package org.apache.hadoop.hive.ql.parse.authorization;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.api.PrincipalType;
import org.apache.hadoop.hive.ql.ErrorMsg;
import org.apache.hadoop.hive.ql.exec.Task;
import org.apache.hadoop.hive.ql.exec.TaskFactory;
import org.apache.hadoop.hive.ql.hooks.ReadEntity;
import org.apache.hadoop.hive.ql.hooks.WriteEntity;
import org.apache.hadoop.hive.ql.metadata.Hive;
import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.metadata.Partition;
import org.apache.hadoop.hive.ql.metadata.Table;
import org.apache.hadoop.hive.ql.parse.ASTNode;
import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer;
import org.apache.hadoop.hive.ql.parse.DDLSemanticAnalyzer;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.plan.DDLWork;
import org.apache.hadoop.hive.ql.plan.GrantDesc;
import org.apache.hadoop.hive.ql.plan.GrantRevokeRoleDDL;
import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
import org.apache.hadoop.hive.ql.plan.RevokeDesc;
import org.apache.hadoop.hive.ql.plan.RoleDDLDesc;
import org.apache.hadoop.hive.ql.plan.ShowGrantDesc;
import org.apache.hadoop.hive.ql.security.authorization.Privilege;
import org.apache.hadoop.hive.ql.security.authorization.PrivilegeRegistry;
import org.apache.hadoop.hive.ql.security.authorization.PrivilegeType;
import org.apache.hadoop.hive.ql.session.SessionState;

/* loaded from: input_file:WEB-INF/lib/hive-exec-0.13.1.jar:org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.class */
public class HiveAuthorizationTaskFactoryImpl implements HiveAuthorizationTaskFactory {
    private final HiveConf conf;
    private final Hive db;

