package org.apache.sentry.binding.hive.v2;

import java.io.Serializable;
import java.security.CodeSource;
import java.util.Iterator;
import java.util.List;
import org.apache.hadoop.hive.ql.exec.DDLTask;
import org.apache.hadoop.hive.ql.exec.SentryFilterDDLTask;
import org.apache.hadoop.hive.ql.exec.Task;
import org.apache.hadoop.hive.ql.exec.Utilities;
import org.apache.hadoop.hive.ql.lib.Node;
import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
import org.apache.hadoop.hive.ql.parse.ASTNode;
import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer;
import org.apache.hadoop.hive.ql.parse.HiveSemanticAnalyzerHookContext;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.apache.sentry.binding.hive.HiveAuthzBindingHookBase;
import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.model.db.Database;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookV2.class */
public class HiveAuthzBindingHookV2 extends HiveAuthzBindingHookBase {
    private static final Logger LOG = LoggerFactory.getLogger(HiveAuthzBindingHookV2.class);

    public ASTNode preAnalyze(HiveSemanticAnalyzerHookContext hiveSemanticAnalyzerHookContext, ASTNode aSTNode) throws SemanticException {
        switch (aSTNode.getToken().getType()) {
            case 672:
                String unescapeSQLString = BaseSemanticAnalyzer.unescapeSQLString(aSTNode.getChild(1).getText());
                try {
                    CodeSource codeSource = Class.forName(unescapeSQLString, true, Utilities.getSessionSpecifiedClassLoader()).getProtectionDomain().getCodeSource();
                    if (codeSource != null) {
                        String path = codeSource.getLocation().getPath();
                        if (path != null && !path.isEmpty()) {
                            this.udfURI = parseURI(codeSource.getLocation().toString(), true);
                            this.currDB = Database.ALL;
                            break;
                        } else {
                            throw new SemanticException("Could not find the jar for UDF class " + unescapeSQLString + "to validate privileges");
                        }
                    } else {
                        throw new SemanticException("Could not resolve the jar for UDF class " + unescapeSQLString);
                    }
                } catch (ClassNotFoundException e) {
                    throw new SemanticException("Error retrieving udf class", e);
                }
            case 677:
                Iterator it = aSTNode.getChildren().iterator();
                while (it.hasNext()) {
                    ASTNode aSTNode2 = (Node) it.next();
                    if ("TOK_TABLESERIALIZER".equals(aSTNode2.getText())) {
                        setSerdeURI(BaseSemanticAnalyzer.unescapeSQLString(aSTNode2.getChild(0).getChild(0).getText()));
                    }
                }
                break;
            case 702:
                this.currDB = Database.ALL;
                break;
        }
        return aSTNode;
    }

    public void postAnalyze(HiveSemanticAnalyzerHookContext hiveSemanticAnalyzerHookContext, List<Task<? extends Serializable>> list) throws SemanticException {
        HiveOperation currentHiveStmtOp = getCurrentHiveStmtOp();
        Subject subject = new Subject(hiveSemanticAnalyzerHookContext.getUserName());
        for (int i = 0; i < list.size(); i++) {
            Task<? extends Serializable> task = list.get(i);
            if (task instanceof DDLTask) {
                SentryFilterDDLTask sentryFilterDDLTask = new SentryFilterDDLTask(this.hiveAuthzBinding, subject, currentHiveStmtOp);
                sentryFilterDDLTask.setWork(task.getWork());
                list.set(i, sentryFilterDDLTask);
            }
        }
        HiveAuthzPrivileges hiveAuthzPrivileges = HiveAuthzPrivilegesMapV2.getHiveAuthzPrivileges(currentHiveStmtOp);
        if (currentHiveStmtOp.equals(HiveOperation.CREATEFUNCTION) || currentHiveStmtOp.equals(HiveOperation.DROPFUNCTION) || currentHiveStmtOp.equals(HiveOperation.CREATETABLE)) {
            if (hiveAuthzPrivileges == null) {
                return;
            }
            try {
                try {
                    authorizeWithHiveBindings(hiveSemanticAnalyzerHookContext, hiveAuthzPrivileges, currentHiveStmtOp);
                    this.hiveAuthzBinding.close();
                } catch (AuthorizationException e) {
                    executeOnFailureHooks(hiveSemanticAnalyzerHookContext, currentHiveStmtOp, e);
                    String str = "";
                    Iterator it = this.hiveAuthzBinding.getLastQueryPrivilegeErrors().iterator();
                    while (it.hasNext()) {
                        str = str + ((String) it.next()) + ";";
                    }
                    SessionState.get().getConf().set("sentry.hive.authorization.errors", str);
                    String str2 = "No valid privileges\n " + e.getMessage();
                    LOG.info("No valid privileges\n Required privileges for this query: " + str);
                    throw new SemanticException(str2, e);
                }
            } finally {
                this.hiveAuthzBinding.close();
            }
        }
    }
}
