package org.apache.sentry.provider.db.service.persistent;

import com.codahale.metrics.Gauge;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.Collections2;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.concurrent.TimeUnit;
import javax.jdo.JDODataStoreException;
import javax.jdo.JDOHelper;
import javax.jdo.PersistenceManager;
import javax.jdo.PersistenceManagerFactory;
import javax.jdo.Query;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.sentry.SentryOwnerInfo;
import org.apache.sentry.api.common.ApiConstants;
import org.apache.sentry.api.service.thrift.SentryPolicyStoreProcessor;
import org.apache.sentry.api.service.thrift.TSentryActiveRoleSet;
import org.apache.sentry.api.service.thrift.TSentryAuthorizable;
import org.apache.sentry.api.service.thrift.TSentryGrantOption;
import org.apache.sentry.api.service.thrift.TSentryGroup;
import org.apache.sentry.api.service.thrift.TSentryMappingData;
import org.apache.sentry.api.service.thrift.TSentryPrivilege;
import org.apache.sentry.api.service.thrift.TSentryPrivilegeMap;
import org.apache.sentry.api.service.thrift.TSentryRole;
import org.apache.sentry.core.common.exception.SentryAccessDeniedException;
import org.apache.sentry.core.common.exception.SentryAlreadyExistsException;
import org.apache.sentry.core.common.exception.SentryGrantDeniedException;
import org.apache.sentry.core.common.exception.SentryInvalidInputException;
import org.apache.sentry.core.common.exception.SentryNoSuchObjectException;
import org.apache.sentry.core.common.exception.SentrySiteConfigurationException;
import org.apache.sentry.core.common.utils.PathUtils;
import org.apache.sentry.core.common.utils.SentryConstants;
import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.apache.sentry.hdfs.PathsUpdate;
import org.apache.sentry.hdfs.UniquePathsUpdate;
import org.apache.sentry.hdfs.Updateable;
import org.apache.sentry.hdfs.UpdateableAuthzPaths;
import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipal;
import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipalType;
import org.apache.sentry.provider.db.log.util.Constants;
import org.apache.sentry.provider.db.service.model.MAuthzPathsMapping;
import org.apache.sentry.provider.db.service.model.MAuthzPathsSnapshotId;
import org.apache.sentry.provider.db.service.model.MPath;
import org.apache.sentry.provider.db.service.model.MSentryChange;
import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege;
import org.apache.sentry.provider.db.service.model.MSentryGroup;
import org.apache.sentry.provider.db.service.model.MSentryHmsNotification;
import org.apache.sentry.provider.db.service.model.MSentryPathChange;
import org.apache.sentry.provider.db.service.model.MSentryPermChange;
import org.apache.sentry.provider.db.service.model.MSentryPrivilege;
import org.apache.sentry.provider.db.service.model.MSentryRole;
import org.apache.sentry.provider.db.service.model.MSentryUser;
import org.apache.sentry.provider.db.service.model.MSentryUtil;
import org.apache.sentry.provider.db.service.model.MSentryVersion;
import org.apache.sentry.provider.db.service.persistent.QueryParamBuilder;
import org.apache.sentry.service.common.SentryOwnerPrivilegeType;
import org.apache.sentry.service.common.ServiceConstants;
import org.datanucleus.store.rdbms.exceptions.MissingTableException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/provider/db/service/persistent/SentryStore.class */
public class SentryStore implements SentryStoreInterface {
    private static final long COUNT_VALUE_UNKNOWN = -1;
    private static final long NOTIFICATION_UNKNOWN = -1;
    private static final String EMPTY_GRANTOR_PRINCIPAL = "--";
    private static final String LOAD_RESULTS_AT_COMMIT = "datanucleus.query.loadResultsAtCommit";
    private final PersistenceManagerFactory pmf;
    private Configuration conf;
    private final TransactionManager tm;
    private boolean persistUpdateDeltas;
    private final CounterWait counterWait;
    private final boolean ownerPrivilegeWithGrant;
    private static final Logger LOGGER = LoggerFactory.getLogger(SentryStore.class);
    private static final Set<String> ALL_ACTIONS = Sets.newHashSet(new String[]{"*", "ALL", "select", "insert", "alter", "create", "drop", "index", "lock", "OWNER"});
    private static final Set<String> PARTIAL_REVOKE_ACTIONS = Sets.newHashSet(new String[]{"*", "ALL".toLowerCase(), "select", "insert"});

    public static Properties getDataNucleusProperties(Configuration configuration) throws SentrySiteConfigurationException, IOException {
        Properties properties = new Properties();
        properties.putAll(ServiceConstants.ServerConfig.SENTRY_STORE_DEFAULTS);
        String trim = configuration.get("sentry.store.jdbc.url", "").trim();
        Preconditions.checkArgument(!trim.isEmpty(), "Required parameter sentry.store.jdbc.url is missed");
        String trim2 = configuration.get("sentry.store.jdbc.user", "Sentry").trim();
        char[] password = configuration.getPassword("sentry.store.jdbc.password");
        if (password == null) {
            throw new SentrySiteConfigurationException("Error reading sentry.store.jdbc.password");
        }
        String str = new String(password);
        String str2 = configuration.get("sentry.store.jdbc.driver", "org.apache.derby.jdbc.EmbeddedDriver");
        properties.setProperty("javax.jdo.option.ConnectionURL", trim);
        properties.setProperty("javax.jdo.option.ConnectionUserName", trim2);
        properties.setProperty("javax.jdo.option.ConnectionPassword", str);
        properties.setProperty("javax.jdo.option.ConnectionDriverName", str2);
        if (properties.getProperty("datanucleus.transactionIsolation", "").equals("repeatable-read") && trim.contains("oracle")) {
            String[] split = trim.split(":");
            if (split.length > 1 && split[1].equals("oracle")) {
                properties.setProperty("datanucleus.transactionIsolation", "read-committed");
            }
        }
        Iterator it = configuration.iterator();
        while (it.hasNext()) {
            Map.Entry entry = (Map.Entry) it.next();
            String str3 = (String) entry.getKey();
            if (str3.startsWith("sentry.javax.jdo") || str3.startsWith("sentry.datanucleus")) {
                properties.setProperty(StringUtils.removeStart(str3, "sentry."), (String) entry.getValue());
            }
        }
        properties.setProperty("datanucleus.NontransactionalRead", Constants.FALSE);
        properties.setProperty("datanucleus.NontransactionalWrite", Constants.FALSE);
        return properties;
    }

    public SentryStore(Configuration configuration) throws Exception {
        this.conf = configuration;
        Properties dataNucleusProperties = getDataNucleusProperties(configuration);
        boolean equalsIgnoreCase = configuration.get("sentry.verify.schema.version", Constants.TRUE).equalsIgnoreCase(Constants.TRUE);
        if (!equalsIgnoreCase) {
            dataNucleusProperties.setProperty("datanucleus.schema.autoCreateAll", Constants.TRUE);
        }
        this.pmf = JDOHelper.getPersistenceManagerFactory(dataNucleusProperties);
        this.tm = new TransactionManager(this.pmf, configuration);
        verifySentryStoreSchema(equalsIgnoreCase);
        this.counterWait = new CounterWait(configuration.getInt("sentry.notification.sync.timeout.ms", 200000), TimeUnit.MILLISECONDS);
        this.ownerPrivilegeWithGrant = SentryOwnerPrivilegeType.ALL_WITH_GRANT.isConfSet(configuration);
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void setPersistUpdateDeltas(boolean z) {
        this.persistUpdateDeltas = z;
    }

    public TransactionManager getTransactionManager() {
        return this.tm;
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public CounterWait getCounterWait() {
        return this.counterWait;
    }

    void verifySentryStoreSchema(boolean z) throws Exception {
        if (!z) {
            setSentryVersion(SentryStoreSchemaInfo.getSentryVersion(), "Schema version set implicitly");
            return;
        }
        String sentryVersion = getSentryVersion();
        if (!SentryStoreSchemaInfo.getSentryVersion().equals(sentryVersion)) {
            throw new SentryAccessDeniedException("The Sentry store schema version " + sentryVersion + " is different from distribution version " + SentryStoreSchemaInfo.getSentryVersion());
        }
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public synchronized void stop() {
        if (this.pmf != null) {
            this.pmf.close();
        }
    }

    public MSentryRole getRole(PersistenceManager persistenceManager, String str) {
        Query newQuery = persistenceManager.newQuery(MSentryRole.class);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
        newQuery.setFilter("this.roleName == :roleName");
        newQuery.setUnique(true);
        persistenceManager.getFetchGroup(MSentryRole.class, "fetchPrivileges").addMember("privileges");
        persistenceManager.getFetchPlan().addGroup("fetchPrivileges");
        return (MSentryRole) newQuery.execute(str);
    }

    public List<MSentryRole> getAllRoles(PersistenceManager persistenceManager) {
        Query newQuery = persistenceManager.newQuery(MSentryRole.class);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
        persistenceManager.getFetchGroup(MSentryRole.class, "fetchGroups").addMember("groups");
        persistenceManager.getFetchPlan().addGroup("fetchGroups");
        return (List) newQuery.execute();
    }

    public MSentryUser getUser(PersistenceManager persistenceManager, String str) {
        Query newQuery = persistenceManager.newQuery(MSentryUser.class);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
        newQuery.setFilter("this.userName == :userName");
        newQuery.setUnique(true);
        persistenceManager.getFetchGroup(MSentryUser.class, "fetchPrivileges").addMember("privileges");
        persistenceManager.getFetchPlan().addGroup("fetchPrivileges");
        return (MSentryUser) newQuery.execute(str);
    }

    public void createSentryUser(String str) throws Exception {
        this.tm.executeTransactionWithRetry(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            String trimAndLower = trimAndLower(str);
            if (getUser(persistenceManager, trimAndLower) != null) {
                throw new SentryAlreadyExistsException("User: " + trimAndLower);
            }
            persistenceManager.makePersistent(new MSentryUser(trimAndLower, System.currentTimeMillis(), Sets.newHashSet()));
            return null;
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String trimAndLower(String str) {
        return str.trim().toLowerCase();
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void createSentryRole(String str) throws Exception {
        this.tm.executeTransactionWithRetry(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            String trimAndLower = trimAndLower(str);
            if (getRole(persistenceManager, trimAndLower) != null) {
                throw new SentryAlreadyExistsException("Role: " + trimAndLower);
            }
            persistenceManager.makePersistent(new MSentryRole(trimAndLower));
            return null;
        });
    }

    private <T> Long getCount(Class<T> cls) {
        try {
            return (Long) this.tm.executeTransaction(persistenceManager -> {
                persistenceManager.setDetachAllOnCommit(false);
                Query newQuery = persistenceManager.newQuery();
                newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
                newQuery.setClass(cls);
                newQuery.setResult("count(this)");
                return (Long) newQuery.execute();
            });
        } catch (Exception e) {
            return -1L;
        }
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Gauge<Long> getRoleCountGauge() {
        return () -> {
            return getCount(MSentryRole.class);
        };
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Gauge<Long> getPrivilegeCountGauge() {
        return () -> {
            return getCount(MSentryPrivilege.class);
        };
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Gauge<Long> getGroupCountGauge() {
        return () -> {
            return getCount(MSentryGroup.class);
        };
    }

    Gauge<Long> getUserCountGauge() {
        return () -> {
            return getCount(MSentryUser.class);
        };
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Gauge<Integer> getHMSWaitersCountGauge() {
        return () -> {
            return Integer.valueOf(this.counterWait.waitersCount());
        };
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Gauge<Long> getLastNotificationIdGauge() {
        return () -> {
            try {
                return getLastProcessedNotificationID();
            } catch (Exception e) {
                LOGGER.error("Can not read current notificationId", e);
                return -1L;
            }
        };
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Gauge<Long> getLastPathsSnapshotIdGauge() {
        return () -> {
            try {
                return Long.valueOf(getCurrentAuthzPathsSnapshotID());
            } catch (Exception e) {
                LOGGER.error("Can not read current paths snapshot ID", e);
                return -1L;
            }
        };
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Gauge<Long> getPermChangeIdGauge() {
        return new Gauge<Long>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.1
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m42getValue() {
                try {
                    return (Long) SentryStore.this.tm.executeTransaction(persistenceManager -> {
                        return SentryStore.getLastProcessedChangeIDCore(persistenceManager, MSentryPermChange.class);
                    });
                } catch (Exception e) {
                    SentryStore.LOGGER.error("Can not read current permissions change ID", e);
                    return -1L;
                }
            }
        };
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Gauge<Long> getPathChangeIdGauge() {
        return () -> {
            try {
                return (Long) this.tm.executeTransaction(persistenceManager -> {
                    return getLastProcessedChangeIDCore(persistenceManager, MSentryPathChange.class);
                });
            } catch (Exception e) {
                LOGGER.error("Can not read current path change ID", e);
                return -1L;
            }
        };
    }

    @VisibleForTesting
    long countMSentryPrivileges() {
        return getCount(MSentryPrivilege.class).longValue();
    }

    @VisibleForTesting
    void clearAllTables() {
        try {
            this.tm.executeTransaction(persistenceManager -> {
                persistenceManager.newQuery(MSentryRole.class).deletePersistentAll();
                persistenceManager.newQuery(MSentryGroup.class).deletePersistentAll();
                persistenceManager.newQuery(MSentryUser.class).deletePersistentAll();
                persistenceManager.newQuery(MSentryPrivilege.class).deletePersistentAll();
                persistenceManager.newQuery(MSentryPermChange.class).deletePersistentAll();
                persistenceManager.newQuery(MSentryPathChange.class).deletePersistentAll();
                persistenceManager.newQuery(MAuthzPathsMapping.class).deletePersistentAll();
                persistenceManager.newQuery(MPath.class).deletePersistentAll();
                persistenceManager.newQuery(MSentryHmsNotification.class).deletePersistentAll();
                persistenceManager.newQuery(MAuthzPathsSnapshotId.class).deletePersistentAll();
                return null;
            });
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
        }
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void clearHmsPathInformation() throws Exception {
        this.tm.executeTransactionWithRetry(persistenceManager -> {
            persistenceManager.newQuery(MSentryPathChange.class).deletePersistentAll();
            persistenceManager.newQuery(MAuthzPathsMapping.class).deletePersistentAll();
            persistenceManager.newQuery(MPath.class).deletePersistentAll();
            return null;
        });
    }

    @VisibleForTesting
    <T extends MSentryChange> void purgeDeltaChangeTableCore(Class<T> cls, PersistenceManager persistenceManager, long j) {
        Preconditions.checkArgument(j >= 0, "changes to keep must be a non-negative number");
        long longValue = getLastProcessedChangeIDCore(persistenceManager, cls).longValue() - j;
        Query newQuery = persistenceManager.newQuery(cls);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
        newQuery.setFilter("changeID <= maxChangedIdDeleted");
        newQuery.declareParameters("long maxChangedIdDeleted");
        long deletePersistentAll = newQuery.deletePersistentAll(new Object[]{Long.valueOf(longValue)});
        if (deletePersistentAll > 0) {
            LOGGER.info(String.format("Purged %d of %s to changeID=%d", Long.valueOf(deletePersistentAll), cls.getSimpleName(), Long.valueOf(longValue)));
        }
    }

