package com.huawei.security.aos.plugin.extern.hive;

import com.huawei.bigdata.om.author.plugin.extern.AbstractResourcePermissionManager;
import com.huawei.bigdata.om.author.plugin.extern.common.PermissionViewDetail;
import com.huawei.bigdata.om.author.plugin.extern.common.RecursiveType;
import com.huawei.bigdata.om.author.plugin.extern.common.Resource;
import com.huawei.bigdata.om.author.plugin.extern.common.ResourceDependPermission;
import com.huawei.bigdata.om.author.plugin.extern.common.ResourceList;
import com.huawei.bigdata.om.author.plugin.extern.common.ResourcePermission;
import com.huawei.bigdata.om.author.plugin.extern.common.ResourcePermissionList;
import com.huawei.bigdata.om.author.plugin.extern.common.ResourceSetPermission;
import com.huawei.bigdata.om.author.plugin.extern.common.UserIdentity;
import com.huawei.bigdata.om.author.plugin.extern.util.IAuthomPluginUtil;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo;
import org.apache.hadoop.security.MetaStoreClientProxy;

/* loaded from: input_file:com/huawei/security/aos/plugin/extern/hive/AbstractHivePermissionManager.class */
public abstract class AbstractHivePermissionManager extends AbstractResourcePermissionManager {
    private static final Log LOG = LogFactory.getLog(AbstractHivePermissionManager.class);
    private static final PrivValidator nameValidator = new PrivNameValidator();
    private String installPath;
    private IAuthomPluginUtil util;
    private MetaStoreClientProxy metaStoreClientProxy;
    protected int numOfService = 0;
    protected String hiveComponent = HiveAOSConst.COMPONENT_HIVE;
    protected String hiveRole = HiveAOSConst.ROLE_HIVESERVER;
    protected String hiveServerName = HiveAOSConst.SERVICE_NAME_HIVE;

    public int initPlugin(String str, IAuthomPluginUtil iAuthomPluginUtil) {
        LOG.info("Start to init Hive AOS plugin, install path is " + str);
        if (null == str || "".equals(str)) {
            LOG.error("install path is empty:" + str);
            return 0;
        }
        if (null == iAuthomPluginUtil) {
            LOG.error("IAuthomPluginUtil is null.");
            return 0;
        }
        this.installPath = str;
        this.util = iAuthomPluginUtil;
        String componentConfiguration = this.util.getComponentConfiguration(this.hiveComponent, this.hiveRole, HiveAOSConst.CONF_FILE_HIVE_SITE, HiveAOSConst.SERVER2_AUTHENTICATION);
        if (!"KERBEROS".equalsIgnoreCase(componentConfiguration)) {
            LOG.info("Non-secure mode with authentication method: " + componentConfiguration);
            return -1;
        }
        if (null != this.metaStoreClientProxy) {
            this.metaStoreClientProxy.close();
        }
        try {
            this.metaStoreClientProxy = MetaStoreClientProxy.getInstance(this.numOfService, str, iAuthomPluginUtil);
            if (null == this.metaStoreClientProxy) {
                return 0;
            }
            LOG.info("Init Hive AOS plugin finished, result is success.");
            return 1;
        } catch (Exception e) {
            LOG.error("Failed to init metastore client:" + e.toString());
            return 0;
        }
    }

    private Map<String, PermissionViewDetail> initResPermissionDetail(String str, boolean z, boolean z2) {
        HashMap hashMap = new HashMap();
        String[] strArr = null;
        if (HiveAOSConst.RESOURCE_TYPE_DB.equals(str)) {
            strArr = HiveAOSConst.getSupportedDbPrivs();
        } else if (HiveAOSConst.RESOURCE_TYPE_TBL.equals(str)) {
            strArr = HiveAOSConst.getSupportedTblPrivs();
        } else if (HiveAOSConst.RESOURCE_TYPE_COL.equals(str)) {
            strArr = HiveAOSConst.getSupportedColPrivs();
        }
        if (strArr != null) {
            for (String str2 : strArr) {
                PermissionViewDetail permissionViewDetail = new PermissionViewDetail();
                permissionViewDetail.setAlterable(z);
                permissionViewDetail.setDeepPerm(z2);
                hashMap.put(str2, permissionViewDetail);
            }
        }
        return hashMap;
    }

