package org.apache.hadoop.hive.ql.security.authorization.command;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.metastore.TableType;
import org.apache.hadoop.hive.metastore.api.Database;
import org.apache.hadoop.hive.ql.exec.FunctionInfo;
import org.apache.hadoop.hive.ql.exec.FunctionUtils;
import org.apache.hadoop.hive.ql.hooks.Entity;
import org.apache.hadoop.hive.ql.hooks.ReadEntity;
import org.apache.hadoop.hive.ql.hooks.WriteEntity;
import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.metadata.HiveStorageAuthorizationHandler;
import org.apache.hadoop.hive.ql.metadata.Table;
import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils;
import org.apache.hadoop.hive.ql.security.authorization.HiveCustomStorageHandlerUtils;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.apache.hadoop.util.ReflectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.class */
public final class CommandAuthorizerV2 {
    private static final Logger LOG = LoggerFactory.getLogger(CommandAuthorizerV2.class.getName());

    private CommandAuthorizerV2() {
        throw new UnsupportedOperationException("CommandAuthorizerV2 should not be instantiated");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void doAuthorization(HiveOperation hiveOperation, BaseSemanticAnalyzer baseSemanticAnalyzer, SessionState sessionState, Set<ReadEntity> set, Set<WriteEntity> set2, String str) throws HiveException {
        HiveOperationType valueOf = HiveOperationType.valueOf(hiveOperation.name());
        Map<String, List<String>> tableToColumnAccessMap = baseSemanticAnalyzer.getColumnAccessInfo() != null ? baseSemanticAnalyzer.getColumnAccessInfo().getTableToColumnAccessMap() : null;
        Map<String, List<String>> tableToColumnAccessMap2 = baseSemanticAnalyzer.getUpdateColumnAccessInfo() != null ? baseSemanticAnalyzer.getUpdateColumnAccessInfo().getTableToColumnAccessMap() : null;
        ArrayList arrayList = new ArrayList(set);
        ArrayList arrayList2 = new ArrayList(set2);
        addPermanentFunctionEntities(sessionState, arrayList);
        List<HivePrivilegeObject> hivePrivObjects = getHivePrivObjects(arrayList, tableToColumnAccessMap, valueOf);
        List<HivePrivilegeObject> hivePrivObjects2 = getHivePrivObjects(arrayList2, tableToColumnAccessMap2, valueOf);
        HiveAuthzContext.Builder builder = new HiveAuthzContext.Builder();
        builder.setUserIpAddress(sessionState.getUserIpAddress());
        builder.setForwardedAddresses(sessionState.getForwardedAddresses());
        builder.setCommandString(str);
        sessionState.getAuthorizerV2().checkPrivileges(valueOf, hivePrivObjects, hivePrivObjects2, builder.build());
    }

    private static void addPermanentFunctionEntities(SessionState sessionState, List<ReadEntity> list) throws HiveException {
        for (Map.Entry<String, FunctionInfo> entry : sessionState.getCurrentFunctionsInUse().entrySet()) {
            if (entry.getValue().getFunctionType() == FunctionInfo.FunctionType.PERSISTENT) {
                String[] qualifiedFunctionNameParts = FunctionUtils.getQualifiedFunctionNameParts(entry.getKey());
                list.add(new ReadEntity(new Database(qualifiedFunctionNameParts[0], "", "", (Map) null), qualifiedFunctionNameParts[1], entry.getValue().getClassName(), Entity.Type.FUNCTION));
            }
        }
    }

    private static List<HivePrivilegeObject> getHivePrivObjects(List<? extends Entity> list, Map<String, List<String>> map, HiveOperationType hiveOperationType) throws HiveException {
        ArrayList arrayList = new ArrayList();
        if (list == null) {
            return arrayList;
        }
        for (Entity entity : list) {
            if (!entity.isDummy()) {
                if ((entity instanceof ReadEntity) && !((ReadEntity) entity).isDirect()) {
                    ReadEntity readEntity = (ReadEntity) entity;
                    Boolean bool = false;
                    if (readEntity.getParents() != null && readEntity.getParents().size() > 0) {
                        for (ReadEntity readEntity2 : readEntity.getParents()) {
                            if (readEntity2.getTyp() == Entity.Type.TABLE && readEntity2.getTable() != null && isDeferredAuthView(readEntity2.getTable())) {
                                bool = true;
                            }
                        }
                    }
                    if (!bool.booleanValue()) {
                    }
                }
                if (!(entity instanceof WriteEntity) || !((WriteEntity) entity).isTempURI()) {
                    if (entity.getTyp() != Entity.Type.TABLE || (entity.getT() != null && !entity.getT().isTemporary())) {
                        addHivePrivObject(entity, map, arrayList, hiveOperationType);
                    }
                }
            }
        }
        return arrayList;
    }

