package org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd;

import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.IMetaStoreClient;
import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationValidator;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;

/* loaded from: input_file:WEB-INF/lib/hive-exec-0.13.1.jar:org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.class */
public class SQLStdHiveAuthorizationValidator implements HiveAuthorizationValidator {
    private final HiveMetastoreClientFactory metastoreClientFactory;
    private final HiveConf conf;
    private final HiveAuthenticationProvider authenticator;
    private final SQLStdHiveAccessController privController;
    public static final Log LOG = LogFactory.getLog(SQLStdHiveAuthorizationValidator.class);

    public SQLStdHiveAuthorizationValidator(HiveMetastoreClientFactory hiveMetastoreClientFactory, HiveConf hiveConf, HiveAuthenticationProvider hiveAuthenticationProvider, SQLStdHiveAccessController sQLStdHiveAccessController) {
        this.metastoreClientFactory = hiveMetastoreClientFactory;
        this.conf = hiveConf;
        this.authenticator = hiveAuthenticationProvider;
        this.privController = sQLStdHiveAccessController;
    }

    @Override // org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationValidator
    public void checkPrivileges(HiveOperationType hiveOperationType, List<HivePrivilegeObject> list, List<HivePrivilegeObject> list2) throws HiveAuthzPluginException, HiveAccessControlException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Checking privileges for operation " + hiveOperationType + " by user " + this.authenticator.getUserName() + " on  input objects " + list + " and output objects " + list2);
        }
        String userName = this.authenticator.getUserName();
        IMetaStoreClient hiveMetastoreClient = this.metastoreClientFactory.getHiveMetastoreClient();
        checkPrivileges(Operation2Privilege.getInputPrivs(hiveOperationType), list, hiveMetastoreClient, userName);
        checkPrivileges(Operation2Privilege.getOutputPrivs(hiveOperationType), list2, hiveMetastoreClient, userName);
    }

    private void checkPrivileges(SQLPrivTypeGrant[] sQLPrivTypeGrantArr, List<HivePrivilegeObject> list, IMetaStoreClient iMetaStoreClient, String str) throws HiveAuthzPluginException, HiveAccessControlException {
        RequiredPrivileges requiredPrivileges = new RequiredPrivileges();
        requiredPrivileges.addAll(sQLPrivTypeGrantArr);
        for (HivePrivilegeObject hivePrivilegeObject : list) {
            RequiredPrivileges requiredPrivileges2 = null;
            if (hivePrivilegeObject.getType() == HivePrivilegeObject.HivePrivilegeObjectType.LOCAL_URI || hivePrivilegeObject.getType() == HivePrivilegeObject.HivePrivilegeObjectType.DFS_URI) {
                requiredPrivileges2 = SQLAuthorizationUtils.getPrivilegesFromFS(new Path(hivePrivilegeObject.getTableViewURI()), this.conf, str);
            } else if (hivePrivilegeObject.getType() != HivePrivilegeObject.HivePrivilegeObjectType.PARTITION) {
                requiredPrivileges2 = SQLAuthorizationUtils.getPrivilegesFromMetaStore(iMetaStoreClient, str, hivePrivilegeObject, this.privController.getCurrentRoleNames(), this.privController.isUserAdmin());
            }
            SQLAuthorizationUtils.assertNoMissingPrivilege(requiredPrivileges.findMissingPrivs(requiredPrivileges2), new HivePrincipal(str, HivePrincipal.HivePrincipalType.USER), hivePrivilegeObject);
        }
    }
}