    private Map<String, Boolean> initResPermissions(String str) {
        return initResPermissions(str, false);
    }

    private Map<String, Boolean> initResPermissions(String str, boolean z) {
        HashMap hashMap = new HashMap();
        String[] strArr = null;
        if (HiveAOSConst.RESOURCE_TYPE_DB.equals(str)) {
            strArr = HiveAOSConst.getSupportedDbPrivs();
        } else if (HiveAOSConst.RESOURCE_TYPE_TBL.equals(str)) {
            strArr = HiveAOSConst.getSupportedTblPrivs();
        } else if (HiveAOSConst.RESOURCE_TYPE_COL.equals(str)) {
            strArr = HiveAOSConst.getSupportedColPrivs();
        }
        if (strArr != null) {
            for (String str2 : strArr) {
                hashMap.put(str2, Boolean.valueOf(z));
            }
        }
        return hashMap;
    }

    private ResourcePermissionList buildResourcesPermissionList(List<Resource> list, UserIdentity userIdentity, long j, long j2, String str) {
        ResourcePermission buildResourcePermission;
        ResourcePermissionList resourcePermissionList = new ResourcePermissionList();
        resourcePermissionList.setTotalSubResourceNumber(list.size());
        if (j > list.size()) {
            return resourcePermissionList;
        }
        long j3 = j + j2;
        int size = list.size();
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = null;
        if (HiveAOSConst.RESOURCE_TYPE_COL.equals(str)) {
            hashMap = new HashMap();
            String[] splitNames = MetaStoreClientProxy.getSplitNames(list.get(0).getResourceFullName(), HiveAOSConst.RESOURCE_TYPE_COL);
            if (splitNames != null) {
                Map<String, List<PrivilegeGrantInfo>> tblResourcePriv = this.metaStoreClientProxy.getTblResourcePriv(splitNames[0], splitNames[1], userIdentity);
                List<PrivilegeGrantInfo> list2 = tblResourcePriv != null ? tblResourcePriv.get(userIdentity.getName()) : null;
                if (list2 != null) {
                    for (PrivilegeGrantInfo privilegeGrantInfo : list2) {
                        String lowerCase = privilegeGrantInfo.getPrivilege().toLowerCase();
                        hashMap.put(lowerCase, true);
                        if (privilegeGrantInfo.isGrantOption() && !HiveAOSConst.RESOURCE_TYPE_DB.equalsIgnoreCase(str)) {
                            hashMap.put(HiveAOSConst.PRIVILEGES_GRANT.get(HiveAOSConst.PRIVILEGES.indexOf(lowerCase)), true);
                        }
                    }
                }
            }
        }
        for (int i = (int) j; i < size && i < j3; i++) {
            Resource resource = list.get(i);
            if (!HiveAOSConst.RESOURCE_TYPE_COL.equals(str) || hashMap == null) {
                buildResourcePermission = buildResourcePermission(resource, userIdentity);
            } else if (hashMap.size() == 8) {
                buildResourcePermission = new ResourcePermission();
                buildResourcePermission.setResource(resource);
                Map<String, Boolean> initResPermissions = initResPermissions(str, true);
                Map<String, PermissionViewDetail> initResPermissionDetail = initResPermissionDetail(str, false, false);
                buildResourcePermission.setPermissions(initResPermissions);
                buildResourcePermission.setPermissionViewDetails(initResPermissionDetail);
            } else {
                buildResourcePermission = buildResourcePermission(resource, userIdentity);
                if (buildResourcePermission != null) {
                    Map permissions = buildResourcePermission.getPermissions();
                    HashMap hashMap2 = new HashMap();
                    hashMap2.putAll(permissions);
                    Map permissionViewDetails = buildResourcePermission.getPermissionViewDetails();
                    Iterator it = permissions.entrySet().iterator();
                    while (it.hasNext()) {
                        String str2 = (String) ((Map.Entry) it.next()).getKey();
                        if (hashMap.get(str2) != null && ((Boolean) hashMap.get(str2)).booleanValue()) {
                            ((PermissionViewDetail) permissionViewDetails.get(str2)).setAlterable(false);
                            hashMap2.put(str2, true);
                        }
                    }
                    buildResourcePermission.setPermissions(hashMap2);
                }
            }
            arrayList.add(buildResourcePermission);
        }
        resourcePermissionList.setResourceList(arrayList);
        return resourcePermissionList;
    }

