzPathsSnapshotID(persistenceManager);
        if (currentAuthzPathsSnapshotID <= 0) {
            LOGGER.error("No paths snapshot ID is found. Cannot rename authzoObj: {}", str);
        }
        MAuthzPathsMapping mAuthzPathsMappingCore = getMAuthzPathsMappingCore(persistenceManager, currentAuthzPathsSnapshotID, str);
        if (mAuthzPathsMappingCore == null) {
            LOGGER.error("nonexistent authzObj: {} on current paths snapshot ID #{}", str, Long.valueOf(currentAuthzPathsSnapshotID));
        } else {
            mAuthzPathsMappingCore.setAuthzObjName(str2);
            persistenceManager.makePersistent(mAuthzPathsMappingCore);
        }
    }

    public boolean isAuthzPathsMappingEmpty() throws Exception {
        return ((Boolean) this.tm.executeTransactionWithRetry(new TransactionBlock<Boolean>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.54
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Boolean execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                return Boolean.valueOf(SentryStore.this.isTableEmptyCore(persistenceManager, MAuthzPathsMapping.class));
            }
        })).booleanValue();
    }

    public boolean isHmsNotificationEmpty() throws Exception {
        return ((Boolean) this.tm.executeTransactionWithRetry(new TransactionBlock<Boolean>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.55
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Boolean execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                return Boolean.valueOf(SentryStore.this.isTableEmptyCore(persistenceManager, MSentryHmsNotification.class));
            }
        })).booleanValue();
    }

    public boolean isAuthzPathsSnapshotEmpty() throws Exception {
        return ((Boolean) this.tm.executeTransactionWithRetry(new TransactionBlock<Boolean>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.56
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Boolean execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                return Boolean.valueOf(SentryStore.this.isTableEmptyCore(persistenceManager, MAuthzPathsSnapshotId.class));
            }
        })).booleanValue();
    }

    public void updateAuthzPathsMapping(final String str, final String str2, final String str3, UniquePathsUpdate uniquePathsUpdate) throws Exception {
        execute(uniquePathsUpdate, new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.57
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                SentryStore.this.updateAuthzPathsMappingCore(persistenceManager, str, str2, str3);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void updateAuthzPathsMappingCore(PersistenceManager persistenceManager, String str, String str2, String str3) {
        long currentAuthzPathsSnapshotID = getCurrentAuthzPathsSnapshotID(persistenceManager);
        if (currentAuthzPathsSnapshotID <= 0) {
            LOGGER.error("No paths snapshot ID is found. Cannot update authzoObj: {}", str);
        }
        MAuthzPathsMapping mAuthzPathsMappingCore = getMAuthzPathsMappingCore(persistenceManager, currentAuthzPathsSnapshotID, str);
        if (mAuthzPathsMappingCore == null) {
            mAuthzPathsMappingCore = new MAuthzPathsMapping(currentAuthzPathsSnapshotID, str, Sets.newHashSet(new String[]{str3}));
        } else {
            MPath path = mAuthzPathsMappingCore.getPath(str2);
            if (path == null) {
                LOGGER.error("nonexistent path: {}", str2);
            } else {
                mAuthzPathsMappingCore.removePath(path);
                persistenceManager.deletePersistent(path);
            }
            mAuthzPathsMappingCore.addPath(new MPath(str3));
        }
        persistenceManager.makePersistent(mAuthzPathsMappingCore);
    }

    private MAuthzPathsMapping getMAuthzPathsMappingCore(PersistenceManager persistenceManager, long j, String str) {
        Query newQuery = persistenceManager.newQuery(MAuthzPathsMapping.class);
        newQuery.setFilter("this.authzSnapshotID == authzSnapshotID && this.authzObjName == authzObjName");
        newQuery.declareParameters("long authzSnapshotID, java.lang.String authzObjName");
        newQuery.setUnique(true);
        return (MAuthzPathsMapping) newQuery.execute(Long.valueOf(j), str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isTableEmptyCore(PersistenceManager persistenceManager, Class cls) {
        Query newQuery = persistenceManager.newQuery(cls);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, "false");
        newQuery.setRange(0L, 1L);
        return ((List) newQuery.execute()).isEmpty();
    }

    private static long getMaxPersistedIDCore(PersistenceManager persistenceManager, Class cls, String str, long j) {
        Query newQuery = persistenceManager.newQuery(cls);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, "false");
        newQuery.setResult(String.format("max(%s)", str));
        Long l = (Long) newQuery.execute();
        return l != null ? l.longValue() : j;
    }