    public HiveAuthorizationTaskFactoryImpl(HiveConf hiveConf, Hive hive) {
        this.conf = hiveConf;
        this.db = hive;
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createCreateRoleTask(ASTNode aSTNode, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) {
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, new RoleDDLDesc(BaseSemanticAnalyzer.unescapeIdentifier(aSTNode.getChild(0).getText()), PrincipalType.ROLE, RoleDDLDesc.RoleOperation.CREATE_ROLE, null)), this.conf, new Task[0]);
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createDropRoleTask(ASTNode aSTNode, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) {
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, new RoleDDLDesc(BaseSemanticAnalyzer.unescapeIdentifier(aSTNode.getChild(0).getText()), PrincipalType.ROLE, RoleDDLDesc.RoleOperation.DROP_ROLE, null)), this.conf, new Task[0]);
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createShowRoleGrantTask(ASTNode aSTNode, Path path, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) {
        ASTNode aSTNode2 = (ASTNode) aSTNode.getChild(0);
        PrincipalType principalType = PrincipalType.USER;
        switch (aSTNode2.getType()) {
            case 681:
                principalType = PrincipalType.GROUP;
                break;
            case 778:
                principalType = PrincipalType.ROLE;
                break;
            case 874:
                principalType = PrincipalType.USER;
                break;
        }
        RoleDDLDesc roleDDLDesc = new RoleDDLDesc(BaseSemanticAnalyzer.unescapeIdentifier(aSTNode2.getChild(0).getText()), principalType, RoleDDLDesc.RoleOperation.SHOW_ROLE_GRANT, null);
        roleDDLDesc.setResFile(path.toString());
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, roleDDLDesc), this.conf, new Task[0]);
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createGrantTask(ASTNode aSTNode, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) throws SemanticException {
        List<PrivilegeDesc> analyzePrivilegeListDef = analyzePrivilegeListDef((ASTNode) aSTNode.getChild(0));
        List<PrincipalDesc> analyzePrincipalListDef = AuthorizationParseUtils.analyzePrincipalListDef((ASTNode) aSTNode.getChild(1));
        boolean z = false;
        PrivilegeObjectDesc privilegeObjectDesc = null;
        if (aSTNode.getChildCount() > 2) {
            for (int i = 2; i < aSTNode.getChildCount(); i++) {
                ASTNode aSTNode2 = (ASTNode) aSTNode.getChild(i);
                if (aSTNode2.getType() == 680) {
                    z = true;
                } else if (aSTNode2.getType() == 762) {
                    privilegeObjectDesc = analyzePrivilegeObject(aSTNode2, hashSet2);
                }
            }
        }
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, new GrantDesc(privilegeObjectDesc, analyzePrivilegeListDef, analyzePrincipalListDef, SessionState.getUserFromAuthenticator(), PrincipalType.USER, z)), this.conf, new Task[0]);
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createRevokeTask(ASTNode aSTNode, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) throws SemanticException {
        List<PrivilegeDesc> analyzePrivilegeListDef = analyzePrivilegeListDef((ASTNode) aSTNode.getChild(0));
        List<PrincipalDesc> analyzePrincipalListDef = AuthorizationParseUtils.analyzePrincipalListDef((ASTNode) aSTNode.getChild(1));
        PrivilegeObjectDesc privilegeObjectDesc = null;
        if (aSTNode.getChildCount() > 2) {
            privilegeObjectDesc = analyzePrivilegeObject((ASTNode) aSTNode.getChild(2), hashSet2);
        }
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, new RevokeDesc(analyzePrivilegeListDef, analyzePrincipalListDef, privilegeObjectDesc)), this.conf, new Task[0]);
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createGrantRoleTask(ASTNode aSTNode, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) {
        return analyzeGrantRevokeRole(true, aSTNode, hashSet, hashSet2);
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createShowGrantTask(ASTNode aSTNode, Path path, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) throws SemanticException {
        PrincipalDesc principalDesc = null;
        PrivilegeObjectDesc privilegeObjectDesc = null;
        List<String> list = null;
        ASTNode aSTNode2 = null;
        if (aSTNode.getChildCount() > 0) {
            aSTNode2 = (ASTNode) aSTNode.getChild(0);
            principalDesc = AuthorizationParseUtils.getPrincipalDesc(aSTNode2);
            if (principalDesc != null) {
                aSTNode2 = (ASTNode) aSTNode.getChild(1);
            }
        }
        if (aSTNode2 != null) {
            if (aSTNode2.getType() == 771) {
                privilegeObjectDesc = new PrivilegeObjectDesc();
            } else if (aSTNode2.getType() == 763) {
                privilegeObjectDesc = new PrivilegeObjectDesc();
                privilegeObjectDesc.setObject(BaseSemanticAnalyzer.unescapeIdentifier(aSTNode2.getChild(0).getText()));
                privilegeObjectDesc.setTable(((ASTNode) aSTNode2.getChild(1)).getToken().getType() == 850);
                for (int i = 2; i < aSTNode2.getChildCount(); i++) {
                    ASTNode aSTNode3 = (ASTNode) aSTNode2.getChild(i);
                    if (aSTNode3.getType() == 747) {
                        privilegeObjectDesc.setPartSpec(DDLSemanticAnalyzer.getPartSpec(aSTNode3));
                    } else {
                        if (aSTNode3.getType() != 826) {
                            throw new SemanticException("Invalid token type " + aSTNode3.getType());
                        }
                        list = BaseSemanticAnalyzer.getColumnNames(aSTNode3);
                    }
                }
            }
        }
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, new ShowGrantDesc(path.toString(), principalDesc, privilegeObjectDesc, list)), this.conf, new Task[0]);
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createRevokeRoleTask(ASTNode aSTNode, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) {
        return analyzeGrantRevokeRole(false, aSTNode, hashSet, hashSet2);
    }

    private Task<? extends Serializable> analyzeGrantRevokeRole(boolean z, ASTNode aSTNode, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) {
        List<PrincipalDesc> analyzePrincipalListDef = AuthorizationParseUtils.analyzePrincipalListDef((ASTNode) aSTNode.getChild(0));
        int i = 1;
        boolean z2 = false;
        if (((ASTNode) aSTNode.getChild(1)).getToken().getType() == 679) {
            i = 2;
            z2 = true;
        }
        ArrayList arrayList = new ArrayList();
        for (int i2 = i; i2 < aSTNode.getChildCount(); i2++) {
            arrayList.add(BaseSemanticAnalyzer.unescapeIdentifier(aSTNode.getChild(i2).getText()).toLowerCase());
        }
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, new GrantRevokeRoleDDL(z, arrayList, analyzePrincipalListDef, SessionState.getUserFromAuthenticator(), PrincipalType.USER, z2)), this.conf, new Task[0]);
    }

