package org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.hadoop.hive.metastore.IMetaStoreClient;
import org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege;
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.hive.metastore.api.PrincipalType;
import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo;
import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import org.apache.thrift.TException;

/* loaded from: input_file:org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/RevokePrivAuthUtils.class */
public class RevokePrivAuthUtils {
    public static List<HiveObjectPrivilege> authorizeAndGetRevokePrivileges(List<HivePrincipal> list, List<HivePrivilege> list2, HivePrivilegeObject hivePrivilegeObject, boolean z, IMetaStoreClient iMetaStoreClient, String str, boolean z2) throws HiveAuthzPluginException, HiveAccessControlException {
        HiveObjectPrivilege hiveObjectPrivilege;
        ArrayList arrayList = new ArrayList();
        StringBuilder sb = new StringBuilder();
        for (HivePrincipal hivePrincipal : list) {
            HashMap hashMap = new HashMap();
            Map<String, List<HiveObjectPrivilege>> columnPrivileges = getColumnPrivileges(hivePrincipal, list2, hivePrivilegeObject, iMetaStoreClient);
            List<HiveObjectPrivilege> privileges = getPrivileges(hivePrincipal, list2, hivePrivilegeObject, iMetaStoreClient);
            Map<String, Map<String, HiveObjectPrivilege>> convertColumnPrivilges = convertColumnPrivilges(columnPrivileges, str, z2);
            Map<String, HiveObjectPrivilege> convertPrivileges = convertPrivileges(privileges, str, z2);
            for (HivePrivilege hivePrivilege : list2) {
                List<String> columns = hivePrivilege.getColumns();
                String name = hivePrivilege.getName();
                if (columns == null || columns.isEmpty()) {
                    HiveObjectPrivilege hiveObjectPrivilege2 = convertPrivileges.get(name);
                    if (hiveObjectPrivilege2 != null) {
                        arrayList.add(hiveObjectPrivilege2);
                    } else {
                        sb.append("Cannot find privilege ").append(hivePrivilege).append(" for ").append(hivePrincipal).append(" on ").append(hivePrivilegeObject).append(" granted by ").append(str).append(System.getProperty("line.separator"));
                    }
                } else {
                    for (String str2 : columns) {
                        Map<String, HiveObjectPrivilege> map = convertColumnPrivilges.get(str2);
                        boolean z3 = false;
                        if (map != null && (hiveObjectPrivilege = map.get(name)) != null) {
                            arrayList.add(hiveObjectPrivilege);
                            z3 = true;
                        }
                        if (!z3) {
                            Set set = (Set) hashMap.get(str2);
                            if (set == null) {
                                set = new HashSet();
                            }
                            set.add(hivePrivilege.getName());
                            hashMap.put(str2, set);
                        }
                    }
                }
            }
            if (!hashMap.isEmpty()) {
                for (Map.Entry entry : hashMap.entrySet()) {
                    sb.append("Cannot find privilege ").append("Privilege [name=" + entry.getValue() + "]").append(" for ").append(hivePrincipal).append(" on ").append(HivePrivilegeObject.convertColToString(hivePrivilegeObject, (String) entry.getKey())).append(" granted by ").append(str).append(System.getProperty("line.separator"));
                }
            }
        }
        if (sb.length() != 0) {
            throw new HiveAccessControlException(sb.toString());
        }
        return arrayList;
    }

    private static Map<String, List<HiveObjectPrivilege>> getColumnPrivileges(HivePrincipal hivePrincipal, List<HivePrivilege> list, HivePrivilegeObject hivePrivilegeObject, IMetaStoreClient iMetaStoreClient) throws HiveAuthzPluginException {
        HashMap hashMap = new HashMap();
        Iterator<HivePrivilege> it = list.iterator();
        while (it.hasNext()) {
            List<String> columns = it.next().getColumns();
            if (columns != null) {
                for (String str : columns) {
                    if (((List) hashMap.get(str)) == null) {
                        try {
                            hashMap.put(str, iMetaStoreClient.list_privileges(hivePrincipal.getName(), AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType()), SQLAuthorizationUtils.getThriftHiveObjectRef(hivePrivilegeObject, str)));
                        } catch (MetaException e) {
                            throw new HiveAuthzPluginException((Throwable) e);
                        } catch (TException e2) {
                            throw new HiveAuthzPluginException((Throwable) e2);
                        }
                    }
                }
            }
        }
        return hashMap;
    }

    private static Map<String, Map<String, HiveObjectPrivilege>> convertColumnPrivilges(Map<String, List<HiveObjectPrivilege>> map, String str, boolean z) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, List<HiveObjectPrivilege>> entry : map.entrySet()) {
            String key = entry.getKey();
            List<HiveObjectPrivilege> value = entry.getValue();
            HashMap hashMap2 = new HashMap();
            for (HiveObjectPrivilege hiveObjectPrivilege : value) {
                PrivilegeGrantInfo grantInfo = hiveObjectPrivilege.getGrantInfo();
                if (grantInfo.getGrantor() != null && (grantInfo.getGrantor().equals(str) || z)) {
                    if (grantInfo.getGrantorType() == PrincipalType.USER || grantInfo.getGrantorType() == PrincipalType.GROUP || grantInfo.getGrantorType() == PrincipalType.ROLE) {
                        hashMap2.put(grantInfo.getPrivilege(), hiveObjectPrivilege);
                    }
                }
            }
            hashMap.put(key, hashMap2);
        }
        return hashMap;
    }

    private static List<HiveObjectPrivilege> getPrivileges(HivePrincipal hivePrincipal, List<HivePrivilege> list, HivePrivilegeObject hivePrivilegeObject, IMetaStoreClient iMetaStoreClient) throws HiveAuthzPluginException {
        List<HiveObjectPrivilege> list2 = null;
        Iterator<HivePrivilege> it = list.iterator();
        while (it.hasNext()) {
            List<String> columns = it.next().getColumns();
            if (columns == null || columns.isEmpty()) {
                try {
                    list2 = iMetaStoreClient.list_privileges(hivePrincipal.getName(), AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType()), SQLAuthorizationUtils.getThriftHiveObjectRef(hivePrivilegeObject, null));
                } catch (TException e) {
                    throw new HiveAuthzPluginException((Throwable) e);
                } catch (MetaException e2) {
                    throw new HiveAuthzPluginException((Throwable) e2);
                }
            }
        }
        return list2;
    }

    static Map<String, HiveObjectPrivilege> convertPrivileges(List<HiveObjectPrivilege> list, String str, boolean z) {
        HashMap hashMap = new HashMap();
        if (list != null) {
            for (HiveObjectPrivilege hiveObjectPrivilege : list) {
                PrivilegeGrantInfo grantInfo = hiveObjectPrivilege.getGrantInfo();
                if (grantInfo.getGrantor() != null && (grantInfo.getGrantor().equals(str) || z)) {
                    if (grantInfo.getGrantorType() == PrincipalType.USER || grantInfo.getGrantorType() == PrincipalType.GROUP || grantInfo.getGrantorType() == PrincipalType.ROLE) {
                        hashMap.put(grantInfo.getPrivilege(), hiveObjectPrivilege);
                    }
                }
            }
        }
        return hashMap;
    }
}
