package org.apache.hadoop.hive.ql.parse.authorization;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.api.PrincipalType;
import org.apache.hadoop.hive.ql.ErrorMsg;
import org.apache.hadoop.hive.ql.exec.Task;
import org.apache.hadoop.hive.ql.exec.TaskFactory;
import org.apache.hadoop.hive.ql.hooks.ReadEntity;
import org.apache.hadoop.hive.ql.hooks.WriteEntity;
import org.apache.hadoop.hive.ql.metadata.Hive;
import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.metadata.Partition;
import org.apache.hadoop.hive.ql.metadata.Table;
import org.apache.hadoop.hive.ql.parse.ASTNode;
import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer;
import org.apache.hadoop.hive.ql.parse.DDLSemanticAnalyzer;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.plan.DDLWork;
import org.apache.hadoop.hive.ql.plan.GrantDesc;
import org.apache.hadoop.hive.ql.plan.GrantRevokeRoleDDL;
import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
import org.apache.hadoop.hive.ql.plan.RevokeDesc;
import org.apache.hadoop.hive.ql.plan.RoleDDLDesc;
import org.apache.hadoop.hive.ql.plan.ShowGrantDesc;
import org.apache.hadoop.hive.ql.security.authorization.Privilege;
import org.apache.hadoop.hive.ql.security.authorization.PrivilegeRegistry;
import org.apache.hadoop.hive.ql.session.SessionState;

