package org.apache.ranger.authorization.spark.authorizer;

import java.io.File;
import java.io.IOException;
import java.util.Collection;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.apache.spark.SparkEnv$;
import org.apache.spark.sql.SparkRangerUtils$;
import scala.Array$;
import scala.Predef$;
import scala.StringContext;
import scala.collection.immutable.Nil$;
import scala.collection.mutable.StringBuilder;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;

/* compiled from: RangerSparkPlugin.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005\u0005d\u0001B\u0001\u0003\u0001=\u0011\u0011CU1oO\u0016\u00148\u000b]1sWBcWoZ5o\u0015\t\u0019A!\u0001\u0006bkRDwN]5{KJT!!\u0002\u0004\u0002\u000bM\u0004\u0018M]6\u000b\u0005\u001dA\u0011!D1vi\"|'/\u001b>bi&|gN\u0003\u0002\n\u0015\u00051!/\u00198hKJT!a\u0003\u0007\u0002\r\u0005\u0004\u0018m\u00195f\u0015\u0005i\u0011aA8sO\u000e\u00011C\u0001\u0001\u0011!\t\tb#D\u0001\u0013\u0015\t\u0019B#A\u0004tKJ4\u0018nY3\u000b\u0005UA\u0011A\u00029mk\u001eLg.\u0003\u0002\u0018%\t\u0001\"+\u00198hKJ\u0014\u0015m]3QYV<\u0017N\u001c\u0005\t3\u0001\u0011)\u0019!C\u00015\u0005a\u0001\u000f\\;hS:\u001cuN\u001c4jOV\t1\u0004\u0005\u0002\u001dC5\tQD\u0003\u0002\u001f?\u000511m\u001c8gS\u001eT!\u0001\t\u0004\u0002\r!\fGm\\8q\u0013\t\u0011SD\u0001\nSC:<WM\u001d)mk\u001eLgnQ8oM&<\u0007\u0002\u0003\u0013\u0001\u0005\u0003\u0005\u000b\u0011B\u000e\u0002\u001bAdWoZ5o\u0007>tg-[4!\u0011\u00151\u0003\u0001\"\u0001(\u0003\u0019a\u0014N\\5u}Q\u0011\u0001F\u000b\t\u0003S\u0001i\u0011A\u0001\u0005\u00063\u0015\u0002\ra\u0007\u0005\bY\u0001\u0011\r\u0011\"\u0003.\u0003\raujR\u000b\u0002]A\u0011q\u0006N\u0007\u0002a)\u0011\u0011GM\u0001\bY><w-\u001b8h\u0015\t\u0019$\"A\u0004d_6lwN\\:\n\u0005U\u0002$a\u0001'pO\"1q\u0007\u0001Q\u0001\n9\nA\u0001T(HA!9\u0011\b\u0001b\u0001\n\u0013Q\u0014\u0001D:qCJ\\\u0017\t\u001d9OC6,W#A\u001e\u0011\u0005q\nU\"A\u001f\u000b\u0005yz\u0014\u0001\u00027b]\u001eT\u0011\u0001Q\u0001\u0005U\u00064\u0018-\u0003\u0002C{\t11\u000b\u001e:j]\u001eDa\u0001\u0012\u0001!\u0002\u0013Y\u0014!D:qCJ\\\u0017\t\u001d9OC6,\u0007\u0005\u0003\u0005G\u0001!\u0015\r\u0011\"\u0001H\u0003!17oU2iK6,W#\u0001%\u0011\u0007%ce*D\u0001K\u0015\u0005Y\u0015!B:dC2\f\u0017BA'K\u0005\u0015\t%O]1z!\ty%K\u0004\u0002J!&\u0011\u0011KS\u0001\u0007!J,G-\u001a4\n\u0005\t\u001b&BA)K\u0011!)\u0006\u0001#A!B\u0013A\u0015!\u00034t'\u000eDW-\\3!\u0011\u00159\u0006\u0001\"\u0011Y\u0003\u0011Ig.\u001b;\u0015\u0003e\u0003\"!\u0013.\n\u0005mS%\u0001B+oSRDQ!