package com.cloudera.navigator.audit.hive;

import com.cloudera.nav.utils.FilterUtil;
import com.cloudera.navigator.NavigatorParams;
import com.cloudera.navigator.audit.AuditPluginConstants;
import com.cloudera.navigator.audit.UserInfo;
import com.cloudera.navigator.audit.hive.EventDetails;
import com.cloudera.navigator.audit.hive.HiveConstants;
import com.cloudera.navigator.shaded.jackson.annotation.JsonProperty;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.ql.QueryPlan;
import org.apache.hadoop.hive.ql.exec.DDLTask;
import org.apache.hadoop.hive.ql.exec.Task;
import org.apache.hadoop.hive.ql.exec.TaskRunner;
import org.apache.hadoop.hive.ql.hooks.ExecuteWithHookContext;
import org.apache.hadoop.hive.ql.hooks.HookContext;
import org.apache.hadoop.hive.ql.hooks.ReadEntity;
import org.apache.hadoop.hive.ql.hooks.WriteEntity;
import org.apache.hadoop.hive.ql.plan.AlterDatabaseDesc;
import org.apache.hadoop.hive.ql.plan.CreateDatabaseDesc;
import org.apache.hadoop.hive.ql.plan.DDLWork;
import org.apache.hadoop.hive.ql.plan.DropDatabaseDesc;
import org.apache.hadoop.hive.ql.plan.DropIndexDesc;
import org.apache.hadoop.hive.ql.plan.LockTableDesc;
import org.apache.hadoop.hive.ql.plan.MsckDesc;
import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
import org.apache.hadoop.hive.ql.plan.UnlockTableDesc;
import org.apache.hadoop.hive.ql.session.SessionState;

/* loaded from: input_file:com/cloudera/navigator/audit/hive/AbstractHiveExecHookContext.class */
public abstract class AbstractHiveExecHookContext implements ExecuteWithHookContext {
    private static final String DBTABLESEPARATOR = ".";
    private static boolean entityHasLocationMethod = HiveUtils.entityHasMethod("getLocation");

    public void run(HookContext hookContext) throws Exception {
        HiveAuditPipeline pipeline = getPipeline(hookContext);
        if (pipeline.isAuditEnabled()) {
            long currentTimeMillis = System.currentTimeMillis();
            if (generateSentryEvents(pipeline, hookContext, currentTimeMillis)) {
                return;
            }
            if (hookContext.getInputs().isEmpty() && hookContext.getOutputs().isEmpty()) {
                generateSpeciallyHandledEvents(pipeline, hookContext, currentTimeMillis);
            }
            generateInputEvents(pipeline, hookContext, currentTimeMillis);
            generateOutputEvents(pipeline, hookContext, currentTimeMillis);
        }
    }

    @VisibleForTesting
    protected HiveAuditPipeline getPipeline(HookContext hookContext) {
        return HiveAuditPipeline.getInstance(AuditPluginConstants.HIVE_EXEC_HOOK_CONTEXT, hookContext.getConf().get(NavigatorParams.NAVIGATOR_CLIENT_CONFIG_PATH));
    }

    private boolean generateSentryEvents(HiveAuditPipeline hiveAuditPipeline, HookContext hookContext, long j) {
        boolean z = false;
        Iterator it = hookContext.getQueryPlan().getRootTasks().iterator();
        while (it.hasNext()) {
            Task task = (Task) it.next();
            if ((task instanceof DDLTask) || task.getClass().getName().equals("org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask")) {
                if (task.getWork() != null && (task.getWork() instanceof DDLWork)) {
                    EventDetails.ObjectInfo objectInfo = null;
                    if (task.getWork().getRoleDDLDesc() != null) {
                        objectInfo = buildPrincipalObjectInfo();
                    } else if (task.getWork().getGrantDesc() != null) {
                        objectInfo = buildPrivilegeObjectInfo(task.getWork().getGrantDesc().getPrivilegeSubjectDesc());
                    } else if (task.getWork().getRevokeDesc() != null) {
                        objectInfo = buildPrivilegeObjectInfo(task.getWork().getRevokeDesc().getPrivilegeSubjectDesc());
                    } else if (task.getWork().getGrantRevokeRoleDDL() != null) {
                        objectInfo = buildPrincipalObjectInfo();
                    } else if (task.getWork().getShowGrantDesc() != null) {
                        objectInfo = buildPrincipalObjectInfo();
                    }
                    if (objectInfo != null) {
                        generateEvent(hiveAuditPipeline, hookContext, objectInfo, HiveConstants.getAuditOperationFromHiveOperation(getHiveOperation(hookContext), false), j);
                        z = true;
                    }
                }
            }
        }
        return z;
    }

