package org.apache.ranger.authorization.spark.authorizer;

import java.util.Collection;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.hive.common.FileUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.util.RangerPerfTracer;
import org.apache.spark.sql.SparkRangerUtils$;
import org.apache.spark.sql.SparkSession;
import org.apache.spark.sql.hive.HiveACLClientImpl;
import scala.Enumeration;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Some;
import scala.StringContext;
import scala.collection.JavaConverters$;
import scala.collection.Seq;
import scala.collection.TraversableOnce;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.Set;
import scala.collection.immutable.StringOps;
import scala.collection.mutable.ArrayBuffer;
import scala.collection.mutable.Map;
import scala.collection.mutable.Map$;
import scala.collection.mutable.StringBuilder;
import scala.runtime.BoxesRunTime;

/* compiled from: RangerSparkAuthorizer.scala */
/* loaded from: input_file:org/apache/ranger/authorization/spark/authorizer/RangerSparkAuthorizer$.class */
public final class RangerSparkAuthorizer$ {
    public static final RangerSparkAuthorizer$ MODULE$ = null;
    private final Log org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG;
    private final RangerSparkPlugin sparkPlugin;
    private final Log PERF_SPARKAUTH_REQUEST_LOG;

    static {
        new RangerSparkAuthorizer$();
    }

    public Log org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG() {
        return this.org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG;
    }

    public RangerSparkPlugin sparkPlugin() {
        return this.sparkPlugin;
    }

    private UserGroupInformation currentUser() {
        return UserGroupInformation.getCurrentUser();
    }

    /* JADX WARN: Code restructure failed: missing block: B:20:0x008d, code lost:
    
        if (r13.equals(r1) != false) goto L16;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void checkPrivileges(org.apache.spark.sql.SparkSession r12, scala.Enumeration.Value r13, scala.collection.Seq<org.apache.ranger.authorization.spark.authorizer.SparkPrivilegeObject> r14, scala.collection.Seq<org.apache.ranger.authorization.spark.authorizer.SparkPrivilegeObject> r15) {
        /*
            Method dump skipped, instructions count: 288
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.ranger.authorization.spark.authorizer.RangerSparkAuthorizer$.checkPrivileges(org.apache.spark.sql.SparkSession, scala.Enumeration$Value, scala.collection.Seq, scala.collection.Seq):void");
    }

    public boolean isOwner(SparkSession sparkSession, RangerSparkResource rangerSparkResource, String str, Map<String, Object> map) {
        boolean z;
        boolean isFunctionOwner$1;
        Enumeration.Value objectType = rangerSparkResource.getObjectType();
        Enumeration.Value GLOBAL = SparkObjectType$.MODULE$.GLOBAL();
        if (objectType == null) {
            if (GLOBAL == null) {
                return false;
            }
        } else if (objectType.equals(GLOBAL)) {
            return false;
        }
        HiveACLClientImpl hiveACLClientImpl = (HiveACLClientImpl) sparkSession.sessionState().resourceLoader().getHiveClient();
        List currentRoleNames = hiveACLClientImpl.state().getAuthorizerV2().getCurrentRoleNames();
        Enumeration.Value objectType2 = rangerSparkResource.getObjectType();
        Enumeration.Value DATABASE = SparkObjectType$.MODULE$.DATABASE();
        if (DATABASE != null ? !DATABASE.equals(objectType2) : objectType2 != null) {
            Enumeration.Value TABLE = SparkObjectType$.MODULE$.TABLE();
            if (TABLE != null ? !TABLE.equals(objectType2) : objectType2 != null) {
                Enumeration.Value COLUMN = SparkObjectType$.MODULE$.COLUMN();
                if (COLUMN != null ? !COLUMN.equals(objectType2) : objectType2 != null) {
                    Enumeration.Value VIEW = SparkObjectType$.MODULE$.VIEW();
                    z = VIEW != null ? VIEW.equals(objectType2) : objectType2 == null;
                } else {
                    z = true;
                }
            } else {
                z = true;
            }
            if (z) {
                isFunctionOwner$1 = isTBOwner$1(rangerSparkResource.getDatabase(), rangerSparkResource.getTable(), str, map, hiveACLClientImpl);
            } else {
                Enumeration.Value FUNCTION = SparkObjectType$.MODULE$.FUNCTION();
                isFunctionOwner$1 = (FUNCTION != null ? !FUNCTION.equals(objectType2) : objectType2 != null) ? false : isFunctionOwner$1(rangerSparkResource.getDatabase(), rangerSparkResource.getUdf(), str, map, hiveACLClientImpl, currentRoleNames);
            }
        } else {
            isFunctionOwner$1 = isDBOwner$1(rangerSparkResource.getDatabase(), str, map, hiveACLClientImpl, currentRoleNames);
        }
        return isFunctionOwner$1;
    }