    @VisibleForTesting
    protected void purgeNotificationIdTableCore(PersistenceManager persistenceManager, long j) {
        Preconditions.checkArgument(j > 0, "You need to keep at least one entry in SENTRY_HMS_NOTIFICATION_ID table");
        long longValue = getLastProcessedNotificationIDCore(persistenceManager).longValue();
        Query newQuery = persistenceManager.newQuery(MSentryHmsNotification.class);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
        newQuery.setFilter("notificationId <= maxNotificationIdDeleted");
        newQuery.declareParameters("long maxNotificationIdDeleted");
        long deletePersistentAll = newQuery.deletePersistentAll(new Object[]{Long.valueOf(longValue - j)});
        if (deletePersistentAll > 0) {
            LOGGER.info("Purged {} of {}", Long.valueOf(deletePersistentAll), MSentryHmsNotification.class.getSimpleName());
        }
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void purgeDeltaChangeTables() {
        int i = this.conf.getInt("sentry.server.delta.keep.count", 200);
        LOGGER.info("Purging MSentryPathUpdate and MSentyPermUpdate tables, leaving {} entries", Integer.valueOf(i));
        try {
            this.tm.executeTransaction(persistenceManager -> {
                persistenceManager.setDetachAllOnCommit(false);
                purgeDeltaChangeTableCore(MSentryPermChange.class, persistenceManager, i);
                LOGGER.info("MSentryPermChange table has been purged.");
                purgeDeltaChangeTableCore(MSentryPathChange.class, persistenceManager, i);
                LOGGER.info("MSentryPathUpdate table has been purged.");
                return null;
            });
        } catch (Exception e) {
            LOGGER.error("Delta change cleaning process encountered an error", e);
        }
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void purgeNotificationIdTable() {
        int i = this.conf.getInt("sentry.server.delta.keep.count", 100);
        LOGGER.debug("Purging MSentryHmsNotification table, leaving {} entries", Integer.valueOf(i));
        try {
            this.tm.executeTransaction(persistenceManager -> {
                persistenceManager.setDetachAllOnCommit(false);
                purgeNotificationIdTableCore(persistenceManager, i);
                return null;
            });
        } catch (Exception e) {
            LOGGER.error("MSentryHmsNotification cleaning process encountered an error", e);
        }
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void alterSentryRoleGrantPrivileges(String str, String str2, Set<TSentryPrivilege> set) throws Exception {
        Iterator<TSentryPrivilege> it = set.iterator();
        while (it.hasNext()) {
            alterSentryGrantPrivilege(str, ServiceConstants.SentryPrincipalType.ROLE, str2, it.next(), null);
        }
    }

    synchronized void alterSentryGrantPrivilege(String str, ServiceConstants.SentryPrincipalType sentryPrincipalType, String str2, TSentryPrivilege tSentryPrivilege, Updateable.Update update) throws Exception {
        execute(update, persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            String trimAndLower = trimAndLower(str2);
            grantOptionCheck(persistenceManager, str, tSentryPrivilege);
            MSentryPrivilege alterSentryGrantPrivilegeCore = alterSentryGrantPrivilegeCore(persistenceManager, sentryPrincipalType, trimAndLower, tSentryPrivilege);
            if (alterSentryGrantPrivilegeCore == null) {
                return null;
            }
            convertToTSentryPrivilege(alterSentryGrantPrivilegeCore, tSentryPrivilege);
            return null;
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void alterSentryRoleGrantPrivileges(String str, String str2, Set<TSentryPrivilege> set, Map<TSentryPrivilege, Updateable.Update> map) throws Exception {
        Preconditions.checkNotNull(map);
        for (TSentryPrivilege tSentryPrivilege : set) {
            alterSentryGrantPrivilege(str, ServiceConstants.SentryPrincipalType.ROLE, str2, tSentryPrivilege, map.get(tSentryPrivilege));
        }
    }

    private MSentryPrivilege findMatchPrivilege(Set<MSentryPrivilege> set, MSentryPrivilege mSentryPrivilege) {
        for (MSentryPrivilege mSentryPrivilege2 : set) {
            if (mSentryPrivilege2.equals(mSentryPrivilege)) {
                return mSentryPrivilege2;
            }
        }
        return null;
    }

    private MSentryPrivilege alterSentryGrantPrivilegeCore(PersistenceManager persistenceManager, ServiceConstants.SentryPrincipalType sentryPrincipalType, String str, TSentryPrivilege tSentryPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException {
        PrivilegePrincipal entity = getEntity(persistenceManager, str, sentryPrincipalType);
        if (entity == null) {
            if (sentryPrincipalType == ServiceConstants.SentryPrincipalType.ROLE) {
                throw noSuchRole(str);
            }
            if (sentryPrincipalType == ServiceConstants.SentryPrincipalType.USER) {
                entity = new MSentryUser(str, System.currentTimeMillis(), Sets.newHashSet());
            }
        }
        if (tSentryPrivilege.getPrivilegeScope().equalsIgnoreCase(ApiConstants.PrivilegeScope.URI.name()) && StringUtils.isBlank(tSentryPrivilege.getURI())) {
            throw new SentryInvalidInputException("cannot grant URI privileges to Null or EMPTY location");
        }
        if ((!isNULL(tSentryPrivilege.getColumnName()) || !isNULL(tSentryPrivilege.getTableName()) || !isNULL(tSentryPrivilege.getDbName())) && !"OWNER".equalsIgnoreCase(tSentryPrivilege.getAction())) {
            if ("*".equalsIgnoreCase(tSentryPrivilege.getAction()) || "ALL".equalsIgnoreCase(tSentryPrivilege.getAction())) {
                dropPrivilegesForGrantAll(persistenceManager, entity, tSentryPrivilege);
            } else {
                TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege(tSentryPrivilege);
                tSentryPrivilege2.setAction("*");
                MSentryPrivilege findMatchPrivilege = findMatchPrivilege(entity.getPrivileges(), convertToMSentryPrivilege(tSentryPrivilege2));
                tSentryPrivilege2.setAction("ALL");
                MSentryPrivilege findMatchPrivilege2 = findMatchPrivilege(entity.getPrivileges(), convertToMSentryPrivilege(tSentryPrivilege2));
                if (findMatchPrivilege != null || findMatchPrivilege2 != null) {
                    return null;
                }
            }
        }
        MSentryPrivilege mSentryPrivilege = getMSentryPrivilege(tSentryPrivilege, persistenceManager);
        if (mSentryPrivilege == null) {
            mSentryPrivilege = convertToMSentryPrivilege(tSentryPrivilege);
        }
        mSentryPrivilege.appendPrincipal(entity);
        persistenceManager.makePersistent(mSentryPrivilege);
        return mSentryPrivilege;
    }

    private void dropPrivilegesForGrantAll(PersistenceManager persistenceManager, PrivilegePrincipal privilegePrincipal, TSentryPrivilege tSentryPrivilege) throws SentryInvalidInputException {
        TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege(tSentryPrivilege);
        for (String str : ALL_ACTIONS) {
            if (!str.equalsIgnoreCase("OWNER")) {
                tSentryPrivilege2.setAction(str);
                MSentryPrivilege findMatchPrivilege = findMatchPrivilege(privilegePrincipal.getPrivileges(), convertToMSentryPrivilege(tSentryPrivilege2));
                if (findMatchPrivilege != null) {
                    findMatchPrivilege.removePrincipal(privilegePrincipal);
                    persistPrivilege(persistenceManager, findMatchPrivilege);
                }
            }
        }
    }

    public void alterSentryUserGrantPrivileges(String str, String str2, Set<TSentryPrivilege> set) throws Exception {
        try {
            if (getMSentryUserByName(str2, false) == null) {
                createSentryUser(str2);
            }
        } catch (SentryAlreadyExistsException e) {
        }
        Iterator<TSentryPrivilege> it = set.iterator();
        while (it.hasNext()) {
            alterSentryGrantPrivilege(str, ServiceConstants.SentryPrincipalType.USER, str2, it.next(), null);
        }
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void alterSentryGrantOwnerPrivilege(String str, ServiceConstants.SentryPrincipalType sentryPrincipalType, TSentryPrivilege tSentryPrivilege, Updateable.Update update) throws Exception {
        execute(update, persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            MSentryPrivilege alterSentryGrantPrivilegeCore = alterSentryGrantPrivilegeCore(persistenceManager, sentryPrincipalType, trimAndLower(str), tSentryPrivilege);
            if (alterSentryGrantPrivilegeCore == null) {
                return null;
            }
            convertToTSentryPrivilege(alterSentryGrantPrivilegeCore, tSentryPrivilege);
            return null;
        });
    }

    public void alterSentryUserGrantPrivileges(String str, String str2, Set<TSentryPrivilege> set, Map<TSentryPrivilege, Updateable.Update> map) throws Exception {
        try {
            if (getMSentryUserByName(str2, false) == null) {
                createSentryUser(str2);
            }
        } catch (SentryAlreadyExistsException e) {
        }
        Preconditions.checkNotNull(map);
        for (TSentryPrivilege tSentryPrivilege : set) {
            alterSentryGrantPrivilege(str, ServiceConstants.SentryPrincipalType.USER, str2, tSentryPrivilege, map.get(tSentryPrivilege));
        }
    }

    @VisibleForTesting
    public MSentryUser getMSentryUserByName(String str) throws Exception {
        return getMSentryUserByName(str, true);
    }

    MSentryUser getMSentryUserByName(final String str, final boolean z) throws Exception {
        return (MSentryUser) this.tm.executeTransaction(new TransactionBlock<MSentryUser>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public MSentryUser execute(PersistenceManager persistenceManager) throws Exception {
                String trimAndLower = SentryStore.this.trimAndLower(str);
                MSentryUser user = SentryStore.this.getUser(persistenceManager, trimAndLower);
                if (user != null) {
                    return user;
                }
                if (z) {
                    throw SentryStore.noSuchUser(trimAndLower);
                }
                return null;
            }
        });
    }

    public void alterSentryUserRevokePrivileges(String str, String str2, Set<TSentryPrivilege> set) throws Exception {
        Iterator<TSentryPrivilege> it = set.iterator();
        while (it.hasNext()) {
            alterSentryRevokePrivilege(str, ServiceConstants.SentryPrincipalType.USER, str2, it.next(), null);
        }
    }

    public void alterSentryUserRevokePrivileges(String str, String str2, Set<TSentryPrivilege> set, Map<TSentryPrivilege, Updateable.Update> map) throws Exception {
        Preconditions.checkNotNull(map);
        for (TSentryPrivilege tSentryPrivilege : set) {
            alterSentryRevokePrivilege(str, ServiceConstants.SentryPrincipalType.USER, str2, tSentryPrivilege, map.get(tSentryPrivilege));
        }
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void alterSentryRoleRevokePrivileges(String str, String str2, Set<TSentryPrivilege> set) throws Exception {
        Iterator<TSentryPrivilege> it = set.iterator();
        while (it.hasNext()) {
            alterSentryRevokePrivilege(str, ServiceConstants.SentryPrincipalType.ROLE, str2, it.next(), null);
        }
    }

    synchronized void alterSentryRevokePrivilege(String str, ServiceConstants.SentryPrincipalType sentryPrincipalType, String str2, TSentryPrivilege tSentryPrivilege, Updateable.Update update) throws Exception {
        execute(update, persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            String safeTrimLower = safeTrimLower(str2);
            grantOptionCheck(persistenceManager, str, tSentryPrivilege);
            alterSentryRevokePrivilegeCore(persistenceManager, sentryPrincipalType, safeTrimLower, tSentryPrivilege);
            return null;
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void alterSentryRoleRevokePrivileges(String str, String str2, Set<TSentryPrivilege> set, Map<TSentryPrivilege, Updateable.Update> map) throws Exception {
        Preconditions.checkNotNull(map);
        for (TSentryPrivilege tSentryPrivilege : set) {
            alterSentryRevokePrivilege(str, ServiceConstants.SentryPrincipalType.ROLE, str2, tSentryPrivilege, map.get(tSentryPrivilege));
        }
    }

    private void alterSentryRevokePrivilegeCore(PersistenceManager persistenceManager, ServiceConstants.SentryPrincipalType sentryPrincipalType, String str, TSentryPrivilege tSentryPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException {
        PrivilegePrincipal entity = getEntity(persistenceManager, str, sentryPrincipalType);
        if (entity == null) {
            if (sentryPrincipalType == ServiceConstants.SentryPrincipalType.ROLE) {
                throw noSuchRole(str);
            }
            if (sentryPrincipalType == ServiceConstants.SentryPrincipalType.USER) {
                throw noSuchUser(str);
            }
        }
        if (tSentryPrivilege.getPrivilegeScope().equalsIgnoreCase(ApiConstants.PrivilegeScope.URI.name()) && StringUtils.isBlank(tSentryPrivilege.getURI())) {
            throw new SentryInvalidInputException("cannot revoke URI privileges from Null or EMPTY location");
        }
        MSentryPrivilege mSentryPrivilege = getMSentryPrivilege(tSentryPrivilege, persistenceManager);
        MSentryPrivilege convertToMSentryPrivilege = mSentryPrivilege == null ? convertToMSentryPrivilege(tSentryPrivilege) : (MSentryPrivilege) persistenceManager.detachCopy(mSentryPrivilege);
        HashSet hashSet = new HashSet();
        if (convertToMSentryPrivilege.getGrantOption() != null) {
            hashSet.add(convertToMSentryPrivilege);
        } else {
            MSentryPrivilege mSentryPrivilege2 = new MSentryPrivilege(convertToMSentryPrivilege);
            mSentryPrivilege2.setGrantOption(true);
            hashSet.add(mSentryPrivilege2);
            MSentryPrivilege mSentryPrivilege3 = new MSentryPrivilege(convertToMSentryPrivilege);
            mSentryPrivilege3.setGrantOption(false);
            hashSet.add(mSentryPrivilege3);
        }
        populateChildren(persistenceManager, sentryPrincipalType, Sets.newHashSet(new String[]{str}), convertToMSentryPrivilege, hashSet);
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            revokePrivilege(persistenceManager, tSentryPrivilege, entity, (MSentryPrivilege) it.next());
        }
        persistEntity(persistenceManager, sentryPrincipalType, entity);
    }

    private void revokePartial(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege, PrivilegePrincipal privilegePrincipal, MSentryPrivilege mSentryPrivilege) throws SentryInvalidInputException {
        MSentryPrivilege mSentryPrivilege2 = getMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege), persistenceManager);
        if (mSentryPrivilege2 == null) {
            mSentryPrivilege2 = convertToMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege));
        }
        if (tSentryPrivilege.getAction().equalsIgnoreCase("*") || tSentryPrivilege.getAction().equalsIgnoreCase("ALL")) {
            if ((mSentryPrivilege2.getRoles().isEmpty() && mSentryPrivilege2.getUsers().isEmpty()) || privilegePrincipal == null) {
                return;
            }
            mSentryPrivilege2.removePrincipal(privilegePrincipal);
            persistPrivilege(persistenceManager, mSentryPrivilege2);
            return;
        }
        HashSet hashSet = new HashSet();
        for (String str : PARTIAL_REVOKE_ACTIONS) {
            if (!tSentryPrivilege.getAction().equalsIgnoreCase(str) && !mSentryPrivilege.getAction().equalsIgnoreCase(str) && !"*".equalsIgnoreCase(str) && !"ALL".equalsIgnoreCase(str)) {
                hashSet.add(str);
            }
        }
        if (privilegePrincipal != null) {
            revokePrivilegeAndGrantPartial(persistenceManager, privilegePrincipal, mSentryPrivilege, mSentryPrivilege2, hashSet);
        }
    }

    private void persistEntity(PersistenceManager persistenceManager, ServiceConstants.SentryPrincipalType sentryPrincipalType, PrivilegePrincipal privilegePrincipal) {
        if (sentryPrincipalType == ServiceConstants.SentryPrincipalType.USER && isUserStale((MSentryUser) privilegePrincipal)) {
            persistenceManager.deletePersistent(privilegePrincipal);
        } else {
            persistenceManager.makePersistent(privilegePrincipal);
        }
    }

    private boolean isUserStale(MSentryUser mSentryUser) {
        return mSentryUser.getPrivileges().isEmpty() && mSentryUser.getRoles().isEmpty();
    }

    private void persistPrivilege(PersistenceManager persistenceManager, MSentryPrivilege mSentryPrivilege) {
        if (isPrivilegeStale(mSentryPrivilege)) {
            persistenceManager.deletePersistent(mSentryPrivilege);
        } else {
            persistenceManager.makePersistent(mSentryPrivilege);
        }
    }

    private boolean isPrivilegeStale(MSentryPrivilege mSentryPrivilege) {
        return mSentryPrivilege.getUsers().isEmpty() && mSentryPrivilege.getRoles().isEmpty();
    }

    private boolean isPrivilegeStale(MSentryGMPrivilege mSentryGMPrivilege) {
        return mSentryGMPrivilege.getRoles().isEmpty();
    }

    private void revokePrivilegeAndGrantPartial(PersistenceManager persistenceManager, PrivilegePrincipal privilegePrincipal, MSentryPrivilege mSentryPrivilege, MSentryPrivilege mSentryPrivilege2, Set<String> set) throws SentryInvalidInputException {
        MSentryPrivilege mSentryPrivilege3 = getMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege2), persistenceManager);
        if (mSentryPrivilege3 != null) {
            mSentryPrivilege3.removePrincipal(privilegePrincipal);
            persistPrivilege(persistenceManager, mSentryPrivilege3);
        }
        mSentryPrivilege.setAction("*");
        MSentryPrivilege mSentryPrivilege4 = getMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege), persistenceManager);
        if (mSentryPrivilege4 == null || !privilegePrincipal.getPrivileges().contains(mSentryPrivilege4)) {
            return;
        }
        mSentryPrivilege4.removePrincipal(privilegePrincipal);
        persistPrivilege(persistenceManager, mSentryPrivilege4);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            mSentryPrivilege.setAction(it.next());
            TSentryPrivilege convertToTSentryPrivilege = convertToTSentryPrivilege(mSentryPrivilege);
            mSentryPrivilege4 = getMSentryPrivilege(convertToTSentryPrivilege, persistenceManager);
            if (mSentryPrivilege4 == null) {
                mSentryPrivilege4 = convertToMSentryPrivilege(convertToTSentryPrivilege);
            }
            privilegePrincipal.appendPrivilege(mSentryPrivilege4);
        }
        mSentryPrivilege4.appendPrincipal(privilegePrincipal);
        persistenceManager.makePersistent(mSentryPrivilege4);
    }

    private void revokePrivilege(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege, PrivilegePrincipal privilegePrincipal, MSentryPrivilege mSentryPrivilege) throws SentryInvalidInputException {
        if (PARTIAL_REVOKE_ACTIONS.contains(mSentryPrivilege.getAction())) {
            revokePartial(persistenceManager, tSentryPrivilege, privilegePrincipal, mSentryPrivilege);
            return;
        }
        MSentryPrivilege mSentryPrivilege2 = getMSentryPrivilege(convertToTSentryPrivilege(mSentryPrivilege), persistenceManager);
        if (mSentryPrivilege2 != null) {
            mSentryPrivilege2.removePrincipal(privilegePrincipal);
            persistPrivilege(persistenceManager, mSentryPrivilege2);
        }
    }