    private void generateSpeciallyHandledEvents(HiveAuditPipeline hiveAuditPipeline, HookContext hookContext, long j) {
        DDLWork work;
        Iterator it = hookContext.getQueryPlan().getRootTasks().iterator();
        while (it.hasNext()) {
            Task task = (Task) it.next();
            if ((task instanceof DDLTask) && (work = task.getWork()) != null && (work instanceof DDLWork)) {
                DDLWork dDLWork = work;
                EventDetails.ObjectInfo objectInfo = null;
                if (dDLWork.getCreateDatabaseDesc() != null) {
                    objectInfo = buildObjectInfo(dDLWork.getCreateDatabaseDesc());
                } else if (dDLWork.getDropDatabaseDesc() != null) {
                    objectInfo = buildObjectInfo(dDLWork.getDropDatabaseDesc());
                } else if (dDLWork.getAlterDatabaseDesc() != null) {
                    objectInfo = buildObjectInfo(dDLWork.getAlterDatabaseDesc());
                } else if (dDLWork.getDropIdxDesc() != null) {
                    objectInfo = buildObjectInfo(dDLWork.getDropIdxDesc());
                } else if (dDLWork.getMsckDesc() != null) {
                    objectInfo = buildObjectInfo(dDLWork.getMsckDesc());
                } else if (dDLWork.getLockTblDesc() != null) {
                    objectInfo = buildLockObjectInfo(dDLWork.getLockTblDesc());
                } else if (dDLWork.getUnlockTblDesc() != null) {
                    objectInfo = buildUnlockObjectInfo(dDLWork.getUnlockTblDesc());
                }
                if (objectInfo != null) {
                    generateEvent(hiveAuditPipeline, hookContext, objectInfo, HiveConstants.getAuditOperationFromHiveOperation(getHiveOperation(hookContext), false), j);
                }
            }
        }
    }

    private EventDetails.ObjectInfo newTableObjectInfo(String str, String str2, HiveConstants.ObjectUsageType objectUsageType) {
        String nullToEmpty = Strings.nullToEmpty(str2);
        if (nullToEmpty.contains(".")) {
            int indexOf = nullToEmpty.indexOf(".");
            str = nullToEmpty.substring(0, indexOf);
            nullToEmpty = nullToEmpty.substring(indexOf + 1);
        }
        return new EventDetails.ObjectInfo(str, nullToEmpty, HiveConstants.ObjectType.TABLE, JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, objectUsageType);
    }

    private EventDetails.ObjectInfo buildUnlockObjectInfo(UnlockTableDesc unlockTableDesc) {
        return newTableObjectInfo(getCurrentDatabase(), unlockTableDesc.getTableName(), HiveConstants.ObjectUsageType.SOURCE);
    }

    private EventDetails.ObjectInfo buildLockObjectInfo(LockTableDesc lockTableDesc) {
        return newTableObjectInfo(getCurrentDatabase(), lockTableDesc.getTableName(), HiveConstants.ObjectUsageType.SOURCE);
    }

    protected abstract String getHiveOperation(HookContext hookContext);

    private void generateOutputEvents(HiveAuditPipeline hiveAuditPipeline, HookContext hookContext, long j) {
        for (WriteEntity writeEntity : hookContext.getOutputs()) {
            if (HiveUtils.isAuditableType(writeEntity.getType()) && !HiveUtils.isInputEntity(writeEntity, hookContext.getInputs())) {
                generateEvent(hiveAuditPipeline, hookContext, writeEntity, HiveConstants.getAuditOperationFromHiveOperation(getHiveOperation(hookContext), false), j);
            }
        }
    }

