package org.apache.hadoop.hive.ql.security.authorization;

import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.curator.framework.recipes.leader.LeaderLatch;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.IMetaStoreClient;
import org.apache.hadoop.hive.metastore.api.FieldSchema;
import org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege;
import org.apache.hadoop.hive.metastore.api.HiveObjectRef;
import org.apache.hadoop.hive.metastore.api.HiveObjectType;
import org.apache.hadoop.hive.metastore.api.PrincipalType;
import org.apache.hadoop.hive.metastore.api.PrivilegeBag;
import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo;
import org.apache.hadoop.hive.metastore.api.Table;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactoryImpl;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePolicyProvider;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchonizer.class */
public class PrivilegeSynchonizer implements Runnable {
    private static final Logger LOG = LoggerFactory.getLogger(PrivilegeSynchonizer.class);
    public static final String GRANTOR = "ranger";
    private IMetaStoreClient hiveClient;
    private LeaderLatch privilegeSynchonizerLatch;
    private HiveConf hiveConf;
    private HiveAuthorizer authorizer;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.hadoop.hive.ql.security.authorization.PrivilegeSynchonizer$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchonizer$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType = new int[HiveObjectType.values().length];

        static {
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType[HiveObjectType.DATABASE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType[HiveObjectType.TABLE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType[HiveObjectType.COLUMN.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public PrivilegeSynchonizer(LeaderLatch leaderLatch, HiveAuthorizer hiveAuthorizer, HiveConf hiveConf) {
        try {
            this.hiveClient = new HiveMetastoreClientFactoryImpl().getHiveMetastoreClient();
            this.privilegeSynchonizerLatch = leaderLatch;
            this.authorizer = hiveAuthorizer;
            this.hiveConf = hiveConf;
        } catch (HiveAuthzPluginException e) {
            throw new RuntimeException("Error creating getHiveMetastoreClient", e);
        }
    }

    private void addACLsToBag(Map<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> map, PrivilegeBag privilegeBag, HiveObjectType hiveObjectType, String str, String str2, String str3, PrincipalType principalType) {
        for (Map.Entry<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> entry : map.entrySet()) {
            String key = entry.getKey();
            for (Map.Entry<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult> entry2 : entry.getValue().entrySet()) {
                if (entry2.getValue() == HiveResourceACLs.AccessResult.ALLOWED) {
                    switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType[hiveObjectType.ordinal()]) {
                        case 1:
                            privilegeBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.DATABASE, str, (String) null, (List) null, (String) null), key, principalType, new PrivilegeGrantInfo(entry2.getKey().toString(), (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false)));
                            break;
                        case 2:
                            privilegeBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, str, str2, (List) null, (String) null), key, principalType, new PrivilegeGrantInfo(entry2.getKey().toString(), (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false)));
                            break;
                        case 3:
                            privilegeBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.COLUMN, str, str2, (List) null, str3), key, principalType, new PrivilegeGrantInfo(entry2.getKey().toString(), (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false)));
                            break;
                        default:
                            throw new RuntimeException("Get unknown object type " + hiveObjectType);
                    }
                }
            }
        }
    }

    private HiveObjectRef getObjToRefresh(HiveObjectType hiveObjectType, String str, String str2) throws Exception {
        HiveObjectRef hiveObjectRef;
        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType[hiveObjectType.ordinal()]) {
            case 1:
                hiveObjectRef = new HiveObjectRef(HiveObjectType.DATABASE, str, (String) null, (List) null, (String) null);
                break;
            case 2:
                hiveObjectRef = new HiveObjectRef(HiveObjectType.TABLE, str, str2, (List) null, (String) null);
                break;
            case 3:
                hiveObjectRef = new HiveObjectRef(HiveObjectType.COLUMN, str, str2, (List) null, (String) null);
                break;
            default:
                throw new RuntimeException("Get unknown object type " + hiveObjectType);
        }
        return hiveObjectRef;
    }