    @VisibleForTesting
    List<MPath> getMPaths() throws Exception {
        return (List) this.tm.executeTransaction(new TransactionBlock<List<MPath>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.58
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public List<MPath> execute(PersistenceManager persistenceManager) throws Exception {
                long currentAuthzPathsSnapshotID = SentryStore.getCurrentAuthzPathsSnapshotID(persistenceManager);
                Query newQuery = persistenceManager.newQuery("SQL", "SELECT p.PATH_NAME FROM AUTHZ_PATH p JOIN AUTHZ_PATHS_MAPPING a ON a.AUTHZ_OBJ_ID = p.AUTHZ_OBJ_ID WHERE a.AUTHZ_SNAPSHOT_ID = ?");
                newQuery.setResultClass(MPath.class);
                return (List) newQuery.execute(Long.valueOf(currentAuthzPathsSnapshotID));
            }
        });
    }

    @VisibleForTesting
    Boolean findOrphanedPrivileges() throws Exception {
        return (Boolean) this.tm.executeTransaction(new TransactionBlock<Boolean>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.59
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Boolean execute(PersistenceManager persistenceManager) throws Exception {
                return SentryStore.this.findOrphanedPrivilegesCore(persistenceManager);
            }
        });
    }

    Boolean findOrphanedPrivilegesCore(PersistenceManager persistenceManager) {
        List<MSentryPrivilege> allMSentryPrivilegesCore = getAllMSentryPrivilegesCore(persistenceManager);
        ArrayList arrayList = new ArrayList(allMSentryPrivilegesCore.size());
        Iterator<MSentryPrivilege> it = allMSentryPrivilegesCore.iterator();
        while (it.hasNext()) {
            arrayList.add(persistenceManager.getObjectId(it.next()));
        }
        if (arrayList.isEmpty()) {
            return false;
        }
        persistenceManager.refreshAll();
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            if (((MSentryPrivilege) persistenceManager.getObjectById(it2.next())).getRoles().isEmpty()) {
                return true;
            }
        }
        return false;
    }

    public List<Map<String, Set<String>>> getGroupUserRoleMapList(final Collection<String> collection) throws Exception {
        return (List) this.tm.executeTransaction(new TransactionBlock<List<Map<String, Set<String>>>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.60
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public List<Map<String, Set<String>>> execute(PersistenceManager persistenceManager) throws Exception {
                List list;
                persistenceManager.setDetachAllOnCommit(false);
                Query newQuery = persistenceManager.newQuery(MSentryRole.class);
                newQuery.addExtension(SentryStore.LOAD_RESULTS_AT_COMMIT, "false");
                if (collection == null || collection.isEmpty()) {
                    list = (List) newQuery.execute();
                } else {
                    QueryParamBuilder newQueryParamBuilder = QueryParamBuilder.newQueryParamBuilder(QueryParamBuilder.Op.OR);
                    newQueryParamBuilder.addSet("roleName == ", collection);
                    newQuery.setFilter(newQueryParamBuilder.toString());
                    list = (List) newQuery.executeWithMap(newQueryParamBuilder.getArguments());
                }
                Map groupRolesMap = SentryStore.this.getGroupRolesMap(list);
                Map userRolesMap = SentryStore.this.getUserRolesMap(list);
                ArrayList arrayList = new ArrayList();
                arrayList.add(0, groupRolesMap);
                arrayList.add(1, userRolesMap);
                return arrayList;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, Set<String>> getGroupRolesMap(Collection<MSentryRole> collection) {
        if (collection.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        for (MSentryRole mSentryRole : collection) {
            Iterator<MSentryGroup> it = mSentryRole.getGroups().iterator();
            while (it.hasNext()) {
                String groupName = it.next().getGroupName();
                Set set = (Set) hashMap.get(groupName);
                if (set == null) {
                    set = new HashSet();
                }
                set.add(mSentryRole.getRoleName());
                hashMap.put(groupName, set);
            }
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, Set<String>> getUserRolesMap(Collection<MSentryRole> collection) {
        if (collection.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        for (MSentryRole mSentryRole : collection) {
            Iterator<MSentryUser> it = mSentryRole.getUsers().iterator();
            while (it.hasNext()) {
                String userName = it.next().getUserName();
                Set set = (Set) hashMap.get(userName);
                if (set == null) {
                    set = new HashSet();
                }
                set.add(mSentryRole.getRoleName());
                hashMap.put(userName, set);
            }
        }
        return hashMap;
    }