\u0018\u0001\u0005\na\u000ba\"Y;uQR{'*Q!T\r&dW\rC\u0003`\u0001\u0011\u0005\u0003-A\bjg\u0006\u001b7-Z:t\u00032dwn^3e)\t\tw\r\u0005\u0002cK6\t1M\u0003\u0002e)\u0005a\u0001o\u001c7jGf,gnZ5oK&\u0011am\u0019\u0002\u0013%\u0006tw-\u001a:BG\u000e,7o\u001d*fgVdG\u000fC\u0003i=\u0002\u0007\u0011.A\u0004sKF,Xm\u001d;\u0011\u0005\tT\u0017BA6d\u0005M\u0011\u0016M\\4fe\u0006\u001b7-Z:t%\u0016\fX/Z:u\u0011\u0015y\u0006\u0001\"\u0011n)\tqG\u000fE\u0002pe\u0006l\u0011\u0001\u001d\u0006\u0003c~\nA!\u001e;jY&\u00111\u000f\u001d\u0002\u000b\u0007>dG.Z2uS>t\u0007\"B;m\u0001\u00041\u0018\u0001\u0003:fcV,7\u000f^:\u0011\u0007=\u0014\u0018\u000eC\u0003`\u0001\u0011\u0005\u0003\u0010F\u0002bsjDQ\u0001[<A\u0002%DQa_<A\u0002q\fqB]3tk2$\bK]8dKN\u001cxN\u001d\t\u0003EvL!A`2\u00037I\u000bgnZ3s\u0003\u000e\u001cWm]:SKN,H\u000e\u001e)s_\u000e,7o]8s\u0011\u0019y\u0006\u0001\"\u0011\u0002\u0002Q)a.a\u0001\u0002\u0006!)Qo a\u0001m\")1p a\u0001y\u001e9\u0011\u0011\u0002\u0002\t\u0002\u0005-\u0011!\u0005*b]\u001e,'o\u00159be.\u0004F.^4j]B\u0019\u0011&!\u0004\u0007\r\u0005\u0011\u0001\u0012AA\b'\u0011\ti!!\u0005\u0011\u0007%\u000b\u0019\"C\u0002\u0002\u0016)\u0013a!\u00118z%\u00164\u0007b\u0002\u0014\u0002\u000e\u0011\u0005\u0011\u0011\u0004\u000b\u0003\u0003\u0017AA\"!\b\u0002\u000e\u0001\u0007\t\u0019!C\u0005\u0003?\t1b\u001d9be.\u0004F.^4j]V\t\u0001\u0006\u0003\u0007\u0002$\u00055\u0001\u0019!a\u0001\n\u0013\t)#A\bta\u0006\u00148\u000e\u00157vO&tw\fJ3r)\rI\u0016q\u0005\u0005\n\u0003S\t\t#!AA\u0002!\n1\u0001\u001f\u00132\u0011!\ti#!\u0004!B\u0013A\u0013\u0001D:qCJ\\\u0007\u000b\\;hS:\u0004\u0003\u0006BA\u0016\u0003c\u00012!SA\u001a\u0013\r\t)D\u0013\u0002\tm>d\u0017\r^5mK\"I\u0011\u0011HA\u0007\u0005\u0004%\tAG\u0001\u000be\u0006tw-\u001a:D_:4\u0007\u0002CA\u001f\u0003\u001b\u0001\u000b\u0011B\u000e\u0002\u0017I\fgnZ3s\u0007>tg\r\t\u0005\u000b\u0003\u0003\niA1A\u0005\u0002\u0005\r\u0013!E:i_^\u001cu\u000e\\;n]N|\u0005\u000f^5p]V\ta\n\u0003\u0005\u0002H\u00055\u0001\u0015!\u0003O\u0003I\u0019\bn\\<D_2,XN\\:PaRLwN\u001c\u0011\t\u0011\u0005-\u0013Q\u0002C\u0001\u0003\u001b\nQAY;jY\u0012$\"!a\u0014\u0011\t\u0005E\u00131K\u0007\u0003\u0003\u001b1q!!\u0016\u0002\u000e\u0001\t9FA\u0004Ck&dG-\u001a:\u0014\t\u0005M\u0013\u0011\u0003\u0005\bM\u0005MC\u0011AA'\u0011!\ti&a\u0015\u0005\u0002\u0005}\u0013aC4fi>\u00138I]3bi\u0016$\u0012\u0001\u000b")
/* loaded from: input_file:org/apache/ranger/authorization/spark/authorizer/RangerSparkPlugin.class */
public class RangerSparkPlugin extends RangerBasePlugin {
    private final RangerPluginConfig pluginConfig;
    private final Log LOG;
    private final String sparkAppName;
    private String[] fsScheme;
    private volatile boolean bitmap$0;

