package org.apache.ranger.authorization.spark.authorizer;

import java.io.File;
import java.io.IOException;
import java.util.Collection;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.apache.spark.SparkEnv$;
import org.apache.spark.sql.SparkRangerUtils$;
import scala.Array$;
import scala.Predef$;
import scala.collection.mutable.ArrayOps;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;

/* compiled from: RangerSparkPlugin.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005Ed\u0001\u0002\u0010 \u00011B\u0001\"\u000e\u0001\u0003\u0006\u0004%\tA\u000e\u0005\t\u007f\u0001\u0011\t\u0011)A\u0005o!)\u0001\t\u0001C\u0001\u0003\"9Q\t\u0001b\u0001\n\u00131\u0005BB(\u0001A\u0003%q\tC\u0004Q\u0001\t\u0007I\u0011B)\t\ri\u0003\u0001\u0015!\u0003S\u0011!Y\u0006\u0001#b\u0001\n\u0003a\u0006\"B7\u0001\t\u0003r\u0007\"\u0002:\u0001\t\u0003\u001a\b\"\u0002>\u0001\t\u0013q\u0007\"B>\u0001\t\u0003b\bBB>\u0001\t\u0003\nY\u0001\u0003\u0004|\u0001\u0011\u0005\u0013q\u0004\u0005\u0007w\u0002!\t%!\f\b\u000f\u0005Mr\u0004#\u0001\u00026\u00191ad\bE\u0001\u0003oAa\u0001Q\t\u0005\u0002\u0005}\u0002bCA!#\u0001\u0007\t\u0019!C\u0005\u0003\u0007B1\"!\u0012\u0012\u0001\u0004\u0005\r\u0011\"\u0003\u0002H!Q\u0011QJ\tA\u0002\u0003\u0005\u000b\u0015\u0002\"\t\u0011\u0005]\u0013C1A\u0005\u0002YBq!!\u0017\u0012A\u0003%q\u0007C\u0005\u0002\\E\u0011\r\u0011\"\u0001\u0002^!9\u0011qL\t!\u0002\u0013\u0019\u0007bBA1#\u0011\u0005\u00111\r\u0004\u0007\u0003S\n\u0002!a\u001b\t\r\u0001[B\u0011AA2\u0011\u001d\tig\u0007C\u0001\u0003_\u0012\u0011CU1oO\u0016\u00148\u000b]1sWBcWoZ5o\u0015\t\u0001\u0013%\u0001\u0006bkRDwN]5{KJT!AI\u0012\u0002\u000bM\u0004\u0018M]6\u000b\u0005\u0011*\u0013!D1vi\"|'/\u001b>bi&|gN\u0003\u0002'O\u00051!/\u00198hKJT!\u0001K\u0015\u0002\r\u0005\u0004\u0018m\u00195f\u0015\u0005Q\u0013aA8sO\u000e\u00011C\u0001\u0001.!\tq3'D\u00010\u0015\t\u0001\u0014'A\u0004tKJ4\u0018nY3\u000b\u0005I*\u0013A\u00029mk\u001eLg.\u0003\u00025_\t\u0001\"+\u00198hKJ\u0014\u0015m]3QYV<\u0017N\\\u0001\ra2,x-\u001b8D_:4\u0017nZ\u000b\u0002oA\u0011\u0001(P\u0007\u0002s)\u0011!hO\u0001\u0007G>tg-[4\u000b\u0005q\u001a\u0013A\u00025bI>|\u0007/\u0003\u0002?s\t\u0011\"+\u00198hKJ\u0004F.^4j]\u000e{gNZ5h\u00035\u0001H.^4j]\u000e{gNZ5hA\u00051A(\u001b8jiz\"\"A\u0011#\u0011\u0005\r\u0003Q\"A\u0010\t\u000bU\u001a\u0001\u0019A\u001c\u0002\u00071{u)F\u0001H!\tAU*D\u0001J\u0015\tQ5*A\u0004m_\u001e<\u0017N\\4\u000b\u00051;\u0013aB2p[6|gn]\u0005\u0003\u001d&\u00131\u0001T8h\u0003\u0011auj\u0012\u0011\u0002\u0019M\u0004\u0018M]6BaBt\u0015-\\3\u0016\u0003I\u0003\"a\u0015-\u000e\u0003QS!!\u0016,\u0002\t1\fgn\u001a\u0006\u0002/\u0006!!.