    private void populateChildren(PersistenceManager persistenceManager, ServiceConstants.SentryPrincipalType sentryPrincipalType, Set<String> set, MSentryPrivilege mSentryPrivilege, Collection<MSentryPrivilege> collection) throws SentryInvalidInputException {
        Preconditions.checkNotNull(persistenceManager);
        if (isNULL(mSentryPrivilege.getServerName()) && isNULL(mSentryPrivilege.getDbName()) && isNULL(mSentryPrivilege.getTableName())) {
            return;
        }
        for (MSentryPrivilege mSentryPrivilege2 : getChildPrivileges(persistenceManager, sentryPrincipalType, set, mSentryPrivilege)) {
            if (!isNULL(mSentryPrivilege2.getDbName()) && !isNULL(mSentryPrivilege2.getTableName()) && !isNULL(mSentryPrivilege2.getColumnName())) {
                populateChildren(persistenceManager, sentryPrincipalType, set, mSentryPrivilege2, collection);
            }
            if (!mSentryPrivilege.isActionALL()) {
                if (mSentryPrivilege2.isActionALL()) {
                    mSentryPrivilege2.setAction(mSentryPrivilege.getAction());
                }
                if (!mSentryPrivilege.implies(mSentryPrivilege2)) {
                }
            }
            collection.add(mSentryPrivilege2);
        }
    }

    private Set<MSentryPrivilege> getChildPrivileges(PersistenceManager persistenceManager, ServiceConstants.SentryPrincipalType sentryPrincipalType, Set<String> set, MSentryPrivilege mSentryPrivilege) throws SentryInvalidInputException {
        QueryParamBuilder add;
        if (!isNULL(mSentryPrivilege.getColumnName()) || !isNULL(mSentryPrivilege.getURI())) {
            return Collections.emptySet();
        }
        Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
        if (sentryPrincipalType == ServiceConstants.SentryPrincipalType.ROLE) {
            add = QueryParamBuilder.addRolesFilter(newQuery, null, set).add("serverName", mSentryPrivilege.getServerName());
        } else {
            if (sentryPrincipalType != ServiceConstants.SentryPrincipalType.USER) {
                throw new SentryInvalidInputException("entityType" + sentryPrincipalType + " is not valid");
            }
            add = QueryParamBuilder.addUsersFilter(newQuery, null, set).add("serverName", mSentryPrivilege.getServerName());
        }
        if (isNULL(mSentryPrivilege.getDbName())) {
            add.newChild().addNotNull("dbName").addNotNull("URI");
        } else {
            add.add("dbName", mSentryPrivilege.getDbName());
            if (isNULL(mSentryPrivilege.getTableName())) {
                add.addNotNull(Constants.LOG_FIELD_TABLE_NAME);
            } else {
                add.add(Constants.LOG_FIELD_TABLE_NAME, mSentryPrivilege.getTableName()).addNotNull("columnName");
            }
        }
        newQuery.setFilter(add.toString());
        newQuery.setResult("privilegeScope, serverName, dbName, tableName, columnName, URI, action, grantOption");
        List<Object[]> list = (List) newQuery.executeWithMap(add.getArguments());
        HashSet hashSet = new HashSet(list.size());
        for (Object[] objArr : list) {
            hashSet.add(new MSentryPrivilege((String) objArr[0], (String) objArr[1], (String) objArr[2], (String) objArr[3], (String) objArr[4], (String) objArr[5], (String) objArr[6], (Boolean) objArr[7]));
        }
        return hashSet;
    }

    public void dropSentryUser(final String str) throws Exception {
        this.tm.executeTransactionWithRetry(new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.3
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                SentryStore.this.dropSentryUserCore(persistenceManager, str);
                return null;
            }
        });
    }

    public synchronized void dropSentryUser(final String str, Updateable.Update update) throws Exception {
        execute(update, new TransactionBlock<Object>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.4
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Object execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                SentryStore.this.dropSentryUserCore(persistenceManager, str);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void dropSentryUserCore(PersistenceManager persistenceManager, String str) throws SentryNoSuchObjectException {
        String trimAndLower = trimAndLower(str);
        MSentryUser user = getUser(persistenceManager, trimAndLower);
        if (user == null) {
            throw noSuchUser(trimAndLower);
        }
        removePrivilegesForUser(persistenceManager, user);
        persistenceManager.deletePersistent(user);
    }

    private void removePrivilegesForUser(PersistenceManager persistenceManager, MSentryUser mSentryUser) {
        ArrayList arrayList = new ArrayList(mSentryUser.getPrivileges());
        mSentryUser.removePrivileges();
        removeStaledPrivileges(persistenceManager, arrayList);
    }

    private List<MSentryPrivilege> getMSentryPrivileges(TSentryPrivilege tSentryPrivilege, PersistenceManager persistenceManager) {
        Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
        QueryParamBuilder newQueryParamBuilder = QueryParamBuilder.newQueryParamBuilder();
        newQueryParamBuilder.add("serverName", tSentryPrivilege.getServerName()).add("action", tSentryPrivilege.getAction());
        if (!isNULL(tSentryPrivilege.getDbName())) {
            newQueryParamBuilder.add("dbName", tSentryPrivilege.getDbName());
            if (!isNULL(tSentryPrivilege.getTableName())) {
                newQueryParamBuilder.add(Constants.LOG_FIELD_TABLE_NAME, tSentryPrivilege.getTableName());
                if (!isNULL(tSentryPrivilege.getColumnName())) {
                    newQueryParamBuilder.add("columnName", tSentryPrivilege.getColumnName());
                }
            }
        } else if (!isNULL(tSentryPrivilege.getURI())) {
            newQueryParamBuilder.add("URI", tSentryPrivilege.getURI(), true);
        }
        newQuery.setFilter(newQueryParamBuilder.toString());
        persistenceManager.getFetchGroup(MSentryPrivilege.class, "fetchRolesUsers").addMember("roles").addMember("users");
        persistenceManager.getFetchPlan().addGroup("fetchRolesUsers");
        return (List) newQuery.executeWithMap(newQueryParamBuilder.getArguments());
    }

    private MSentryPrivilege getMSentryPrivilege(TSentryPrivilege tSentryPrivilege, PersistenceManager persistenceManager) {
        Boolean bool = null;
        if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE)) {
            bool = true;
        } else if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.FALSE)) {
            bool = false;
        }
        QueryParamBuilder newQueryParamBuilder = QueryParamBuilder.newQueryParamBuilder();
        newQueryParamBuilder.add("serverName", tSentryPrivilege.getServerName()).add("dbName", tSentryPrivilege.getDbName()).add(Constants.LOG_FIELD_TABLE_NAME, tSentryPrivilege.getTableName()).add("columnName", tSentryPrivilege.getColumnName()).add("URI", tSentryPrivilege.getURI(), true).addObject("grantOption", bool).add("action", tSentryPrivilege.getAction());
        Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
        newQuery.setUnique(true);
        newQuery.setFilter(newQueryParamBuilder.toString());
        return (MSentryPrivilege) newQuery.executeWithMap(newQueryParamBuilder.getArguments());
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void dropSentryRole(String str) throws Exception {
        this.tm.executeTransactionWithRetry(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            dropSentryRoleCore(persistenceManager, str);
            return null;
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public synchronized void dropSentryRole(String str, Updateable.Update update) throws Exception {
        execute(update, persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            dropSentryRoleCore(persistenceManager, str);
            return null;
        });
    }

    private void dropSentryRoleCore(PersistenceManager persistenceManager, String str) throws SentryNoSuchObjectException {
        String trimAndLower = trimAndLower(str);
        MSentryRole role = getRole(persistenceManager, trimAndLower);
        if (role == null) {
            throw noSuchRole(trimAndLower);
        }
        removePrivileges(persistenceManager, role);
        persistenceManager.deletePersistent(role);
    }

    private void removePrivileges(PersistenceManager persistenceManager, MSentryRole mSentryRole) {
        ArrayList arrayList = new ArrayList(mSentryRole.getPrivileges());
        ArrayList arrayList2 = new ArrayList(mSentryRole.getGmPrivileges());
        mSentryRole.removePrivileges();
        mSentryRole.removeGMPrivileges();
        removeStaledPrivileges(persistenceManager, arrayList);
        removeStaledGMPrivileges(persistenceManager, arrayList2);
    }

    private void removeStaledPrivileges(PersistenceManager persistenceManager, List<MSentryPrivilege> list) {
        ArrayList arrayList = new ArrayList(0);
        for (MSentryPrivilege mSentryPrivilege : list) {
            if (isPrivilegeStale(mSentryPrivilege)) {
                arrayList.add(mSentryPrivilege);
            }
        }
        if (arrayList.isEmpty()) {
            return;
        }
        persistenceManager.deletePersistentAll(arrayList);
    }

    private void removeStaledGMPrivileges(PersistenceManager persistenceManager, List<MSentryGMPrivilege> list) {
        ArrayList arrayList = new ArrayList(0);
        for (MSentryGMPrivilege mSentryGMPrivilege : list) {
            if (isPrivilegeStale(mSentryGMPrivilege)) {
                arrayList.add(mSentryGMPrivilege);
            }
        }
        if (arrayList.isEmpty()) {
            return;
        }
        persistenceManager.deletePersistentAll(arrayList);
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void alterSentryRoleAddGroups(String str, String str2, Set<TSentryGroup> set) throws Exception {
        this.tm.executeTransactionWithRetry(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            alterSentryRoleAddGroupsCore(persistenceManager, str2, set);
            return null;
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public synchronized void alterSentryRoleAddGroups(String str, String str2, Set<TSentryGroup> set, Updateable.Update update) throws Exception {
        execute(update, persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            alterSentryRoleAddGroupsCore(persistenceManager, str2, set);
            return null;
        });
    }

    private void alterSentryRoleAddGroupsCore(PersistenceManager persistenceManager, String str, Set<TSentryGroup> set) throws SentryNoSuchObjectException {
        String trimAndLower = trimAndLower(str);
        MSentryRole role = getRole(persistenceManager, trimAndLower);
        if (role == null) {
            throw noSuchRole(trimAndLower);
        }
        Query newQuery = persistenceManager.newQuery(MSentryGroup.class);
        newQuery.setFilter("this.groupName == :groupName");
        newQuery.setUnique(true);
        ArrayList newArrayList = Lists.newArrayList();
        Iterator<TSentryGroup> it = set.iterator();
        while (it.hasNext()) {
            String trim = it.next().getGroupName().trim();
            MSentryGroup mSentryGroup = (MSentryGroup) newQuery.execute(trim);
            if (mSentryGroup == null) {
                mSentryGroup = new MSentryGroup(trim, System.currentTimeMillis(), Sets.newHashSet(new MSentryRole[]{role}));
            }
            mSentryGroup.appendRole(role);
            newArrayList.add(mSentryGroup);
        }
        persistenceManager.makePersistentAll(newArrayList);
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void alterSentryRoleAddUsers(String str, Set<String> set) throws Exception {
        this.tm.executeTransactionWithRetry(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            alterSentryRoleAddUsersCore(persistenceManager, str, set);
            return null;
        });
    }

    private void alterSentryRoleAddUsersCore(PersistenceManager persistenceManager, String str, Set<String> set) throws SentryNoSuchObjectException {
        String trimAndLower = trimAndLower(str);
        MSentryRole role = getRole(persistenceManager, trimAndLower);
        if (role == null) {
            throw noSuchRole(trimAndLower);
        }
        Query newQuery = persistenceManager.newQuery(MSentryUser.class);
        newQuery.setFilter("this.userName == :userName");
        newQuery.setUnique(true);
        ArrayList newArrayList = Lists.newArrayList();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            String trim = it.next().trim();
            MSentryUser mSentryUser = (MSentryUser) newQuery.execute(trim);
            if (mSentryUser == null) {
                mSentryUser = new MSentryUser(trim, System.currentTimeMillis(), Sets.newHashSet(new MSentryRole[]{role}));
            }
            mSentryUser.appendRole(role);
            newArrayList.add(mSentryUser);
        }
        persistenceManager.makePersistentAll(newArrayList);
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void alterSentryRoleDeleteUsers(String str, Set<String> set) throws Exception {
        this.tm.executeTransactionWithRetry(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            String trimAndLower = trimAndLower(str);
            MSentryRole role = getRole(persistenceManager, trimAndLower);
            if (role == null) {
                throw noSuchRole(trimAndLower);
            }
            Query newQuery = persistenceManager.newQuery(MSentryUser.class);
            newQuery.setFilter("this.userName == :userName");
            newQuery.setUnique(true);
            ArrayList newArrayList = Lists.newArrayList();
            ArrayList newArrayList2 = Lists.newArrayList();
            Iterator it = set.iterator();
            while (it.hasNext()) {
                MSentryUser mSentryUser = (MSentryUser) newQuery.execute(((String) it.next()).trim());
                if (mSentryUser != null) {
                    mSentryUser.removeRole(role);
                    if (isUserStale(mSentryUser)) {
                        newArrayList2.add(mSentryUser);
                    } else {
                        newArrayList.add(mSentryUser);
                    }
                }
            }
            persistenceManager.deletePersistentAll(newArrayList2);
            persistenceManager.makePersistentAll(newArrayList);
            return null;
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void alterSentryRoleDeleteGroups(String str, Set<TSentryGroup> set) throws Exception {
        this.tm.executeTransactionWithRetry(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            String trimAndLower = trimAndLower(str);
            MSentryRole role = getRole(persistenceManager, trimAndLower);
            if (role == null) {
                throw noSuchRole(trimAndLower);
            }
            Query newQuery = persistenceManager.newQuery(MSentryGroup.class);
            newQuery.setFilter("this.groupName == :groupName");
            newQuery.setUnique(true);
            ArrayList newArrayList = Lists.newArrayList();
            Iterator it = set.iterator();
            while (it.hasNext()) {
                MSentryGroup mSentryGroup = (MSentryGroup) newQuery.execute(((TSentryGroup) it.next()).getGroupName().trim());
                if (mSentryGroup != null) {
                    mSentryGroup.removeRole(role);
                    newArrayList.add(mSentryGroup);
                }
            }
            persistenceManager.makePersistentAll(newArrayList);
            return null;
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public synchronized void alterSentryRoleDeleteGroups(String str, Set<TSentryGroup> set, Updateable.Update update) throws Exception {
        execute(update, persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            String trimAndLower = trimAndLower(str);
            MSentryRole role = getRole(persistenceManager, trimAndLower);
            if (role == null) {
                throw noSuchRole(trimAndLower);
            }
            Query newQuery = persistenceManager.newQuery(MSentryGroup.class);
            newQuery.setFilter("this.groupName == :groupName");
            newQuery.setUnique(true);
            ArrayList newArrayList = Lists.newArrayList();
            Iterator it = set.iterator();
            while (it.hasNext()) {
                MSentryGroup mSentryGroup = (MSentryGroup) newQuery.execute(((TSentryGroup) it.next()).getGroupName().trim());
                if (mSentryGroup != null) {
                    mSentryGroup.removeRole(role);
                    newArrayList.add(mSentryGroup);
                }
            }
            persistenceManager.makePersistentAll(newArrayList);
            return null;
        });
    }

    @VisibleForTesting
    public MSentryRole getMSentryRoleByName(String str) throws Exception {
        return (MSentryRole) this.tm.executeTransaction(persistenceManager -> {
            String trimAndLower = trimAndLower(str);
            MSentryRole role = getRole(persistenceManager, trimAndLower);
            if (role == null) {
                throw noSuchRole(trimAndLower);
            }
            return role;
        });
    }

    @VisibleForTesting
    MSentryPrivilege findMSentryPrivilegeFromTSentryPrivilege(TSentryPrivilege tSentryPrivilege) throws Exception {
        return (MSentryPrivilege) this.tm.executeTransaction(persistenceManager -> {
            return getMSentryPrivilege(tSentryPrivilege, persistenceManager);
        });
    }

