package org.apache.hadoop.hive.metastore.multi.operation;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.jdo.PersistenceManager;
import javax.jdo.Query;
import org.apache.commons.collections.CollectionUtils;
import org.apache.hadoop.hive.metastore.HiveMetaStore;
import org.apache.hadoop.hive.metastore.api.InvalidObjectException;
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.hive.metastore.api.NoSuchObjectException;
import org.apache.hadoop.hive.metastore.api.PrincipalType;
import org.apache.hadoop.hive.metastore.api.Role;
import org.apache.hadoop.hive.metastore.api.RolePrincipalGrant;
import org.apache.hadoop.hive.metastore.model.MDBPrivilege;
import org.apache.hadoop.hive.metastore.model.MGlobalPrivilege;
import org.apache.hadoop.hive.metastore.model.MPartitionColumnPrivilege;
import org.apache.hadoop.hive.metastore.model.MPartitionPrivilege;
import org.apache.hadoop.hive.metastore.model.MRole;
import org.apache.hadoop.hive.metastore.model.MRoleMap;
import org.apache.hadoop.hive.metastore.model.MTableColumnPrivilege;
import org.apache.hadoop.hive.metastore.model.MTablePrivilege;
import org.apache.hadoop.hive.metastore.multi.JdoManager;
import org.apache.hadoop.hive.metastore.multi.MultiObjectStore;
import org.apache.hadoop.hive.metastore.multi.Transaction;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hive/metastore/multi/operation/RoleHandler.class */
public class RoleHandler extends IHandler {
    private static final Logger LOG = LoggerFactory.getLogger(RoleHandler.class);
    private PersistenceManager pm;
    private Transaction transaction;
    private JdoManager jdoManager;

    public RoleHandler(MultiObjectStore multiObjectStore) {
        super(multiObjectStore);
    }

    @Override // org.apache.hadoop.hive.metastore.multi.operation.IHandler
    public void initialize() {
        this.pm = this.mStore.getJdoManager().getMasterPM();
        this.transaction = this.mStore.getTransaction();
        this.jdoManager = this.mStore.getJdoManager();
    }

    public boolean addRole(String str, String str2) throws InvalidObjectException, MetaException, NoSuchObjectException {
        try {
            this.transaction.openTransaction(this.pm);
            if (getMRole(this.pm, str) != null) {
                throw new InvalidObjectException("Role " + str + " already exists.");
            }
            this.pm.makePersistent(new MRole(str, (int) (System.currentTimeMillis() / 1000), str2));
            if (!this.transaction.commitTransaction(this.pm)) {
                this.transaction.rollbackTransaction(this.pm);
            }
            return true;
        } catch (Throwable th) {
            if (0 == 0) {
                this.transaction.rollbackTransaction(this.pm);
            }
            throw th;
        }
    }