    private void generateEvent(HiveAuditPipeline hiveAuditPipeline, HookContext hookContext, WriteEntity writeEntity, String str, long j) {
        hiveAuditPipeline.generateEvent(buildUserInfo(hookContext), HiveUtils.buildObjectInfo(writeEntity, entityHasLocationMethod, HiveConstants.ObjectUsageType.TARGET), buildOperationInfo(hiveAuditPipeline, hookContext, str, j));
    }

    private void generateInputEvents(HiveAuditPipeline hiveAuditPipeline, HookContext hookContext, long j) {
        for (ReadEntity readEntity : hookContext.getInputs()) {
            if (HiveUtils.isAuditableType(readEntity.getType())) {
                generateEvent(hiveAuditPipeline, hookContext, readEntity, HiveConstants.getAuditOperationFromHiveOperation(getHiveOperation(hookContext), true), j);
            }
        }
    }

    private void generateEvent(HiveAuditPipeline hiveAuditPipeline, HookContext hookContext, EventDetails.ObjectInfo objectInfo, String str, long j) {
        hiveAuditPipeline.generateEvent(buildUserInfo(hookContext), objectInfo, buildOperationInfo(hiveAuditPipeline, hookContext, str, j));
    }

    private void generateEvent(HiveAuditPipeline hiveAuditPipeline, HookContext hookContext, ReadEntity readEntity, String str, long j) {
        hiveAuditPipeline.generateEvent(buildUserInfo(hookContext), HiveUtils.buildObjectInfo(readEntity, entityHasLocationMethod, HiveConstants.ObjectUsageType.SOURCE), buildOperationInfo(hiveAuditPipeline, hookContext, str, j));
    }

    private String filterOperationText(HiveAuditPipeline hiveAuditPipeline, String str) {
        return !Boolean.parseBoolean(hiveAuditPipeline.getConfigProperties().getProperty(NavigatorParams.PII_MASKING_ENABLED, "true")) ? str : FilterUtil.maskText(str, hiveAuditPipeline.getMaskingPattern());
    }

    public abstract boolean isHiddenConfig(HiveConf hiveConf, String str);

    @VisibleForTesting
    protected EventDetails.OperationInfo buildOperationInfo(HiveAuditPipeline hiveAuditPipeline, HookContext hookContext, String str, long j) {
        String filterOperationText = filterOperationText(hiveAuditPipeline, hookContext.getQueryPlan().getQueryString());
        SessionState sessionState = SessionState.get();
        HiveConf conf = sessionState == null ? null : sessionState.getConf();
        HashMap newHashMap = Maps.newHashMap();
        if (conf != null) {
            Iterator it = conf.iterator();
            while (it.hasNext()) {
                Map.Entry entry = (Map.Entry) it.next();
                if (!isHiddenConfig(conf, (String) entry.getKey())) {
                    newHashMap.put(entry.getKey(), entry.getValue());
                }
            }
        }
        List completeTaskList = hookContext.getCompleteTaskList();
        List emptyList = Collections.emptyList();
        if (CollectionUtils.isNotEmpty(completeTaskList)) {
            emptyList = Lists.newArrayListWithCapacity(completeTaskList.size());
            Iterator it2 = completeTaskList.iterator();
            while (it2.hasNext()) {
                String jobID = ((TaskRunner) it2.next()).getTask().getJobID();
                if (jobID != null) {
                    emptyList.add(jobID);
                }
            }
        }
        QueryPlan queryPlan = hookContext.getQueryPlan();
        String str2 = JsonProperty.USE_DEFAULT_NAME;
        long j2 = j;
        if (queryPlan != null) {
            str2 = queryPlan.getQueryId();
            j2 = queryPlan.getQueryStartTime().longValue();
            if (j2 == 0) {
                j2 = j;
            }
        }
        return HiveUtils.buildOperationInfo(str2, emptyList, str, filterOperationText, true, j2, j - j2, newHashMap, getQueryState());
    }