    private void addGrantPrivilegesToBag(HivePolicyProvider hivePolicyProvider, PrivilegeBag privilegeBag, HiveObjectType hiveObjectType, String str, String str2, String str3) throws Exception {
        HiveResourceACLs resourceACLs;
        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType[hiveObjectType.ordinal()]) {
            case 1:
                resourceACLs = hivePolicyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.DATABASE, str, (String) null));
                break;
            case 2:
                resourceACLs = hivePolicyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.TABLE_OR_VIEW, str, str2));
                break;
            case 3:
                resourceACLs = hivePolicyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.COLUMN, str, str2, null, str3));
                break;
            default:
                throw new RuntimeException("Get unknown object type " + hiveObjectType);
        }
        if (resourceACLs == null) {
            return;
        }
        addACLsToBag(resourceACLs.getUserPermissions(), privilegeBag, hiveObjectType, str, str2, str3, PrincipalType.USER);
        addACLsToBag(resourceACLs.getGroupPermissions(), privilegeBag, hiveObjectType, str, str2, str3, PrincipalType.GROUP);
    }

    @Override // java.lang.Runnable
    public void run() {
        HivePolicyProvider hivePolicyProvider;
        long timeVar;
        while (true) {
            try {
                hivePolicyProvider = this.authorizer.getHivePolicyProvider();
                timeVar = HiveConf.getTimeVar(this.hiveConf, HiveConf.ConfVars.HIVE_PRIVILEGE_SYNCHRONIZER_INTERVAL, TimeUnit.SECONDS);
            } catch (Exception e) {
                LOG.error("Error initializing PrivilegeSynchonizer: " + e.getMessage(), e);
            }
            if (this.hiveConf.getBoolVar(HiveConf.ConfVars.HIVE_PRIVILEGE_SYNCHRONIZER)) {
                if (this.privilegeSynchonizerLatch.await(timeVar, TimeUnit.SECONDS)) {
                    LOG.debug("Start synchonize privilege");
                    for (String str : this.hiveClient.getAllDatabases()) {
                        HiveObjectRef objToRefresh = getObjToRefresh(HiveObjectType.DATABASE, str, null);
                        PrivilegeBag privilegeBag = new PrivilegeBag();
                        addGrantPrivilegesToBag(hivePolicyProvider, privilegeBag, HiveObjectType.DATABASE, str, null, null);
                        this.hiveClient.refresh_privileges(objToRefresh, privilegeBag);
                        for (String str2 : this.hiveClient.getAllTables(str)) {
                            HiveObjectRef objToRefresh2 = getObjToRefresh(HiveObjectType.TABLE, str, str2);
                            PrivilegeBag privilegeBag2 = new PrivilegeBag();
                            addGrantPrivilegesToBag(hivePolicyProvider, privilegeBag2, HiveObjectType.TABLE, str, str2, null);
                            this.hiveClient.refresh_privileges(objToRefresh2, privilegeBag2);
                            HiveObjectRef objToRefresh3 = getObjToRefresh(HiveObjectType.COLUMN, str, str2);
                            PrivilegeBag privilegeBag3 = new PrivilegeBag();
                            Table table = this.hiveClient.getTable(str, str2);
                            Iterator it = table.getPartitionKeys().iterator();
                            while (it.hasNext()) {
                                addGrantPrivilegesToBag(hivePolicyProvider, privilegeBag3, HiveObjectType.COLUMN, str, str2, ((FieldSchema) it.next()).getName());
                            }
                            Iterator it2 = table.getSd().getCols().iterator();
                            while (it2.hasNext()) {
                                addGrantPrivilegesToBag(hivePolicyProvider, privilegeBag3, HiveObjectType.COLUMN, str, str2, ((FieldSchema) it2.next()).getName());
                            }
                            this.hiveClient.refresh_privileges(objToRefresh3, privilegeBag3);
                        }
                    }
                }
            }
            Thread.sleep(timeVar * 1000);
            LOG.debug("Success synchonize privilege");
        }
    }
}