    private ResourcePermission buildResourcePermission(Resource resource, UserIdentity userIdentity) {
        String[] splitNames;
        Map<String, List<PrivilegeGrantInfo>> colResourcePriv;
        String resourceName = resource.getResourceName();
        String resourceFullName = resource.getResourceFullName();
        String resourceType = resource.getResourceType();
        Resource resource2 = new Resource();
        resource2.setResourceName(resource.getResourceName());
        resource2.setResourceType(resourceType);
        resource2.setResourceFullName(resourceFullName);
        ResourcePermission resourcePermission = new ResourcePermission();
        resourcePermission.setResource(resource2);
        Map<String, Boolean> initResPermissions = initResPermissions(resourceType);
        if (HiveAOSConst.RESOURCE_TYPE_DB.equals(resourceType)) {
            colResourcePriv = this.metaStoreClientProxy.getDBResourcePriv(resourceName, userIdentity);
        } else if (HiveAOSConst.RESOURCE_TYPE_TBL.equals(resourceType)) {
            String[] splitNames2 = MetaStoreClientProxy.getSplitNames(resourceFullName, HiveAOSConst.RESOURCE_TYPE_TBL);
            if (splitNames2 == null || splitNames2.length != 2) {
                return null;
            }
            colResourcePriv = this.metaStoreClientProxy.getTblResourcePriv(splitNames2[0], splitNames2[1], userIdentity);
            if (this.metaStoreClientProxy.isView(splitNames2[0], splitNames2[1])) {
                resource2.setResourceType(HiveAOSConst.RESOURCE_TYPE_VIEW);
            }
        } else {
            if (!HiveAOSConst.RESOURCE_TYPE_COL.equals(resourceType) || (splitNames = MetaStoreClientProxy.getSplitNames(resourceFullName, HiveAOSConst.RESOURCE_TYPE_COL)) == null || splitNames.length != 3) {
                return null;
            }
            colResourcePriv = this.metaStoreClientProxy.getColResourcePriv(splitNames[0], splitNames[1], splitNames[2], userIdentity);
        }
        if (null != colResourcePriv && null != initResPermissions) {
            Iterator<Map.Entry<String, List<PrivilegeGrantInfo>>> it = colResourcePriv.entrySet().iterator();
            while (it.hasNext()) {
                for (PrivilegeGrantInfo privilegeGrantInfo : it.next().getValue()) {
                    String lowerCase = privilegeGrantInfo.getPrivilege().toLowerCase(Locale.getDefault());
                    initResPermissions.put(lowerCase, true);
                    if (privilegeGrantInfo.isGrantOption() && !HiveAOSConst.RESOURCE_TYPE_DB.equalsIgnoreCase(resourceType)) {
                        initResPermissions.put(HiveAOSConst.PRIVILEGES_GRANT.get(HiveAOSConst.PRIVILEGES.indexOf(lowerCase)), true);
                    }
                }
            }
        }
        Map<String, PermissionViewDetail> initResPermissionDetail = initResPermissionDetail(resourceType, true, false);
        resourcePermission.setPermissions(initResPermissions);
        resourcePermission.setPermissionViewDetails(initResPermissionDetail);
        return resourcePermission;
    }

    private ResourcePermissionList buildResourcePermissionList(ResourcePermission... resourcePermissionArr) {
        ArrayList arrayList = new ArrayList();
        for (ResourcePermission resourcePermission : resourcePermissionArr) {
            arrayList.add(resourcePermission);
        }
        ResourcePermissionList resourcePermissionList = new ResourcePermissionList();
        resourcePermissionList.setResourceList(arrayList);
        return resourcePermissionList;
    }

    private List<Resource> convertResourceList(List<String> list, String str, String str2) {
        if (str == null) {
            str = "";
        }
        String trim = str.trim();
        ArrayList arrayList = new ArrayList();
        if (list == null) {
            return arrayList;
        }
        for (String str3 : list) {
            arrayList.add(new Resource(str3, "".equals(trim) ? str3 : trim + HiveAOSConst.DB_TBL_SEPARATOR + str3, str2));
        }
        return arrayList;
    }