    Map<String, Set<TSentryPrivilege>> getRoleNameTPrivilegesMap() throws Exception {
        return getRoleNameTPrivilegesMap(null, null);
    }

    public Map<String, Set<TSentryPrivilege>> getRoleNameTPrivilegesMap(final String str, final String str2) throws Exception {
        return (Map) this.tm.executeTransaction(new TransactionBlock<Map<String, Set<TSentryPrivilege>>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.61
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Map<String, Set<TSentryPrivilege>> execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
                newQuery.addExtension(SentryStore.LOAD_RESULTS_AT_COMMIT, "false");
                QueryParamBuilder newQueryParamBuilder = QueryParamBuilder.newQueryParamBuilder();
                if (!StringUtils.isEmpty(str)) {
                    newQueryParamBuilder.add(SentryStore.DB_NAME, str);
                }
                if (!StringUtils.isEmpty(str2)) {
                    newQueryParamBuilder.add("tableName", str2);
                }
                newQuery.setFilter(newQueryParamBuilder.toString());
                return SentryStore.this.getRolePrivilegesMap((List) newQuery.executeWithMap(newQueryParamBuilder.getArguments()));
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, Set<TSentryPrivilege>> getRolePrivilegesMap(Collection<MSentryPrivilege> collection) {
        if (collection.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        for (MSentryPrivilege mSentryPrivilege : collection) {
            TSentryPrivilege convertToTSentryPrivilege = convertToTSentryPrivilege(mSentryPrivilege);
            Iterator<MSentryRole> it = mSentryPrivilege.getRoles().iterator();
            while (it.hasNext()) {
                String roleName = it.next().getRoleName();
                Set set = (Set) hashMap.get(roleName);
                if (set == null) {
                    set = new HashSet();
                }
                set.add(convertToTSentryPrivilege);
                hashMap.put(roleName, set);
            }
        }
        return hashMap;
    }

    public Set<String> getAllRoleNames() throws Exception {
        return (Set) this.tm.executeTransaction(new TransactionBlock<Set<String>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.62
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Set<String> execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                return SentryStore.this.getAllRoleNamesCore(persistenceManager);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Set<String> getAllRoleNamesCore(PersistenceManager persistenceManager) {
        List<MSentryRole> allRoles = getAllRoles(persistenceManager);
        return allRoles.isEmpty() ? Collections.emptySet() : rolesToRoleNames(allRoles);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, MSentryGroup> getGroupNameTGroupMap(PersistenceManager persistenceManager) {
        List<MSentryGroup> list = (List) persistenceManager.newQuery(MSentryGroup.class).execute();
        if (list.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap(list.size());
        for (MSentryGroup mSentryGroup : list) {
            hashMap.put(mSentryGroup.getGroupName(), mSentryGroup);
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, MSentryUser> getUserNameToUserMap(PersistenceManager persistenceManager) {
        List<MSentryUser> list = (List) persistenceManager.newQuery(MSentryUser.class).execute();
        if (list.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap(list.size());
        for (MSentryUser mSentryUser : list) {
            hashMap.put(mSentryUser.getUserName(), mSentryUser);
        }
        return hashMap;
    }

    @VisibleForTesting
    Map<String, MSentryRole> getRolesMap() throws Exception {
        return (Map) this.tm.executeTransaction(new TransactionBlock<Map<String, MSentryRole>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.63
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Map<String, MSentryRole> execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                List<MSentryRole> allRoles = SentryStore.this.getAllRoles(persistenceManager);
                if (allRoles.isEmpty()) {
                    return Collections.emptyMap();
                }
                HashMap hashMap = new HashMap(allRoles.size());
                for (MSentryRole mSentryRole : allRoles) {
                    hashMap.put(mSentryRole.getRoleName(), mSentryRole);
                }
                return hashMap;
            }
        });
    }

