package org.apache.ranger.authorization.spark.authorizer;

import java.io.File;
import java.io.IOException;
import java.util.Collection;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.apache.spark.SparkEnv$;
import org.apache.spark.sql.SparkRangerUtils$;
import scala.Array$;
import scala.Predef$;
import scala.collection.mutable.ArrayOps;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;

/* compiled from: RangerSparkPlugin.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005\u0015d\u0001B\u000f\u001f\u0001-B\u0001\u0002\u000e\u0001\u0003\u0006\u0004%\t!\u000e\u0005\t}\u0001\u0011\t\u0011)A\u0005m!)q\b\u0001C\u0001\u0001\"9A\t\u0001b\u0001\n\u0013)\u0005B\u0002(\u0001A\u0003%a\tC\u0004P\u0001\t\u0007I\u0011\u0002)\t\re\u0003\u0001\u0015!\u0003R\u0011!Q\u0006\u0001#b\u0001\n\u0003Y\u0006\"\u00027\u0001\t\u0003j\u0007\"B9\u0001\t\u0013i\u0007\"\u0002:\u0001\t\u0003\u001a\b\"\u0002:\u0001\t\u0003z\bB\u0002:\u0001\t\u0003\n\u0019\u0002\u0003\u0004s\u0001\u0011\u0005\u0013\u0011E\u0004\b\u0003Oq\u0002\u0012AA\u0015\r\u0019ib\u0004#\u0001\u0002,!1q\b\u0005C\u0001\u0003gA1\"!\u000e\u0011\u0001\u0004\u0005\r\u0011\"\u0003\u00028!Y\u0011\u0011\b\tA\u0002\u0003\u0007I\u0011BA\u001e\u0011)\t\t\u0005\u0005a\u0001\u0002\u0003\u0006K!\u0011\u0005\t\u0003\u0017\u0002\"\u0019!C\u0001k!9\u0011Q\n\t!\u0002\u00131\u0004\"CA(!\t\u0007I\u0011AA)\u0011\u001d\t\u0019\u0006\u0005Q\u0001\n\tDq!!\u0016\u0011\t\u0003\t9F\u0002\u0004\u0002^A\u0001\u0011q\f\u0005\u0007\u007fi!\t!a\u0016\t\u000f\u0005\u0005$\u0004\"\u0001\u0002d\t\t\"+\u00198hKJ\u001c\u0006/\u0019:l!2,x-\u001b8\u000b\u0005}\u0001\u0013AC1vi\"|'/\u001b>fe*\u0011\u0011EI\u0001\u0006gB\f'o\u001b\u0006\u0003G\u0011\nQ\"Y;uQ>\u0014\u0018N_1uS>t'BA\u0013'\u0003\u0019\u0011\u0018M\\4fe*\u0011q\u0005K\u0001\u0007CB\f7\r[3\u000b\u0003%\n1a\u001c:h\u0007\u0001\u0019\"\u0001\u0001\u0017\u0011\u00055\u0012T\"\u0001\u0018\u000b\u0005=\u0002\u0014aB:feZL7-\u001a\u0006\u0003c\u0011\na\u0001\u001d7vO&t\u0017BA\u001a/\u0005A\u0011\u0016M\\4fe\n\u000b7/\u001a)mk\u001eLg.\u0001\u0007qYV<\u0017N\\\"p]\u001aLw-F\u00017!\t9D(D\u00019\u0015\tI$(\u0001\u0004d_:4\u0017n\u001a\u0006\u0003w\t\na\u0001[1e_>\u0004\u0018BA\u001f9\u0005I\u0011\u0016M\\4feBcWoZ5o\u0007>tg-[4\u0002\u001bAdWoZ5o\u0007>tg-[4!\u0003\u0019a\u0014N\\5u}Q\u0011\u0011i\u0011\t\u0003\u0005\u0002i\u0011A\b\u0005\u0006i\r\u0001\rAN\u0001\u0004\u0019>;U#\u0001$\u0011\u0005\u001dcU\"\u0001%\u000b\u0005%S\u0015a\u00027pO\u001eLgn\u001a\u0006\u0003\u0017\u001a\nqaY8n[>t7/\u0003\u0002N\u0011\n\u0019Aj\\4\u0002\t1{u\tI\u0001\rgB\f'o[!qa:\u000bW.Z\u000b\u0002#B\u0011!kV\u0007\u0002'*\u0011A+V\u0001\u0005Y\u0006twMC\u0001W\u0003\u0011Q\u0017M^1\n\u0005a\u001b&AB*ue&tw-A\u0007ta\u0006\u00148.