    public ResourcePermissionList getResourcePermission(String str, Resource resource, UserIdentity userIdentity, boolean z, long j, long j2, String str2) {
        if (str2 != null) {
            str2 = str2.toLowerCase(Locale.getDefault());
        }
        if (!validateArgs(str, j, j2, userIdentity)) {
            return null;
        }
        if (HiveAOSConst.MODEL_SERVICE.equals(str)) {
            Resource resource2 = new Resource("admin", "admin", HiveAOSConst.RESOURCE_TYPE_SERVICE);
            HashMap hashMap = new HashMap();
            hashMap.put(HiveAOSConst.PRIVILEGE_MANAGE, Boolean.valueOf(this.metaStoreClientProxy.listRoleNames(userIdentity).contains("admin")));
            ResourcePermission resourcePermission = new ResourcePermission(resource2, hashMap);
            ArrayList arrayList = new ArrayList();
            arrayList.add(resourcePermission);
            return new ResourcePermissionList(arrayList, 0L);
        }
        if (null == resource) {
            if (!z) {
                return null;
            }
            List<String> arrayList2 = new ArrayList();
            if (null == str2) {
                arrayList2 = this.metaStoreClientProxy.getAllDatabases();
            } else {
                for (String str3 : this.metaStoreClientProxy.getAllDatabases()) {
                    if (str3.toLowerCase(Locale.getDefault()).contains(str2)) {
                        arrayList2.add(str3);
                    }
                }
            }
            return buildResourcesPermissionList(convertResourceList(arrayList2, null, HiveAOSConst.RESOURCE_TYPE_DB), userIdentity, j, j2, HiveAOSConst.RESOURCE_TYPE_DB);
        }
        String resourceName = resource.getResourceName();
        String resourceFullName = resource.getResourceFullName();
        if (null == resourceName || null == resourceFullName) {
            LOG.error("Sub resource name or full name cannot be null.");
            return null;
        }
        if (!z) {
            return buildResourcePermissionList(buildResourcePermission(resource, userIdentity));
        }
        if (HiveAOSConst.RESOURCE_TYPE_DB.equals(resource.getResourceType())) {
            List<String> arrayList3 = new ArrayList();
            if (null == str2) {
                arrayList3 = this.metaStoreClientProxy.getAllTables(resourceName);
            } else {
                for (String str4 : this.metaStoreClientProxy.getAllTables(resourceName)) {
                    if (str4.toLowerCase(Locale.getDefault()).contains(str2)) {
                        arrayList3.add(str4);
                    }
                }
            }
            return buildResourcesPermissionList(convertResourceList(arrayList3, resourceFullName, HiveAOSConst.RESOURCE_TYPE_TBL), userIdentity, j, j2, HiveAOSConst.RESOURCE_TYPE_TBL);
        }
        if (!HiveAOSConst.RESOURCE_TYPE_TBL.equals(resource.getResourceType())) {
            LOG.warn("if recursive,sub resource must be database or table.");
            return null;
        }
        List<String> arrayList4 = new ArrayList();
        if (null == str2) {
            arrayList4 = getAllColNames(resourceFullName);
        } else {
            for (String str5 : getAllColNames(resourceFullName)) {
                if (str5.toLowerCase(Locale.getDefault()).contains(str2)) {
                    arrayList4.add(str5);
                }
            }
        }
        return buildResourcesPermissionList(convertResourceList(arrayList4, resourceFullName, HiveAOSConst.RESOURCE_TYPE_COL), userIdentity, j, j2, HiveAOSConst.RESOURCE_TYPE_COL);
    }

    private boolean validateArgs(String str, long j, long j2, UserIdentity userIdentity) {
        if (null != userIdentity) {
            return validateArgs(str, j, j2);
        }
        LOG.error("uid cannot be null.");
        return false;
    }

    private boolean validateArgs(String str, long j, long j2) {
        if (null == this.metaStoreClientProxy) {
            cleanupPlugin();
            if (1 == initPlugin(this.installPath, this.util)) {
                LOG.error("Initialize plugin failed.");
                return false;
            }
        }
        if (!HiveAOSConst.SUPPORT_MODEL_NAMES.contains(str)) {
            LOG.error("Model name " + str + " does not exist in configuration file.");
            return false;
        }
        if (j >= 0 && j2 >= 0) {
            return true;
        }
        LOG.error("startNum " + j + " or resCount " + j2 + " must be greater than 0.");
        return false;
    }