    @VisibleForTesting
    Map<String, MSentryGroup> getGroupNameToGroupMap() throws Exception {
        return (Map) this.tm.executeTransaction(new TransactionBlock<Map<String, MSentryGroup>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.64
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Map<String, MSentryGroup> execute(PersistenceManager persistenceManager) throws Exception {
                return SentryStore.this.getGroupNameTGroupMap(persistenceManager);
            }
        });
    }

    @VisibleForTesting
    Map<String, MSentryUser> getUserNameToUserMap() throws Exception {
        return (Map) this.tm.executeTransaction(new TransactionBlock<Map<String, MSentryUser>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.65
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Map<String, MSentryUser> execute(PersistenceManager persistenceManager) throws Exception {
                return SentryStore.this.getUserNameToUserMap(persistenceManager);
            }
        });
    }

    @VisibleForTesting
    List<MSentryPrivilege> getPrivilegesList() throws Exception {
        return (List) this.tm.executeTransaction(new TransactionBlock<List<MSentryPrivilege>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.66
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public List<MSentryPrivilege> execute(PersistenceManager persistenceManager) throws Exception {
                return (List) persistenceManager.newQuery(MSentryPrivilege.class).execute();
            }
        });
    }

    public void importSentryMetaData(final TSentryMappingData tSentryMappingData, final boolean z) throws Exception {
        this.tm.executeTransaction(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.67
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                TSentryMappingData lowercaseRoleName = SentryStore.this.lowercaseRoleName(tSentryMappingData);
                Set allRoleNamesCore = SentryStore.this.getAllRoleNamesCore(persistenceManager);
                Map covertToRoleNameTGroupsMap = SentryStore.this.covertToRoleNameTGroupsMap(lowercaseRoleName.getGroupRolesMap());
                Map covertToRoleUsersMap = SentryStore.this.covertToRoleUsersMap(lowercaseRoleName.getUserRolesMap());
                Set keySet = covertToRoleNameTGroupsMap.keySet();
                if (z) {
                    SentryStore.this.dropDuplicatedRoleForImport(persistenceManager, allRoleNamesCore, keySet);
                    allRoleNamesCore = SentryStore.this.getAllRoleNamesCore(persistenceManager);
                }
                if (allRoleNamesCore.isEmpty()) {
                    allRoleNamesCore = new HashSet();
                }
                SentryStore.this.importRolePrivilegeMapping(persistenceManager, allRoleNamesCore, lowercaseRoleName.getRolePrivilegesMap());
                SentryStore.this.importRoleGroupMapping(persistenceManager, allRoleNamesCore, covertToRoleNameTGroupsMap);
                SentryStore.this.importRoleUserMapping(persistenceManager, allRoleNamesCore, covertToRoleUsersMap);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, Set<TSentryGroup>> covertToRoleNameTGroupsMap(Map<String, Set<String>> map) {
        if (map == null || map.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap newHashMap = Maps.newHashMap();
        for (Map.Entry<String, Set<String>> entry : map.entrySet()) {
            Set<String> value = entry.getValue();
            if (value != null) {
                for (String str : value) {
                    Set set = (Set) newHashMap.get(str);
                    if (set == null) {
                        set = new HashSet();
                    }
                    set.add(new TSentryGroup(entry.getKey()));
                    newHashMap.put(str, set);
                }
            }
        }
        return newHashMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, Set<String>> covertToRoleUsersMap(Map<String, Set<String>> map) {
        if (map == null || map.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Set<String>> entry : map.entrySet()) {
            Set<String> value = entry.getValue();
            if (value != null) {
                for (String str : value) {
                    Set set = (Set) hashMap.get(str);
                    if (set == null) {
                        set = new HashSet();
                    }
                    set.add(entry.getKey());
                    hashMap.put(str, set);
                }
            }
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void importRoleGroupMapping(PersistenceManager persistenceManager, Set<String> set, Map<String, Set<TSentryGroup>> map) throws Exception {
        if (map == null || map.keySet() == null) {
            return;
        }
        for (Map.Entry<String, Set<TSentryGroup>> entry : map.entrySet()) {
            createRoleIfNotExist(persistenceManager, set, entry.getKey());
            alterSentryRoleAddGroupsCore(persistenceManager, entry.getKey(), entry.getValue());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void importRoleUserMapping(PersistenceManager persistenceManager, Set<String> set, Map<String, Set<String>> map) throws Exception {
        if (map == null || map.keySet() == null) {
            return;
        }
        for (Map.Entry<String, Set<String>> entry : map.entrySet()) {
            createRoleIfNotExist(persistenceManager, set, entry.getKey());
            alterSentryRoleAddUsersCore(persistenceManager, entry.getKey(), entry.getValue());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void dropDuplicatedRoleForImport(PersistenceManager persistenceManager, Set<String> set, Set<String> set2) throws Exception {
        Iterator it = Sets.intersection(set, set2).iterator();
        while (it.hasNext()) {
            dropSentryRoleCore(persistenceManager, (String) it.next());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public TSentryMappingData lowercaseRoleName(TSentryMappingData tSentryMappingData) {
        Map<String, Set<String>> groupRolesMap = tSentryMappingData.getGroupRolesMap();
        Map<String, Set<TSentryPrivilege>> rolePrivilegesMap = tSentryMappingData.getRolePrivilegesMap();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        for (Map.Entry<String, Set<String>> entry : groupRolesMap.entrySet()) {
            hashMap.put(entry.getKey(), new HashSet(Collections2.transform(entry.getValue(), new Function<String, String>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.68
                public String apply(String str) {
                    return str.toLowerCase();
                }
            })));
        }
        for (Map.Entry<String, Set<TSentryPrivilege>> entry2 : rolePrivilegesMap.entrySet()) {
            hashMap2.put(entry2.getKey().toLowerCase(), entry2.getValue());
        }
        tSentryMappingData.setGroupRolesMap(hashMap);
        tSentryMappingData.setRolePrivilegesMap(hashMap2);
        return tSentryMappingData;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void importRolePrivilegeMapping(PersistenceManager persistenceManager, Set<String> set, Map<String, Set<TSentryPrivilege>> map) throws Exception {
        if (map != null) {
            for (Map.Entry<String, Set<TSentryPrivilege>> entry : map.entrySet()) {
                createRoleIfNotExist(persistenceManager, set, entry.getKey());
                Iterator<TSentryPrivilege> it = entry.getValue().iterator();
                while (it.hasNext()) {
                    alterSentryRoleGrantPrivilegeCore(persistenceManager, entry.getKey(), it.next());
                }
            }
        }
    }

