package org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.IMetaStoreClient;
import org.apache.hadoop.hive.ql.Driver;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationValidator;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.Operation2Privilege;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.class */
public class SQLStdHiveAuthorizationValidator implements HiveAuthorizationValidator {
    private final HiveMetastoreClientFactory metastoreClientFactory;
    private final HiveConf conf;
    private final HiveAuthenticationProvider authenticator;
    private final SQLStdHiveAccessControllerWrapper privController;
    private final HiveAuthzSessionContext ctx;
    public static final Logger LOG = LoggerFactory.getLogger(SQLStdHiveAuthorizationValidator.class);
    private final String[] ignoreCheckFSPrefixes;
    public static final int CREATE_TABLE_HQL_CUT_LEN = 500;

    public SQLStdHiveAuthorizationValidator(HiveMetastoreClientFactory hiveMetastoreClientFactory, HiveConf hiveConf, HiveAuthenticationProvider hiveAuthenticationProvider, SQLStdHiveAccessControllerWrapper sQLStdHiveAccessControllerWrapper, HiveAuthzSessionContext hiveAuthzSessionContext) throws HiveAuthzPluginException {
        this.metastoreClientFactory = hiveMetastoreClientFactory;
        this.conf = hiveConf;
        this.authenticator = hiveAuthenticationProvider;
        this.privController = sQLStdHiveAccessControllerWrapper;
        this.ctx = SQLAuthorizationUtils.applyTestSettings(hiveAuthzSessionContext, hiveConf);
        this.ignoreCheckFSPrefixes = HiveConf.getTrimmedStringsVar(hiveConf, HiveConf.ConfVars.HIVE_AUTHORIZATION_IGNORE_FS_PRIV_PREFIXES);
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationValidator
    public void checkPrivileges(HiveOperationType hiveOperationType, List<HivePrivilegeObject> list, List<HivePrivilegeObject> list2, HiveAuthzContext hiveAuthzContext) throws HiveAuthzPluginException, HiveAccessControlException {
        if (LOG.isDebugEnabled()) {
            String str = "Checking privileges for operation " + hiveOperationType + " by user " + this.authenticator.getUserName() + " on  input objects " + list + " and output objects " + list2 + ". Context Info: " + hiveAuthzContext;
            if (!Driver.SQL_LOG_ENABLE) {
                str = "Checking privileges for operation " + hiveOperationType + " by user " + this.authenticator.getUserName() + " on  input objects " + list + " and output objects " + list2 + ". ";
            }
            LOG.debug(str);
        }
        String userName = this.authenticator.getUserName();
        List<String> groupNames = this.authenticator.getGroupNames();
        IMetaStoreClient hiveMetastoreClient = this.metastoreClientFactory.getHiveMetastoreClient();
        ArrayList arrayList = new ArrayList();
        checkPrivileges(hiveOperationType, list, hiveMetastoreClient, userName, groupNames, Operation2Privilege.IOType.INPUT, arrayList, hiveAuthzContext);
        checkPrivileges(hiveOperationType, list2, hiveMetastoreClient, userName, groupNames, Operation2Privilege.IOType.OUTPUT, arrayList, hiveAuthzContext);
        SQLAuthorizationUtils.assertNoDeniedPermissions(new HivePrincipal(userName, HivePrincipal.HivePrincipalType.USER), hiveOperationType, arrayList);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:64:0x018d. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:146:0x0518 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:150:0x0085 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void checkPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType r9, java.util.List<org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject> r10, org.apache.hadoop.hive.metastore.IMetaStoreClient r11, java.lang.String r12, java.util.List<java.lang.String> r13, org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.Operation2Privilege.IOType r14, java.util.List<java.lang.String> r15, org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext r16) throws org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException, org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException {
        /*
            Method dump skipped, instructions count: 1326
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizationValidator.checkPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType, java.util.List, org.apache.hadoop.hive.metastore.IMetaStoreClient, java.lang.String, java.util.List, org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.Operation2Privilege$IOType, java.util.List, org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext):void");
    }

    private boolean isDatabaseUri(Path path, IMetaStoreClient iMetaStoreClient) {
        boolean z = false;
        try {
            Iterator it = iMetaStoreClient.getAllDatabases().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (iMetaStoreClient.getDatabase((String) it.next()).getLocationUri().equals(path.toUri().toString())) {
                    z = true;
                    break;
                }
            }
        } catch (TException e) {
            LOG.error("Failed to get databases Uri " + path, e);
        }
        return z;
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationValidator
    public List<HivePrivilegeObject> filterListCmdObjects(List<HivePrivilegeObject> list, HiveAuthzContext hiveAuthzContext) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Obtained following objects in  filterListCmdObjects " + list + " for user " + this.authenticator.getUserName() + ". Context Info: " + hiveAuthzContext);
        }
        return list;
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationValidator
    public boolean needTransform() {
        return false;
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationValidator
    public List<HivePrivilegeObject> applyRowFilterAndColumnMasking(HiveAuthzContext hiveAuthzContext, List<HivePrivilegeObject> list) throws SemanticException {
        return null;
    }
}
