package org.apache.sentry.core.model.db.validator;

import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
import org.apache.sentry.core.model.db.AccessURI;
import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.apache.sentry.core.model.db.Database;
import org.apache.shiro.config.ConfigurationException;

/* loaded from: input_file:org/apache/sentry/core/model/db/validator/DatabaseRequiredInPrivilege.class */
public class DatabaseRequiredInPrivilege extends AbstractDBPrivilegeValidator {
    public void validate(PrivilegeValidatorContext privilegeValidatorContext) throws ConfigurationException {
        String database = privilegeValidatorContext.getDatabase();
        String privilege = privilegeValidatorContext.getPrivilege();
        if (database != null) {
            Iterable<DBModelAuthorizable> parsePrivilege = parsePrivilege(privilege);
            boolean z = false;
            boolean z2 = false;
            boolean z3 = "true".equalsIgnoreCase(System.getProperty("sentry.allow.uri.db.policyfile"));
            for (DBModelAuthorizable dBModelAuthorizable : parsePrivilege) {
                if (dBModelAuthorizable instanceof Database) {
                    z = true;
                }
                if (dBModelAuthorizable instanceof AccessURI) {
                    if (z) {
                        throw new ConfigurationException("URI object is specified at DB scope in " + privilege);
                    }
                    z2 = true;
                }
            }
            if (z) {
                return;
            }
            if (!z2 || !z3) {
                throw new ConfigurationException("Missing database object in " + privilege);
            }
        }
    }
}