    private void createRoleIfNotExist(PersistenceManager persistenceManager, Set<String> set, String str) throws Exception {
        String trimAndLower = trimAndLower(str);
        if (set.contains(trimAndLower)) {
            return;
        }
        set.add(trimAndLower);
        persistenceManager.makePersistent(new MSentryRole(trimAndLower(str)));
    }

    public static Set<String> rolesToRoleNames(Iterable<MSentryRole> iterable) {
        HashSet hashSet = new HashSet();
        Iterator<MSentryRole> it = iterable.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getRoleName());
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SentryNoSuchObjectException noSuchRole(String str) {
        return new SentryNoSuchObjectException("Role " + str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SentryNoSuchObjectException noSuchGroup(String str) {
        return new SentryNoSuchObjectException("Group " + str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SentryNoSuchObjectException noSuchUpdate(long j) {
        return new SentryNoSuchObjectException("nonexistent update + " + j);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static <T extends MSentryChange> Long getLastProcessedChangeIDCore(PersistenceManager persistenceManager, Class<T> cls) {
        return Long.valueOf(getMaxPersistedIDCore(persistenceManager, cls, "changeID", 0L));
    }

    static Long getLastProcessedNotificationIDCore(PersistenceManager persistenceManager) {
        return Long.valueOf(getMaxPersistedIDCore(persistenceManager, MSentryHmsNotification.class, "notificationId", 0L));
    }

    public void setLastProcessedNotificationID(final Long l) throws Exception {
        LOGGER.debug("Persisting Last Processed Notification ID {}", l);
        this.tm.executeTransaction(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.69
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                SentryStore.this.deleteNotificationsSince(persistenceManager, l.longValue() + 1);
                return persistenceManager.makePersistent(new MSentryHmsNotification(l.longValue()));
            }
        });
    }