    private ResourceList buildResourceList(List<String> list, String str, String str2, long j, long j2) {
        ResourceList resourceList = new ResourceList();
        resourceList.setTotalSubResourceNumber(list.size());
        if (j > list.size()) {
            return resourceList;
        }
        if (str == null) {
            str = "";
        }
        String trim = str.trim();
        ArrayList arrayList = new ArrayList();
        long j3 = j + j2;
        int size = list.size();
        for (int i = (int) j; i < size && i < j3; i++) {
            String str3 = list.get(i);
            String str4 = "".equals(trim) ? str3 : trim + HiveAOSConst.DB_TBL_SEPARATOR + str3;
            String str5 = str2;
            if (str2.equals(HiveAOSConst.RESOURCE_TYPE_TBL) && this.metaStoreClientProxy.isView(trim, str3)) {
                str5 = HiveAOSConst.RESOURCE_TYPE_VIEW;
            }
            arrayList.add(new Resource(str3, str4, str5));
        }
        resourceList.setResourceList(arrayList);
        return resourceList;
    }

    public ResourceList getResources(String str, Resource resource, long j, long j2, String str2) {
        if (null != str2) {
            str2 = str2.toLowerCase(Locale.getDefault());
        }
        if (!validateArgs(str, j, j2)) {
            return null;
        }
        if (HiveAOSConst.MODEL_SERVICE.equals(str)) {
            Resource resource2 = new Resource("admin", "admin", HiveAOSConst.RESOURCE_TYPE_SERVICE);
            ArrayList arrayList = new ArrayList();
            arrayList.add(resource2);
            ResourceList resourceList = new ResourceList();
            resourceList.setResourceList(arrayList);
            return resourceList;
        }
        if (null == resource) {
            List<String> arrayList2 = new ArrayList();
            if (null == str2) {
                arrayList2 = this.metaStoreClientProxy.getAllDatabases();
            } else {
                for (String str3 : this.metaStoreClientProxy.getAllDatabases()) {
                    if (str3.toLowerCase(Locale.getDefault()).contains(str2)) {
                        arrayList2.add(str3);
                    }
                }
            }
            return buildResourceList(arrayList2, null, HiveAOSConst.RESOURCE_TYPE_DB, j, j2);
        }
        String resourceType = resource.getResourceType();
        if (!HiveAOSConst.RESOURCE_TYPE_DB.equals(resourceType)) {
            if (!HiveAOSConst.RESOURCE_TYPE_TBL.equals(resourceType)) {
                return null;
            }
            String resourceFullName = resource.getResourceFullName();
            List<String> arrayList3 = new ArrayList();
            if (null == str2) {
                arrayList3 = getAllColNames(resourceFullName);
            } else {
                for (String str4 : getAllColNames(resourceFullName)) {
                    if (str4.toLowerCase(Locale.getDefault()).contains(str2)) {
                        arrayList3.add(str4);
                    }
                }
            }
            return buildResourceList(arrayList3, resourceFullName, HiveAOSConst.RESOURCE_TYPE_COL, j, j2);
        }
        String resourceName = resource.getResourceName();
        if (null == resourceName) {
            LOG.error("Sub resource name cannot be null.");
            return null;
        }
        List<String> arrayList4 = new ArrayList();
        if (null == str2) {
            arrayList4 = this.metaStoreClientProxy.getAllTables(resourceName);
        } else {
            for (String str5 : this.metaStoreClientProxy.getAllTables(resourceName)) {
                if (str5.toLowerCase(Locale.getDefault()).contains(str2)) {
                    arrayList4.add(str5);
                }
            }
        }
        return buildResourceList(arrayList4, resourceName, HiveAOSConst.RESOURCE_TYPE_TBL, j, j2);
    }

    private List<String> getAllColNames(String str) {
        String[] splitNames = MetaStoreClientProxy.getSplitNames(str, HiveAOSConst.RESOURCE_TYPE_TBL);
        if (splitNames == null || splitNames.length != 2) {
            return null;
        }
        return this.metaStoreClientProxy.getAllColumns(splitNames[0], splitNames[1]);
    }