    @VisibleForTesting
    List<MSentryPrivilege> getAllMSentryPrivileges() throws Exception {
        return (List) this.tm.executeTransaction(persistenceManager -> {
            return getAllMSentryPrivilegesCore(persistenceManager);
        });
    }

    private List<MSentryPrivilege> getAllMSentryPrivilegesCore(PersistenceManager persistenceManager) {
        return (List) persistenceManager.newQuery(MSentryPrivilege.class).execute();
    }

    private boolean hasAnyServerPrivileges(Set<String> set, String str) throws Exception {
        if (set == null || set.isEmpty()) {
            return false;
        }
        return ((Boolean) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
            newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
            QueryParamBuilder addRolesFilter = QueryParamBuilder.addRolesFilter(newQuery, null, set);
            addRolesFilter.add("serverName", str);
            newQuery.setFilter(addRolesFilter.toString());
            newQuery.setResult("count(this)");
            return Boolean.valueOf(((Long) newQuery.executeWithMap(addRolesFilter.getArguments())).longValue() > 0);
        })).booleanValue();
    }

    private List<MSentryPrivilege> getMSentryPrivileges(ServiceConstants.SentryPrincipalType sentryPrincipalType, Set<String> set, TSentryAuthorizable tSentryAuthorizable) throws Exception {
        return (set == null || set.isEmpty()) ? Collections.emptyList() : (List) this.tm.executeTransaction(persistenceManager -> {
            QueryParamBuilder addUsersFilter;
            Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
            if (sentryPrincipalType == ServiceConstants.SentryPrincipalType.ROLE) {
                addUsersFilter = QueryParamBuilder.addRolesFilter(newQuery, null, set);
            } else {
                if (sentryPrincipalType != ServiceConstants.SentryPrincipalType.USER) {
                    throw new SentryInvalidInputException("entityType" + sentryPrincipalType + " is not valid");
                }
                addUsersFilter = QueryParamBuilder.addUsersFilter(newQuery, null, set);
            }
            if (tSentryAuthorizable != null && tSentryAuthorizable.getServer() != null) {
                addUsersFilter.add("serverName", tSentryAuthorizable.getServer());
                if (tSentryAuthorizable.getDb() != null) {
                    addUsersFilter.addNull("URI").newChild().add("dbName", tSentryAuthorizable.getDb()).addNull("dbName");
                    if (tSentryAuthorizable.getTable() != null && !"*".equalsIgnoreCase(tSentryAuthorizable.getTable())) {
                        if (!"+".equalsIgnoreCase(tSentryAuthorizable.getTable())) {
                            addUsersFilter.addNull("URI").newChild().add(Constants.LOG_FIELD_TABLE_NAME, tSentryAuthorizable.getTable()).addNull(Constants.LOG_FIELD_TABLE_NAME);
                        }
                        if (tSentryAuthorizable.getColumn() != null && !"*".equalsIgnoreCase(tSentryAuthorizable.getColumn()) && !"+".equalsIgnoreCase(tSentryAuthorizable.getColumn())) {
                            addUsersFilter.addNull("URI").newChild().add("columnName", tSentryAuthorizable.getColumn()).addNull("columnName");
                        }
                    }
                }
                if (tSentryAuthorizable.getUri() != null) {
                    addUsersFilter.addNull("dbName").newChild().addNull("URI").newChild().addNotNull("URI").addCustomParam("(:authURI.startsWith(URI))", "authURI", tSentryAuthorizable.getUri());
                }
            }
            if (sentryPrincipalType == ServiceConstants.SentryPrincipalType.ROLE) {
                persistenceManager.getFetchGroup(MSentryPrivilege.class, "fetchRoles").addMember("roles");
                persistenceManager.getFetchPlan().addGroup("fetchRoles");
            } else if (sentryPrincipalType == ServiceConstants.SentryPrincipalType.USER) {
                persistenceManager.getFetchGroup(MSentryPrivilege.class, "fetchUsers").addMember("users");
                persistenceManager.getFetchPlan().addGroup("fetchUsers");
            }
            newQuery.setFilter(addUsersFilter.toString());
            return (List) newQuery.executeWithMap(addUsersFilter.getArguments());
        });
    }

    private List<MSentryPrivilege> getMSentryPrivilegesByAuth(ServiceConstants.SentryPrincipalType sentryPrincipalType, Set<String> set, TSentryAuthorizable tSentryAuthorizable) throws Exception {
        return (List) this.tm.executeTransaction(persistenceManager -> {
            Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
            QueryParamBuilder newQueryParamBuilder = QueryParamBuilder.newQueryParamBuilder();
            if (set == null || set.isEmpty()) {
                if (sentryPrincipalType == ServiceConstants.SentryPrincipalType.ROLE) {
                    newQueryParamBuilder.addString("!roles.isEmpty()");
                } else {
                    if (sentryPrincipalType != ServiceConstants.SentryPrincipalType.USER) {
                        throw new SentryInvalidInputException("entityType: " + sentryPrincipalType + " is invalid");
                    }
                    newQueryParamBuilder.addString("!users.isEmpty()");
                }
            } else if (sentryPrincipalType == ServiceConstants.SentryPrincipalType.ROLE) {
                QueryParamBuilder.addRolesFilter(newQuery, newQueryParamBuilder, set);
            } else {
                if (sentryPrincipalType != ServiceConstants.SentryPrincipalType.USER) {
                    throw new SentryInvalidInputException("entityType" + sentryPrincipalType + " is not valid");
                }
                QueryParamBuilder.addUsersFilter(newQuery, newQueryParamBuilder, set);
            }
            if (tSentryAuthorizable.getServer() == null) {
                return Collections.emptyList();
            }
            newQueryParamBuilder.add("serverName", tSentryAuthorizable.getServer());
            if (tSentryAuthorizable.getDb() != null) {
                newQueryParamBuilder.add("dbName", tSentryAuthorizable.getDb()).addNull("URI");
                if (tSentryAuthorizable.getTable() != null) {
                    newQueryParamBuilder.add(Constants.LOG_FIELD_TABLE_NAME, tSentryAuthorizable.getTable());
                } else {
                    newQueryParamBuilder.addNull(Constants.LOG_FIELD_TABLE_NAME);
                }
            } else if (tSentryAuthorizable.getUri() != null) {
                newQueryParamBuilder.addNotNull("URI").addNull("dbName").addCustomParam("(:authURI.startsWith(URI))", "authURI", tSentryAuthorizable.getUri());
            } else {
                newQueryParamBuilder.addNull("dbName").addNull("URI");
            }
            if (sentryPrincipalType == ServiceConstants.SentryPrincipalType.ROLE) {
                persistenceManager.getFetchGroup(MSentryPrivilege.class, "fetchRoles").addMember("roles");
                persistenceManager.getFetchPlan().addGroup("fetchRoles");
            } else if (sentryPrincipalType == ServiceConstants.SentryPrincipalType.USER) {
                persistenceManager.getFetchGroup(MSentryPrivilege.class, "fetchUsers").addMember("users");
                persistenceManager.getFetchPlan().addGroup("fetchUsers");
            }
            newQuery.setFilter(newQueryParamBuilder.toString());
            return (List) newQuery.executeWithMap(newQueryParamBuilder.getArguments());
        });
    }

    private List<MSentryPrivilege> getMSentryOwnerPrivilegesByAuth(PersistenceManager persistenceManager, TSentryAuthorizable tSentryAuthorizable) throws Exception {
        Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
        QueryParamBuilder newQueryParamBuilder = QueryParamBuilder.newQueryParamBuilder();
        if (tSentryAuthorizable.getServer() == null) {
            return Collections.emptyList();
        }
        newQueryParamBuilder.add("serverName", tSentryAuthorizable.getServer());
        if (tSentryAuthorizable.getDb() != null) {
            newQueryParamBuilder.add("dbName", tSentryAuthorizable.getDb()).addNull("URI");
            if (tSentryAuthorizable.getTable() != null) {
                newQueryParamBuilder.add(Constants.LOG_FIELD_TABLE_NAME, tSentryAuthorizable.getTable());
            } else {
                newQueryParamBuilder.addNull(Constants.LOG_FIELD_TABLE_NAME);
            }
        } else if (tSentryAuthorizable.getUri() != null) {
            newQueryParamBuilder.addNotNull("URI").addNull("dbName").addCustomParam("(:authURI.startsWith(URI))", "authURI", tSentryAuthorizable.getUri());
        } else {
            newQueryParamBuilder.addNull("dbName").addNull("URI");
        }
        newQueryParamBuilder.add("action", "OWNER");
        newQuery.setFilter(newQueryParamBuilder.toString());
        persistenceManager.getFetchGroup(MSentryPrivilege.class, "fetchRolesUsers").addMember("roles").addMember("users");
        persistenceManager.getFetchPlan().addGroup("fetchRolesUsers");
        return (List) newQuery.executeWithMap(newQueryParamBuilder.getArguments());
    }

    private Set<MSentryPrivilege> getMSentryPrivilegesByUserName(String str) throws Exception {
        return getMSentryUserByName(str).getPrivileges();
    }

    private Set<MSentryPrivilege> getMSentryPrivilegesByUserNameIfExists(String str) throws Exception {
        MSentryUser mSentryUserByName = getMSentryUserByName(str, false);
        return mSentryUserByName != null ? mSentryUserByName.getPrivileges() : Collections.emptySet();
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Set<TSentryPrivilege> getAllTSentryPrivilegesByUserName(String str) throws Exception {
        return convertToTSentryPrivileges(getMSentryPrivilegesByUserName(str));
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public TSentryPrivilegeMap listSentryPrivilegesByAuthorizable(Set<String> set, TSentryActiveRoleSet tSentryActiveRoleSet, TSentryAuthorizable tSentryAuthorizable, boolean z) throws Exception {
        TreeMap newTreeMap = Maps.newTreeMap();
        Set<String> rolesToQuery = getRolesToQuery(set, null, new TSentryActiveRoleSet(true, (Set) null));
        if (tSentryActiveRoleSet != null && !tSentryActiveRoleSet.isAll()) {
            Iterator it = tSentryActiveRoleSet.getRoles().iterator();
            while (it.hasNext()) {
                rolesToQuery.add(((String) it.next()).toLowerCase());
            }
        }
        if (z || !rolesToQuery.isEmpty()) {
            for (MSentryPrivilege mSentryPrivilege : getMSentryPrivilegesByAuth(ServiceConstants.SentryPrincipalType.ROLE, rolesToQuery, tSentryAuthorizable)) {
                for (MSentryRole mSentryRole : mSentryPrivilege.getRoles()) {
                    TSentryPrivilege convertToTSentryPrivilege = convertToTSentryPrivilege(mSentryPrivilege);
                    if (newTreeMap.containsKey(mSentryRole.getRoleName())) {
                        ((Set) newTreeMap.get(mSentryRole.getRoleName())).add(convertToTSentryPrivilege);
                    } else {
                        TreeSet newTreeSet = Sets.newTreeSet();
                        newTreeSet.add(convertToTSentryPrivilege);
                        newTreeMap.put(mSentryRole.getRoleName(), newTreeSet);
                    }
                }
            }
        }
        return new TSentryPrivilegeMap(newTreeMap);
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public List<SentryOwnerInfo> listOwnersByAuthorizable(TSentryAuthorizable tSentryAuthorizable) throws Exception {
        ArrayList arrayList = new ArrayList();
        return (List) this.tm.executeTransaction(persistenceManager -> {
            for (MSentryPrivilege mSentryPrivilege : getMSentryOwnerPrivilegesByAuth(persistenceManager, tSentryAuthorizable)) {
                for (MSentryUser mSentryUser : mSentryPrivilege.getUsers()) {
                    arrayList.add(new SentryOwnerInfo(mSentryUser.getPrincipalType(), mSentryUser.getPrincipalName()));
                }
                for (MSentryRole mSentryRole : mSentryPrivilege.getRoles()) {
                    arrayList.add(new SentryOwnerInfo(mSentryRole.getPrincipalType(), mSentryRole.getPrincipalName()));
                }
            }
            return arrayList;
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public TSentryPrivilegeMap listSentryPrivilegesByAuthorizableForUser(Set<String> set, TSentryAuthorizable tSentryAuthorizable, boolean z) throws Exception {
        TreeMap newTreeMap = Maps.newTreeMap();
        if (z || (set != null && !set.isEmpty())) {
            for (MSentryPrivilege mSentryPrivilege : getMSentryPrivilegesByAuth(ServiceConstants.SentryPrincipalType.USER, set, tSentryAuthorizable)) {
                for (MSentryUser mSentryUser : mSentryPrivilege.getUsers()) {
                    TSentryPrivilege convertToTSentryPrivilege = convertToTSentryPrivilege(mSentryPrivilege);
                    if (newTreeMap.containsKey(mSentryUser.getUserName())) {
                        ((Set) newTreeMap.get(mSentryUser.getUserName())).add(convertToTSentryPrivilege);
                    } else {
                        TreeSet newTreeSet = Sets.newTreeSet();
                        newTreeSet.add(convertToTSentryPrivilege);
                        newTreeMap.put(mSentryUser.getUserName(), newTreeSet);
                    }
                }
            }
        }
        return new TSentryPrivilegeMap(newTreeMap);
    }

    private Set<MSentryPrivilege> getMSentryPrivilegesByRoleName(String str) throws Exception {
        return getMSentryRoleByName(str).getPrivileges();
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Set<TSentryPrivilege> getAllTSentryPrivilegesByRoleName(String str) throws Exception {
        return convertToTSentryPrivileges(getMSentryPrivilegesByRoleName(str));
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Set<TSentryPrivilege> getTSentryPrivileges(ServiceConstants.SentryPrincipalType sentryPrincipalType, Set<String> set, TSentryAuthorizable tSentryAuthorizable) throws Exception {
        if (tSentryAuthorizable.getServer() == null) {
            throw new SentryInvalidInputException("serverName cannot be null !!");
        }
        if (tSentryAuthorizable.getTable() != null && tSentryAuthorizable.getDb() == null) {
            throw new SentryInvalidInputException("dbName cannot be null when tableName is present !!");
        }
        if (tSentryAuthorizable.getColumn() != null && tSentryAuthorizable.getTable() == null) {
            throw new SentryInvalidInputException("tableName cannot be null when columnName is present !!");
        }
        if (tSentryAuthorizable.getUri() == null && tSentryAuthorizable.getDb() == null) {
            throw new SentryInvalidInputException("One of uri or dbName must not be null !!");
        }
        return convertToTSentryPrivileges(getMSentryPrivileges(sentryPrincipalType, set, tSentryAuthorizable));
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Set<TSentryRole> getTSentryRolesByGroupName(Set<String> set, boolean z) throws Exception {
        return set.isEmpty() ? Collections.emptySet() : (Set) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            HashSet hashSet = new HashSet(1024);
            HashSet hashSet2 = new HashSet(1024);
            Iterator it = set.iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                if (str == null) {
                    Iterator<MSentryRole> it2 = getAllRoles(persistenceManager).iterator();
                    while (it2.hasNext()) {
                        hashSet2.add(convertToTSentryRole(it2.next()));
                    }
                    return hashSet2;
                }
                String trim = str.trim();
                Query newQuery = persistenceManager.newQuery(MSentryGroup.class);
                newQuery.setFilter("this.groupName == :groupName");
                newQuery.setUnique(true);
                persistenceManager.getFetchGroup(MSentryGroup.class, "fetchRoles").addMember("roles");
                persistenceManager.getFetchPlan().addGroup("fetchRoles");
                MSentryGroup mSentryGroup = (MSentryGroup) newQuery.execute(trim);
                if (mSentryGroup != null) {
                    for (MSentryRole mSentryRole : mSentryGroup.getRoles()) {
                        if (hashSet.add(mSentryRole.getRoleName())) {
                            hashSet2.add(convertToTSentryRole(mSentryRole));
                        }
                    }
                } else if (!z) {
                    throw noSuchGroup(trim);
                }
                newQuery.closeAll();
            }
            return hashSet2;
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Set<String> getRoleNamesForGroups(Set<String> set) throws Exception {
        return (set == null || set.isEmpty()) ? ImmutableSet.of() : (Set) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            return getRoleNamesForGroupsCore(persistenceManager, set);
        });
    }

    private Set<String> getRoleNamesForGroupsCore(PersistenceManager persistenceManager, Set<String> set) {
        return convertToRoleNameSet(getRolesForGroups(persistenceManager, set));
    }

    public Set<String> getRoleNamesForUsers(Set<String> set) throws Exception {
        return (set == null || set.isEmpty()) ? ImmutableSet.of() : (Set) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            return getRoleNamesForUsersCore(persistenceManager, set);
        });
    }

    private Set<String> getRoleNamesForUsersCore(PersistenceManager persistenceManager, Set<String> set) {
        return convertToRoleNameSet(getRolesForUsers(persistenceManager, set));
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Set<TSentryRole> getTSentryRolesByUserNames(Set<String> set) throws Exception {
        return (Set) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            return convertToTSentryRoles(getRolesForUsers(persistenceManager, set));
        });
    }

    public Set<MSentryRole> getRolesForGroups(PersistenceManager persistenceManager, Set<String> set) {
        HashSet newHashSet = Sets.newHashSet();
        if (set != null) {
            Query newQuery = persistenceManager.newQuery(MSentryGroup.class);
            newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
            newQuery.setFilter(":p1.contains(this.groupName)");
            persistenceManager.getFetchGroup(MSentryGroup.class, "fetchRoles").addMember("roles");
            persistenceManager.getFetchPlan().addGroup("fetchRoles");
            List list = (List) newQuery.execute(set.toArray());
            if (list != null) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    newHashSet.addAll(((MSentryGroup) it.next()).getRoles());
                }
            }
        }
        return newHashSet;
    }

    private Set<MSentryRole> getRolesForUsers(PersistenceManager persistenceManager, Set<String> set) {
        HashSet newHashSet = Sets.newHashSet();
        if (set != null) {
            Query newQuery = persistenceManager.newQuery(MSentryUser.class);
            newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
            newQuery.setFilter(":p1.contains(this.userName)");
            persistenceManager.getFetchGroup(MSentryUser.class, "fetchRoles").addMember("roles");
            persistenceManager.getFetchPlan().addGroup("fetchRoles");
            List list = (List) newQuery.execute(set.toArray());
            if (list != null) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    newHashSet.addAll(((MSentryUser) it.next()).getRoles());
                }
            }
        }
        return newHashSet;
    }