/* loaded from: input_file:org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.class */
public class HiveAuthorizationTaskFactoryImpl extends AbstractHiveAuthorizationTaskFactory {
    public HiveAuthorizationTaskFactoryImpl(HiveConf hiveConf, Hive hive) {
        super(hiveConf, hive);
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createCreateRoleTask(ASTNode aSTNode, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) {
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, new RoleDDLDesc(BaseSemanticAnalyzer.unescapeIdentifier(aSTNode.getChild(0).getText()), RoleDDLDesc.RoleOperation.CREATE_ROLE)), this.conf, new Task[0]);
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createDropRoleTask(ASTNode aSTNode, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) {
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, new RoleDDLDesc(BaseSemanticAnalyzer.unescapeIdentifier(aSTNode.getChild(0).getText()), RoleDDLDesc.RoleOperation.DROP_ROLE)), this.conf, new Task[0]);
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createShowRoleGrantTask(ASTNode aSTNode, Path path, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) {
        ASTNode child = aSTNode.getChild(0);
        PrincipalType principalType = PrincipalType.USER;
        switch (child.getType()) {
            case 660:
                principalType = PrincipalType.GROUP;
                break;
            case 751:
                principalType = PrincipalType.ROLE;
                break;
            case 838:
                principalType = PrincipalType.USER;
                break;
        }
        RoleDDLDesc roleDDLDesc = new RoleDDLDesc(BaseSemanticAnalyzer.unescapeIdentifier(child.getChild(0).getText()), principalType, RoleDDLDesc.RoleOperation.SHOW_ROLE_GRANT, null);
        roleDDLDesc.setResFile(path.toString());
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, roleDDLDesc), this.conf, new Task[0]);
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createGrantTask(ASTNode aSTNode, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) throws SemanticException {
        List<PrivilegeDesc> analyzePrivilegeListDef = analyzePrivilegeListDef((ASTNode) aSTNode.getChild(0));
        List<PrincipalDesc> analyzePrincipalListDef = analyzePrincipalListDef((ASTNode) aSTNode.getChild(1));
        boolean z = false;
        PrivilegeObjectDesc privilegeObjectDesc = null;
        if (aSTNode.getChildCount() > 2) {
            for (int i = 2; i < aSTNode.getChildCount(); i++) {
                ASTNode aSTNode2 = (ASTNode) aSTNode.getChild(i);
                if (aSTNode2.getType() == 659) {
                    z = true;
                } else if (aSTNode2.getType() == 738) {
                    privilegeObjectDesc = analyzePrivilegeObject(aSTNode2, hashSet2);
                }
            }
        }
        String str = null;
        if (SessionState.get() != null && SessionState.get().getAuthenticator() != null) {
            str = SessionState.get().getAuthenticator().getUserName();
        }
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, new GrantDesc(privilegeObjectDesc, analyzePrivilegeListDef, analyzePrincipalListDef, str, PrincipalType.USER, z)), this.conf, new Task[0]);
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createRevokeTask(ASTNode aSTNode, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) throws SemanticException {
        List<PrivilegeDesc> analyzePrivilegeListDef = analyzePrivilegeListDef((ASTNode) aSTNode.getChild(0));
        List<PrincipalDesc> analyzePrincipalListDef = analyzePrincipalListDef((ASTNode) aSTNode.getChild(1));
        PrivilegeObjectDesc privilegeObjectDesc = null;
        if (aSTNode.getChildCount() > 2) {
            privilegeObjectDesc = analyzePrivilegeObject((ASTNode) aSTNode.getChild(2), hashSet2);
        }
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, new RevokeDesc(analyzePrivilegeListDef, analyzePrincipalListDef, privilegeObjectDesc)), this.conf, new Task[0]);
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createGrantRoleTask(ASTNode aSTNode, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) {
        return analyzeGrantRevokeRole(true, aSTNode, hashSet, hashSet2);
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createShowGrantTask(ASTNode aSTNode, Path path, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) throws SemanticException {
        PrivilegeObjectDesc privilegeObjectDesc = null;
        ASTNode child = aSTNode.getChild(0);
        PrincipalType principalType = PrincipalType.USER;
        switch (child.getType()) {
            case 660:
                principalType = PrincipalType.GROUP;
                break;
            case 751:
                principalType = PrincipalType.ROLE;
                break;
            case 838:
                principalType = PrincipalType.USER;
                break;
        }
        PrincipalDesc principalDesc = new PrincipalDesc(BaseSemanticAnalyzer.unescapeIdentifier(child.getChild(0).getText()), principalType);
        List<String> list = null;
        if (aSTNode.getChildCount() > 1) {
            ASTNode child2 = aSTNode.getChild(1);
            if (child2.getToken().getType() == 739) {
                privilegeObjectDesc = new PrivilegeObjectDesc();
                privilegeObjectDesc.setObject(BaseSemanticAnalyzer.unescapeIdentifier(child2.getChild(0).getText()));
                if (child2.getChildCount() > 1) {
                    for (int i = 1; i < child2.getChildCount(); i++) {
                        ASTNode child3 = child2.getChild(i);
                        if (child3.getToken().getType() == 724) {
                            privilegeObjectDesc.setPartSpec(DDLSemanticAnalyzer.getPartSpec(child3));
                        } else if (child3.getToken().getType() == 792) {
                            list = BaseSemanticAnalyzer.getColumnNames(child3);
                        } else {
                            privilegeObjectDesc.setTable(child2.getChild(i) != null);
                        }
                    }
                }
            }
        }
        if (privilegeObjectDesc != null || list == null) {
            return TaskFactory.get(new DDLWork(hashSet, hashSet2, new ShowGrantDesc(path.toString(), principalDesc, privilegeObjectDesc, list)), this.conf, new Task[0]);
        }
        throw new SemanticException("For user-level privileges, column sets should be null. columns=" + list.toString());
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createRevokeRoleTask(ASTNode aSTNode, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) {
        return analyzeGrantRevokeRole(false, aSTNode, hashSet, hashSet2);
    }

    private Task<? extends Serializable> analyzeGrantRevokeRole(boolean z, ASTNode aSTNode, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) {
        List<PrincipalDesc> analyzePrincipalListDef = analyzePrincipalListDef((ASTNode) aSTNode.getChild(0));
        ArrayList arrayList = new ArrayList();
        for (int i = 1; i < aSTNode.getChildCount(); i++) {
            arrayList.add(BaseSemanticAnalyzer.unescapeIdentifier(aSTNode.getChild(i).getText()));
        }
        String str = "";
        if (SessionState.get() != null && SessionState.get().getAuthenticator() != null) {
            str = SessionState.get().getAuthenticator().getUserName();
        }
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, new GrantRevokeRoleDDL(z, arrayList, analyzePrincipalListDef, str, PrincipalType.USER, true)), this.conf, new Task[0]);
    }