    public void persistLastProcessedNotificationID(final Long l) throws Exception {
        LOGGER.debug("Persisting Last Processed Notification ID {}", l);
        this.tm.executeTransaction(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.70
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                return persistenceManager.makePersistent(new MSentryHmsNotification(l.longValue()));
            }
        });
    }

    public Long getLastProcessedPermChangeID() throws Exception {
        return (Long) this.tm.executeTransaction(new TransactionBlock<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.71
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Long execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                return SentryStore.getLastProcessedChangeIDCore(persistenceManager, MSentryPermChange.class);
            }
        });
    }

    public Long getLastProcessedPathChangeID() throws Exception {
        return (Long) this.tm.executeTransaction(new TransactionBlock<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.72
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Long execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                return SentryStore.getLastProcessedChangeIDCore(persistenceManager, MSentryPathChange.class);
            }
        });
    }

    public Long getLastProcessedNotificationID() throws Exception {
        long longValue = ((Long) this.tm.executeTransaction(new TransactionBlock<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.73
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Long execute(PersistenceManager persistenceManager) throws Exception {
                return Long.valueOf(SentryStore.getLastProcessedNotificationIDCore(persistenceManager).longValue());
            }
        })).longValue();
        LOGGER.debug("Retrieving Last Processed Notification ID {}", Long.valueOf(longValue));
        return Long.valueOf(longValue);
    }

    public long getLastProcessedImageID() throws Exception {
        return ((Long) this.tm.executeTransaction(new TransactionBlock<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.74
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Long execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                return Long.valueOf(SentryStore.getCurrentAuthzPathsSnapshotID(persistenceManager));
            }
        })).longValue();
    }

    public MSentryPermChange getMSentryPermChangeByID(final long j) throws Exception {
        return (MSentryPermChange) this.tm.executeTransaction(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.75
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                Query newQuery = persistenceManager.newQuery(MSentryPermChange.class);
                newQuery.setFilter("this.changeID == id");
                newQuery.declareParameters("long id");
                List list = (List) newQuery.execute(Long.valueOf(j));
                if (list == null) {
                    throw SentryStore.this.noSuchUpdate(j);
                }
                if (list.size() > 1) {
                    throw new Exception("Inconsistent permission delta: " + list.size() + " permissions for the same id, " + j);
                }
                return list.get(0);
            }
        });
    }

    private <T extends MSentryChange> List<T> getMSentryChanges(final Class<T> cls) throws Exception {
        return (List) this.tm.executeTransaction((TransactionBlock) new TransactionBlock<List<T>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.76
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public List<T> execute(PersistenceManager persistenceManager) throws Exception {
                return (List) persistenceManager.newQuery(cls).execute();
            }
        });
    }

    @VisibleForTesting
    List<MSentryPermChange> getMSentryPermChanges() throws Exception {
        return getMSentryChanges(MSentryPermChange.class);
    }

    @VisibleForTesting
    List<MSentryHmsNotification> getMSentryHmsNotificationCore() throws Exception {
        return (List) this.tm.executeTransaction(new TransactionBlock<List<MSentryHmsNotification>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.77
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public List<MSentryHmsNotification> execute(PersistenceManager persistenceManager) throws Exception {
                return (List) persistenceManager.newQuery(MSentryHmsNotification.class).execute();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <T extends MSentryChange> Boolean changeExistsCore(PersistenceManager persistenceManager, Class<T> cls, long j) throws Exception {
        Query newQuery = persistenceManager.newQuery(cls);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, "false");
        newQuery.setFilter("this.changeID == id");
        newQuery.declareParameters("long id");
        return Boolean.valueOf(!((List) newQuery.execute(Long.valueOf(j))).isEmpty());
    }

    public Boolean permChangeExists(final long j) throws Exception {
        return (Boolean) this.tm.executeTransaction(new TransactionBlock<Boolean>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.78
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Boolean execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                return SentryStore.this.changeExistsCore(persistenceManager, MSentryPermChange.class, j);
            }
        });
    }

    public Boolean pathChangeExists(final long j) throws Exception {
        return (Boolean) this.tm.executeTransaction(new TransactionBlock<Boolean>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.79
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Boolean execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                return SentryStore.this.changeExistsCore(persistenceManager, MSentryPathChange.class, j);
            }
        });
    }

    public MSentryPathChange getMSentryPathChangeByID(final long j) throws Exception {
        return (MSentryPathChange) this.tm.executeTransaction(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.80
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                Query newQuery = persistenceManager.newQuery(MSentryPathChange.class);
                newQuery.setFilter("this.changeID == id");
                newQuery.declareParameters("long id");
                List list = (List) newQuery.execute(Long.valueOf(j));
                if (list == null) {
                    throw SentryStore.this.noSuchUpdate(j);
                }
                if (list.size() > 1) {
                    throw new Exception("Inconsistent path delta: " + list.size() + " paths for the same id, " + j);
                }
                return list.get(0);
            }
        });
    }