    Set<String> listAllSentryPrivilegesForProvider(Set<String> set, Set<String> set2, TSentryActiveRoleSet tSentryActiveRoleSet) throws Exception {
        return listSentryPrivilegesForProvider(set, set2, tSentryActiveRoleSet, null);
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Set<String> listSentryPrivilegesForProvider(Set<String> set, Set<String> set2, TSentryActiveRoleSet tSentryActiveRoleSet, TSentryAuthorizable tSentryAuthorizable) throws Exception {
        HashSet newHashSet = Sets.newHashSet();
        Iterator<MSentryPrivilege> it = getMSentryPrivileges(ServiceConstants.SentryPrincipalType.ROLE, getRolesToQuery(set, set2, tSentryActiveRoleSet), tSentryAuthorizable).iterator();
        while (it.hasNext()) {
            newHashSet.add(toAuthorizable(it.next()));
        }
        Iterator<MSentryPrivilege> it2 = getMSentryPrivileges(ServiceConstants.SentryPrincipalType.USER, set2, tSentryAuthorizable).iterator();
        while (it2.hasNext()) {
            newHashSet.add(toAuthorizable(it2.next()));
        }
        return newHashSet;
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public boolean hasAnyServerPrivileges(Set<String> set, Set<String> set2, TSentryActiveRoleSet tSentryActiveRoleSet, String str) throws Exception {
        if (hasAnyServerPrivileges(getRolesToQuery(set, set2, tSentryActiveRoleSet), str)) {
            return true;
        }
        return hasAnyServerPrivilegesForUser(set2, str);
    }

    private boolean hasAnyServerPrivilegesForUser(final Set<String> set, final String str) throws Exception {
        if (set == null || set.isEmpty()) {
            return false;
        }
        return ((Boolean) this.tm.executeTransaction(new TransactionBlock<Boolean>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.provider.db.service.persistent.TransactionBlock
            public Boolean execute(PersistenceManager persistenceManager) throws Exception {
                persistenceManager.setDetachAllOnCommit(false);
                Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
                newQuery.addExtension(SentryStore.LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
                QueryParamBuilder addUsersFilter = QueryParamBuilder.addUsersFilter(newQuery, null, set);
                addUsersFilter.add("serverName", str);
                newQuery.setFilter(addUsersFilter.toString());
                newQuery.setResult("count(this)");
                return Boolean.valueOf(((Long) newQuery.executeWithMap(addUsersFilter.getArguments())).longValue() > 0);
            }
        })).booleanValue();
    }

    private Set<String> getRolesToQuery(Set<String> set, Set<String> set2, TSentryActiveRoleSet tSentryActiveRoleSet) throws Exception {
        return (Set) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            Set<String> trimedLower = toTrimedLower(tSentryActiveRoleSet.getRoles());
            HashSet newHashSet = Sets.newHashSet();
            newHashSet.addAll(toTrimedLower(getRoleNamesForGroupsCore(persistenceManager, set)));
            newHashSet.addAll(toTrimedLower(getRoleNamesForUsersCore(persistenceManager, set2)));
            return tSentryActiveRoleSet.isAll() ? newHashSet : Sets.intersection(trimedLower, newHashSet);
        });
    }

    @VisibleForTesting
    static String toAuthorizable(MSentryPrivilege mSentryPrivilege) {
        ArrayList arrayList = new ArrayList(4);
        arrayList.add(SentryConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.Server.name().toLowerCase(), mSentryPrivilege.getServerName(), new Object[0]));
        if (!isNULL(mSentryPrivilege.getURI())) {
            arrayList.add(SentryConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.URI.name().toLowerCase(), mSentryPrivilege.getURI(), new Object[0]));
        } else if (!isNULL(mSentryPrivilege.getDbName())) {
            arrayList.add(SentryConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.Db.name().toLowerCase(), mSentryPrivilege.getDbName(), new Object[0]));
            if (!isNULL(mSentryPrivilege.getTableName())) {
                arrayList.add(SentryConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.Table.name().toLowerCase(), mSentryPrivilege.getTableName(), new Object[0]));
                if (!isNULL(mSentryPrivilege.getColumnName())) {
                    arrayList.add(SentryConstants.KV_JOINER.join(DBModelAuthorizable.AuthorizableType.Column.name().toLowerCase(), mSentryPrivilege.getColumnName(), new Object[0]));
                }
            }
        }
        if (!isNULL(mSentryPrivilege.getAction()) && !mSentryPrivilege.getAction().equalsIgnoreCase("*")) {
            arrayList.add(SentryConstants.KV_JOINER.join("action".toLowerCase(), mSentryPrivilege.getAction(), new Object[0]));
        }
        if (mSentryPrivilege.getGrantOption().booleanValue()) {
            arrayList.add(SentryConstants.KV_JOINER.join("grantOption".toLowerCase(), mSentryPrivilege.getGrantOption(), new Object[0]));
        }
        return SentryConstants.AUTHORIZABLE_JOINER.join(arrayList);
    }

    @VisibleForTesting
    public static Set<String> toTrimedLower(Set<String> set) {
        if (set == null || set.isEmpty()) {
            return Collections.emptySet();
        }
        HashSet newHashSet = Sets.newHashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            newHashSet.add(it.next().trim().toLowerCase());
        }
        return newHashSet;
    }

    private Set<TSentryPrivilege> convertToTSentryPrivileges(Collection<MSentryPrivilege> collection) {
        if (collection.isEmpty()) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet(collection.size());
        Iterator<MSentryPrivilege> it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add(convertToTSentryPrivilege(it.next()));
        }
        return hashSet;
    }

    private Set<TSentryRole> convertToTSentryRoles(Set<MSentryRole> set) {
        if (set.isEmpty()) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet(set.size());
        Iterator<MSentryRole> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(convertToTSentryRole(it.next()));
        }
        return hashSet;
    }

    private Set<String> convertToRoleNameSet(Set<MSentryRole> set) {
        if (set.isEmpty()) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet(set.size());
        Iterator<MSentryRole> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getRoleName());
        }
        return hashSet;
    }

    private TSentryRole convertToTSentryRole(MSentryRole mSentryRole) {
        String intern = mSentryRole.getRoleName().intern();
        Set<MSentryGroup> groups = mSentryRole.getGroups();
        HashSet hashSet = new HashSet(groups.size());
        Iterator<MSentryGroup> it = groups.iterator();
        while (it.hasNext()) {
            hashSet.add(convertToTSentryGroup(it.next()));
        }
        return new TSentryRole(intern, hashSet, EMPTY_GRANTOR_PRINCIPAL);
    }

    private TSentryGroup convertToTSentryGroup(MSentryGroup mSentryGroup) {
        return new TSentryGroup(mSentryGroup.getGroupName().intern());
    }

    TSentryPrivilege convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege) {
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        convertToTSentryPrivilege(mSentryPrivilege, tSentryPrivilege);
        return tSentryPrivilege;
    }

    private void convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege, TSentryPrivilege tSentryPrivilege) {
        tSentryPrivilege.setCreateTime(mSentryPrivilege.getCreateTime());
        tSentryPrivilege.setAction(fromNULLCol(mSentryPrivilege.getAction()));
        tSentryPrivilege.setPrivilegeScope(mSentryPrivilege.getPrivilegeScope());
        tSentryPrivilege.setServerName(fromNULLCol(mSentryPrivilege.getServerName()));
        tSentryPrivilege.setDbName(fromNULLCol(mSentryPrivilege.getDbName()));
        tSentryPrivilege.setTableName(fromNULLCol(mSentryPrivilege.getTableName()));
        tSentryPrivilege.setColumnName(fromNULLCol(mSentryPrivilege.getColumnName()));
        tSentryPrivilege.setURI(fromNULLCol(mSentryPrivilege.getURI()));
        if (mSentryPrivilege.getGrantOption() != null) {
            tSentryPrivilege.setGrantOption(TSentryGrantOption.valueOf(mSentryPrivilege.getGrantOption().toString().toUpperCase()));
        } else {
            tSentryPrivilege.setGrantOption(TSentryGrantOption.UNSET);
        }
    }

    private MSentryPrivilege convertToMSentryPrivilege(TSentryPrivilege tSentryPrivilege) throws SentryInvalidInputException {
        MSentryPrivilege mSentryPrivilege = new MSentryPrivilege();
        mSentryPrivilege.setServerName(toNULLCol(safeTrimLower(tSentryPrivilege.getServerName())));
        mSentryPrivilege.setDbName(toNULLCol(safeTrimLower(tSentryPrivilege.getDbName())));
        mSentryPrivilege.setTableName(toNULLCol(safeTrimLower(tSentryPrivilege.getTableName())));
        mSentryPrivilege.setColumnName(toNULLCol(safeTrimLower(tSentryPrivilege.getColumnName())));
        mSentryPrivilege.setPrivilegeScope(safeTrim(tSentryPrivilege.getPrivilegeScope()));
        mSentryPrivilege.setAction(toNULLCol(safeTrimLower(tSentryPrivilege.getAction())));
        mSentryPrivilege.setCreateTime(System.currentTimeMillis());
        mSentryPrivilege.setURI(toNULLCol(safeTrim(tSentryPrivilege.getURI())));
        if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.UNSET)) {
            mSentryPrivilege.setGrantOption(null);
        } else {
            mSentryPrivilege.setGrantOption(Boolean.valueOf(tSentryPrivilege.getGrantOption().toString()));
        }
        return mSentryPrivilege;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String safeTrim(String str) {
        if (str == null) {
            return null;
        }
        return str.trim();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String safeTrimLower(String str) {
        if (str == null) {
            return null;
        }
        return str.trim().toLowerCase();
    }

    String getSentryVersion() throws Exception {
        return getMSentryVersion().getSchemaVersion();
    }

    void setSentryVersion(String str, String str2) throws Exception {
        this.tm.executeTransaction(persistenceManager -> {
            MSentryVersion mSentryVersion;
            try {
                mSentryVersion = getMSentryVersion();
                if (str.equals(mSentryVersion.getSchemaVersion())) {
                    return null;
                }
            } catch (SentryNoSuchObjectException e) {
                mSentryVersion = new MSentryVersion();
            }
            mSentryVersion.setSchemaVersion(str);
            mSentryVersion.setVersionComment(str2);
            persistenceManager.makePersistent(mSentryVersion);
            return null;
        });
    }

    private MSentryVersion getMSentryVersion() throws Exception {
        return (MSentryVersion) this.tm.executeTransaction(persistenceManager -> {
            try {
                List list = (List) persistenceManager.newQuery(MSentryVersion.class).execute();
                persistenceManager.retrieveAll(list);
                if (list.isEmpty()) {
                    throw new SentryNoSuchObjectException("Matching Version");
                }
                if (list.size() > 1) {
                    throw new SentryAccessDeniedException("Metastore contains multiple versions");
                }
                return (MSentryVersion) list.get(0);
            } catch (JDODataStoreException e) {
                if (e.getCause() instanceof MissingTableException) {
                    throw new SentryAccessDeniedException("Version table not found. The sentry store is not set or corrupt ");
                }
                throw e;
            }
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void dropPrivilege(TSentryAuthorizable tSentryAuthorizable) throws Exception {
        this.tm.executeTransactionWithRetry(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            dropPrivilegeCore(persistenceManager, tSentryAuthorizable);
            return null;
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public synchronized void dropPrivilege(TSentryAuthorizable tSentryAuthorizable, Updateable.Update update) throws Exception {
        execute(update, persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            dropPrivilegeCore(persistenceManager, tSentryAuthorizable);
            return null;
        });
    }

    private void dropPrivilegeCore(PersistenceManager persistenceManager, TSentryAuthorizable tSentryAuthorizable) throws Exception {
        TSentryPrivilege sentryPrivilege = toSentryPrivilege(tSentryAuthorizable);
        sentryPrivilege.setGrantOption(TSentryGrantOption.UNSET);
        try {
            if (isMultiActionsSupported(sentryPrivilege)) {
                Iterator<String> it = ALL_ACTIONS.iterator();
                while (it.hasNext()) {
                    sentryPrivilege.setAction(it.next());
                    dropPrivilegeForAllEntities(persistenceManager, new TSentryPrivilege(sentryPrivilege));
                }
            } else {
                dropPrivilegeForAllEntities(persistenceManager, new TSentryPrivilege(sentryPrivilege));
            }
        } catch (JDODataStoreException e) {
            throw new SentryInvalidInputException("Failed to get privileges: " + e.getMessage());
        }
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public synchronized void updateOwnerPrivilege(TSentryAuthorizable tSentryAuthorizable, String str, ServiceConstants.SentryPrincipalType sentryPrincipalType, List<Updateable.Update> list) throws Exception {
        execute(list, persistenceManager -> {
            if (sentryPrincipalType == null) {
                LOGGER.info("Invalid principal Type");
            }
            persistenceManager.setDetachAllOnCommit(false);
            TSentryPrivilege sentryPrivilege = toSentryPrivilege(tSentryAuthorizable);
            sentryPrivilege.setAction("OWNER");
            revokeOwnerPrivilegesCore(persistenceManager, tSentryAuthorizable);
            try {
                if (this.ownerPrivilegeWithGrant) {
                    sentryPrivilege.setGrantOption(TSentryGrantOption.TRUE);
                }
                alterSentryGrantPrivilegeCore(persistenceManager, sentryPrincipalType, str, sentryPrivilege);
                return null;
            } catch (JDODataStoreException e) {
                throw new SentryInvalidInputException("Failed to grant owner privilege on Authorizable : " + tSentryAuthorizable.toString() + " to " + sentryPrincipalType.toString() + ": " + str + " " + e.getMessage());
            }
        });
    }

    @VisibleForTesting
    void revokeOwnerPrivileges(TSentryAuthorizable tSentryAuthorizable, List<Updateable.Update> list) throws Exception {
        execute(list, persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            revokeOwnerPrivilegesCore(persistenceManager, tSentryAuthorizable);
            return null;
        });
    }

    public void revokeOwnerPrivilegesCore(PersistenceManager persistenceManager, TSentryAuthorizable tSentryAuthorizable) throws Exception {
        TSentryPrivilege sentryPrivilege = toSentryPrivilege(tSentryAuthorizable);
        sentryPrivilege.setAction("OWNER");
        List<MSentryPrivilege> mSentryPrivileges = getMSentryPrivileges(sentryPrivilege, persistenceManager);
        for (MSentryPrivilege mSentryPrivilege : mSentryPrivileges) {
            for (MSentryUser mSentryUser : mSentryPrivilege.getUsers()) {
                mSentryUser.removePrivilege(mSentryPrivilege);
                persistEntity(persistenceManager, ServiceConstants.SentryPrincipalType.USER, mSentryUser);
            }
        }
        persistenceManager.deletePersistentAll(mSentryPrivileges);
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void renamePrivilege(TSentryAuthorizable tSentryAuthorizable, TSentryAuthorizable tSentryAuthorizable2) throws Exception {
        this.tm.executeTransactionWithRetry(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            renamePrivilegeCore(persistenceManager, tSentryAuthorizable, tSentryAuthorizable2);
            return null;
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public synchronized void renamePrivilege(TSentryAuthorizable tSentryAuthorizable, TSentryAuthorizable tSentryAuthorizable2, Updateable.Update update) throws Exception {
        execute(update, persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            renamePrivilegeCore(persistenceManager, tSentryAuthorizable, tSentryAuthorizable2);
            return null;
        });
    }

    private void renamePrivilegeCore(PersistenceManager persistenceManager, TSentryAuthorizable tSentryAuthorizable, TSentryAuthorizable tSentryAuthorizable2) throws Exception {
        TSentryPrivilege sentryPrivilege = toSentryPrivilege(tSentryAuthorizable);
        TSentryPrivilege sentryPrivilege2 = toSentryPrivilege(tSentryAuthorizable2);
        sentryPrivilege.setGrantOption(TSentryGrantOption.FALSE);
        sentryPrivilege2.setGrantOption(TSentryGrantOption.FALSE);
        renamePrivilegeCore(persistenceManager, sentryPrivilege, sentryPrivilege2);
        sentryPrivilege.setGrantOption(TSentryGrantOption.TRUE);
        sentryPrivilege2.setGrantOption(TSentryGrantOption.TRUE);
        renamePrivilegeCore(persistenceManager, sentryPrivilege, sentryPrivilege2);
    }

    private void renamePrivilegeCore(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege, TSentryPrivilege tSentryPrivilege2) throws Exception {
        try {
            if (isMultiActionsSupported(tSentryPrivilege)) {
                for (String str : ALL_ACTIONS) {
                    tSentryPrivilege.setAction(str);
                    tSentryPrivilege2.setAction(str);
                    renamePrivilegeForAllEntities(persistenceManager, tSentryPrivilege, tSentryPrivilege2);
                }
            } else {
                renamePrivilegeForAllEntities(persistenceManager, tSentryPrivilege, tSentryPrivilege2);
            }
        } catch (JDODataStoreException e) {
            throw new SentryInvalidInputException("Failed to get privileges: " + e.getMessage());
        }
    }