    public boolean isAllowed(SparkSession sparkSession, SparkPrivilegeObject sparkPrivilegeObject) {
        boolean z;
        boolean z2;
        String shortUserName = currentUser().getShortUserName();
        Set set = ((TraversableOnce) JavaConverters$.MODULE$.asScalaBufferConverter(sparkSession.sessionState().resourceLoader().getHiveClient().getGroupNamesFromMS(shortUserName)).asScala()).toSet();
        Set<String> currentUserRoles = SparkRangerUtils$.MODULE$.getCurrentUserRoles(sparkSession);
        Some createSparkResource = createSparkResource(sparkPrivilegeObject);
        if (createSparkResource instanceof Some) {
            RangerSparkResource rangerSparkResource = (RangerSparkResource) createSparkResource.x();
            if (isOwner(sparkSession, rangerSparkResource, shortUserName, (Map) Map$.MODULE$.apply(Nil$.MODULE$))) {
                org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG().debug("current user is the owner of the resource, skip ranger check");
                return true;
            }
            RangerSparkAccessRequest rangerSparkAccessRequest = new RangerSparkAccessRequest(rangerSparkResource, shortUserName, set, currentUserRoles, sparkPlugin().getClusterName());
            RangerAccessResult isAccessAllowed = sparkPlugin().isAccessAllowed((RangerAccessRequest) rangerSparkAccessRequest);
            if (rangerSparkAccessRequest == null) {
                org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG().error("Internal error: null RangerAccessResult received back from isAccessAllowed");
                z2 = false;
            } else if (isAccessAllowed.getIsAllowed()) {
                z2 = true;
            } else {
                if (org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG().isDebugEnabled()) {
                    org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG().debug(new StringBuilder().append(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Permission denied: user [", "] does not have"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{shortUserName}))).append(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{" [", "] privilege on [", "]. resource[", "],"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{rangerSparkAccessRequest.getSparkAccessType(), rangerSparkResource.getAsString(), rangerSparkResource}))).append(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{" request[", "], result[", "]"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{rangerSparkAccessRequest, isAccessAllowed}))).toString());
                }
                z2 = false;
            }
            z = z2;
        } else {
            org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG().error("RangerSparkResource returned by createSparkResource is null");
            z = false;
        }
        return z;
    }

    public boolean isAllowed(SparkSession sparkSession, String str, List<String> list, String str2, Enumeration.Value value, RangerSparkResource rangerSparkResource) {
        RangerSparkAccessRequest rangerSparkAccessRequest = new RangerSparkAccessRequest(rangerSparkResource, str, ((TraversableOnce) JavaConverters$.MODULE$.asScalaBufferConverter(list).asScala()).toSet(), SparkRangerUtils$.MODULE$.getCurrentUserRoles(sparkSession), str2, value, sparkPlugin().getClusterName());
        RangerAccessResult isAccessAllowed = sparkPlugin().isAccessAllowed((RangerAccessRequest) rangerSparkAccessRequest);
        if (rangerSparkAccessRequest == null) {
            org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG().error("Internal error: null RangerAccessResult received back from isAccessAllowed");
            return false;
        }
        if (isAccessAllowed.getIsAllowed()) {
            return true;
        }
        if (org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG().isDebugEnabled()) {
            org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG().debug(new StringBuilder().append(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Permission denied: user [", "] does not have"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str}))).append(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{" [", "] privilege on [", "]. resource[", "],"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{rangerSparkAccessRequest.getSparkAccessType(), rangerSparkResource.getAsString(), rangerSparkResource}))).append(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{" request[", "], result[", "]"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{rangerSparkAccessRequest, isAccessAllowed}))).toString());
        }
        org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG().info(new StringBuilder().append(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Permission denied: user [", "] does not"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str}))).append(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{" have [", "] privilege on [", "]"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{rangerSparkAccessRequest.getSparkAccessType(), rangerSparkResource.getAsString()}))).toString());
        return false;
    }

    private Log PERF_SPARKAUTH_REQUEST_LOG() {
        return this.PERF_SPARKAUTH_REQUEST_LOG;
    }

    public Option<RangerSparkResource> createSparkResource(SparkPrivilegeObject sparkPrivilegeObject) {
        Some some;
        String objectName = sparkPrivilegeObject.getObjectName();
        String dbname = sparkPrivilegeObject.getDbname();
        Enumeration.Value type = sparkPrivilegeObject.getType();
        Enumeration.Value DATABASE = SparkPrivilegeObjectType$.MODULE$.DATABASE();
        if (DATABASE != null ? !DATABASE.equals(type) : type != null) {
            Enumeration.Value TABLE_OR_VIEW = SparkPrivilegeObjectType$.MODULE$.TABLE_OR_VIEW();
            if (TABLE_OR_VIEW != null ? !TABLE_OR_VIEW.equals(type) : type != null) {
                org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG().warn(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"RangerSparkAuthorizer.createSparkResource: unexpected objectType: ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{type})));
                some = None$.MODULE$;
            } else {
                some = new Some(RangerSparkResource$.MODULE$.apply(SparkObjectType$.MODULE$.DATABASE(), Option$.MODULE$.apply(dbname), objectName));
            }
        } else {
            some = new Some(RangerSparkResource$.MODULE$.apply(SparkObjectType$.MODULE$.DATABASE(), Option$.MODULE$.apply(objectName)));
        }
        return some;
    }