    public boolean removeRole(String str) throws MetaException, NoSuchObjectException {
        boolean z = false;
        try {
            this.transaction.openTransactionAll();
            MRole mRole = getMRole(this.pm, str);
            this.pm.retrieve(mRole);
            if (mRole != null) {
                List<MRoleMap> listMRoleMembers = listMRoleMembers(this.pm, mRole.getRoleName());
                if (CollectionUtils.isNotEmpty(listMRoleMembers)) {
                    this.pm.deletePersistentAll(listMRoleMembers);
                }
                List<MRoleMap> listMSecurityPrincipalMembershipRole = listMSecurityPrincipalMembershipRole(this.pm, mRole.getRoleName(), PrincipalType.ROLE);
                if (CollectionUtils.isNotEmpty(listMSecurityPrincipalMembershipRole)) {
                    this.pm.deletePersistentAll(listMSecurityPrincipalMembershipRole);
                }
                List<MGlobalPrivilege> listPrincipalMGlobalGrants = this.mStore.getGlobalPrivilegeHandler().listPrincipalMGlobalGrants(this.pm, mRole.getRoleName(), PrincipalType.ROLE);
                if (CollectionUtils.isNotEmpty(listPrincipalMGlobalGrants)) {
                    this.pm.deletePersistentAll(listPrincipalMGlobalGrants);
                }
                List<MDBPrivilege> listPrincipalAllDBGrant = this.mStore.getDatabasePrivilegeHandler().listPrincipalAllDBGrant(this.pm, mRole.getRoleName(), PrincipalType.ROLE);
                if (CollectionUtils.isNotEmpty(listPrincipalAllDBGrant)) {
                    this.pm.deletePersistentAll(listPrincipalAllDBGrant);
                }
                for (PersistenceManager persistenceManager : this.jdoManager.getAllPM()) {
                    List<MTablePrivilege> listPrincipalAllTableGrants = listPrincipalAllTableGrants(persistenceManager, mRole.getRoleName(), PrincipalType.ROLE);
                    if (CollectionUtils.isNotEmpty(listPrincipalAllTableGrants)) {
                        persistenceManager.deletePersistentAll(listPrincipalAllTableGrants);
                    }
                    List<MPartitionPrivilege> listPrincipalAllPartitionGrants = listPrincipalAllPartitionGrants(persistenceManager, mRole.getRoleName(), PrincipalType.ROLE);
                    if (CollectionUtils.isNotEmpty(listPrincipalAllPartitionGrants)) {
                        persistenceManager.deletePersistentAll(listPrincipalAllPartitionGrants);
                    }
                    List<MTableColumnPrivilege> listPrincipalAllTableColumnGrants = listPrincipalAllTableColumnGrants(persistenceManager, mRole.getRoleName(), PrincipalType.ROLE);
                    if (CollectionUtils.isNotEmpty(listPrincipalAllTableColumnGrants)) {
                        persistenceManager.deletePersistentAll(listPrincipalAllTableColumnGrants);
                    }
                    List<MPartitionColumnPrivilege> listPrincipalAllPartitionColumnGrants = listPrincipalAllPartitionColumnGrants(persistenceManager, mRole.getRoleName(), PrincipalType.ROLE);
                    if (CollectionUtils.isNotEmpty(listPrincipalAllPartitionColumnGrants)) {
                        persistenceManager.deletePersistentAll(listPrincipalAllPartitionColumnGrants);
                    }
                }
                this.pm.deletePersistent(mRole);
            }
            z = this.transaction.commitTransactionAll();
            if (!z) {
                this.transaction.rollbackTransactionAll();
            }
            return z;
        } catch (Throwable th) {
            if (!z) {
                this.transaction.rollbackTransactionAll();
            }
            throw th;
        }
    }

    public boolean grantRole(Role role, String str, PrincipalType principalType, String str2, PrincipalType principalType2, boolean z) throws MetaException, NoSuchObjectException, InvalidObjectException {
        try {
            this.transaction.openTransaction(this.pm);
            MRoleMap mRoleMap = null;
            try {
                mRoleMap = getMSecurityUserRoleMap(this.pm, str, principalType, role.getRoleName());
            } catch (Exception e) {
                LOG.error("Query roleMap failed with user={}, principleType={}, roleName={}", new Object[]{str, principalType, role.getRoleName()});
            }
            if (mRoleMap != null) {
                throw new InvalidObjectException("Principal " + str + " already has the role " + role.getRoleName());
            }
            if (principalType == PrincipalType.ROLE) {
                validateRole(str);
            }
            this.pm.makePersistent(new MRoleMap(str, principalType.toString(), getMRole(this.pm, role.getRoleName()), (int) (System.currentTimeMillis() / 1000), str2, principalType2.toString(), z));
            if (!this.transaction.commitTransaction(this.pm)) {
                this.transaction.rollbackTransaction(this.pm);
            }
            return true;
        } catch (Throwable th) {
            if (0 == 0) {
                this.transaction.rollbackTransaction(this.pm);
            }
            throw th;
        }
    }

    public boolean revokeRole(Role role, String str, PrincipalType principalType, boolean z) throws MetaException, NoSuchObjectException {
        try {
            this.transaction.openTransaction(this.pm);
            MRoleMap mSecurityUserRoleMap = getMSecurityUserRoleMap(this.pm, str, principalType, role.getRoleName());
            if (!z) {
                this.pm.deletePersistent(mSecurityUserRoleMap);
            } else {
                if (!mSecurityUserRoleMap.getGrantOption()) {
                    throw new MetaException("User " + str + " does not have grant option with role " + role.getRoleName());
                }
                mSecurityUserRoleMap.setGrantOption(false);
            }
            boolean commitTransaction = this.transaction.commitTransaction(this.pm);
            if (!commitTransaction) {
                this.transaction.rollbackTransaction(this.pm);
            }
            return commitTransaction;
        } catch (Throwable th) {
            if (0 == 0) {
                this.transaction.rollbackTransaction(this.pm);
            }
            throw th;
        }
    }