    private PrivilegeObjectDesc analyzePrivilegeObject(ASTNode aSTNode, HashSet<WriteEntity> hashSet) throws SemanticException {
        PrivilegeObjectDesc privilegeObjectDesc = new PrivilegeObjectDesc();
        privilegeObjectDesc.setObject(BaseSemanticAnalyzer.unescapeIdentifier(aSTNode.getChild(0).getText()));
        privilegeObjectDesc.setTable(((ASTNode) aSTNode.getChild(1)).getToken().getType() == 850);
        if (aSTNode.getChildCount() == 3) {
            privilegeObjectDesc.setPartSpec(DDLSemanticAnalyzer.getPartSpec((ASTNode) aSTNode.getChild(2)));
        }
        if (privilegeObjectDesc.getTable()) {
            Table table = getTable(SessionState.get().getCurrentDatabase(), privilegeObjectDesc.getObject());
            if (privilegeObjectDesc.getPartSpec() != null) {
                hashSet.add(new WriteEntity(getPartition(table, privilegeObjectDesc.getPartSpec()), WriteEntity.WriteType.DDL_NO_LOCK));
            } else {
                hashSet.add(new WriteEntity(table, WriteEntity.WriteType.DDL_NO_LOCK));
            }
        }
        return privilegeObjectDesc;
    }

    private List<PrivilegeDesc> analyzePrivilegeListDef(ASTNode aSTNode) throws SemanticException {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < aSTNode.getChildCount(); i++) {
            ASTNode aSTNode2 = (ASTNode) aSTNode.getChild(i);
            ASTNode aSTNode3 = (ASTNode) aSTNode2.getChild(0);
            Privilege privilege = PrivilegeRegistry.getPrivilege(aSTNode3.getType());
            if (privilege == null) {
                throw new SemanticException("Undefined privilege " + PrivilegeType.getPrivTypeByToken(aSTNode3.getType()));
            }
            List<String> list = null;
            if (aSTNode2.getChildCount() > 1) {
                list = BaseSemanticAnalyzer.getColumnNames((ASTNode) aSTNode2.getChild(1));
            }
            arrayList.add(new PrivilegeDesc(privilege, list));
        }
        return arrayList;
    }

    private Table getTable(String str, String str2) throws SemanticException {
        try {
            Table table = str == null ? this.db.getTable(str2, false) : this.db.getTable(str, str2, false);
            if (table == null) {
                throw new SemanticException(ErrorMsg.INVALID_TABLE.getMsg(str2));
            }
            return table;
        } catch (HiveException e) {
            if (e instanceof SemanticException) {
                throw ((SemanticException) e);
            }
            throw new SemanticException(ErrorMsg.INVALID_TABLE.getMsg(str2), e);
        }
    }

    private Partition getPartition(Table table, Map<String, String> map) throws SemanticException {
        try {
            Partition partition = this.db.getPartition(table, map, false);
            if (partition == null) {
                throw new SemanticException(toMessage(ErrorMsg.INVALID_PARTITION, map));
            }
            return partition;
        } catch (HiveException e) {
            if (e instanceof SemanticException) {
                throw ((SemanticException) e);
            }
            throw new SemanticException(toMessage(ErrorMsg.INVALID_PARTITION, map), e);
        }
    }

    private String toMessage(ErrorMsg errorMsg, Object obj) {
        return obj == null ? errorMsg.getMsg() : errorMsg.getMsg(obj.toString());
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createSetRoleTask(String str, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) throws SemanticException {
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, new RoleDDLDesc(str, PrincipalType.ROLE, RoleDDLDesc.RoleOperation.SET_ROLE, null)), this.conf, new Task[0]);
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createShowCurrentRoleTask(HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2, Path path) throws SemanticException {
        RoleDDLDesc roleDDLDesc = new RoleDDLDesc(null, RoleDDLDesc.RoleOperation.SHOW_CURRENT_ROLE);
        roleDDLDesc.setResFile(path.toString());
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, roleDDLDesc), this.conf, new Task[0]);
    }

    @Override // org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory
    public Task<? extends Serializable> createShowRolePrincipalsTask(ASTNode aSTNode, Path path, HashSet<ReadEntity> hashSet, HashSet<WriteEntity> hashSet2) throws SemanticException {
        if (aSTNode.getChildCount() != 1) {
            throw new AssertionError("Unexpected Tokens in SHOW ROLE PRINCIPALS");
        }
        RoleDDLDesc roleDDLDesc = new RoleDDLDesc(aSTNode.getChild(0).getText(), PrincipalType.ROLE, RoleDDLDesc.RoleOperation.SHOW_ROLE_PRINCIPALS, null);
        roleDDLDesc.setResFile(path.toString());
        return TaskFactory.get(new DDLWork(hashSet, hashSet2, roleDDLDesc), this.conf, new Task[0]);
    }
}