    public Enumeration.Value org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$getAccessType(SparkPrivilegeObject sparkPrivilegeObject, Enumeration.Value value, Enumeration.Value value2, boolean z) {
        boolean z2;
        boolean z3;
        boolean z4;
        boolean z5;
        boolean z6;
        boolean z7;
        boolean z8;
        boolean z9;
        boolean z10;
        Enumeration.Value TEMPUDFADMIN;
        Enumeration.Value value3;
        Enumeration.Value value4;
        boolean z11 = false;
        Enumeration.Value URI = SparkObjectType$.MODULE$.URI();
        if (URI != null ? URI.equals(value2) : value2 == null) {
            z11 = true;
            if (z) {
                value4 = SparkAccessType$.MODULE$.READ();
                return value4;
            }
        }
        if (z11) {
            value4 = SparkAccessType$.MODULE$.WRITE();
        } else {
            Enumeration.Value actionType = sparkPrivilegeObject.getActionType();
            Enumeration.Value INSERT = SparkPrivObjectActionType$.MODULE$.INSERT();
            if (INSERT != null ? !INSERT.equals(actionType) : actionType != null) {
                Enumeration.Value INSERT_OVERWRITE = SparkPrivObjectActionType$.MODULE$.INSERT_OVERWRITE();
                z2 = INSERT_OVERWRITE != null ? INSERT_OVERWRITE.equals(actionType) : actionType == null;
            } else {
                z2 = true;
            }
            if (z2) {
                value3 = SparkAccessType$.MODULE$.UPDATE();
            } else {
                Enumeration.Value OTHER = SparkPrivObjectActionType$.MODULE$.OTHER();
                if (OTHER != null ? !OTHER.equals(actionType) : actionType != null) {
                    throw new MatchError(actionType);
                }
                Enumeration.Value CREATEDATABASE = SparkOperationType$.MODULE$.CREATEDATABASE();
                if (CREATEDATABASE != null ? CREATEDATABASE.equals(value) : value == null) {
                    Enumeration.Value type = sparkPrivilegeObject.getType();
                    Enumeration.Value DATABASE = SparkPrivilegeObjectType$.MODULE$.DATABASE();
                    if (type != null ? type.equals(DATABASE) : DATABASE == null) {
                        TEMPUDFADMIN = SparkAccessType$.MODULE$.NONE();
                        value3 = TEMPUDFADMIN;
                    }
                }
                Enumeration.Value CREATEFUNCTION = SparkOperationType$.MODULE$.CREATEFUNCTION();
                if (CREATEFUNCTION != null ? CREATEFUNCTION.equals(value) : value == null) {
                    Enumeration.Value type2 = sparkPrivilegeObject.getType();
                    Enumeration.Value FUNCTION = SparkPrivilegeObjectType$.MODULE$.FUNCTION();
                    if (type2 != null ? type2.equals(FUNCTION) : FUNCTION == null) {
                        TEMPUDFADMIN = SparkAccessType$.MODULE$.CREATE();
                        value3 = TEMPUDFADMIN;
                    }
                }
                Enumeration.Value CREATETABLE = SparkOperationType$.MODULE$.CREATETABLE();
                if (CREATETABLE != null ? !CREATETABLE.equals(value) : value != null) {
                    Enumeration.Value CREATEVIEW = SparkOperationType$.MODULE$.CREATEVIEW();
                    if (CREATEVIEW != null ? !CREATEVIEW.equals(value) : value != null) {
                        Enumeration.Value CREATETABLE_AS_SELECT = SparkOperationType$.MODULE$.CREATETABLE_AS_SELECT();
                        z3 = CREATETABLE_AS_SELECT != null ? CREATETABLE_AS_SELECT.equals(value) : value == null;
                    } else {
                        z3 = true;
                    }
                } else {
                    z3 = true;
                }
                if (z3) {
                    Enumeration.Value type3 = sparkPrivilegeObject.getType();
                    Enumeration.Value TABLE_OR_VIEW = SparkPrivilegeObjectType$.MODULE$.TABLE_OR_VIEW();
                    if (type3 != null ? type3.equals(TABLE_OR_VIEW) : TABLE_OR_VIEW == null) {
                        TEMPUDFADMIN = z ? SparkAccessType$.MODULE$.SELECT() : SparkAccessType$.MODULE$.CREATE();
                        value3 = TEMPUDFADMIN;
                    }
                }
                Enumeration.Value ALTERDATABASE = SparkOperationType$.MODULE$.ALTERDATABASE();
                if (ALTERDATABASE != null ? !ALTERDATABASE.equals(value) : value != null) {
                    Enumeration.Value ALTERTABLE_ADDCOLS = SparkOperationType$.MODULE$.ALTERTABLE_ADDCOLS();
                    if (ALTERTABLE_ADDCOLS != null ? !ALTERTABLE_ADDCOLS.equals(value) : value != null) {
                        Enumeration.Value ALTERTABLE_ADDPARTS = SparkOperationType$.MODULE$.ALTERTABLE_ADDPARTS();
                        if (ALTERTABLE_ADDPARTS != null ? !ALTERTABLE_ADDPARTS.equals(value) : value != null) {
                            Enumeration.Value ALTERTABLE_DROPPARTS = SparkOperationType$.MODULE$.ALTERTABLE_DROPPARTS();
                            if (ALTERTABLE_DROPPARTS != null ? !ALTERTABLE_DROPPARTS.equals(value) : value != null) {
                                Enumeration.Value ALTERTABLE_RENAMEPART = SparkOperationType$.MODULE$.ALTERTABLE_RENAMEPART();
                                if (ALTERTABLE_RENAMEPART != null ? !ALTERTABLE_RENAMEPART.equals(value) : value != null) {
                                    Enumeration.Value ALTERTABLE_LOCATION = SparkOperationType$.MODULE$.ALTERTABLE_LOCATION();
                                    if (ALTERTABLE_LOCATION != null ? !ALTERTABLE_LOCATION.equals(value) : value != null) {
                                        Enumeration.Value ALTERTABLE_PROPERTIES = SparkOperationType$.MODULE$.ALTERTABLE_PROPERTIES();
                                        if (ALTERTABLE_PROPERTIES != null ? !ALTERTABLE_PROPERTIES.equals(value) : value != null) {
                                            Enumeration.Value ALTERTABLE_SERDEPROPERTIES = SparkOperationType$.MODULE$.ALTERTABLE_SERDEPROPERTIES();
                                            if (ALTERTABLE_SERDEPROPERTIES != null ? !ALTERTABLE_SERDEPROPERTIES.equals(value) : value != null) {
                                                Enumeration.Value ALTERVIEW_RENAME = SparkOperationType$.MODULE$.ALTERVIEW_RENAME();
                                                if (ALTERVIEW_RENAME != null ? !ALTERVIEW_RENAME.equals(value) : value != null) {
                                                    Enumeration.Value MSCK = SparkOperationType$.MODULE$.MSCK();
                                                    if (MSCK != null ? !MSCK.equals(value) : value != null) {
                                                        Enumeration.Value ALTERTABLE_RENAMECOL = SparkOperationType$.MODULE$.ALTERTABLE_RENAMECOL();
                                                        if (ALTERTABLE_RENAMECOL != null ? !ALTERTABLE_RENAMECOL.equals(value) : value != null) {
                                                            Enumeration.Value ALTERTABLE_RENAME = SparkOperationType$.MODULE$.ALTERTABLE_RENAME();
                                                            z4 = ALTERTABLE_RENAME != null ? ALTERTABLE_RENAME.equals(value) : value == null;
                                                        } else {
                                                            z4 = true;
                                                        }
                                                    } else {
                                                        z4 = true;
                                                    }
                                                } else {
                                                    z4 = true;
                                                }
                                            } else {
                                                z4 = true;
                                            }
                                        } else {
                                            z4 = true;
                                        }
                                    } else {
                                        z4 = true;
                                    }
                                } else {
                                    z4 = true;
                                }