    private boolean grantOrRevokePriv(Map<String, Boolean> map, Resource resource, UserIdentity userIdentity) {
        if (HiveAOSConst.RESOURCE_TYPE_DB.equals(resource.getResourceType())) {
            return grantOrRevokePrivDB(map, resource, userIdentity);
        }
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        for (Map.Entry<String, Boolean> entry : map.entrySet()) {
            String key = entry.getKey();
            if (entry.getValue().booleanValue()) {
                if (HiveAOSConst.PRIVILEGES.contains(key)) {
                    String str = HiveAOSConst.PRIVILEGES_GRANT.get(HiveAOSConst.PRIVILEGES.indexOf(key));
                    hashMap.put(key, Boolean.valueOf(map.containsKey(str) && map.get(str).booleanValue()));
                } else {
                    String str2 = HiveAOSConst.PRIVILEGES.get(HiveAOSConst.PRIVILEGES_GRANT.indexOf(key));
                    if (!map.containsKey(str2)) {
                        hashMap2.put(str2, true);
                        hashMap.put(str2, true);
                    }
                }
            } else if (HiveAOSConst.PRIVILEGES_GRANT.contains(key)) {
                String str3 = HiveAOSConst.PRIVILEGES.get(HiveAOSConst.PRIVILEGES_GRANT.indexOf(key));
                if (map.containsKey(str3) && !map.get(str3).booleanValue()) {
                    hashMap2.put(str3, true);
                } else {
                    hashMap3.put(str3, true);
                }
            } else {
                hashMap2.put(key, true);
            }
        }
        boolean revokePrivilege = hashMap2.isEmpty() ? true : this.metaStoreClientProxy.revokePrivilege(resource, hashMap2, userIdentity, this.hiveServerName, false);
        boolean revokePrivilege2 = hashMap3.isEmpty() ? true : this.metaStoreClientProxy.revokePrivilege(resource, hashMap3, userIdentity, this.hiveServerName, true);
        return (hashMap.isEmpty() ? true : this.metaStoreClientProxy.grantPrivileges(resource, hashMap, userIdentity, this.hiveServerName)) && revokePrivilege && revokePrivilege2;
    }

    private boolean grantOrRevokePrivDB(Map<String, Boolean> map, Resource resource, UserIdentity userIdentity) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        for (Map.Entry<String, Boolean> entry : map.entrySet()) {
            String key = entry.getKey();
            boolean booleanValue = entry.getValue().booleanValue();
            if (HiveAOSConst.PRIVILEGES_DB.contains(key)) {
                if (booleanValue) {
                    hashMap.put(key, false);
                } else {
                    hashMap2.put(key, false);
                }
            }
        }
        return (hashMap2.isEmpty() ? true : this.metaStoreClientProxy.revokePrivilege(resource, hashMap2, userIdentity, this.hiveServerName, false)) && (hashMap.isEmpty() ? true : this.metaStoreClientProxy.grantPrivileges(resource, hashMap, userIdentity, this.hiveServerName));
    }