    private static boolean isDeferredAuthView(Table table) {
        Map<String, String> parameters;
        String tableType = table.getTTable().getTableType();
        boolean z = false;
        if (TableType.MATERIALIZED_VIEW.name().equals(tableType) || TableType.VIRTUAL_VIEW.name().equals(tableType)) {
            z = true;
        }
        return z && (parameters = table.getParameters()) != null && parameters.containsKey("Authorized") && "false".equalsIgnoreCase(parameters.get("Authorized"));
    }

    private static void addHivePrivObject(Entity entity, Map<String, List<String>> map, List<HivePrivilegeObject> list, HiveOperationType hiveOperationType) throws HiveException {
        HivePrivilegeObject hivePrivilegeObject;
        HivePrivilegeObject.HivePrivilegeObjectType hivePrivilegeObjectType = AuthorizationUtils.getHivePrivilegeObjectType(entity.getType());
        HivePrivilegeObject.HivePrivObjectActionType actionType = AuthorizationUtils.getActionType(entity);
        switch (entity.getType()) {
            case DATABASE:
                Database database = entity.getDatabase();
                hivePrivilegeObject = new HivePrivilegeObject(hivePrivilegeObjectType, database.getName(), null, null, null, actionType, null, null, database.getOwnerName(), database.getOwnerType());
                break;
            case TABLE:
                Table table = entity.getTable();
                hivePrivilegeObject = new HivePrivilegeObject(hivePrivilegeObjectType, table.getDbName(), table.getTableName(), null, map == null ? null : map.get(Table.getCompleteName(table.getDbName(), table.getTableName())), actionType, null, null, table.getOwner(), table.getOwnerType());
                if (table.getStorageHandler() != null && (hiveOperationType == HiveOperationType.CREATETABLE || hiveOperationType == HiveOperationType.ALTERTABLE_PROPERTIES || hiveOperationType == HiveOperationType.CREATETABLE_AS_SELECT || hiveOperationType == HiveOperationType.DROPTABLE)) {
                    HashMap hashMap = new HashMap();
                    Configuration configuration = new Configuration();
                    hashMap.putAll(table.getSd().getSerdeInfo().getParameters());
                    hashMap.putAll(table.getParameters());
                    try {
                        list.add(new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.STORAGEHANDLER_URI, null, table.getStorageHandler() instanceof HiveStorageAuthorizationHandler ? ((HiveStorageAuthorizationHandler) ReflectionUtils.newInstance(configuration.getClassByName(table.getStorageHandler().getClass().getName()), SessionState.get().getConf())).getURIForAuth(hashMap).toString() : table.getStorageHandler().getClass().getSimpleName().toLowerCase() + "://" + HiveCustomStorageHandlerUtils.getTablePropsForCustomStorageHandler(hashMap), null, null, actionType, null, table.getStorageHandler().getClass().getName(), table.getOwner(), table.getOwnerType()));
                        break;
                    } catch (Exception e) {
                        LOG.error("Exception occured while getting the URI from storage handler: " + e.getMessage(), e);
                        throw new HiveException(e);
                    }
                }
                break;
            case DFS_DIR:
            case LOCAL_DIR:
                hivePrivilegeObject = new HivePrivilegeObject(hivePrivilegeObjectType, null, entity.getD().toString(), null, null, actionType, null, null, null, null);
                break;
            case FUNCTION:
                hivePrivilegeObject = new HivePrivilegeObject(hivePrivilegeObjectType, entity.getDatabase() != null ? entity.getDatabase().getName() : null, entity.getFunctionName(), null, null, actionType, null, entity.getClassName(), null, null);
                break;
            case DUMMYPARTITION:
            case PARTITION:
                return;
            case SERVICE_NAME:
                hivePrivilegeObject = new HivePrivilegeObject(hivePrivilegeObjectType, null, entity.getServiceName(), null, null, actionType, null, null, null, null);
                break;
            default:
                throw new AssertionError("Unexpected object type");
        }
        list.add(hivePrivilegeObject);
    }
}