                            } else {
                                z4 = true;
                            }
                        } else {
                            z4 = true;
                        }
                    } else {
                        z4 = true;
                    }
                } else {
                    z4 = true;
                }
                if (z4) {
                    TEMPUDFADMIN = SparkAccessType$.MODULE$.ALTER();
                } else {
                    Enumeration.Value DROPFUNCTION = SparkOperationType$.MODULE$.DROPFUNCTION();
                    if (DROPFUNCTION != null ? !DROPFUNCTION.equals(value) : value != null) {
                        Enumeration.Value DROPTABLE = SparkOperationType$.MODULE$.DROPTABLE();
                        if (DROPTABLE != null ? !DROPTABLE.equals(value) : value != null) {
                            Enumeration.Value DROPVIEW = SparkOperationType$.MODULE$.DROPVIEW();
                            if (DROPVIEW != null ? !DROPVIEW.equals(value) : value != null) {
                                Enumeration.Value DROPDATABASE = SparkOperationType$.MODULE$.DROPDATABASE();
                                z5 = DROPDATABASE != null ? DROPDATABASE.equals(value) : value == null;
                            } else {
                                z5 = true;
                            }
                        } else {
                            z5 = true;
                        }
                    } else {
                        z5 = true;
                    }
                    if (z5) {
                        TEMPUDFADMIN = SparkAccessType$.MODULE$.DROP();
                    } else {
                        Enumeration.Value INSERT2 = SparkOperationType$.MODULE$.INSERT();
                        if (INSERT2 != null ? !INSERT2.equals(value) : value != null) {
                            Enumeration.Value LOAD = SparkOperationType$.MODULE$.LOAD();
                            if (LOAD != null ? !LOAD.equals(value) : value != null) {
                                Enumeration.Value QUERY = SparkOperationType$.MODULE$.QUERY();
                                if (QUERY != null ? !QUERY.equals(value) : value != null) {
                                    Enumeration.Value SHOW_CREATETABLE = SparkOperationType$.MODULE$.SHOW_CREATETABLE();
                                    if (SHOW_CREATETABLE != null ? !SHOW_CREATETABLE.equals(value) : value != null) {
                                        Enumeration.Value SHOWPARTITIONS = SparkOperationType$.MODULE$.SHOWPARTITIONS();
                                        if (SHOWPARTITIONS != null ? !SHOWPARTITIONS.equals(value) : value != null) {
                                            Enumeration.Value SHOW_TBLPROPERTIES = SparkOperationType$.MODULE$.SHOW_TBLPROPERTIES();
                                            z6 = SHOW_TBLPROPERTIES != null ? SHOW_TBLPROPERTIES.equals(value) : value == null;
                                        } else {
                                            z6 = true;
                                        }
                                    } else {
                                        z6 = true;
                                    }
                                } else {
                                    z6 = true;
                                }
                                if (z6) {
                                    TEMPUDFADMIN = SparkAccessType$.MODULE$.SELECT();
                                } else {
                                    Enumeration.Value SHOWCOLUMNS = SparkOperationType$.MODULE$.SHOWCOLUMNS();
                                    if (SHOWCOLUMNS != null ? !SHOWCOLUMNS.equals(value) : value != null) {
                                        Enumeration.Value DESCTABLE = SparkOperationType$.MODULE$.DESCTABLE();
                                        z7 = DESCTABLE != null ? DESCTABLE.equals(value) : value == null;
                                    } else {
                                        z7 = true;
                                    }
                                    if (z7) {
                                        TEMPUDFADMIN = "show-all".equals(StringUtil.toLower(RangerSparkPlugin$.MODULE$.showColumnsOption())) ? SparkAccessType$.MODULE$.USE() : SparkAccessType$.MODULE$.SELECT();
                                    } else {
                                        Enumeration.Value SHOWDATABASES = SparkOperationType$.MODULE$.SHOWDATABASES();
                                        if (SHOWDATABASES != null ? !SHOWDATABASES.equals(value) : value != null) {
                                            Enumeration.Value DESCFUNCTION = SparkOperationType$.MODULE$.DESCFUNCTION();
                                            if (DESCFUNCTION != null ? !DESCFUNCTION.equals(value) : value != null) {
                                                Enumeration.Value SHOWTABLES = SparkOperationType$.MODULE$.SHOWTABLES();
                                                z8 = SHOWTABLES != null ? SHOWTABLES.equals(value) : value == null;
                                            } else {
                                                z8 = true;
                                            }
                                        } else {
                                            z8 = true;
                                        }
                                        if (z8) {
                                            TEMPUDFADMIN = SparkAccessType$.MODULE$.SELECT();
                                        } else {
                                            Enumeration.Value SWITCHDATABASE = SparkOperationType$.MODULE$.SWITCHDATABASE();
                                            if (SWITCHDATABASE != null ? !SWITCHDATABASE.equals(value) : value != null) {
                                                Enumeration.Value DESCDATABASE = SparkOperationType$.MODULE$.DESCDATABASE();
                                                z9 = DESCDATABASE != null ? DESCDATABASE.equals(value) : value == null;
                                            } else {
                                                z9 = true;
                                            }
                                            if (z9) {
                                                TEMPUDFADMIN = SparkAccessType$.MODULE$.NONE();
                                            } else {
                                                Enumeration.Value TRUNCATETABLE = SparkOperationType$.MODULE$.TRUNCATETABLE();
                                                if (TRUNCATETABLE != null ? !TRUNCATETABLE.equals(value) : value != null) {
                                                    Enumeration.Value ADDFILE = SparkOperationType$.MODULE$.ADDFILE();
                                                    if (ADDFILE != null ? !ADDFILE.equals(value) : value != null) {
                                                        Enumeration.Value ADDJAR = SparkOperationType$.MODULE$.ADDJAR();
                                                        z10 = ADDJAR != null ? ADDJAR.equals(value) : value == null;
                                                    } else {
                                                        z10 = true;
                                                    }
                                                    TEMPUDFADMIN = z10 ? SparkAccessType$.MODULE$.TEMPUDFADMIN() : SparkAccessType$.MODULE$.NONE();
                                                } else {
                                                    TEMPUDFADMIN = SparkAccessType$.MODULE$.UPDATE();
                                                }
                                            }
                                        }
                                    }
                                }
                            } else {
                                TEMPUDFADMIN = z ? SparkAccessType$.MODULE$.SELECT() : SparkAccessType$.MODULE$.UPDATE();
                            }
                        } else {
                            TEMPUDFADMIN = SparkAccessType$.MODULE$.UPDATE();
                        }
                    }
                }
                value3 = TEMPUDFADMIN;
            }
            value4 = value3;
        }
        return value4;
    }