    private EventDetails.ObjectInfo buildObjectInfo(CreateDatabaseDesc createDatabaseDesc) {
        return new EventDetails.ObjectInfo(createDatabaseDesc.getName().toLowerCase(), JsonProperty.USE_DEFAULT_NAME, HiveConstants.ObjectType.DATABASE, JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, null);
    }

    private EventDetails.ObjectInfo buildObjectInfo(AlterDatabaseDesc alterDatabaseDesc) {
        return new EventDetails.ObjectInfo(alterDatabaseDesc.getDatabaseName().toLowerCase(), JsonProperty.USE_DEFAULT_NAME, HiveConstants.ObjectType.DATABASE, JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, null);
    }

    private EventDetails.ObjectInfo buildObjectInfo(DropDatabaseDesc dropDatabaseDesc) {
        return new EventDetails.ObjectInfo(dropDatabaseDesc.getDatabaseName().toLowerCase(), JsonProperty.USE_DEFAULT_NAME, HiveConstants.ObjectType.DATABASE, JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, null);
    }

    private EventDetails.ObjectInfo buildObjectInfo(DropIndexDesc dropIndexDesc) {
        return new EventDetails.ObjectInfo(JsonProperty.USE_DEFAULT_NAME, dropIndexDesc.getTableName().toLowerCase(), HiveConstants.ObjectType.INDEX, JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, null);
    }

    private EventDetails.ObjectInfo buildObjectInfo(MsckDesc msckDesc) {
        return new EventDetails.ObjectInfo(JsonProperty.USE_DEFAULT_NAME, msckDesc.getTableName() != null ? msckDesc.getTableName().toLowerCase() : JsonProperty.USE_DEFAULT_NAME, HiveConstants.ObjectType.TABLE, JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, null);
    }

    private EventDetails.ObjectInfo buildPrincipalObjectInfo() {
        return new EventDetails.ObjectInfo(JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, HiveConstants.ObjectType.PRINCIPAL, JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, null);
    }

    private EventDetails.ObjectInfo buildPrivilegeObjectInfo(PrivilegeObjectDesc privilegeObjectDesc) {
        String currentDatabase = getCurrentDatabase();
        String str = JsonProperty.USE_DEFAULT_NAME;
        if (privilegeObjectDesc != null) {
            if (privilegeObjectDesc.getTable()) {
                str = privilegeObjectDesc.getObject();
            } else {
                currentDatabase = privilegeObjectDesc.getObject();
            }
        }
        return new EventDetails.ObjectInfo(currentDatabase, str, HiveConstants.ObjectType.PRINCIPAL, JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, null);
    }

    private EventDetails.HiveUserInfo buildUserInfo(HookContext hookContext) {
        UserInfo userInfo = new UserInfo(hookContext.getUgi().toString());
        String username = userInfo.getUsername();
        if (hasFunction("getUserName") && hookContext.getUserName() != null && !hookContext.getUserName().isEmpty()) {
            username = hookContext.getUserName();
        }
        String str = "unknown";
        if (hasFunction("getIpAddress") && hookContext.getIpAddress() != null) {
            str = hookContext.getIpAddress();
            if (str != null && str.trim().startsWith("/")) {
                str = str.substring(1);
            }
        }
        return new EventDetails.HiveUserInfo(username, userInfo.getImpersonator(), str);
    }

    private String getCurrentDatabase() {
        SessionState sessionState = SessionState.get();
        try {
            return (String) SessionState.class.getMethod("getCurrentDatabase", new Class[0]).invoke(sessionState, new Object[0]);
        } catch (Exception e) {
            try {
                return (String) SessionState.class.getMethod("getCurrentDB", new Class[0]).invoke(sessionState, new Object[0]);
            } catch (Exception e2) {
                return JsonProperty.USE_DEFAULT_NAME;
            }
        }
    }

    protected boolean hasFunction(String str) {
        try {
            HookContext.class.getMethod(str, new Class[0]);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    protected HiveConstants.HiveQueryState getQueryState() {
        return HiveConstants.HiveQueryState.SUCCEEDED;
    }
}