    private PrivilegeObjectDesc analyzePrivilegeObject(ASTNode aSTNode, HashSet<WriteEntity> hashSet) throws SemanticException {
        PrivilegeObjectDesc privilegeObjectDesc = new PrivilegeObjectDesc();
        privilegeObjectDesc.setObject(BaseSemanticAnalyzer.unescapeIdentifier(aSTNode.getChild(0).getText()));
        if (aSTNode.getChildCount() > 1) {
            for (int i = 0; i < aSTNode.getChildCount(); i++) {
                ASTNode child = aSTNode.getChild(i);
                if (child.getToken().getType() == 724) {
                    privilegeObjectDesc.setPartSpec(DDLSemanticAnalyzer.getPartSpec(child));
                } else {
                    privilegeObjectDesc.setTable(aSTNode.getChild(0) != null);
                }
            }
        }
        if (privilegeObjectDesc.getTable()) {
            Table table = getTable(null, privilegeObjectDesc.getObject());
            if (privilegeObjectDesc.getPartSpec() != null) {
                hashSet.add(new WriteEntity(getPartition(table, privilegeObjectDesc.getPartSpec())));
            } else {
                hashSet.add(new WriteEntity(table));
            }
        }
        return privilegeObjectDesc;
    }

    private List<PrincipalDesc> analyzePrincipalListDef(ASTNode aSTNode) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < aSTNode.getChildCount(); i++) {
            ASTNode child = aSTNode.getChild(i);
            PrincipalType principalType = null;
            switch (child.getType()) {
                case 660:
                    principalType = PrincipalType.GROUP;
                    break;
                case 751:
                    principalType = PrincipalType.ROLE;
                    break;
                case 838:
                    principalType = PrincipalType.USER;
                    break;
            }
            arrayList.add(new PrincipalDesc(BaseSemanticAnalyzer.unescapeIdentifier(child.getChild(0).getText()), principalType));
        }
        return arrayList;
    }

    private List<PrivilegeDesc> analyzePrivilegeListDef(ASTNode aSTNode) throws SemanticException {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < aSTNode.getChildCount(); i++) {
            ASTNode child = aSTNode.getChild(i);
            ASTNode child2 = child.getChild(0);
            Privilege privilege = PrivilegeRegistry.getPrivilege(child2.getType());
            if (privilege == null) {
                throw new SemanticException("undefined privilege " + child2.getType());
            }
            List<String> list = null;
            if (child.getChildCount() > 1) {
                list = BaseSemanticAnalyzer.getColumnNames(child.getChild(1));
            }
            arrayList.add(new PrivilegeDesc(privilege, list));
        }
        return arrayList;
    }

    private Table getTable(String str, String str2) throws SemanticException {
        try {
            Table table = str == null ? this.db.getTable(str2, false) : this.db.getTable(str, str2, false);
            if (table == null) {
                throw new SemanticException(ErrorMsg.INVALID_TABLE.getMsg(str2));
            }
            return table;
        } catch (HiveException e) {
            if (e instanceof SemanticException) {
                throw ((SemanticException) e);
            }
            throw new SemanticException(ErrorMsg.INVALID_TABLE.getMsg(str2), e);
        }
    }

    private Partition getPartition(Table table, Map<String, String> map) throws SemanticException {
        try {
            Partition partition = this.db.getPartition(table, map, false);
            if (partition == null) {
                throw new SemanticException(toMessage(ErrorMsg.INVALID_PARTITION, map));
            }
            return partition;
        } catch (HiveException e) {
            if (e instanceof SemanticException) {
                throw ((SemanticException) e);
            }
            throw new SemanticException(toMessage(ErrorMsg.INVALID_PARTITION, map), e);
        }
    }

    private String toMessage(ErrorMsg errorMsg, Object obj) {
        return obj == null ? errorMsg.getMsg() : errorMsg.getMsg(obj.toString());
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createSetRoleTask(String str, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) throws SemanticException {
        throw new SemanticException("SET ROLE is only supported by Sentry. Please enable Sentry.");
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createShowCurrentRoleTask(HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2, Path path) throws SemanticException {
        throw new SemanticException("SHOW CURRENT ROLES is only supported by Sentry. Please enable Sentry.");
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createShowRolesTask(ASTNode aSTNode, Path path, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) throws SemanticException {
        RoleDDLDesc roleDDLDesc = new RoleDDLDesc(null, null, RoleDDLDesc.RoleOperation.SHOW_ROLES, null);
        roleDDLDesc.setResFile(path.toString());
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, roleDDLDesc), this.conf, new Task[0]);
    }
}