\u00119q\u001d\u0006lW\rI\u0001\tMN\u001c6\r[3nKV\tA\fE\u0002^A\nl\u0011A\u0018\u0006\u0002?\u0006)1oY1mC&\u0011\u0011M\u0018\u0002\u0006\u0003J\u0014\u0018-\u001f\t\u0003G*t!\u0001\u001a5\u0011\u0005\u0015tV\"\u00014\u000b\u0005\u001dT\u0013A\u0002\u001fs_>$h(\u0003\u0002j=\u00061\u0001K]3eK\u001aL!\u0001W6\u000b\u0005%t\u0016\u0001B5oSR$\u0012A\u001c\t\u0003;>L!\u0001\u001d0\u0003\tUs\u0017\u000e^\u0001\u000fCV$\b\u000eV8K\u0003\u0006\u001bf)\u001b7f\u0003=I7/Q2dKN\u001c\u0018\t\u001c7po\u0016$GC\u0001;{!\t)\b0D\u0001w\u0015\t9\b'\u0001\u0007q_2L7-_3oO&tW-\u0003\u0002zm\n\u0011\"+\u00198hKJ\f5mY3tgJ+7/\u001e7u\u0011\u0015Y8\u00021\u0001}\u0003\u001d\u0011X-];fgR\u0004\"!^?\n\u0005y4(a\u0005*b]\u001e,'/Q2dKN\u001c(+Z9vKN$H\u0003BA\u0001\u0003\u001b\u0001R!a\u0001\u0002\nQl!!!\u0002\u000b\u0007\u0005\u001dQ+\u0001\u0003vi&d\u0017\u0002BA\u0006\u0003\u000b\u0011!bQ8mY\u0016\u001cG/[8o\u0011\u001d\ty\u0001\u0004a\u0001\u0003#\t\u0001B]3rk\u0016\u001cHo\u001d\t\u0006\u0003\u0007\tI\u0001 \u000b\u0006i\u0006U\u0011q\u0003\u0005\u0006w6\u0001\r\u0001 \u0005\b\u00033i\u0001\u0019AA\u000e\u0003=\u0011Xm];miB\u0013xnY3tg>\u0014\bcA;\u0002\u001e%\u0019\u0011q\u0004<\u00037I\u000bgnZ3s\u0003\u000e\u001cWm]:SKN,H\u000e\u001e)s_\u000e,7o]8s)\u0019\t\t!a\t\u0002&!9\u0011q\u0002\bA\u0002\u0005E\u0001bBA\r\u001d\u0001\u0007\u00111D\u0001\u0012%\u0006tw-\u001a:Ta\u0006\u00148\u000e\u00157vO&t\u0007C\u0001\"\u0011'\r\u0001\u0012Q\u0006\t\u0004;\u0006=\u0012bAA\u0019=\n1\u0011I\\=SK\u001a$\"!!\u000b\u0002\u0017M\u0004\u0018M]6QYV<\u0017N\\\u000b\u0002\u0003\u0006y1\u000f]1sWBcWoZ5o?\u0012*\u0017\u000fF\u0002o\u0003{A\u0001\"a\u0010\u0014\u0003\u0003\u0005\r!Q\u0001\u0004q\u0012\n\u0014\u0001D:qCJ\\\u0007\u000b\\;hS:\u0004\u0003f\u0001\u000b\u0002FA\u0019Q,a\u0012\n\u0007\u0005%cL\u0001\u0005w_2\fG/\u001b7f\u0003)\u0011\u0018M\\4fe\u000e{gNZ\u0001\fe\u0006tw-\u001a:D_:4\u0007%A\ttQ><8i\u001c7v[:\u001cx\n\u001d;j_:,\u0012AY\u0001\u0013g\"|woQ8mk6t7o\u00149uS>t\u0007%A\u0003ck&dG\r\u0006\u0002\u0002ZA\u0019\u00111\f\u000e\u000e\u0003A\u0011qAQ;jY\u0012,'oE\u0002\u001b\u0003[\t1bZ3u\u001fJ\u001c%/Z1uKR\t\u0011\t")
/* loaded from: input_file:org/apache/ranger/authorization/spark/authorizer/RangerSparkPlugin.class */
public class RangerSparkPlugin extends RangerBasePlugin {
    private String[] fsScheme;
    private final RangerPluginConfig pluginConfig;
    private final Log LOG;
    private final String sparkAppName;
    private volatile boolean bitmap$0;