    private boolean isMultiActionsSupported(TSentryPrivilege tSentryPrivilege) {
        return tSentryPrivilege.getDbName() != null;
    }

    private void renamePrivilegeForAllEntities(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege, TSentryPrivilege tSentryPrivilege2) throws SentryNoSuchObjectException, SentryInvalidInputException {
        dropOrRenamePrivilegeForAllEntities(persistenceManager, tSentryPrivilege, tSentryPrivilege2);
    }

    private void dropPrivilegeForAllEntities(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException {
        dropOrRenamePrivilegeForAllEntities(persistenceManager, tSentryPrivilege, null);
    }

    private void dropOrRenamePrivilegeForAllEntities(PersistenceManager persistenceManager, TSentryPrivilege tSentryPrivilege, TSentryPrivilege tSentryPrivilege2) throws SentryNoSuchObjectException, SentryInvalidInputException {
        HashSet<PrivilegePrincipal> hashSet = new HashSet();
        for (MSentryPrivilege mSentryPrivilege : getMSentryPrivileges(tSentryPrivilege, persistenceManager)) {
            hashSet.addAll(ImmutableSet.copyOf(mSentryPrivilege.getRoles()));
            hashSet.addAll(ImmutableSet.copyOf(mSentryPrivilege.getUsers()));
        }
        if (tSentryPrivilege2 == null) {
            for (PrivilegePrincipal privilegePrincipal : hashSet) {
                alterSentryRevokePrivilegeCore(persistenceManager, privilegePrincipal.getPrincipalType(), privilegePrincipal.getPrincipalName(), tSentryPrivilege);
            }
            return;
        }
        MSentryPrivilege mSentryPrivilege2 = getMSentryPrivilege(tSentryPrivilege, persistenceManager);
        if (mSentryPrivilege2 != null) {
            mSentryPrivilege2 = (MSentryPrivilege) persistenceManager.detachCopy(mSentryPrivilege2);
        }
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            PrivilegePrincipal privilegePrincipal2 = (PrivilegePrincipal) persistenceManager.detachCopy((PrivilegePrincipal) it.next());
            HashSet hashSet2 = new HashSet();
            if (mSentryPrivilege2 != null) {
                hashSet2.add(mSentryPrivilege2);
                populateChildren(persistenceManager, privilegePrincipal2.getPrincipalType(), Sets.newHashSet(new String[]{privilegePrincipal2.getPrincipalName()}), mSentryPrivilege2, hashSet2);
            } else {
                populateChildren(persistenceManager, privilegePrincipal2.getPrincipalType(), Sets.newHashSet(new String[]{privilegePrincipal2.getPrincipalName()}), convertToMSentryPrivilege(tSentryPrivilege), hashSet2);
            }
            alterSentryRevokePrivilegeCore(persistenceManager, privilegePrincipal2.getPrincipalType(), privilegePrincipal2.getPrincipalName(), tSentryPrivilege);
            Iterator<MSentryPrivilege> it2 = hashSet2.iterator();
            while (it2.hasNext()) {
                TSentryPrivilege convertToTSentryPrivilege = convertToTSentryPrivilege(it2.next());
                if (tSentryPrivilege2.getPrivilegeScope().equals(ApiConstants.PrivilegeScope.DATABASE.name())) {
                    convertToTSentryPrivilege.setDbName(tSentryPrivilege2.getDbName());
                } else if (tSentryPrivilege2.getPrivilegeScope().equals(ApiConstants.PrivilegeScope.TABLE.name())) {
                    convertToTSentryPrivilege.setDbName(tSentryPrivilege2.getDbName());
                    convertToTSentryPrivilege.setTableName(tSentryPrivilege2.getTableName());
                }
                alterSentryGrantPrivilegeCore(persistenceManager, privilegePrincipal2.getPrincipalType(), privilegePrincipal2.getPrincipalName(), convertToTSentryPrivilege);
            }
        }
    }

    private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tSentryAuthorizable) throws SentryInvalidInputException {
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setDbName(fromNULLCol(tSentryAuthorizable.getDb()));
        tSentryPrivilege.setServerName(fromNULLCol(tSentryAuthorizable.getServer()));
        tSentryPrivilege.setTableName(fromNULLCol(tSentryAuthorizable.getTable()));
        tSentryPrivilege.setColumnName(fromNULLCol(tSentryAuthorizable.getColumn()));
        tSentryPrivilege.setURI(fromNULLCol(tSentryAuthorizable.getUri()));
        tSentryPrivilege.setPrivilegeScope((!isNULL(tSentryPrivilege.getColumnName()) ? ApiConstants.PrivilegeScope.COLUMN : !isNULL(tSentryPrivilege.getTableName()) ? ApiConstants.PrivilegeScope.TABLE : !isNULL(tSentryPrivilege.getDbName()) ? ApiConstants.PrivilegeScope.DATABASE : !isNULL(tSentryPrivilege.getURI()) ? ApiConstants.PrivilegeScope.URI : ApiConstants.PrivilegeScope.SERVER).name());
        tSentryPrivilege.setAction("*");
        return tSentryPrivilege;
    }

    public static String toNULLCol(String str) {
        return Strings.isNullOrEmpty(str) ? "__NULL__" : str;
    }

    private static String fromNULLCol(String str) {
        return isNULL(str) ? "" : str;
    }

    public static boolean isNULL(String str) {
        return Strings.isNullOrEmpty(str) || str.equals("__NULL__");
    }

    private void grantOptionCheck(PersistenceManager persistenceManager, String str, TSentryPrivilege tSentryPrivilege) throws Exception {
        MSentryPrivilege convertToMSentryPrivilege = convertToMSentryPrivilege(tSentryPrivilege);
        if (str == null) {
            throw new SentryInvalidInputException("grantorPrincipal should not be null");
        }
        Set<String> groupsFromUserName = SentryPolicyStoreProcessor.getGroupsFromUserName(this.conf, str);
        Set<String> adminGroups = getAdminGroups();
        boolean z = false;
        if (groupsFromUserName != null && !adminGroups.isEmpty()) {
            Iterator<String> it = groupsFromUserName.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                } else if (adminGroups.contains(it.next())) {
                    z = true;
                    break;
                }
            }
        }
        if (z) {
            return;
        }
        boolean z2 = false;
        HashSet hashSet = new HashSet();
        Set<MSentryRole> rolesForGroups = getRolesForGroups(persistenceManager, groupsFromUserName);
        rolesForGroups.addAll(getRolesForUsers(persistenceManager, Sets.newHashSet(new String[]{str})));
        Iterator<MSentryRole> it2 = rolesForGroups.iterator();
        while (it2.hasNext()) {
            Set<MSentryPrivilege> privileges = it2.next().getPrivileges();
            if (privileges != null && !privileges.isEmpty()) {
                hashSet.addAll(privileges);
            }
        }
        Set<MSentryPrivilege> mSentryPrivilegesByUserNameIfExists = getMSentryPrivilegesByUserNameIfExists(str.trim());
        if (mSentryPrivilegesByUserNameIfExists != null && !mSentryPrivilegesByUserNameIfExists.isEmpty()) {
            hashSet.addAll(mSentryPrivilegesByUserNameIfExists);
        }
        Iterator it3 = hashSet.iterator();
        while (true) {
            if (!it3.hasNext()) {
                break;
            }
            MSentryPrivilege mSentryPrivilege = (MSentryPrivilege) it3.next();
            if (mSentryPrivilege.getGrantOption().booleanValue() && mSentryPrivilege.implies(convertToMSentryPrivilege)) {
                z2 = true;
                break;
            }
        }
        if (!z2) {
            throw new SentryGrantDeniedException(str + " has no grant!");
        }
    }

    private Set<String> getAdminGroups() {
        return Sets.newHashSet(this.conf.getStrings("sentry.service.admin.group", new String[0]));
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public PermissionsImage retrieveFullPermssionsImage() throws Exception {
        return (PermissionsImage) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            return new PermissionsImage(retrieveFullRoleImageCore(persistenceManager), retrieveFullPrivilegeImageCore(persistenceManager), getLastProcessedChangeIDCore(persistenceManager, MSentryPermChange.class).longValue());
        });
    }

    private Map<String, Map<TPrivilegePrincipal, String>> retrieveFullPrivilegeImageCore(PersistenceManager persistenceManager) throws Exception {
        persistenceManager.setDetachAllOnCommit(false);
        HashMap hashMap = new HashMap();
        Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
        QueryParamBuilder newQueryParamBuilder = QueryParamBuilder.newQueryParamBuilder();
        newQueryParamBuilder.addNotNull("serverName").addNotNull("dbName").addNull("URI");
        newQuery.setFilter(newQueryParamBuilder.toString());
        newQuery.setOrdering("serverName ascending, dbName ascending, tableName ascending");
        persistenceManager.getFetchGroup(MSentryPrivilege.class, "fetchRolesUsers").addMember("roles").addMember("users");
        persistenceManager.getFetchPlan().addGroup("fetchRolesUsers");
        for (MSentryPrivilege mSentryPrivilege : (List) newQuery.executeWithMap(newQueryParamBuilder.getArguments())) {
            String dbName = mSentryPrivilege.getDbName();
            if (!isNULL(mSentryPrivilege.getTableName())) {
                dbName = dbName + "." + mSentryPrivilege.getTableName();
            }
            Map<TPrivilegePrincipal, String> map = (Map) hashMap.get(dbName);
            if (map == null) {
                map = new HashMap();
                hashMap.put(dbName, map);
            }
            Iterator<MSentryRole> it = mSentryPrivilege.getRoles().iterator();
            while (it.hasNext()) {
                map = addPrivilegeEntry(mSentryPrivilege, TPrivilegePrincipalType.ROLE, it.next().getRoleName(), map);
            }
            Iterator<MSentryUser> it2 = mSentryPrivilege.getUsers().iterator();
            while (it2.hasNext()) {
                map = addPrivilegeEntry(mSentryPrivilege, TPrivilegePrincipalType.USER, it2.next().getUserName(), map);
            }
        }
        newQuery.closeAll();
        return hashMap;
    }

    private static Map<TPrivilegePrincipal, String> addPrivilegeEntry(MSentryPrivilege mSentryPrivilege, TPrivilegePrincipalType tPrivilegePrincipalType, String str, Map<TPrivilegePrincipal, String> map) {
        String str2 = map.get(str);
        String upperCase = mSentryPrivilege.getAction().toUpperCase();
        String upperCase2 = mSentryPrivilege.getAction().toUpperCase();
        if (upperCase.equals("OWNER")) {
            upperCase2 = "ALL";
        }
        if (str2 == null) {
            map.put(new TPrivilegePrincipal(tPrivilegePrincipalType, str), upperCase2);
        } else {
            map.put(new TPrivilegePrincipal(tPrivilegePrincipalType, str), str2 + "," + upperCase2);
        }
        return map;
    }

    private Map<String, List<String>> retrieveFullRoleImageCore(PersistenceManager persistenceManager) throws Exception {
        persistenceManager.setDetachAllOnCommit(false);
        Query newQuery = persistenceManager.newQuery(MSentryGroup.class);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
        persistenceManager.getFetchGroup(MSentryGroup.class, "fetchRoles").addMember("roles");
        persistenceManager.getFetchPlan().addGroup("fetchRoles");
        List<MSentryGroup> list = (List) newQuery.execute();
        if (list.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        for (MSentryGroup mSentryGroup : list) {
            for (MSentryRole mSentryRole : mSentryGroup.getRoles()) {
                List list2 = (List) hashMap.get(mSentryRole.getRoleName());
                if (list2 == null) {
                    list2 = new ArrayList();
                    hashMap.put(mSentryRole.getRoleName(), list2);
                }
                list2.add(mSentryGroup.getGroupName());
            }
        }
        newQuery.closeAll();
        return hashMap;
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public PathsUpdate retrieveFullPathsImageUpdate(String[] strArr) throws Exception {
        return (PathsUpdate) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            long currentAuthzPathsSnapshotID = getCurrentAuthzPathsSnapshotID(persistenceManager);
            PathsUpdate pathsUpdate = new PathsUpdate(getLastProcessedChangeIDCore(persistenceManager, MSentryPathChange.class).longValue(), currentAuthzPathsSnapshotID, true);
            UpdateableAuthzPaths updateableAuthzPaths = new UpdateableAuthzPaths(strArr);
            retrieveFullPathsImageCore(persistenceManager, currentAuthzPathsSnapshotID, updateableAuthzPaths);
            pathsUpdate.toThrift().setPathsDump(updateableAuthzPaths.getPathsDump().createPathsDump(true));
            return pathsUpdate;
        });
    }

    private void retrieveFullPathsImageCore(PersistenceManager persistenceManager, long j, UpdateableAuthzPaths updateableAuthzPaths) {
        Query newQuery = persistenceManager.newQuery(MAuthzPathsMapping.class);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
        newQuery.setFilter("this.authzSnapshotID == currentSnapshotID");
        newQuery.declareParameters("long currentSnapshotID");
        persistenceManager.getFetchPlan().addGroup("includingPaths");
        for (MAuthzPathsMapping mAuthzPathsMapping : (Collection) newQuery.execute(Long.valueOf(j))) {
            String authzObjName = mAuthzPathsMapping.getAuthzObjName();
            Iterator<String> it = mAuthzPathsMapping.getPathStrings().iterator();
            while (it.hasNext()) {
                String[] splitPath = PathUtils.splitPath(it.next());
                ArrayList arrayList = new ArrayList(splitPath.length);
                Collections.addAll(arrayList, splitPath);
                updateableAuthzPaths.applyAddChanges(authzObjName, Collections.singletonList(arrayList));
            }
        }
    }

    private void deleteNotificationsSince(PersistenceManager persistenceManager, long j) {
        Query newQuery = persistenceManager.newQuery(MSentryHmsNotification.class);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
        newQuery.setFilter("notificationId >= currentNotificationId");
        newQuery.declareParameters("long currentNotificationId");
        long deletePersistentAll = newQuery.deletePersistentAll(new Object[]{Long.valueOf(j)});
        if (deletePersistentAll > 0) {
            LOGGER.info("Purged {} notification entries starting from {}", Long.valueOf(deletePersistentAll), Long.valueOf(j));
        }
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void persistFullPathsImage(Map<String, Collection<String>> map, long j) throws Exception {
        this.tm.executeTransactionWithRetry(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            deleteNotificationsSince(persistenceManager, j + 1);
            persistenceManager.makePersistent(new MSentryHmsNotification(j));
            long currentAuthzPathsSnapshotID = getCurrentAuthzPathsSnapshotID(persistenceManager) + 1;
            persistenceManager.makePersistent(new MAuthzPathsSnapshotId(currentAuthzPathsSnapshotID));
            LOGGER.info("Attempting to commit new HMS snapshot with ID = {}", Long.valueOf(currentAuthzPathsSnapshotID));
            for (Map.Entry entry : map.entrySet()) {
                persistenceManager.makePersistent(new MAuthzPathsMapping(currentAuthzPathsSnapshotID, (String) entry.getKey(), (Collection) entry.getValue()));
            }
            return null;
        });
    }

    private static long getCurrentAuthzPathsSnapshotID(PersistenceManager persistenceManager) {
        return getMaxPersistedIDCore(persistenceManager, MAuthzPathsSnapshotId.class, "authzSnapshotID", 0L);
    }

    private long getCurrentAuthzPathsSnapshotID() throws Exception {
        return ((Long) this.tm.executeTransaction(SentryStore::getCurrentAuthzPathsSnapshotID)).longValue();
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void addAuthzPathsMapping(String str, Collection<String> collection, UniquePathsUpdate uniquePathsUpdate) throws Exception {
        execute((Updateable.Update) uniquePathsUpdate, persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            addAuthzPathsMappingCore(persistenceManager, str, collection);
            return null;
        });
    }

    private void addAuthzPathsMappingCore(PersistenceManager persistenceManager, String str, Collection<String> collection) {
        long currentAuthzPathsSnapshotID = getCurrentAuthzPathsSnapshotID(persistenceManager);
        if (currentAuthzPathsSnapshotID <= 0) {
            LOGGER.warn("AuthzObj: {} cannot be persisted if paths snapshot ID does not exist yet.", str);
        }
        MAuthzPathsMapping mAuthzPathsMappingCore = getMAuthzPathsMappingCore(persistenceManager, currentAuthzPathsSnapshotID, str);
        if (mAuthzPathsMappingCore == null) {
            mAuthzPathsMappingCore = new MAuthzPathsMapping(currentAuthzPathsSnapshotID, str, collection);
        } else {
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                mAuthzPathsMappingCore.addPath(new MPath(it.next()));
            }
        }
        persistenceManager.makePersistent(mAuthzPathsMappingCore);
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void deleteAuthzPathsMapping(String str, Iterable<String> iterable, UniquePathsUpdate uniquePathsUpdate) throws Exception {
        execute((Updateable.Update) uniquePathsUpdate, persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            deleteAuthzPathsMappingCore(persistenceManager, str, iterable);
            return null;
        });
    }