\u0019<b\u0013\tIFK\u0001\u0004TiJLgnZ\u0001\u000egB\f'o[!qa:\u000bW.\u001a\u0011\u0002\u0011\u0019\u001c8k\u00195f[\u0016,\u0012!\u0018\t\u0004=\u0006\u001cW\"A0\u000b\u0003\u0001\fQa]2bY\u0006L!AY0\u0003\u000b\u0005\u0013(/Y=\u0011\u0005\u0011\\gBA3j!\t1w,D\u0001h\u0015\tA7&\u0001\u0004=e>|GOP\u0005\u0003U~\u000ba\u0001\u0015:fI\u00164\u0017BA-m\u0015\tQw,\u0001\u0003j]&$H#A8\u0011\u0005y\u0003\u0018BA9`\u0005\u0011)f.\u001b;\u0002\u001f\u001d,G\u000fU8mS\u000eLXI\\4j]\u0016$\u0012\u0001\u001e\t\u0003kbl\u0011A\u001e\u0006\u0003oF\nA\u0002]8mS\u000eLXM\\4j]\u0016L!!\u001f<\u0003%I\u000bgnZ3s!>d\u0017nY=F]\u001eLg.Z\u0001\u000fCV$\b\u000eV8K\u0003\u0006\u001bf)\u001b7f\u0003=I7/Q2dKN\u001c\u0018\t\u001c7po\u0016$GcA?\u0002\u0002A\u0011QO`\u0005\u0003\u007fZ\u0014!CU1oO\u0016\u0014\u0018iY2fgN\u0014Vm];mi\"9\u00111\u0001\u0007A\u0002\u0005\u0015\u0011a\u0002:fcV,7\u000f\u001e\t\u0004k\u0006\u001d\u0011bAA\u0005m\n\u0019\"+\u00198hKJ\f5mY3tgJ+\u0017/^3tiR!\u0011QBA\r!\u0015\ty!!\u0006~\u001b\t\t\tBC\u0002\u0002\u0014Y\u000bA!\u001e;jY&!\u0011qCA\t\u0005)\u0019u\u000e\u001c7fGRLwN\u001c\u0005\b\u00037i\u0001\u0019AA\u000f\u0003!\u0011X-];fgR\u001c\bCBA\b\u0003+\t)\u0001F\u0003~\u0003C\t\u0019\u0003C\u0004\u0002\u00049\u0001\r!!\u0002\t\u000f\u0005\u0015b\u00021\u0001\u0002(\u0005y!/Z:vYR\u0004&o\\2fgN|'\u000fE\u0002v\u0003SI1!a\u000bw\u0005m\u0011\u0016M\\4fe\u0006\u001b7-Z:t%\u0016\u001cX\u000f\u001c;Qe>\u001cWm]:peR1\u0011QBA\u0018\u0003cAq!a\u0007\u0010\u0001\u0004\ti\u0002C\u0004\u0002&=\u0001\r!a\n\u0002#I\u000bgnZ3s'B\f'o\u001b)mk\u001eLg\u000e\u0005\u0002D#M\u0019\u0011#!\u000f\u0011\u0007y\u000bY$C\u0002\u0002>}\u0013a!\u00118z%\u00164GCAA\u001b\u0003-\u0019\b/\u0019:l!2,x-\u001b8\u0016\u0003\t\u000bqb\u001d9be.\u0004F.^4j]~#S-\u001d\u000b\u0004_\u0006%\u0003\u0002CA&)\u0005\u0005\t\u0019\u0001\"\u0002\u0007a$\u0013'\u0001\u0007ta\u0006\u00148\u000e\u00157vO&t\u0007\u0005K\u0002\u0016\u0003#\u00022AXA*\u0013\r\t)f\u0018\u0002\tm>d\u0017\r^5mK\u0006Q!/\u00198hKJ\u001cuN\u001c4\u0002\u0017I\fgnZ3s\u0007>tg\rI\u0001\u0012g\"|woQ8mk6t7o\u00149uS>tW#A2\u0002%MDwn^\"pYVlgn](qi&|g\u000eI\u0001\u0006EVLG\u000e\u001a\u000b\u0003\u0003K\u00022!a\u001a\u001c\u001b\u0005\t\"a\u0002\"vS2$WM]\n\u00047\u0005e\u0012aC4fi>\u00138I]3bi\u0016$\u0012A\u0011")
/* loaded from: input_file:org/apache/ranger/authorization/spark/authorizer/RangerSparkPlugin.class */
public class RangerSparkPlugin extends RangerBasePlugin {
    private String[] fsScheme;
    private final RangerPluginConfig pluginConfig;
    private final Log LOG;
    private final String sparkAppName;
    private volatile boolean bitmap$0;