    public List<ResourceSetPermission> setResourcePermission(List<ResourceSetPermission> list, UserIdentity userIdentity) {
        List<ResourceSetPermission> unmodifiableList = Collections.unmodifiableList(list);
        if (null == this.metaStoreClientProxy) {
            LOG.error("Plugin is not initialized, try to initialize again.");
            cleanupPlugin();
            if (1 != initPlugin(this.installPath, this.util)) {
                LOG.error("Initialize plugin failed.");
                return unmodifiableList;
            }
        }
        if (null == list) {
            LOG.error("Failed to set permissions, permissions is null.");
            return null;
        }
        if (null == userIdentity) {
            LOG.error("Failed to set permissions, uid is null.");
            return unmodifiableList;
        }
        ArrayList arrayList = new ArrayList();
        for (ResourceSetPermission resourceSetPermission : list) {
            ResourcePermission resPerm = resourceSetPermission.getResPerm();
            if (null == resPerm) {
                arrayList.add(resourceSetPermission);
                LOG.error("Failed to set permissions, resource permission is null.");
            } else {
                Resource resource = resPerm.getResource();
                String resourceName = resource.getResourceName();
                String resourceFullName = resource.getResourceFullName();
                if (null == resourceName || null == resourceFullName) {
                    arrayList.add(resourceSetPermission);
                    LOG.error("Resource name " + resourceName + " or resource full name " + resourceFullName + " cannot be null.");
                } else {
                    String resourceType = resource.getResourceType();
                    Map<String, Boolean> permissions = resPerm.getPermissions();
                    if (HiveAOSConst.RESOURCE_TYPE_SERVICE.equals(resourceType)) {
                        if ("admin".equals(resourceName) && "admin".equals(resourceFullName)) {
                            boolean booleanValue = permissions.get(HiveAOSConst.PRIVILEGE_MANAGE).booleanValue();
                            List<String> listRoleNames = this.metaStoreClientProxy.listRoleNames(userIdentity);
                            if (booleanValue) {
                                if (listRoleNames.contains("admin")) {
                                    LOG.info("Already in admin role, ignore.");
                                } else if (!this.metaStoreClientProxy.grantOrRevokeAdminRole(userIdentity, this.hiveServerName, true)) {
                                    arrayList.add(resourceSetPermission);
                                }
                            } else if (!listRoleNames.contains("admin")) {
                                LOG.info("Already not in admin role, ignore.");
                            } else if (!this.metaStoreClientProxy.grantOrRevokeAdminRole(userIdentity, this.hiveServerName, false)) {
                                arrayList.add(resourceSetPermission);
                            }
                        } else {
                            LOG.error("Resource name and resource full name must be 'admin' when set admin permissions.");
                        }
                    } else if (nameValidator.doValidate(permissions, resource)) {
                        Map<String, Boolean> removeUnusedPrivs = removeUnusedPrivs(permissions, resource, userIdentity);
                        LOG.info(removeUnusedPrivs.size() + " privileges left, they are:" + removeUnusedPrivs.toString());
                        if (!removeUnusedPrivs.isEmpty() && !grantOrRevokePriv(removeUnusedPrivs, resource, userIdentity)) {
                            arrayList.add(resourceSetPermission);
                        }
                    } else {
                        arrayList.add(resourceSetPermission);
                    }
                }
            }
        }
        return arrayList;
    }

    private boolean isPrivExist(List<PrivilegeGrantInfo> list, String str) {
        boolean z = false;
        Iterator<PrivilegeGrantInfo> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            PrivilegeGrantInfo next = it.next();
            String lowerCase = next.getPrivilege().toLowerCase(Locale.getDefault());
            boolean isGrantOption = next.isGrantOption();
            if (str.indexOf("grant_of") > -1) {
                int indexOf = HiveAOSConst.PRIVILEGES_GRANT.indexOf(str);
                if (indexOf >= 0 && lowerCase.equals(HiveAOSConst.PRIVILEGES.get(indexOf)) && isGrantOption) {
                    z = true;
                    break;
                }
            } else if (lowerCase.equals(str)) {
                z = true;
                break;
            }
        }
        return z;
    }

    private Map<String, Boolean> removeUnusedPrivs(Map<String, Boolean> map, Resource resource, UserIdentity userIdentity) {
        Map<String, List<PrivilegeGrantInfo>> tblResourcePriv;
        HashMap hashMap = new HashMap();
        if (HiveAOSConst.RESOURCE_TYPE_DB.equals(resource.getResourceType())) {
            tblResourcePriv = this.metaStoreClientProxy.getDBResourcePriv(resource.getResourceName(), userIdentity);
        } else if (HiveAOSConst.RESOURCE_TYPE_TBL.equals(resource.getResourceType()) || HiveAOSConst.RESOURCE_TYPE_VIEW.equals(resource.getResourceType())) {
            String[] splitNames = MetaStoreClientProxy.getSplitNames(resource.getResourceFullName(), HiveAOSConst.RESOURCE_TYPE_TBL);
            if (splitNames == null || splitNames.length != 2) {
                LOG.error("the resource " + resource.getResourceFullName() + " not matches it's type " + resource.getResourceType());
                return hashMap;
            }
            tblResourcePriv = this.metaStoreClientProxy.getTblResourcePriv(splitNames[0], splitNames[1], userIdentity);
        } else {
            if (!HiveAOSConst.RESOURCE_TYPE_COL.equals(resource.getResourceType())) {
                return hashMap;
            }
            String[] splitNames2 = MetaStoreClientProxy.getSplitNames(resource.getResourceFullName(), HiveAOSConst.RESOURCE_TYPE_COL);
            if (splitNames2 == null || splitNames2.length != 3) {
                LOG.error("the resource " + resource.getResourceFullName() + " not matches it's type " + resource.getResourceType());
                return hashMap;
            }
            tblResourcePriv = this.metaStoreClientProxy.getColResourcePriv(splitNames2[0], splitNames2[1], splitNames2[2], userIdentity);
        }
        if (null == tblResourcePriv) {
            return map;
        }
        List<PrivilegeGrantInfo> list = tblResourcePriv.get(userIdentity.getName());
        for (Map.Entry<String, Boolean> entry : map.entrySet()) {
            String key = entry.getKey();
            Boolean value = entry.getValue();
            if (value.booleanValue() && !isPrivExist(list, key)) {
                hashMap.put(key, value);
            }
            if (!value.booleanValue() && isPrivExist(list, key)) {
                hashMap.put(key, value);
            }
        }
        return hashMap;
    }