    public Role getRole(String str) throws NoSuchObjectException {
        MRole mRole = getMRole(this.pm, str);
        if (mRole == null) {
            throw new NoSuchObjectException(str + " role can not be found.");
        }
        return new Role(mRole.getRoleName(), mRole.getCreateTime(), mRole.getOwnerName());
    }

    public List<String> listRoleNames() {
        boolean z = false;
        Query query = null;
        try {
            this.transaction.openTransaction(this.pm);
            LOG.debug("Executing listAllRoleNames");
            query = this.pm.newQuery("select roleName from org.apache.hadoop.hive.metastore.model.MRole");
            query.setResult("roleName");
            Collection collection = (Collection) query.execute();
            ArrayList arrayList = new ArrayList();
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add((String) it.next());
            }
            z = this.transaction.commitTransaction(this.pm);
            this.transaction.rollbackAndCleanup(z, query, this.pm);
            return arrayList;
        } catch (Throwable th) {
            this.transaction.rollbackAndCleanup(z, query, this.pm);
            throw th;
        }
    }

    public List<Role> listRoles(String str, PrincipalType principalType) {
        ArrayList arrayList = new ArrayList();
        List<MRoleMap> listMRoles = listMRoles(str, principalType);
        if (listMRoles != null) {
            Iterator<MRoleMap> it = listMRoles.iterator();
            while (it.hasNext()) {
                MRole role = it.next().getRole();
                arrayList.add(new Role(role.getRoleName(), role.getCreateTime(), role.getOwnerName()));
            }
        }
        return arrayList;
    }

    public List<RolePrincipalGrant> listRolesWithGrants(String str, PrincipalType principalType) {
        ArrayList arrayList = new ArrayList();
        List<MRoleMap> listMRoles = listMRoles(str, principalType);
        if (listMRoles != null) {
            for (MRoleMap mRoleMap : listMRoles) {
                arrayList.add(new RolePrincipalGrant(mRoleMap.getRole().getRoleName(), mRoleMap.getPrincipalName(), PrincipalType.valueOf(mRoleMap.getPrincipalType()), mRoleMap.getGrantOption(), mRoleMap.getAddTime(), mRoleMap.getGrantor(), mRoleMap.getGrantorType() == null ? null : PrincipalType.valueOf(mRoleMap.getGrantorType())));
            }
        }
        return arrayList;
    }

    public List<RolePrincipalGrant> listRoleMembers(String str) {
        List<MRoleMap> listMRoleMembers = listMRoleMembers(this.pm, str);
        ArrayList arrayList = new ArrayList();
        if (listMRoleMembers != null) {
            for (MRoleMap mRoleMap : listMRoleMembers) {
                arrayList.add(new RolePrincipalGrant(mRoleMap.getRole().getRoleName(), mRoleMap.getPrincipalName(), PrincipalType.valueOf(mRoleMap.getPrincipalType()), mRoleMap.getGrantOption(), mRoleMap.getAddTime(), mRoleMap.getGrantor(), mRoleMap.getGrantorType() == null ? null : PrincipalType.valueOf(mRoleMap.getGrantorType())));
            }
        }
        return arrayList;
    }

    public Set<String> listAllRolesInHierarchy(String str, List<String> list) {
        ArrayList arrayList = new ArrayList();
        if (str != null) {
            arrayList.addAll(this.mStore.getRoleHandler().listMRoles(str, PrincipalType.USER));
        }
        if (list != null) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                arrayList.addAll(this.mStore.getRoleHandler().listMRoles(it.next(), PrincipalType.GROUP));
            }
        }
        HashSet hashSet = new HashSet();
        getAllRoleAncestors(hashSet, arrayList);
        return hashSet;
    }

    private void getAllRoleAncestors(Set<String> set, List<MRoleMap> list) {
        Iterator<MRoleMap> it = list.iterator();
        while (it.hasNext()) {
            String roleName = it.next().getRole().getRoleName();
            if (!set.contains(roleName)) {
                List<MRoleMap> listMRoles = this.mStore.getRoleHandler().listMRoles(roleName, PrincipalType.ROLE);
                set.add(roleName);
                getAllRoleAncestors(set, listMRoles);
            }
        }
    }

    public void validateRole(String str) throws NoSuchObjectException {
        if (getMRole(this.pm, str) == null) {
            throw new NoSuchObjectException("Role " + str + " does not exist");
        }
    }