    private Enumeration.Value getObjectType(SparkPrivilegeObject sparkPrivilegeObject, Enumeration.Value value) {
        Enumeration.Value NONE;
        boolean z = false;
        Enumeration.Value type = sparkPrivilegeObject.getType();
        Enumeration.Value DATABASE = SparkPrivilegeObjectType$.MODULE$.DATABASE();
        if ((DATABASE != null ? !DATABASE.equals(type) : type != null) ? type == null : true) {
            NONE = SparkObjectType$.MODULE$.DATABASE();
        } else {
            Enumeration.Value TABLE_OR_VIEW = SparkPrivilegeObjectType$.MODULE$.TABLE_OR_VIEW();
            if (TABLE_OR_VIEW != null ? TABLE_OR_VIEW.equals(type) : type == null) {
                z = true;
                if (!StringUtil.isEmpty((Collection) JavaConverters$.MODULE$.seqAsJavaListConverter(sparkPrivilegeObject.getColumns()).asJava())) {
                    NONE = SparkObjectType$.MODULE$.COLUMN();
                }
            }
            if (z && value.toString().toLowerCase().contains("view")) {
                NONE = SparkObjectType$.MODULE$.VIEW();
            } else if (z) {
                NONE = SparkObjectType$.MODULE$.TABLE();
            } else {
                Enumeration.Value FUNCTION = SparkPrivilegeObjectType$.MODULE$.FUNCTION();
                if (FUNCTION != null ? !FUNCTION.equals(type) : type != null) {
                    Enumeration.Value DFS_URI = SparkPrivilegeObjectType$.MODULE$.DFS_URI();
                    if (DFS_URI != null ? !DFS_URI.equals(type) : type != null) {
                        Enumeration.Value GLOBAL = SparkPrivilegeObjectType$.MODULE$.GLOBAL();
                        NONE = (GLOBAL != null ? !GLOBAL.equals(type) : type != null) ? SparkObjectType$.MODULE$.NONE() : SparkObjectType$.MODULE$.GLOBAL();
                    } else {
                        NONE = SparkObjectType$.MODULE$.URI();
                    }
                } else {
                    NONE = SparkObjectType$.MODULE$.FUNCTION();
                }
            }
        }
        return NONE;
    }