    /* compiled from: RangerSparkPlugin.scala */
    /* loaded from: input_file:org/apache/ranger/authorization/spark/authorizer/RangerSparkPlugin$Builder.class */
    public static class Builder {
        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v15, types: [org.apache.ranger.authorization.spark.authorizer.RangerSparkPlugin$] */
        /* JADX WARN: Type inference failed for: r0v4 */
        /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Throwable] */
        public RangerSparkPlugin getOrCreate() {
            if (RangerSparkPlugin$.MODULE$.org$apache$ranger$authorization$spark$authorizer$RangerSparkPlugin$$sparkPlugin() == null) {
                ?? r0 = this;
                synchronized (r0) {
                    if (RangerSparkPlugin$.MODULE$.org$apache$ranger$authorization$spark$authorizer$RangerSparkPlugin$$sparkPlugin() == null) {
                        boolean isClusterDriver = SparkRangerUtils$.MODULE$.isClusterDriver();
                        if (isClusterDriver && SparkEnv$.MODULE$.get().conf().contains("spark.kerberos.keytab")) {
                            RangerSparkPlugin$.MODULE$.rangerConf().set("xasecure.audit.destination.elasticsearch.password", new File(SparkEnv$.MODULE$.get().conf().get("spark.kerberos.keytab")).getAbsolutePath().toString());
                        }
                        if (isClusterDriver) {
                            RangerSparkPlugin$.MODULE$.rangerConf().set("ranger.plugin.spark.policy.cache.dir", SparkEnv$.MODULE$.get().conf().get("spark.yarn.cluster.ranger.policy.cache.dir", "./ranger/hivedev/policycache"));
                        }
                        RangerSparkPlugin rangerSparkPlugin = new RangerSparkPlugin(RangerSparkPlugin$.MODULE$.rangerConf());
                        rangerSparkPlugin.init();
                        r0 = RangerSparkPlugin$.MODULE$;
                        r0.org$apache$ranger$authorization$spark$authorizer$RangerSparkPlugin$$sparkPlugin_$eq(rangerSparkPlugin);
                    }
                }
            }
            return RangerSparkPlugin$.MODULE$.org$apache$ranger$authorization$spark$authorizer$RangerSparkPlugin$$sparkPlugin();
        }
    }

    public static Builder build() {
        return RangerSparkPlugin$.MODULE$.build();
    }

    public static String showColumnsOption() {
        return RangerSparkPlugin$.MODULE$.showColumnsOption();
    }

    public static RangerPluginConfig rangerConf() {
        return RangerSparkPlugin$.MODULE$.rangerConf();
    }

    public RangerPluginConfig pluginConfig() {
        return this.pluginConfig;
    }