    /* compiled from: RangerSparkPlugin.scala */
    /* loaded from: input_file:org/apache/ranger/authorization/spark/authorizer/RangerSparkPlugin$Builder.class */
    public static class Builder {
        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v11 */
        /* JADX WARN: Type inference failed for: r0v5 */
        /* JADX WARN: Type inference failed for: r0v6, types: [java.lang.Throwable] */
        public RangerSparkPlugin getOrCreate() {
            BoxedUnit boxedUnit;
            if (RangerSparkPlugin$.MODULE$.org$apache$ranger$authorization$spark$authorizer$RangerSparkPlugin$$sparkPlugin() == null) {
                ?? r0 = this;
                synchronized (r0) {
                    if (RangerSparkPlugin$.MODULE$.org$apache$ranger$authorization$spark$authorizer$RangerSparkPlugin$$sparkPlugin() == null) {
                        boolean isClusterDriver = SparkRangerUtils$.MODULE$.isClusterDriver();
                        if (isClusterDriver && SparkEnv$.MODULE$.get().conf().contains("spark.yarn.keytab")) {
                            RangerSparkPlugin$.MODULE$.rangerConf().set("xasecure.audit.destination.elasticsearch.password", new File(SparkEnv$.MODULE$.get().conf().get("spark.yarn.keytab")).getAbsolutePath().toString());
                        }
                        if (isClusterDriver) {
                            RangerSparkPlugin$.MODULE$.rangerConf().set("ranger.plugin.spark.policy.cache.dir", SparkEnv$.MODULE$.get().conf().get("spark.yarn.cluster.ranger.policy.cache.dir", "./ranger/hivedev/policycache"));
                        }
                        RangerSparkPlugin rangerSparkPlugin = new RangerSparkPlugin(RangerSparkPlugin$.MODULE$.rangerConf());
                        rangerSparkPlugin.init();
                        RangerSparkPlugin$.MODULE$.org$apache$ranger$authorization$spark$authorizer$RangerSparkPlugin$$sparkPlugin_$eq(rangerSparkPlugin);
                        boxedUnit = BoxedUnit.UNIT;
                    } else {
                        boxedUnit = BoxedUnit.UNIT;
                    }
                    r0 = r0;
                }
            } else {
                BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
            }
            return RangerSparkPlugin$.MODULE$.org$apache$ranger$authorization$spark$authorizer$RangerSparkPlugin$$sparkPlugin();
        }
    }

    public static Builder build() {
        return RangerSparkPlugin$.MODULE$.build();
    }

    public static String showColumnsOption() {
        return RangerSparkPlugin$.MODULE$.showColumnsOption();
    }