    private MRole getMRole(PersistenceManager persistenceManager, String str) {
        boolean z = false;
        Query query = null;
        try {
            this.transaction.openTransaction(persistenceManager);
            query = persistenceManager.newQuery(MRole.class, "roleName == t1");
            query.declareParameters("java.lang.String t1");
            query.setUnique(true);
            MRole mRole = (MRole) query.execute(str);
            persistenceManager.retrieve(mRole);
            z = this.transaction.commitTransaction(persistenceManager);
            this.transaction.rollbackAndCleanup(z, query, persistenceManager);
            return mRole;
        } catch (Throwable th) {
            this.transaction.rollbackAndCleanup(z, query, persistenceManager);
            throw th;
        }
    }

    public List<MRoleMap> listMRoles(String str, PrincipalType principalType) {
        boolean z = false;
        Query query = null;
        ArrayList arrayList = new ArrayList();
        try {
            LOG.debug("Executing listRoles");
            this.transaction.openTransaction(this.pm);
            query = this.pm.newQuery(MRoleMap.class, "principalName == t1 && principalType == t2");
            query.declareParameters("java.lang.String t1, java.lang.String t2");
            query.setUnique(false);
            List list = (List) query.executeWithArray(str, principalType.toString());
            this.pm.retrieveAll(list);
            z = this.transaction.commitTransaction(this.pm);
            arrayList.addAll(list);
            LOG.debug("Done retrieving all objects for listRoles");
            this.transaction.rollbackAndCleanup(z, query, this.pm);
            if (principalType == PrincipalType.USER) {
                arrayList.add(new MRoleMap(str, principalType.toString(), new MRole(HiveMetaStore.PUBLIC, 0, HiveMetaStore.PUBLIC), 0, null, null, false));
            }
            return arrayList;
        } catch (Throwable th) {
            this.transaction.rollbackAndCleanup(z, query, this.pm);
            throw th;
        }
    }

    private List<MRoleMap> listMRoleMembers(PersistenceManager persistenceManager, String str) {
        boolean z = false;
        Query query = null;
        ArrayList arrayList = new ArrayList();
        try {
            LOG.debug("Executing listRoleMembers");
            this.transaction.openTransaction(persistenceManager);
            query = persistenceManager.newQuery(MRoleMap.class, "role.roleName == t1");
            query.declareParameters("java.lang.String t1");
            query.setUnique(false);
            List list = (List) query.execute(str);
            persistenceManager.retrieveAll(list);
            z = this.transaction.commitTransaction(persistenceManager);
            arrayList.addAll(list);
            LOG.debug("Done retrieving all objects for listRoleMembers");
            this.transaction.rollbackAndCleanup(z, query, persistenceManager);
            return arrayList;
        } catch (Throwable th) {
            this.transaction.rollbackAndCleanup(z, query, persistenceManager);
            throw th;
        }
    }

    private List<MRoleMap> listMSecurityPrincipalMembershipRole(PersistenceManager persistenceManager, String str, PrincipalType principalType) {
        boolean z = false;
        try {
            LOG.debug("Executing listMSecurityPrincipalMembershipRole");
            this.transaction.openTransaction(persistenceManager);
            Query newQuery = persistenceManager.newQuery(MRoleMap.class, "principalName == t1 && principalType == t2");
            newQuery.declareParameters("java.lang.String t1, java.lang.String t2");
            List<MRoleMap> list = (List) newQuery.execute(str, principalType.toString());
            persistenceManager.retrieveAll(list);
            z = this.transaction.commitTransaction(persistenceManager);
            LOG.debug("Done retrieving all objects for listMSecurityPrincipalMembershipRole");
            if (!z) {
                this.transaction.rollbackTransaction(persistenceManager);
            }
            return list;
        } catch (Throwable th) {
            if (!z) {
                this.transaction.rollbackTransaction(persistenceManager);
            }
            throw th;
        }
    }

    private List<MTablePrivilege> listPrincipalAllTableGrants(PersistenceManager persistenceManager, String str, PrincipalType principalType) {
        boolean z = false;
        Query query = null;
        try {
            LOG.debug("Executing listPrincipalAllTableGrants");
            this.transaction.openTransaction(persistenceManager);
            query = persistenceManager.newQuery(MTablePrivilege.class, "principalName == t1 && principalType == t2");
            query.declareParameters("java.lang.String t1, java.lang.String t2");
            List<MTablePrivilege> list = (List) query.execute(str, principalType.toString());
            persistenceManager.retrieveAll(list);
            z = this.transaction.commitTransaction(persistenceManager);
            LOG.debug("Done retrieving all objects for listPrincipalAllTableGrants");
            this.transaction.rollbackAndCleanup(z, query, persistenceManager);
            return list;
        } catch (Throwable th) {
            this.transaction.rollbackAndCleanup(z, query, persistenceManager);
            throw th;
        }
    }