    public List<ResourceDependPermission> getDependentPermission(List<ResourceSetPermission> list) {
        if (null == list) {
            LOG.error("Failed to get dependent permissions, permissions is null.");
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator<ResourceSetPermission> it = list.iterator();
        while (it.hasNext()) {
            ResourcePermission resPerm = it.next().getResPerm();
            if (null == resPerm) {
                LOG.error("Failed to get dependent permissions, ResourcePermission is null.");
                return null;
            }
            Resource resource = resPerm.getResource();
            Map permissions = resPerm.getPermissions();
            if (null == resource) {
                LOG.error("Failed to get dependent permissions, Resource is null.");
                return null;
            }
            if (null == permissions) {
                LOG.error("Failed to get dependent permissions, permission is null.");
                return null;
            }
            HashMap hashMap = new HashMap();
            for (Map.Entry entry : permissions.entrySet()) {
                String str = (String) entry.getKey();
                if (((Boolean) entry.getValue()).booleanValue()) {
                    int indexOf = HiveAOSConst.PRIVILEGES_GRANT.indexOf(str);
                    if (-1 != indexOf) {
                        String str2 = HiveAOSConst.PRIVILEGES.get(indexOf);
                        Boolean bool = (Boolean) permissions.get(str2);
                        if (null != bool && !bool.booleanValue()) {
                            LOG.error("Failed to get dependent permissions, " + str + " => true and " + str2 + " => false exist at the same time.");
                            return null;
                        }
                        hashMap.put(str2, true);
                    } else {
                        continue;
                    }
                } else {
                    int indexOf2 = HiveAOSConst.PRIVILEGES.indexOf(str);
                    if (-1 != indexOf2) {
                        String str3 = HiveAOSConst.PRIVILEGES_GRANT.get(indexOf2);
                        Boolean bool2 = (Boolean) permissions.get(str3);
                        if (null != bool2 && bool2.booleanValue()) {
                            LOG.error("Failed to get dependent permissions, " + str + " => false and " + str3 + " => true exist at the same time.");
                            return null;
                        }
                        hashMap.put(str3, false);
                    } else {
                        continue;
                    }
                }
            }
            if (hashMap.size() > 0) {
                LOG.info("Get dependent permissions successfully, size is " + hashMap.size());
                arrayList.add(new ResourceSetPermission(new ResourcePermission(resource, hashMap), RecursiveType.ONLY_TOP_RESOURCE));
            }
        }
        ArrayList arrayList2 = new ArrayList();
        if (arrayList.size() > 0) {
            ResourceDependPermission resourceDependPermission = new ResourceDependPermission();
            resourceDependPermission.setComponentName(this.hiveComponent);
            resourceDependPermission.setPermissions(arrayList);
            arrayList2.add(resourceDependPermission);
        }
        return arrayList2;
    }

    public boolean cleanupPlugin() {
        if (null == this.metaStoreClientProxy) {
            return true;
        }
        this.metaStoreClientProxy.close();
        return true;
    }

    public boolean deleteResourcePermission(UserIdentity userIdentity) {
        if (null == userIdentity) {
            LOG.error("Failed to delete resource permission for user, uid is null.");
            return false;
        }
        if (null == this.metaStoreClientProxy) {
            LOG.error("Plugin is not initialized, try to initialize again.");
            cleanupPlugin();
            if (1 != initPlugin(this.installPath, this.util)) {
                LOG.error("Initialize plugin failed.");
                return false;
            }
        }
        return this.metaStoreClientProxy.deleteResourcePermission(userIdentity);
    }

    protected abstract String getComponent();

    protected abstract String getHiveRole();

    protected abstract String getHiveServerName();
}