    private void deleteAuthzPathsMappingCore(PersistenceManager persistenceManager, String str, Iterable<String> iterable) {
        long currentAuthzPathsSnapshotID = getCurrentAuthzPathsSnapshotID(persistenceManager);
        if (currentAuthzPathsSnapshotID <= 0) {
            LOGGER.error("No paths snapshot ID is found. Cannot delete authzoObj: {}", str);
        }
        MAuthzPathsMapping mAuthzPathsMappingCore = getMAuthzPathsMappingCore(persistenceManager, currentAuthzPathsSnapshotID, str);
        if (mAuthzPathsMappingCore == null) {
            LOGGER.error("nonexistent authzObj: {} on current paths snapshot ID #{}", str, Long.valueOf(currentAuthzPathsSnapshotID));
            return;
        }
        for (String str2 : iterable) {
            MPath path = mAuthzPathsMappingCore.getPath(str2);
            if (path == null) {
                LOGGER.error("nonexistent path: {}", str2);
            } else {
                mAuthzPathsMappingCore.removePath(path);
                persistenceManager.deletePersistent(path);
            }
        }
        persistenceManager.makePersistent(mAuthzPathsMappingCore);
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void deleteAllAuthzPathsMapping(String str, UniquePathsUpdate uniquePathsUpdate) throws Exception {
        execute((Updateable.Update) uniquePathsUpdate, persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            deleteAllAuthzPathsMappingCore(persistenceManager, str);
            return null;
        });
    }

    private void deleteAllAuthzPathsMappingCore(PersistenceManager persistenceManager, String str) {
        long currentAuthzPathsSnapshotID = getCurrentAuthzPathsSnapshotID(persistenceManager);
        if (currentAuthzPathsSnapshotID <= 0) {
            LOGGER.error("No paths snapshot ID is found. Cannot delete authzoObj: {}", str);
        }
        MAuthzPathsMapping mAuthzPathsMappingCore = getMAuthzPathsMappingCore(persistenceManager, currentAuthzPathsSnapshotID, str);
        if (mAuthzPathsMappingCore == null) {
            LOGGER.error("nonexistent authzObj: {} on current paths snapshot ID #{}", str, Long.valueOf(currentAuthzPathsSnapshotID));
            return;
        }
        for (MPath mPath : mAuthzPathsMappingCore.getPaths()) {
            mAuthzPathsMappingCore.removePath(mPath);
            persistenceManager.deletePersistent(mPath);
        }
        persistenceManager.deletePersistent(mAuthzPathsMappingCore);
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void renameAuthzPathsMapping(String str, String str2, String str3, String str4, UniquePathsUpdate uniquePathsUpdate) throws Exception {
        execute((Updateable.Update) uniquePathsUpdate, persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            renameAuthzPathsMappingCore(persistenceManager, str, str2, str3, str4);
            return null;
        });
    }

    private void renameAuthzPathsMappingCore(PersistenceManager persistenceManager, String str, String str2, String str3, String str4) {
        long currentAuthzPathsSnapshotID = getCurrentAuthzPathsSnapshotID(persistenceManager);
        if (currentAuthzPathsSnapshotID <= 0) {
            LOGGER.error("No paths snapshot ID is found. Cannot rename authzoObj: {}", str);
        }
        MAuthzPathsMapping mAuthzPathsMappingCore = getMAuthzPathsMappingCore(persistenceManager, currentAuthzPathsSnapshotID, str);
        if (mAuthzPathsMappingCore == null) {
            LOGGER.error("nonexistent authzObj: {} on current paths snapshot ID #{}", str, Long.valueOf(currentAuthzPathsSnapshotID));
            return;
        }
        MPath path = mAuthzPathsMappingCore.getPath(str3);
        if (path == null) {
            LOGGER.error("nonexistent path: {}", str3);
        } else {
            mAuthzPathsMappingCore.removePath(path);
            persistenceManager.deletePersistent(path);
        }
        mAuthzPathsMappingCore.addPath(new MPath(str4));
        mAuthzPathsMappingCore.setAuthzObjName(str2);
        persistenceManager.makePersistent(mAuthzPathsMappingCore);
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void renameAuthzObj(String str, String str2, UniquePathsUpdate uniquePathsUpdate) throws Exception {
        execute((Updateable.Update) uniquePathsUpdate, persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            renameAuthzObjCore(persistenceManager, str, str2);
            return null;
        });
    }

    private void renameAuthzObjCore(PersistenceManager persistenceManager, String str, String str2) {
        long currentAuthzPathsSnapshotID = getCurrentAuthzPathsSnapshotID(persistenceManager);
        if (currentAuthzPathsSnapshotID <= 0) {
            LOGGER.error("No paths snapshot ID is found. Cannot rename authzoObj: {}", str);
        }
        MAuthzPathsMapping mAuthzPathsMappingCore = getMAuthzPathsMappingCore(persistenceManager, currentAuthzPathsSnapshotID, str);
        if (mAuthzPathsMappingCore == null) {
            LOGGER.error("nonexistent authzObj: {} on current paths snapshot ID #{}", str, Long.valueOf(currentAuthzPathsSnapshotID));
        } else {
            mAuthzPathsMappingCore.setAuthzObjName(str2);
            persistenceManager.makePersistent(mAuthzPathsMappingCore);
        }
    }

    public boolean isAuthzPathsMappingEmpty() throws Exception {
        return ((Boolean) this.tm.executeTransactionWithRetry(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            return Boolean.valueOf(isTableEmptyCore(persistenceManager, MAuthzPathsMapping.class));
        })).booleanValue();
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public boolean isHmsNotificationEmpty() throws Exception {
        return ((Boolean) this.tm.executeTransactionWithRetry(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            return Boolean.valueOf(isTableEmptyCore(persistenceManager, MSentryHmsNotification.class));
        })).booleanValue();
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public boolean isAuthzPathsSnapshotEmpty() throws Exception {
        return ((Boolean) this.tm.executeTransactionWithRetry(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            return Boolean.valueOf(isTableEmptyCore(persistenceManager, MAuthzPathsMapping.class));
        })).booleanValue();
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void updateAuthzPathsMapping(String str, String str2, String str3, UniquePathsUpdate uniquePathsUpdate) throws Exception {
        execute((Updateable.Update) uniquePathsUpdate, persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            updateAuthzPathsMappingCore(persistenceManager, str, str2, str3);
            return null;
        });
    }

    private void updateAuthzPathsMappingCore(PersistenceManager persistenceManager, String str, String str2, String str3) {
        long currentAuthzPathsSnapshotID = getCurrentAuthzPathsSnapshotID(persistenceManager);
        if (currentAuthzPathsSnapshotID <= 0) {
            LOGGER.error("No paths snapshot ID is found. Cannot update authzoObj: {}", str);
        }
        MAuthzPathsMapping mAuthzPathsMappingCore = getMAuthzPathsMappingCore(persistenceManager, currentAuthzPathsSnapshotID, str);
        if (mAuthzPathsMappingCore == null) {
            mAuthzPathsMappingCore = new MAuthzPathsMapping(currentAuthzPathsSnapshotID, str, Sets.newHashSet(new String[]{str3}));
        } else {
            MPath path = mAuthzPathsMappingCore.getPath(str2);
            if (path == null) {
                LOGGER.error("nonexistent path: {}", str2);
            } else {
                mAuthzPathsMappingCore.removePath(path);
                persistenceManager.deletePersistent(path);
            }
            mAuthzPathsMappingCore.addPath(new MPath(str3));
        }
        persistenceManager.makePersistent(mAuthzPathsMappingCore);
    }

    private MAuthzPathsMapping getMAuthzPathsMappingCore(PersistenceManager persistenceManager, long j, String str) {
        Query newQuery = persistenceManager.newQuery(MAuthzPathsMapping.class);
        newQuery.setFilter("this.authzSnapshotID == authzSnapshotID && this.authzObjName == authzObjName");
        newQuery.declareParameters("long authzSnapshotID, java.lang.String authzObjName");
        newQuery.setUnique(true);
        return (MAuthzPathsMapping) newQuery.execute(Long.valueOf(j), str);
    }

    private boolean isTableEmptyCore(PersistenceManager persistenceManager, Class cls) {
        Query newQuery = persistenceManager.newQuery(cls);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
        newQuery.setRange(0L, 1L);
        return ((List) newQuery.execute()).isEmpty();
    }

    private static long getMaxPersistedIDCore(PersistenceManager persistenceManager, Class cls, String str, long j) {
        Query newQuery = persistenceManager.newQuery(cls);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
        newQuery.setResult(String.format("max(%s)", str));
        Long l = (Long) newQuery.execute();
        return l != null ? l.longValue() : j;
    }

    @VisibleForTesting
    List<MPath> getMPaths() throws Exception {
        return (List) this.tm.executeTransaction(persistenceManager -> {
            long currentAuthzPathsSnapshotID = getCurrentAuthzPathsSnapshotID(persistenceManager);
            Query newQuery = persistenceManager.newQuery("SQL", "SELECT p.PATH_NAME FROM AUTHZ_PATH p JOIN AUTHZ_PATHS_MAPPING a ON a.AUTHZ_OBJ_ID = p.AUTHZ_OBJ_ID WHERE a.AUTHZ_SNAPSHOT_ID = ?");
            newQuery.setResultClass(MPath.class);
            return (List) newQuery.execute(Long.valueOf(currentAuthzPathsSnapshotID));
        });
    }

    @VisibleForTesting
    Boolean findOrphanedPrivileges() throws Exception {
        return (Boolean) this.tm.executeTransaction(persistenceManager -> {
            return findOrphanedPrivilegesCore(persistenceManager);
        });
    }

    Boolean findOrphanedPrivilegesCore(PersistenceManager persistenceManager) {
        List<MSentryPrivilege> allMSentryPrivilegesCore = getAllMSentryPrivilegesCore(persistenceManager);
        ArrayList arrayList = new ArrayList(allMSentryPrivilegesCore.size());
        Iterator<MSentryPrivilege> it = allMSentryPrivilegesCore.iterator();
        while (it.hasNext()) {
            arrayList.add(persistenceManager.getObjectId(it.next()));
        }
        if (arrayList.isEmpty()) {
            return false;
        }
        persistenceManager.refreshAll();
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            if (((MSentryPrivilege) persistenceManager.getObjectById(it2.next())).getRoles().isEmpty()) {
                return true;
            }
        }
        return false;
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public List<Map<String, Set<String>>> getGroupUserRoleMapList(Collection<String> collection) throws Exception {
        return (List) this.tm.executeTransaction(persistenceManager -> {
            List list;
            persistenceManager.setDetachAllOnCommit(false);
            Query newQuery = persistenceManager.newQuery(MSentryRole.class);
            newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
            persistenceManager.getFetchGroup(MSentryRole.class, "fetchGroupsUsers").addMember("groups").addMember("users");
            persistenceManager.getFetchPlan().addGroup("fetchGroupsUsers");
            if (collection == null || collection.isEmpty()) {
                list = (List) newQuery.execute();
            } else {
                QueryParamBuilder newQueryParamBuilder = QueryParamBuilder.newQueryParamBuilder(QueryParamBuilder.Op.OR);
                newQueryParamBuilder.addSet("roleName == ", collection);
                newQuery.setFilter(newQueryParamBuilder.toString());
                list = (List) newQuery.executeWithMap(newQueryParamBuilder.getArguments());
            }
            Map<String, Set<String>> groupRolesMap = getGroupRolesMap(list);
            Map<String, Set<String>> userRolesMap = getUserRolesMap(list);
            ArrayList arrayList = new ArrayList();
            arrayList.add(0, groupRolesMap);
            arrayList.add(1, userRolesMap);
            return arrayList;
        });
    }

    private Map<String, Set<String>> getGroupRolesMap(Collection<MSentryRole> collection) {
        if (collection.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        for (MSentryRole mSentryRole : collection) {
            Iterator<MSentryGroup> it = mSentryRole.getGroups().iterator();
            while (it.hasNext()) {
                String groupName = it.next().getGroupName();
                Set set = (Set) hashMap.get(groupName);
                if (set == null) {
                    set = new HashSet();
                }
                set.add(mSentryRole.getRoleName());
                hashMap.put(groupName, set);
            }
        }
        return hashMap;
    }

    private Map<String, Set<String>> getUserRolesMap(Collection<MSentryRole> collection) {
        if (collection.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        for (MSentryRole mSentryRole : collection) {
            Iterator<MSentryUser> it = mSentryRole.getUsers().iterator();
            while (it.hasNext()) {
                String userName = it.next().getUserName();
                Set set = (Set) hashMap.get(userName);
                if (set == null) {
                    set = new HashSet();
                }
                set.add(mSentryRole.getRoleName());
                hashMap.put(userName, set);
            }
        }
        return hashMap;
    }

    Map<String, Set<TSentryPrivilege>> getRoleNameTPrivilegesMap() throws Exception {
        return getRoleNameTPrivilegesMap(null, null);
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Map<String, Set<TSentryPrivilege>> getRoleNameTPrivilegesMap(String str, String str2) throws Exception {
        return (Map) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            Query newQuery = persistenceManager.newQuery(MSentryPrivilege.class);
            newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
            QueryParamBuilder newQueryParamBuilder = QueryParamBuilder.newQueryParamBuilder();
            if (!StringUtils.isEmpty(str)) {
                newQueryParamBuilder.add("dbName", str);
            }
            if (!StringUtils.isEmpty(str2)) {
                newQueryParamBuilder.add(Constants.LOG_FIELD_TABLE_NAME, str2);
            }
            newQuery.setFilter(newQueryParamBuilder.toString());
            persistenceManager.getFetchGroup(MSentryPrivilege.class, "fetchRoles").addMember("roles");
            persistenceManager.getFetchPlan().addGroup("fetchRoles");
            return getRolePrivilegesMap((List) newQuery.executeWithMap(newQueryParamBuilder.getArguments()));
        });
    }

    private Map<String, Set<TSentryPrivilege>> getRolePrivilegesMap(Collection<MSentryPrivilege> collection) {
        if (collection.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        for (MSentryPrivilege mSentryPrivilege : collection) {
            TSentryPrivilege convertToTSentryPrivilege = convertToTSentryPrivilege(mSentryPrivilege);
            Iterator<MSentryRole> it = mSentryPrivilege.getRoles().iterator();
            while (it.hasNext()) {
                String roleName = it.next().getRoleName();
                Set set = (Set) hashMap.get(roleName);
                if (set == null) {
                    set = new HashSet();
                }
                set.add(convertToTSentryPrivilege);
                hashMap.put(roleName, set);
            }
        }
        return hashMap;
    }

    public Set<String> getAllRoleNames() throws Exception {
        return (Set) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            return getAllRoleNamesCore(persistenceManager);
        });
    }

    private Set<String> getAllRoleNamesCore(PersistenceManager persistenceManager) {
        List<MSentryRole> allRoles = getAllRoles(persistenceManager);
        return allRoles.isEmpty() ? Collections.emptySet() : rolesToRoleNames(allRoles);
    }

    private Map<String, MSentryGroup> getGroupNameTGroupMap(PersistenceManager persistenceManager) {
        List<MSentryGroup> list = (List) persistenceManager.newQuery(MSentryGroup.class).execute();
        if (list.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap(list.size());
        for (MSentryGroup mSentryGroup : list) {
            hashMap.put(mSentryGroup.getGroupName(), mSentryGroup);
        }
        return hashMap;
    }

    private Map<String, MSentryUser> getUserNameToUserMap(PersistenceManager persistenceManager) {
        List<MSentryUser> list = (List) persistenceManager.newQuery(MSentryUser.class).execute();
        if (list.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap(list.size());
        for (MSentryUser mSentryUser : list) {
            hashMap.put(mSentryUser.getUserName(), mSentryUser);
        }
        return hashMap;
    }

    @VisibleForTesting
    Map<String, MSentryRole> getRolesMap() throws Exception {
        return (Map) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            List<MSentryRole> allRoles = getAllRoles(persistenceManager);
            if (allRoles.isEmpty()) {
                return Collections.emptyMap();
            }
            HashMap hashMap = new HashMap(allRoles.size());
            for (MSentryRole mSentryRole : allRoles) {
                hashMap.put(mSentryRole.getRoleName(), mSentryRole);
            }
            return hashMap;
        });
    }

    @VisibleForTesting
    Map<String, MSentryGroup> getGroupNameToGroupMap() throws Exception {
        return (Map) this.tm.executeTransaction(this::getGroupNameTGroupMap);
    }

    @VisibleForTesting
    Map<String, MSentryUser> getUserNameToUserMap() throws Exception {
        return (Map) this.tm.executeTransaction(this::getUserNameToUserMap);
    }