    /* compiled from: RangerSparkPlugin.scala */
    /* loaded from: input_file:org/apache/ranger/authorization/spark/authorizer/RangerSparkPlugin$Builder.class */
    public static class Builder {
        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v15, types: [org.apache.ranger.authorization.spark.authorizer.RangerSparkPlugin$] */
        /* JADX WARN: Type inference failed for: r0v4 */
        /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Throwable] */
        public RangerSparkPlugin getOrCreate() {
            if (RangerSparkPlugin$.MODULE$.org$apache$ranger$authorization$spark$authorizer$RangerSparkPlugin$$sparkPlugin() == null) {
                ?? r0 = this;
                synchronized (r0) {
                    if (RangerSparkPlugin$.MODULE$.org$apache$ranger$authorization$spark$authorizer$RangerSparkPlugin$$sparkPlugin() == null) {
                        boolean isClusterDriver = SparkRangerUtils$.MODULE$.isClusterDriver();
                        if (isClusterDriver && SparkEnv$.MODULE$.get().conf().contains("spark.yarn.keytab")) {
                            RangerSparkPlugin$.MODULE$.rangerConf().set("xasecure.audit.destination.elasticsearch.password", new File(SparkEnv$.MODULE$.get().conf().get("spark.yarn.keytab")).getAbsolutePath().toString());
                        }
                        if (isClusterDriver) {
                            RangerSparkPlugin$.MODULE$.rangerConf().set("ranger.plugin.spark.policy.cache.dir", SparkEnv$.MODULE$.get().conf().get("spark.yarn.cluster.ranger.policy.cache.dir", "./ranger/hivedev/policycache"));
                        }
                        RangerSparkPlugin rangerSparkPlugin = new RangerSparkPlugin(RangerSparkPlugin$.MODULE$.rangerConf());
                        rangerSparkPlugin.init();
                        r0 = RangerSparkPlugin$.MODULE$;
                        r0.org$apache$ranger$authorization$spark$authorizer$RangerSparkPlugin$$sparkPlugin_$eq(rangerSparkPlugin);
                    }
                }
            }
            return RangerSparkPlugin$.MODULE$.org$apache$ranger$authorization$spark$authorizer$RangerSparkPlugin$$sparkPlugin();
        }
    }

    public static Builder build() {
        return RangerSparkPlugin$.MODULE$.build();
    }

    public static String showColumnsOption() {
        return RangerSparkPlugin$.MODULE$.showColumnsOption();
    }

    public static RangerPluginConfig rangerConf() {
        return RangerSparkPlugin$.MODULE$.rangerConf();
    }

    public RangerPluginConfig pluginConfig() {
        return this.pluginConfig;
    }