    public RangerSparkResource org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$getSparkResource(SparkPrivilegeObject sparkPrivilegeObject, Enumeration.Value value) {
        boolean z;
        RangerSparkResource apply;
        Enumeration.Value objectType = getObjectType(sparkPrivilegeObject, value);
        Enumeration.Value DATABASE = SparkObjectType$.MODULE$.DATABASE();
        if (DATABASE != null ? !DATABASE.equals(objectType) : objectType != null) {
            Enumeration.Value TABLE = SparkObjectType$.MODULE$.TABLE();
            if (TABLE != null ? !TABLE.equals(objectType) : objectType != null) {
                Enumeration.Value VIEW = SparkObjectType$.MODULE$.VIEW();
                if (VIEW != null ? !VIEW.equals(objectType) : objectType != null) {
                    Enumeration.Value FUNCTION = SparkObjectType$.MODULE$.FUNCTION();
                    z = FUNCTION != null ? FUNCTION.equals(objectType) : objectType == null;
                } else {
                    z = true;
                }
            } else {
                z = true;
            }
            if (z) {
                apply = RangerSparkResource$.MODULE$.apply(objectType, Option$.MODULE$.apply(sparkPrivilegeObject.getDbname()), sparkPrivilegeObject.getObjectName());
            } else {
                Enumeration.Value COLUMN = SparkObjectType$.MODULE$.COLUMN();
                if (COLUMN != null ? !COLUMN.equals(objectType) : objectType != null) {
                    Enumeration.Value GLOBAL = SparkObjectType$.MODULE$.GLOBAL();
                    apply = (GLOBAL != null ? !GLOBAL.equals(objectType) : objectType != null) ? null : RangerSparkResource$.MODULE$.apply(objectType, sparkPrivilegeObject.getObjectName());
                } else {
                    apply = RangerSparkResource$.MODULE$.apply(objectType, Option$.MODULE$.apply(sparkPrivilegeObject.getDbname()), sparkPrivilegeObject.getObjectName(), sparkPrivilegeObject.getColumns().mkString(","));
                }
            }
        } else {
            apply = RangerSparkResource$.MODULE$.apply(objectType, Option$.MODULE$.apply(sparkPrivilegeObject.getDbname()));
        }
        RangerSparkResource rangerSparkResource = apply;
        if (rangerSparkResource != null) {
            rangerSparkResource.setServiceDef(sparkPlugin().getServiceDef());
        }
        return rangerSparkResource;
    }