    @VisibleForTesting
    List<MSentryPathChange> getMSentryPathChanges() throws Exception {
        return getMSentryChanges(MSentryPathChange.class);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <T extends MSentryChange> List<T> getMSentryChangesCore(PersistenceManager persistenceManager, Class<T> cls, long j) throws Exception {
        Query newQuery = persistenceManager.newQuery(cls);
        newQuery.setFilter("this.changeID >= t");
        newQuery.declareParameters("long t");
        newQuery.setOrdering("this.changeID ascending");
        return (List) newQuery.execute(Long.valueOf(j));
    }

    public List<MSentryPathChange> getMSentryPathChanges(final long j) throws Exception {
        return (List) this.tm.executeTransaction(new TransactionBlock<List<MSentryPathChange>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.81
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public List<MSentryPathChange> execute(PersistenceManager persistenceManager) throws Exception {
                List<MSentryPathChange> mSentryChangesCore = SentryStore.this.getMSentryChangesCore(persistenceManager, MSentryPathChange.class, j);
                return SentryStore.this.validateDeltaChanges(j, mSentryChangesCore) ? mSentryChangesCore : Collections.emptyList();
            }
        });
    }

    public List<MSentryPermChange> getMSentryPermChanges(final long j) throws Exception {
        return (List) this.tm.executeTransaction(new TransactionBlock<List<MSentryPermChange>>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.82
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public List<MSentryPermChange> execute(PersistenceManager persistenceManager) throws Exception {
                List<MSentryPermChange> mSentryChangesCore = SentryStore.this.getMSentryChangesCore(persistenceManager, MSentryPermChange.class, j);
                return SentryStore.this.validateDeltaChanges(j, mSentryChangesCore) ? mSentryChangesCore : Collections.emptyList();
            }
        });
    }

    public <T extends MSentryChange> boolean validateDeltaChanges(long j, List<T> list) {
        if (list.isEmpty()) {
            return true;
        }
        if (list.get(0).getChangeID() != j) {
            LOGGER.debug(String.format("Starting delta change from %s is off from the requested id. Requested changeID: %s, Missing delta count: %s", list.get(0).getClass().getCanonicalName(), Long.valueOf(j), Long.valueOf(list.get(0).getChangeID() - j)));
            return false;
        }
        if (MSentryUtil.isConsecutive(list)) {
            return true;
        }
        LOGGER.error(String.format("Certain delta is missing in %s! The table may get corrupted. Start changeID %s, Current size of elements = %s. path changeID list: %s", list.get(0).getClass().getCanonicalName(), Long.valueOf(j), Integer.valueOf(list.size()), MSentryUtil.collapseChangeIDsToString(list)));
        return false;
    }

    private void execute(Updateable.Update update, TransactionBlock<Object> transactionBlock) throws Exception {
        ArrayList arrayList = new ArrayList(2);
        if (this.persistUpdateDeltas) {
            arrayList.add(new DeltaTransactionBlock(update));
        }
        arrayList.add(transactionBlock);
        this.tm.executeTransactionBlocksWithRetry(arrayList);
    }

    public boolean isNotificationProcessed(final String str) throws Exception {
        return ((Boolean) this.tm.executeTransactionWithRetry(new TransactionBlock<Boolean>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.83
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Boolean execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                Query newQuery = persistenceManager.newQuery(MSentryPathChange.class);
                newQuery.setFilter("this.notificationHash == hash");
                newQuery.setUnique(true);
                newQuery.declareParameters("java.lang.String hash");
                return Boolean.valueOf(((MSentryPathChange) newQuery.execute(str)) != null);
            }
        })).booleanValue();
    }
}