    private List<MPartitionPrivilege> listPrincipalAllPartitionGrants(PersistenceManager persistenceManager, String str, PrincipalType principalType) {
        boolean z = false;
        Query query = null;
        try {
            this.transaction.openTransaction(persistenceManager);
            LOG.debug("Executing listPrincipalAllPartitionGrants");
            query = persistenceManager.newQuery(MPartitionPrivilege.class, "principalName == t1 && principalType == t2");
            query.declareParameters("java.lang.String t1, java.lang.String t2");
            List<MPartitionPrivilege> list = (List) query.execute(str, principalType.toString());
            persistenceManager.retrieveAll(list);
            z = this.transaction.commitTransaction(persistenceManager);
            LOG.debug("Done retrieving all objects for listPrincipalAllPartitionGrants");
            this.transaction.rollbackAndCleanup(z, query, persistenceManager);
            return list;
        } catch (Throwable th) {
            this.transaction.rollbackAndCleanup(z, query, persistenceManager);
            throw th;
        }
    }

    private List<MTableColumnPrivilege> listPrincipalAllTableColumnGrants(PersistenceManager persistenceManager, String str, PrincipalType principalType) {
        boolean z = false;
        Query query = null;
        try {
            LOG.debug("Executing listPrincipalAllTableColumnGrants");
            this.transaction.openTransaction(persistenceManager);
            query = persistenceManager.newQuery(MTableColumnPrivilege.class, "principalName == t1 && principalType == t2");
            query.declareParameters("java.lang.String t1, java.lang.String t2");
            List<MTableColumnPrivilege> list = (List) query.execute(str, principalType.toString());
            persistenceManager.retrieveAll(list);
            z = this.transaction.commitTransaction(persistenceManager);
            LOG.debug("Done retrieving all objects for listPrincipalAllTableColumnGrants");
            this.transaction.rollbackAndCleanup(z, query, persistenceManager);
            return list;
        } catch (Throwable th) {
            this.transaction.rollbackAndCleanup(z, query, persistenceManager);
            throw th;
        }
    }

    private List<MPartitionColumnPrivilege> listPrincipalAllPartitionColumnGrants(PersistenceManager persistenceManager, String str, PrincipalType principalType) {
        boolean z = false;
        Query query = null;
        try {
            LOG.debug("Executing listPrincipalAllTableColumnGrants");
            this.transaction.openTransaction(persistenceManager);
            query = persistenceManager.newQuery(MPartitionColumnPrivilege.class, "principalName == t1 && principalType == t2");
            query.declareParameters("java.lang.String t1, java.lang.String t2");
            List<MPartitionColumnPrivilege> list = (List) query.execute(str, principalType.toString());
            persistenceManager.retrieveAll(list);
            z = this.transaction.commitTransaction(persistenceManager);
            LOG.debug("Done retrieving all objects for listPrincipalAllTableColumnGrants");
            this.transaction.rollbackAndCleanup(z, query, persistenceManager);
            return list;
        } catch (Throwable th) {
            this.transaction.rollbackAndCleanup(z, query, persistenceManager);
            throw th;
        }
    }

    private MRoleMap getMSecurityUserRoleMap(PersistenceManager persistenceManager, String str, PrincipalType principalType, String str2) {
        boolean z = false;
        Query query = null;
        try {
            this.transaction.openTransaction(persistenceManager);
            query = persistenceManager.newQuery(MRoleMap.class, "principalName == t1 && principalType == t2 && role.roleName == t3");
            query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3");
            query.setUnique(true);
            MRoleMap mRoleMap = (MRoleMap) query.executeWithArray(str, principalType.toString(), str2);
            persistenceManager.retrieve(mRoleMap);
            z = this.transaction.commitTransaction(persistenceManager);
            this.transaction.rollbackAndCleanup(z, query, persistenceManager);
            return mRoleMap;
        } catch (Throwable th) {
            this.transaction.rollbackAndCleanup(z, query, persistenceManager);
            throw th;
        }
    }
}