    public boolean org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$canAccessURI(String str, FsAction fsAction, String str2, Configuration configuration) {
        boolean z;
        boolean z2;
        if (FsAction.NONE.equals(fsAction)) {
            z2 = true;
        } else {
            try {
                Path path = new Path(str2);
                FileSystem fileSystem = FileSystem.get(path.toUri(), configuration);
                FileStatus[] globStatus = fileSystem.globStatus(path);
                if (globStatus == null || !Predef$.MODULE$.refArrayOps(globStatus).nonEmpty()) {
                    FileUtils.checkFileAccessWithImpersonation(fileSystem, FileUtils.getPathOrParentThatExists(fileSystem, path), fsAction, str);
                    z = true;
                } else {
                    z = Predef$.MODULE$.refArrayOps(globStatus).forall(new RangerSparkAuthorizer$$anonfun$org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$canAccessURI$1(str, fsAction, fileSystem));
                }
            } catch (Exception e) {
                org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG().error(new StringBuilder().append("Error getting permissions for ").append(str2).toString(), e);
                z = false;
            }
            z2 = z;
        }
        return z2;
    }

    public FsAction org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$getURIAccessType(Enumeration.Value value) {
        boolean z;
        FsAction fsAction;
        Enumeration.Value LOAD = SparkOperationType$.MODULE$.LOAD();
        if (LOAD != null ? !LOAD.equals(value) : value != null) {
            Enumeration.Value CREATEDATABASE = SparkOperationType$.MODULE$.CREATEDATABASE();
            if (CREATEDATABASE != null ? !CREATEDATABASE.equals(value) : value != null) {
                Enumeration.Value CREATETABLE = SparkOperationType$.MODULE$.CREATETABLE();
                if (CREATETABLE != null ? !CREATETABLE.equals(value) : value != null) {
                    Enumeration.Value CREATETABLE_AS_SELECT = SparkOperationType$.MODULE$.CREATETABLE_AS_SELECT();
                    if (CREATETABLE_AS_SELECT != null ? !CREATETABLE_AS_SELECT.equals(value) : value != null) {
                        Enumeration.Value ALTERDATABASE = SparkOperationType$.MODULE$.ALTERDATABASE();
                        if (ALTERDATABASE != null ? !ALTERDATABASE.equals(value) : value != null) {
                            Enumeration.Value ALTERTABLE_ADDCOLS = SparkOperationType$.MODULE$.ALTERTABLE_ADDCOLS();
                            if (ALTERTABLE_ADDCOLS != null ? !ALTERTABLE_ADDCOLS.equals(value) : value != null) {
                                Enumeration.Value ALTERTABLE_RENAMECOL = SparkOperationType$.MODULE$.ALTERTABLE_RENAMECOL();
                                if (ALTERTABLE_RENAMECOL != null ? !ALTERTABLE_RENAMECOL.equals(value) : value != null) {
                                    Enumeration.Value ALTERTABLE_RENAMEPART = SparkOperationType$.MODULE$.ALTERTABLE_RENAMEPART();
                                    if (ALTERTABLE_RENAMEPART != null ? !ALTERTABLE_RENAMEPART.equals(value) : value != null) {
                                        Enumeration.Value ALTERTABLE_RENAME = SparkOperationType$.MODULE$.ALTERTABLE_RENAME();
                                        if (ALTERTABLE_RENAME != null ? !ALTERTABLE_RENAME.equals(value) : value != null) {
                                            Enumeration.Value ALTERTABLE_DROPPARTS = SparkOperationType$.MODULE$.ALTERTABLE_DROPPARTS();
                                            if (ALTERTABLE_DROPPARTS != null ? !ALTERTABLE_DROPPARTS.equals(value) : value != null) {
                                                Enumeration.Value ALTERTABLE_ADDPARTS = SparkOperationType$.MODULE$.ALTERTABLE_ADDPARTS();
                                                if (ALTERTABLE_ADDPARTS != null ? !ALTERTABLE_ADDPARTS.equals(value) : value != null) {
                                                    Enumeration.Value ALTERTABLE_PROPERTIES = SparkOperationType$.MODULE$.ALTERTABLE_PROPERTIES();
                                                    if (ALTERTABLE_PROPERTIES != null ? !ALTERTABLE_PROPERTIES.equals(value) : value != null) {
                                                        Enumeration.Value ALTERTABLE_SERDEPROPERTIES = SparkOperationType$.MODULE$.ALTERTABLE_SERDEPROPERTIES();
                                                        if (ALTERTABLE_SERDEPROPERTIES != null ? !ALTERTABLE_SERDEPROPERTIES.equals(value) : value != null) {
                                                            Enumeration.Value ALTERTABLE_LOCATION = SparkOperationType$.MODULE$.ALTERTABLE_LOCATION();
                                                            if (ALTERTABLE_LOCATION != null ? !ALTERTABLE_LOCATION.equals(value) : value != null) {
                                                                Enumeration.Value QUERY = SparkOperationType$.MODULE$.QUERY();
                                                                z = QUERY != null ? QUERY.equals(value) : value == null;
                                                            } else {
                                                                z = true;
                                                            }
                                                        } else {
                                                            z = true;
                                                        }
                                                    } else {
                                                        z = true;
                                                    }
                                                } else {
                                                    z = true;
                                                }
                                            } else {
                                                z = true;
                                            }
                                        } else {
                                            z = true;
                                        }
                                    } else {
                                        z = true;
                                    }
                                } else {
                                    z = true;
                                }
                            } else {
                                z = true;
                            }
                        } else {
                            z = true;
                        }
                    } else {
                        z = true;
                    }
                } else {
                    z = true;
                }
            } else {
                z = true;
            }
            fsAction = z ? FsAction.ALL : FsAction.NONE;
        } else {
            fsAction = FsAction.READ;
        }
        return fsAction;
    }

    public boolean org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$isPathInFSScheme(String str) {
        return new StringOps(Predef$.MODULE$.augmentString(str)).nonEmpty() && Predef$.MODULE$.refArrayOps(sparkPlugin().fsScheme()).exists(new RangerSparkAuthorizer$$anonfun$org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$isPathInFSScheme$1(str));
    }

    private final void addAccessRequest$1(Seq seq, boolean z, SparkSession sparkSession, Enumeration.Value value, String str, Set set, Set set2, ArrayBuffer arrayBuffer) {
        seq.foreach(new RangerSparkAuthorizer$$anonfun$addAccessRequest$1$1(sparkSession, value, str, set, set2, arrayBuffer, z));
    }