    private Log LOG() {
        return this.LOG;
    }

    private String sparkAppName() {
        return this.sparkAppName;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8, types: [org.apache.ranger.authorization.spark.authorizer.RangerSparkPlugin] */
    private String[] fsScheme$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                this.fsScheme = (String[]) new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(pluginConfig().get("ranger.plugin.spark.urlauth.filesystem.schemes", "hdfs:,file:").split(","))).map(str -> {
                    return str.trim();
                }, Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.apply(String.class)));
                r0 = this;
                r0.bitmap$0 = true;
            }
        }
        return this.fsScheme;
    }

    public String[] fsScheme() {
        return !this.bitmap$0 ? fsScheme$lzycompute() : this.fsScheme;
    }

    public void init() {
        authToJAASFile();
        super.init();
        File file = new File(pluginConfig().get("ranger.plugin.spark.policy.cache.dir"));
        if (file.exists() && (!file.isDirectory() || !file.canRead() || !file.canWrite())) {
            throw new IOException(new StringBuilder(63).append("Policy cache directory already exists at").append(file.getAbsolutePath()).append(", but it is unavailable").toString());
        }
        if (!file.exists() && !file.mkdirs()) {
            throw new IOException(new StringBuilder(49).append("Unable to create ranger policy cache directory at").append(file.getAbsolutePath()).toString());
        }
        LOG().info(new StringBuilder(43).append("Policy cache directory successfully set to ").append(file.getAbsolutePath()).toString());
    }

    private void authToJAASFile() {
        AppConfigurationEntry[] appConfigurationEntry = Configuration.getConfiguration().getAppConfigurationEntry(sparkAppName());
        if (appConfigurationEntry == null || new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(appConfigurationEntry)).size() == 0) {
            LOG().warn("there is no jaas config for ranger plugin, use loginUser to auth for ranger");
            return;
        }
        try {
            MiscUtil.setUGIFromJAASConfig(sparkAppName());
            LOG().info(new StringBuilder(25).append("ugi for ranger plugin is ").append(MiscUtil.getUGILoginUser()).toString());
        } catch (Throwable th) {
            LOG().warn(new StringBuilder(52).append("fail to authenticating for ranger plugin from jaas: ").append(th.getMessage()).toString());
        }
    }

    public RangerAccessResult isAccessAllowed(RangerAccessRequest rangerAccessRequest) {
        RangerAccessResult isAccessAllowed = super.isAccessAllowed(rangerAccessRequest);
        if (isAccessAllowed == null) {
            throw new SparkAccessControlException("fail to get ranger policy result");
        }
        return isAccessAllowed;
    }

    public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> collection) {
        Collection<RangerAccessResult> isAccessAllowed = super.isAccessAllowed(collection);
        if (isAccessAllowed == null) {
            throw new SparkAccessControlException("fail to get ranger policy result");
        }
        return isAccessAllowed;
    }

    public RangerAccessResult isAccessAllowed(RangerAccessRequest rangerAccessRequest, RangerAccessResultProcessor rangerAccessResultProcessor) {
        RangerAccessResult isAccessAllowed = super.isAccessAllowed(rangerAccessRequest, rangerAccessResultProcessor);
        if (isAccessAllowed == null) {
            throw new SparkAccessControlException("fail to get ranger policy result");
        }
        return isAccessAllowed;
    }

    public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> collection, RangerAccessResultProcessor rangerAccessResultProcessor) {
        Collection<RangerAccessResult> isAccessAllowed = super.isAccessAllowed(collection, rangerAccessResultProcessor);
        if (isAccessAllowed == null) {
            throw new SparkAccessControlException("fail to get ranger policy result");
        }
        return isAccessAllowed;
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public RangerSparkPlugin(RangerPluginConfig rangerPluginConfig) {
        super(rangerPluginConfig);
        this.pluginConfig = rangerPluginConfig;
        this.LOG = LogFactory.getLog(RangerSparkPlugin.class);
        this.sparkAppName = "Client";
    }
}