    @VisibleForTesting
    List<MSentryPrivilege> getPrivilegesList() throws Exception {
        return (List) this.tm.executeTransaction(persistenceManager -> {
            return (List) persistenceManager.newQuery(MSentryPrivilege.class).execute();
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void importSentryMetaData(TSentryMappingData tSentryMappingData, boolean z) throws Exception {
        this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            TSentryMappingData lowercaseRoleName = lowercaseRoleName(tSentryMappingData);
            Set<String> allRoleNamesCore = getAllRoleNamesCore(persistenceManager);
            Map<String, Set<TSentryGroup>> covertToRoleNameTGroupsMap = covertToRoleNameTGroupsMap(lowercaseRoleName.getGroupRolesMap());
            Map<String, Set<String>> covertToRoleUsersMap = covertToRoleUsersMap(lowercaseRoleName.getUserRolesMap());
            Set<String> keySet = covertToRoleNameTGroupsMap.keySet();
            if (z) {
                dropDuplicatedRoleForImport(persistenceManager, allRoleNamesCore, keySet);
                allRoleNamesCore = getAllRoleNamesCore(persistenceManager);
            }
            if (allRoleNamesCore.isEmpty()) {
                allRoleNamesCore = new HashSet();
            }
            importRolePrivilegeMapping(persistenceManager, allRoleNamesCore, lowercaseRoleName.getRolePrivilegesMap());
            importRoleGroupMapping(persistenceManager, allRoleNamesCore, covertToRoleNameTGroupsMap);
            importRoleUserMapping(persistenceManager, allRoleNamesCore, covertToRoleUsersMap);
            return null;
        });
    }

    private Map<String, Set<TSentryGroup>> covertToRoleNameTGroupsMap(Map<String, Set<String>> map) {
        if (map == null || map.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap newHashMap = Maps.newHashMap();
        for (Map.Entry<String, Set<String>> entry : map.entrySet()) {
            Set<String> value = entry.getValue();
            if (value != null) {
                for (String str : value) {
                    Set set = (Set) newHashMap.get(str);
                    if (set == null) {
                        set = new HashSet();
                    }
                    set.add(new TSentryGroup(entry.getKey()));
                    newHashMap.put(str, set);
                }
            }
        }
        return newHashMap;
    }

    private Map<String, Set<String>> covertToRoleUsersMap(Map<String, Set<String>> map) {
        if (map == null || map.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Set<String>> entry : map.entrySet()) {
            Set<String> value = entry.getValue();
            if (value != null) {
                for (String str : value) {
                    Set set = (Set) hashMap.get(str);
                    if (set == null) {
                        set = new HashSet();
                    }
                    set.add(entry.getKey());
                    hashMap.put(str, set);
                }
            }
        }
        return hashMap;
    }

    private void importRoleGroupMapping(PersistenceManager persistenceManager, Set<String> set, Map<String, Set<TSentryGroup>> map) throws Exception {
        if (map == null || map.keySet() == null) {
            return;
        }
        for (Map.Entry<String, Set<TSentryGroup>> entry : map.entrySet()) {
            createRoleIfNotExist(persistenceManager, set, entry.getKey());
            alterSentryRoleAddGroupsCore(persistenceManager, entry.getKey(), entry.getValue());
        }
    }

    private void importRoleUserMapping(PersistenceManager persistenceManager, Set<String> set, Map<String, Set<String>> map) throws Exception {
        if (map == null || map.keySet() == null) {
            return;
        }
        for (Map.Entry<String, Set<String>> entry : map.entrySet()) {
            createRoleIfNotExist(persistenceManager, set, entry.getKey());
            alterSentryRoleAddUsersCore(persistenceManager, entry.getKey(), entry.getValue());
        }
    }

    private void dropDuplicatedRoleForImport(PersistenceManager persistenceManager, Set<String> set, Set<String> set2) throws Exception {
        Iterator it = Sets.intersection(set, set2).iterator();
        while (it.hasNext()) {
            dropSentryRoleCore(persistenceManager, (String) it.next());
        }
    }

    private TSentryMappingData lowercaseRoleName(TSentryMappingData tSentryMappingData) {
        Map groupRolesMap = tSentryMappingData.getGroupRolesMap();
        Map rolePrivilegesMap = tSentryMappingData.getRolePrivilegesMap();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        for (Map.Entry entry : groupRolesMap.entrySet()) {
            hashMap.put(entry.getKey(), new HashSet(Collections2.transform((Collection) entry.getValue(), new Function<String, String>() { // from class: org.apache.sentry.provider.db.service.persistent.SentryStore.6
                public String apply(String str) {
                    return str.toLowerCase();
                }
            })));
        }
        for (Map.Entry entry2 : rolePrivilegesMap.entrySet()) {
            hashMap2.put(((String) entry2.getKey()).toLowerCase(), entry2.getValue());
        }
        tSentryMappingData.setGroupRolesMap(hashMap);
        tSentryMappingData.setRolePrivilegesMap(hashMap2);
        return tSentryMappingData;
    }

    private void importRolePrivilegeMapping(PersistenceManager persistenceManager, Set<String> set, Map<String, Set<TSentryPrivilege>> map) throws Exception {
        if (map != null) {
            for (Map.Entry<String, Set<TSentryPrivilege>> entry : map.entrySet()) {
                createRoleIfNotExist(persistenceManager, set, entry.getKey());
                Iterator<TSentryPrivilege> it = entry.getValue().iterator();
                while (it.hasNext()) {
                    alterSentryGrantPrivilegeCore(persistenceManager, ServiceConstants.SentryPrincipalType.ROLE, entry.getKey(), it.next());
                }
            }
        }
    }

    private void createRoleIfNotExist(PersistenceManager persistenceManager, Set<String> set, String str) throws Exception {
        String trimAndLower = trimAndLower(str);
        if (set.contains(trimAndLower)) {
            return;
        }
        set.add(trimAndLower);
        persistenceManager.makePersistent(new MSentryRole(trimAndLower(str)));
    }

    public static Set<String> rolesToRoleNames(Iterable<MSentryRole> iterable) {
        HashSet hashSet = new HashSet();
        Iterator<MSentryRole> it = iterable.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getRoleName());
        }
        return hashSet;
    }

    private static SentryNoSuchObjectException noSuchRole(String str) {
        return new SentryNoSuchObjectException("Role " + str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SentryNoSuchObjectException noSuchUser(String str) {
        return new SentryNoSuchObjectException("nonexistent user " + str);
    }

    private static SentryNoSuchObjectException noSuchGroup(String str) {
        return new SentryNoSuchObjectException("Group " + str);
    }

    private SentryNoSuchObjectException noSuchUpdate(long j) {
        return new SentryNoSuchObjectException("nonexistent update + " + j);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static <T extends MSentryChange> Long getLastProcessedChangeIDCore(PersistenceManager persistenceManager, Class<T> cls) {
        return Long.valueOf(getMaxPersistedIDCore(persistenceManager, cls, "changeID", 0L));
    }

    static Long getLastProcessedNotificationIDCore(PersistenceManager persistenceManager) {
        return Long.valueOf(getMaxPersistedIDCore(persistenceManager, MSentryHmsNotification.class, "notificationId", 0L));
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void setLastProcessedNotificationID(Long l) throws Exception {
        LOGGER.debug("Persisting Last Processed Notification ID {}", l);
        this.tm.executeTransaction(persistenceManager -> {
            deleteNotificationsSince(persistenceManager, l.longValue() + 1);
            return (MSentryHmsNotification) persistenceManager.makePersistent(new MSentryHmsNotification(l.longValue()));
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public void persistLastProcessedNotificationID(Long l) throws Exception {
        LOGGER.debug("Persisting Last Processed Notification ID {}", l);
        this.tm.executeTransaction(persistenceManager -> {
            return (MSentryHmsNotification) persistenceManager.makePersistent(new MSentryHmsNotification(l.longValue()));
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Long getLastProcessedPermChangeID() throws Exception {
        return (Long) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            return getLastProcessedChangeIDCore(persistenceManager, MSentryPermChange.class);
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Long getLastProcessedPathChangeID() throws Exception {
        return (Long) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            return getLastProcessedChangeIDCore(persistenceManager, MSentryPathChange.class);
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Long getLastProcessedNotificationID() throws Exception {
        long longValue = ((Long) this.tm.executeTransaction(persistenceManager -> {
            return Long.valueOf(getLastProcessedNotificationIDCore(persistenceManager).longValue());
        })).longValue();
        LOGGER.debug("Retrieving Last Processed Notification ID {}", Long.valueOf(longValue));
        return Long.valueOf(longValue);
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public long getLastProcessedImageID() throws Exception {
        return ((Long) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            return Long.valueOf(getCurrentAuthzPathsSnapshotID(persistenceManager));
        })).longValue();
    }

    public MSentryPermChange getMSentryPermChangeByID(long j) throws Exception {
        return (MSentryPermChange) this.tm.executeTransaction(persistenceManager -> {
            Query newQuery = persistenceManager.newQuery(MSentryPermChange.class);
            newQuery.setFilter("this.changeID == id");
            newQuery.declareParameters("long id");
            List list = (List) newQuery.execute(Long.valueOf(j));
            if (list == null) {
                throw noSuchUpdate(j);
            }
            if (list.size() > 1) {
                throw new Exception("Inconsistent permission delta: " + list.size() + " permissions for the same id, " + j);
            }
            return (MSentryPermChange) list.get(0);
        });
    }

    private <T extends MSentryChange> List<T> getMSentryChanges(Class<T> cls) throws Exception {
        return (List) this.tm.executeTransaction(persistenceManager -> {
            return (List) persistenceManager.newQuery(cls).execute();
        });
    }

    @VisibleForTesting
    List<MSentryPermChange> getMSentryPermChanges() throws Exception {
        return getMSentryChanges(MSentryPermChange.class);
    }

    @VisibleForTesting
    List<MSentryHmsNotification> getMSentryHmsNotificationCore() throws Exception {
        return (List) this.tm.executeTransaction(persistenceManager -> {
            return (List) persistenceManager.newQuery(MSentryHmsNotification.class).execute();
        });
    }

    private <T extends MSentryChange> Boolean changeExistsCore(PersistenceManager persistenceManager, Class<T> cls, long j) throws Exception {
        Query newQuery = persistenceManager.newQuery(cls);
        newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
        newQuery.setFilter("this.changeID == id");
        newQuery.declareParameters("long id");
        return Boolean.valueOf(!((List) newQuery.execute(Long.valueOf(j))).isEmpty());
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Boolean permChangeExists(long j) throws Exception {
        return (Boolean) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            return changeExistsCore(persistenceManager, MSentryPermChange.class, j);
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Boolean pathChangeExists(long j) throws Exception {
        return (Boolean) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            return changeExistsCore(persistenceManager, MSentryPathChange.class, j);
        });
    }

    public MSentryPathChange getMSentryPathChangeByID(long j) throws Exception {
        return (MSentryPathChange) this.tm.executeTransaction(persistenceManager -> {
            Query newQuery = persistenceManager.newQuery(MSentryPathChange.class);
            newQuery.setFilter("this.changeID == id");
            newQuery.declareParameters("long id");
            List list = (List) newQuery.execute(Long.valueOf(j));
            if (list == null) {
                throw noSuchUpdate(j);
            }
            if (list.size() > 1) {
                throw new Exception("Inconsistent path delta: " + list.size() + " paths for the same id, " + j);
            }
            return (MSentryPathChange) list.get(0);
        });
    }

    @VisibleForTesting
    List<MSentryPathChange> getMSentryPathChanges() throws Exception {
        return getMSentryChanges(MSentryPathChange.class);
    }

    private <T extends MSentryChange> List<T> getMSentryChangesCore(PersistenceManager persistenceManager, Class<T> cls, long j) throws Exception {
        Query newQuery = persistenceManager.newQuery(cls);
        newQuery.setFilter("this.changeID >= t");
        newQuery.declareParameters("long t");
        newQuery.setOrdering("this.changeID ascending");
        return (List) newQuery.execute(Long.valueOf(j));
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public List<MSentryPathChange> getMSentryPathChanges(long j) throws Exception {
        return (List) this.tm.executeTransaction(persistenceManager -> {
            List mSentryChangesCore = getMSentryChangesCore(persistenceManager, MSentryPathChange.class, j);
            return validateDeltaChanges(j, mSentryChangesCore) ? mSentryChangesCore : Collections.emptyList();
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public List<MSentryPermChange> getMSentryPermChanges(long j) throws Exception {
        return (List) this.tm.executeTransaction(persistenceManager -> {
            List mSentryChangesCore = getMSentryChangesCore(persistenceManager, MSentryPermChange.class, j);
            return validateDeltaChanges(j, mSentryChangesCore) ? mSentryChangesCore : Collections.emptyList();
        });
    }

    public <T extends MSentryChange> boolean validateDeltaChanges(long j, List<T> list) {
        if (list.isEmpty()) {
            return true;
        }
        if (list.get(0).getChangeID() != j) {
            LOGGER.debug(String.format("Starting delta change from %s is off from the requested id. Requested changeID: %s, Missing delta count: %s", list.get(0).getClass().getCanonicalName(), Long.valueOf(j), Long.valueOf(list.get(0).getChangeID() - j)));
            return false;
        }
        if (MSentryUtil.isConsecutive(list)) {
            return true;
        }
        LOGGER.error(String.format("Certain delta is missing in %s! The table may get corrupted. Start changeID %s, Current size of elements = %s. path changeID list: %s", list.get(0).getClass().getCanonicalName(), Long.valueOf(j), Integer.valueOf(list.size()), MSentryUtil.collapseChangeIDsToString(list)));
        return false;
    }

    private void execute(Updateable.Update update, TransactionBlock<Object> transactionBlock) throws Exception {
        execute(update != null ? Collections.singletonList(update) : Collections.emptyList(), transactionBlock);
    }

    private void execute(List<Updateable.Update> list, TransactionBlock<Object> transactionBlock) throws Exception {
        ArrayList arrayList = new ArrayList(3);
        if (this.persistUpdateDeltas && list != null && list.size() > 0) {
            Iterator<Updateable.Update> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(new DeltaTransactionBlock(it.next()));
            }
        }
        arrayList.add(transactionBlock);
        this.tm.executeTransactionBlocksWithRetry(arrayList);
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public boolean isNotificationProcessed(String str) throws Exception {
        return ((Boolean) this.tm.executeTransactionWithRetry(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            Query newQuery = persistenceManager.newQuery(MSentryPathChange.class);
            newQuery.setFilter("this.notificationHash == hash");
            newQuery.setUnique(true);
            newQuery.declareParameters("java.lang.String hash");
            return Boolean.valueOf(((MSentryPathChange) newQuery.execute(str)) != null);
        })).booleanValue();
    }

    public PrivilegePrincipal getEntity(PersistenceManager persistenceManager, String str, ServiceConstants.SentryPrincipalType sentryPrincipalType) {
        Query newQuery;
        if (sentryPrincipalType == ServiceConstants.SentryPrincipalType.ROLE) {
            newQuery = persistenceManager.newQuery(MSentryRole.class);
            newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
            newQuery.setFilter("this.roleName == :roleName");
            newQuery.setUnique(true);
            persistenceManager.getFetchGroup(MSentryRole.class, "fetchPrivileges").addMember("privileges");
            persistenceManager.getFetchPlan().addGroup("fetchPrivileges");
        } else {
            newQuery = persistenceManager.newQuery(MSentryUser.class);
            newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
            newQuery.setFilter("this.userName == :userName");
            newQuery.setUnique(true);
            persistenceManager.getFetchGroup(MSentryUser.class, "fetchPrivileges").addMember("privileges");
            persistenceManager.getFetchPlan().addGroup("fetchPrivileges");
        }
        return (PrivilegePrincipal) newQuery.execute(str);
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Map<String, Set<TSentryPrivilege>> getAllRolesPrivileges() throws Exception {
        return (Map) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            Query newQuery = persistenceManager.newQuery(MSentryRole.class);
            newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
            persistenceManager.getFetchGroup(MSentryRole.class, "fetchPrivileges").addMember("privileges");
            persistenceManager.getFetchPlan().addGroup("fetchPrivileges");
            List<MSentryRole> list = (List) newQuery.execute();
            if (list == null || list.isEmpty()) {
                return Collections.emptyMap();
            }
            HashMap newHashMap = Maps.newHashMap();
            for (MSentryRole mSentryRole : list) {
                newHashMap.put(mSentryRole.getRoleName(), convertToTSentryPrivileges(mSentryRole.getPrivileges()));
            }
            return newHashMap;
        });
    }

    @Override // org.apache.sentry.provider.db.service.persistent.SentryStoreInterface
    public Map<String, Set<TSentryPrivilege>> getAllUsersPrivileges() throws Exception {
        return (Map) this.tm.executeTransaction(persistenceManager -> {
            persistenceManager.setDetachAllOnCommit(false);
            Query newQuery = persistenceManager.newQuery(MSentryUser.class);
            newQuery.addExtension(LOAD_RESULTS_AT_COMMIT, Constants.FALSE);
            persistenceManager.getFetchGroup(MSentryUser.class, "fetchPrivileges").addMember("privileges");
            persistenceManager.getFetchPlan().addGroup("fetchPrivileges");
            List<MSentryUser> list = (List) newQuery.execute();
            if (list == null || list.isEmpty()) {
                return Collections.emptyMap();
            }
            HashMap newHashMap = Maps.newHashMap();
            for (MSentryUser mSentryUser : list) {
                newHashMap.put(mSentryUser.getUserName(), convertToTSentryPrivileges(mSentryUser.getPrivileges()));
            }
            return newHashMap;
        });
    }
}