    public static RangerPluginConfig rangerConf() {
        return RangerSparkPlugin$.MODULE$.rangerConf();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v5 */
    private String[] fsScheme$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                this.fsScheme = (String[]) Predef$.MODULE$.refArrayOps(pluginConfig().get("ranger.plugin.spark.urlauth.filesystem.schemes", "hdfs:,file:").split(",")).map(new RangerSparkPlugin$$anonfun$fsScheme$1(this), Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.apply(String.class)));
                this.bitmap$0 = true;
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
            r0 = r0;
            return this.fsScheme;
        }
    }

    public RangerPluginConfig pluginConfig() {
        return this.pluginConfig;
    }

    private Log LOG() {
        return this.LOG;
    }

    private String sparkAppName() {
        return this.sparkAppName;
    }

    public String[] fsScheme() {
        return this.bitmap$0 ? this.fsScheme : fsScheme$lzycompute();
    }

    public void init() {
        authToJAASFile();
        super.init();
        File file = new File(pluginConfig().get("ranger.plugin.spark.policy.cache.dir"));
        if (file.exists() && (!file.isDirectory() || !file.canRead() || !file.canWrite())) {
            throw new IOException(new StringBuilder().append("Policy cache directory already exists at").append(file.getAbsolutePath()).append(", but it is unavailable").toString());
        }
        if (!file.exists() && !file.mkdirs()) {
            throw new IOException(new StringBuilder().append("Unable to create ranger policy cache directory at").append(file.getAbsolutePath()).toString());
        }
        LOG().info(new StringBuilder().append("Policy cache directory successfully set to ").append(file.getAbsolutePath()).toString());
    }

    private void authToJAASFile() {
        AppConfigurationEntry[] appConfigurationEntry = Configuration.getConfiguration().getAppConfigurationEntry(sparkAppName());
        if (appConfigurationEntry == null || Predef$.MODULE$.refArrayOps(appConfigurationEntry).size() == 0) {
            LOG().warn(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"there is no jaas config for ranger plugin, use loginUser to auth for ranger"})).s(Nil$.MODULE$));
            return;
        }
        try {
            MiscUtil.setUGIFromJAASConfig(sparkAppName());
            LOG().info(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"ugi for ranger plugin is ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{MiscUtil.getUGILoginUser()})));
        } catch (Throwable th) {
            LOG().warn(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"fail to authenticating for ranger plugin from jaas: ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{th.getMessage()})));
        }
    }

    public RangerAccessResult isAccessAllowed(RangerAccessRequest rangerAccessRequest) {
        RangerAccessResult isAccessAllowed = super.isAccessAllowed(rangerAccessRequest);
        if (isAccessAllowed == null) {
            throw new SparkAccessControlException("fail to get ranger policy result");
        }
        return isAccessAllowed;
    }

    public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> collection) {
        Collection<RangerAccessResult> isAccessAllowed = super.isAccessAllowed(collection);
        if (isAccessAllowed == null) {
            throw new SparkAccessControlException("fail to get ranger policy result");
        }
        return isAccessAllowed;
    }

    public RangerAccessResult isAccessAllowed(RangerAccessRequest rangerAccessRequest, RangerAccessResultProcessor rangerAccessResultProcessor) {
        RangerAccessResult isAccessAllowed = super.isAccessAllowed(rangerAccessRequest, rangerAccessResultProcessor);
        if (isAccessAllowed == null) {
            throw new SparkAccessControlException("fail to get ranger policy result");
        }
        return isAccessAllowed;
    }

    public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> collection, RangerAccessResultProcessor rangerAccessResultProcessor) {
        Collection<RangerAccessResult> isAccessAllowed = super.isAccessAllowed(collection, rangerAccessResultProcessor);
        if (isAccessAllowed == null) {
            throw new SparkAccessControlException("fail to get ranger policy result");
        }
        return isAccessAllowed;
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public RangerSparkPlugin(RangerPluginConfig rangerPluginConfig) {
        super(rangerPluginConfig);
        this.pluginConfig = rangerPluginConfig;
        this.LOG = LogFactory.getLog(RangerSparkPlugin.class);
        this.sparkAppName = "Client";
    }
}