    private Log LOG() {
        return this.LOG;
    }

    private String sparkAppName() {
        return this.sparkAppName;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8, types: [org.apache.ranger.authorization.spark.authorizer.RangerSparkPlugin] */
    private String[] fsScheme$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                this.fsScheme = (String[]) new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(pluginConfig().get("ranger.plugin.spark.urlauth.filesystem.schemes", "hdfs:,file:").split(","))).map(str -> {
                    return str.trim();
                }, Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.apply(String.class)));
                r0 = this;
                r0.bitmap$0 = true;
            }
        }
        return this.fsScheme;
    }

    public String[] fsScheme() {
        return !this.bitmap$0 ? fsScheme$lzycompute() : this.fsScheme;
    }

    public void init() {
        authToJAASFile();
        super.init();
        File file = new File(pluginConfig().get("ranger.plugin.spark.policy.cache.dir"));
        if (file.exists() && (!file.isDirectory() || !file.canRead() || !file.canWrite())) {
            throw new IOException(new StringBuilder(63).append("Policy cache directory already exists at").append(file.getAbsolutePath()).append(", but it is unavailable").toString());
        }
        if (!file.exists() && !file.mkdirs()) {
            throw new IOException(new StringBuilder(49).append("Unable to create ranger policy cache directory at").append(file.getAbsolutePath()).toString());
        }
        LOG().info(new StringBuilder(43).append("Policy cache directory successfully set to ").append(file.getAbsolutePath()).toString());
    }

    public RangerPolicyEngine getPolicyEngine() {
        return super.getPolicyEngine();
    }

    private void authToJAASFile() {
        AppConfigurationEntry[] appConfigurationEntry = Configuration.getConfiguration().getAppConfigurationEntry(sparkAppName());
        if (appConfigurationEntry == null || new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(appConfigurationEntry)).size() == 0) {
            LOG().warn("there is no jaas config for ranger plugin, use loginUser to auth for ranger");
            return;
        }
        try {
            MiscUtil.setUGIFromJAASConfig(sparkAppName());
            LOG().info(new StringBuilder(25).append("ugi for ranger plugin is ").append(MiscUtil.getUGILoginUser()).toString());
        } catch (Throwable th) {
            LOG().warn(new StringBuilder(52).append("fail to authenticating for ranger plugin from jaas: ").append(th.getMessage()).toString());
        }
    }

    public RangerAccessResult isAccessAllowed(RangerAccessRequest rangerAccessRequest) {
        RangerAccessResult isAccessAllowed = super.isAccessAllowed(rangerAccessRequest);
        if (isAccessAllowed == null) {
            throw new SparkAccessControlException("fail to get ranger policy result");
        }
        return isAccessAllowed;
    }

    public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> collection) {
        Collection<RangerAccessResult> isAccessAllowed = super.isAccessAllowed(collection);
        if (isAccessAllowed == null) {
            throw new SparkAccessControlException("fail to get ranger policy result");
        }
        return isAccessAllowed;
    }

    public RangerAccessResult isAccessAllowed(RangerAccessRequest rangerAccessRequest, RangerAccessResultProcessor rangerAccessResultProcessor) {
        RangerAccessResult isAccessAllowed = super.isAccessAllowed(rangerAccessRequest, rangerAccessResultProcessor);
        if (isAccessAllowed == null) {
            throw new SparkAccessControlException("fail to get ranger policy result");
        }
        return isAccessAllowed;
    }

    public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> collection, RangerAccessResultProcessor rangerAccessResultProcessor) {
        Collection<RangerAccessResult> isAccessAllowed = super.isAccessAllowed(collection, rangerAccessResultProcessor);
        if (isAccessAllowed == null) {
            throw new SparkAccessControlException("fail to get ranger policy result");
        }
        return isAccessAllowed;
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public RangerSparkPlugin(RangerPluginConfig rangerPluginConfig) {
        super(rangerPluginConfig);
        this.pluginConfig = rangerPluginConfig;
        this.LOG = LogFactory.getLog(RangerSparkPlugin.class);
        this.sparkAppName = "Client";
    }
}