    /* JADX WARN: Code restructure failed: missing block: B:18:0x00ce, code lost:
    
        if (r0.equals(r13) != false) goto L13;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final boolean org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$checkIsOwner$1(org.apache.spark.sql.hive.HiveACLClientImpl r10, java.util.List r11, java.lang.String r12, java.lang.String r13) {
        /*
            Method dump skipped, instructions count: 327
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.ranger.authorization.spark.authorizer.RangerSparkAuthorizer$.org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$checkIsOwner$1(org.apache.spark.sql.hive.HiveACLClientImpl, java.util.List, java.lang.String, java.lang.String):boolean");
    }

    private final boolean isDBOwner$1(String str, String str2, Map map, HiveACLClientImpl hiveACLClientImpl, List list) {
        if (Option$.MODULE$.apply(str).isEmpty()) {
            return false;
        }
        if (str == null) {
            if ("default" == 0) {
                return true;
            }
        } else if (str.equals("default")) {
            return true;
        }
        if (hiveACLClientImpl.databaseExists(str)) {
            return BoxesRunTime.unboxToBoolean(map.getOrElseUpdate(str, new RangerSparkAuthorizer$$anonfun$isDBOwner$1$1(hiveACLClientImpl, list, str, str2)));
        }
        return false;
    }

    public final boolean org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$checkIsOwner$2(HiveACLClientImpl hiveACLClientImpl, String str, String str2, String str3) {
        try {
            String str4 = (String) Option$.MODULE$.apply(hiveACLClientImpl.client().getTable(str, str2, false)).map(new RangerSparkAuthorizer$$anonfun$5()).getOrElse(new RangerSparkAuthorizer$$anonfun$6());
            org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG().debug(new StringBuilder().append(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Owner of the table [", ".", "] is user : "})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str, str2}))).append(str4).toString());
            return str4 != null ? str4.equals(str3) : str3 == null;
        } catch (Throwable th) {
            org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG().warn(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"faild to get table owner for [", ".", "], so set isOwner false"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str, str2})));
            return false;
        }
    }

    private final boolean isTBOwner$1(String str, String str2, String str3, Map map, HiveACLClientImpl hiveACLClientImpl) {
        if (Option$.MODULE$.apply(str).isEmpty() || Option$.MODULE$.apply(str2).isEmpty()) {
            return false;
        }
        return BoxesRunTime.unboxToBoolean(map.getOrElseUpdate(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"table:", ".", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str, str2})), new RangerSparkAuthorizer$$anonfun$isTBOwner$1$1(hiveACLClientImpl, str, str2, str3)));
    }

    /* JADX WARN: Code restructure failed: missing block: B:18:0x00de, code lost:
    
        if (r0.equals(r14) != false) goto L13;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final boolean org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$checkIsOwner$3(org.apache.spark.sql.hive.HiveACLClientImpl r10, java.util.List r11, java.lang.String r12, java.lang.String r13, java.lang.String r14) {
        /*
            Method dump skipped, instructions count: 354
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.ranger.authorization.spark.authorizer.RangerSparkAuthorizer$.org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$checkIsOwner$3(org.apache.spark.sql.hive.HiveACLClientImpl, java.util.List, java.lang.String, java.lang.String, java.lang.String):boolean");
    }

    private final boolean isFunctionOwner$1(String str, String str2, String str3, Map map, HiveACLClientImpl hiveACLClientImpl, List list) {
        if (Option$.MODULE$.apply(str).isEmpty() || Option$.MODULE$.apply(str2).isEmpty()) {
            return false;
        }
        return BoxesRunTime.unboxToBoolean(map.getOrElseUpdate(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"function:", ".", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str, str2})), new RangerSparkAuthorizer$$anonfun$isFunctionOwner$1$1(hiveACLClientImpl, list, str, str2, str3)));
    }

    private RangerSparkAuthorizer$() {
        MODULE$ = this;
        this.org$apache$ranger$authorization$spark$authorizer$RangerSparkAuthorizer$$LOG = LogFactory.getLog(new StringOps(Predef$.MODULE$.augmentString(getClass().getSimpleName())).stripSuffix("$"));
        this.sparkPlugin = RangerSparkPlugin$.MODULE$.build().getOrCreate();
        this.PERF_SPARKAUTH_REQUEST_LOG = RangerPerfTracer.getPerfLogger("sparkauth.request");
    }
}
