package org.apache.ranger.authorization.hive.authorizer;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.IMetaStoreClient;
import org.apache.hadoop.hive.metastore.api.GetRoleGrantsForPrincipalRequest;
import org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege;
import org.apache.hadoop.hive.metastore.api.HiveObjectRef;
import org.apache.hadoop.hive.metastore.api.PrincipalType;
import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo;
import org.apache.hadoop.hive.metastore.api.RolePrincipalGrant;
import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant;

/* loaded from: input_file:org/apache/ranger/authorization/hive/authorizer/HivePreviousPrivileges.class */
public class HivePreviousPrivileges {
    private IMetaStoreClient mClient;
    private HiveConf mHiveConf;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.ranger.authorization.hive.authorizer.HivePreviousPrivileges$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/ranger/authorization/hive/authorizer/HivePreviousPrivileges$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType = new int[org.apache.hadoop.hive.metastore.api.HiveObjectType.values().length];

        static {
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType[org.apache.hadoop.hive.metastore.api.HiveObjectType.DATABASE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType[org.apache.hadoop.hive.metastore.api.HiveObjectType.TABLE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType[org.apache.hadoop.hive.metastore.api.HiveObjectType.COLUMN.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public HivePreviousPrivileges(IMetaStoreClient iMetaStoreClient, HiveConf hiveConf) {
        this.mClient = iMetaStoreClient;
        this.mHiveConf = hiveConf;
    }

    public boolean enable() {
        return this.mHiveConf.getBoolean(HiveConf.ConfVars.HIVE_EXT_RANGER_PREVIOUS_PRIVILEGES_ENABLE.varname, false);
    }

    public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal hivePrincipal) throws HiveAuthzPluginException {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator it = this.mClient.get_role_grants_for_principal(new GetRoleGrantsForPrincipalRequest(hivePrincipal.getName(), AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType()))).getPrincipalGrants().iterator();
            while (it.hasNext()) {
                arrayList.add(new HiveRoleGrant((RolePrincipalGrant) it.next()));
            }
            return arrayList;
        } catch (Exception e) {
            throw new HiveAuthzPluginException("Error getting role grant information for user: " + e.getMessage(), e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v18, types: [java.util.List] */
    public List<HivePrivilegeInfo> showPreviousPrivileges(HivePrincipal hivePrincipal, HivePrivilegeObject hivePrivilegeObject) throws HiveAuthzPluginException {
        try {
            ArrayList arrayList = new ArrayList();
            String name = hivePrincipal == null ? null : hivePrincipal.getName();
            PrincipalType thriftPrincipalType = hivePrincipal == null ? null : AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType());
            ArrayList<HiveObjectPrivilege> arrayList2 = new ArrayList();
            List<String> columns = hivePrivilegeObject.getColumns();
            if (columns == null || columns.isEmpty()) {
                arrayList2 = this.mClient.list_privileges(name, thriftPrincipalType, getThriftHiveObjectRef(hivePrivilegeObject, null));
            } else {
                for (String str : columns) {
                    hivePrivilegeObject.setType(HivePrivilegeObject.HivePrivilegeObjectType.COLUMN);
                    arrayList2.addAll(this.mClient.list_privileges(name, thriftPrincipalType, getThriftHiveObjectRef(hivePrivilegeObject, str)));
                }
            }
            for (HiveObjectPrivilege hiveObjectPrivilege : arrayList2) {
                HivePrincipal hivePrincipal2 = new HivePrincipal(hiveObjectPrivilege.getPrincipalName(), AuthorizationUtils.getHivePrincipalType(hiveObjectPrivilege.getPrincipalType()));
                PrivilegeGrantInfo grantInfo = hiveObjectPrivilege.getGrantInfo();
                HivePrivilege hivePrivilege = new HivePrivilege(grantInfo.getPrivilege(), (List) null);
                HiveObjectRef hiveObject = hiveObjectPrivilege.getHiveObject();
                if (isSupportedObjectType(hiveObject.getObjectType())) {
                    arrayList.add(new HivePrivilegeInfo(hivePrincipal2, hivePrivilege, new HivePrivilegeObject(getPluginPrivilegeObjType(hiveObject.getObjectType()), hiveObject.getDbName(), hiveObject.getObjectName(), hiveObject.getPartValues(), hiveObject.getColumnName()), new HivePrincipal(grantInfo.getGrantor(), AuthorizationUtils.getHivePrincipalType(grantInfo.getGrantorType())), grantInfo.isGrantOption(), grantInfo.getCreateTime()));
                }
            }
            return arrayList;
        } catch (Exception e) {
            throw getPluginException("Error showing privileges", e);
        }
    }

    private static HiveObjectRef getThriftHiveObjectRef(HivePrivilegeObject hivePrivilegeObject) throws HiveAuthzPluginException {
        try {
            return AuthorizationUtils.getThriftHiveObjectRef(hivePrivilegeObject);
        } catch (HiveException e) {
            throw new HiveAuthzPluginException(e);
        }
    }

    private boolean isSupportedObjectType(org.apache.hadoop.hive.metastore.api.HiveObjectType hiveObjectType) {
        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType[hiveObjectType.ordinal()]) {
            case 1:
            case 2:
                return true;
            case 3:
                return true;
            default:
                return false;
        }
    }

    private HiveAuthzPluginException getPluginException(String str, Exception exc) {
        return new HiveAuthzPluginException(str + ": " + exc.getMessage(), exc);
    }

    private HiveObjectRef getThriftHiveObjectRef(HivePrivilegeObject hivePrivilegeObject, String str) throws HiveAuthzPluginException {
        try {
            return AuthorizationUtils.getThriftHiveObjectRef(hivePrivilegeObject, str);
        } catch (HiveException e) {
            throw new HiveAuthzPluginException(e);
        }
    }

    private static HivePrivilegeObject.HivePrivilegeObjectType getPluginPrivilegeObjType(org.apache.hadoop.hive.metastore.api.HiveObjectType hiveObjectType) {
        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType[hiveObjectType.ordinal()]) {
            case 1:
                return HivePrivilegeObject.HivePrivilegeObjectType.DATABASE;
            case 2:
                return HivePrivilegeObject.HivePrivilegeObjectType.TABLE_OR_VIEW;
            default:
                throw new AssertionError("Unexpected object type " + hiveObjectType);
        }
    }
}
