package org.apache.sentry.hdfs;

import com.codahale.metrics.Timer;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicLong;
import org.apache.hadoop.conf.Configuration;
import org.apache.sentry.core.common.utils.SigUtils;
import org.apache.sentry.hdfs.ServiceConstants;
import org.apache.sentry.hdfs.UpdateForwarder;
import org.apache.sentry.hdfs.service.thrift.TPermissionsUpdate;
import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges;
import org.apache.sentry.hdfs.service.thrift.TRoleChanges;
import org.apache.sentry.provider.db.SentryPolicyStorePlugin;
import org.apache.sentry.provider.db.service.persistent.SentryStore;
import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsRequest;
import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsRequest;
import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
import org.apache.sentry.provider.db.service.thrift.TDropPrivilegesRequest;
import org.apache.sentry.provider.db.service.thrift.TDropSentryRoleRequest;
import org.apache.sentry.provider.db.service.thrift.TRenamePrivilegesRequest;
import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable;
import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/hdfs/SentryPlugin.class */
public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListener {
    private static final Logger LOGGER = LoggerFactory.getLogger(SentryPlugin.class);
    public static volatile SentryPlugin instance;
    private UpdateForwarder<PathsUpdate> pathsUpdater;
    private UpdateForwarder<PermissionsUpdate> permsUpdater;
    private PermImageRetriever permImageRetriever;
    private static final long NO_LAST_SEEN_HMS_PATH_SEQ_NUM = 0;
    private final AtomicBoolean fullUpdateHMSWait = new AtomicBoolean(false);
    private final AtomicBoolean fullUpdateHMS = new AtomicBoolean(false);
    private final AtomicBoolean fullUpdateNN = new AtomicBoolean(false);
    private final AtomicLong permSeqNum = new AtomicLong(5);
    private boolean outOfSync = false;

    /* loaded from: input_file:org/apache/sentry/hdfs/SentryPlugin$PermImageRetriever.class */
    static class PermImageRetriever implements UpdateForwarder.ExternalImageRetriever<PermissionsUpdate> {
        private final SentryStore sentryStore;

        public PermImageRetriever(SentryStore sentryStore) {
            this.sentryStore = sentryStore;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.sentry.hdfs.UpdateForwarder.ExternalImageRetriever
        public PermissionsUpdate retrieveFullImage(long j) throws Exception {
            Timer.Context time = SentryHdfsMetricsUtil.getRetrieveFullImageTimer.time();
            Throwable th = null;
            try {
                try {
                    SentryHdfsMetricsUtil.getRetrieveFullImageTimer.time();
                    Map retrieveFullPrivilegeImage = this.sentryStore.retrieveFullPrivilegeImage();
                    Map retrieveFullRoleImage = this.sentryStore.retrieveFullRoleImage();
                    TPermissionsUpdate tPermissionsUpdate = new TPermissionsUpdate(true, j, new HashMap(), new HashMap());
                    for (Map.Entry entry : retrieveFullPrivilegeImage.entrySet()) {
                        String str = (String) entry.getKey();
                        tPermissionsUpdate.putToPrivilegeChanges(str, new TPrivilegeChanges(str, (HashMap) entry.getValue(), new HashMap()));
                    }
                    for (Map.Entry entry2 : retrieveFullRoleImage.entrySet()) {
                        String str2 = (String) entry2.getKey();
                        tPermissionsUpdate.putToRoleChanges(str2, new TRoleChanges(str2, (LinkedList) entry2.getValue(), new LinkedList()));
                    }
                    PermissionsUpdate permissionsUpdate = new PermissionsUpdate(tPermissionsUpdate);
                    permissionsUpdate.setSeqNum(j);
                    SentryHdfsMetricsUtil.getPrivilegeChangesHistogram.update(tPermissionsUpdate.getPrivilegeChangesSize());
                    SentryHdfsMetricsUtil.getRoleChangesHistogram.update(tPermissionsUpdate.getRoleChangesSize());
                    if (time != null) {
                        if (0 != 0) {
                            try {
                                time.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            time.close();
                        }
                    }
                    return permissionsUpdate;
                } finally {
                }
            } catch (Throwable th3) {
                if (time != null) {
                    if (th != null) {
                        try {
                            time.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        time.close();
                    }
                }
                throw th3;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long getLastSeenHMSPathSeqNum() {
        if (!this.fullUpdateHMS.getAndSet(false)) {
            return this.pathsUpdater.getLastSeen();
        }
        LOGGER.info("SIGNAL HANDLING: asking for full update from HMS");
        return NO_LAST_SEEN_HMS_PATH_SEQ_NUM;
    }

    public void initialize(Configuration configuration, SentryStore sentryStore) throws SentryPolicyStorePlugin.SentryPluginException {
        String[] strings = configuration.getStrings("sentry.hdfs.integration.path.prefixes", ServiceConstants.ServerConfig.SENTRY_HDFS_INTEGRATION_PATH_PREFIXES_DEFAULT);
        int i = configuration.getInt("sentry.hdfs.init.update.retry.delay.ms", 10000);
        this.permImageRetriever = new PermImageRetriever(sentryStore);
        this.pathsUpdater = UpdateForwarder.create(configuration, new UpdateableAuthzPaths(strings), new PathsUpdate(NO_LAST_SEEN_HMS_PATH_SEQ_NUM, false), null, 100, i);
        this.permsUpdater = UpdateForwarder.create(configuration, new UpdateablePermissions(this.permImageRetriever), new PermissionsUpdate(NO_LAST_SEEN_HMS_PATH_SEQ_NUM, false), this.permImageRetriever, 100, i);
        LOGGER.info("Sentry HDFS plugin initialized !!");
        instance = this;
        String[] strings2 = configuration.getStrings("sentry.hdfs.sync.full-update-signal", (String[]) null);
        if (strings2 == null || strings2.length == 0) {
            return;
        }
        for (String str : strings2) {
            try {
                LOGGER.info("SIGNAL HANDLING: Registering Signal Handler For " + str);
                SigUtils.registerSigListener(str, this);
            } catch (Exception e) {
                LOGGER.error("SIGNAL HANDLING: Signal Handle Registration Failure", e);
            }
        }
    }

    public List<PathsUpdate> getAllPathsUpdatesFrom(long j) throws Exception {
        if (!this.fullUpdateNN.get()) {
            return this.pathsUpdater.getAllUpdatesFrom(j);
        }
        if (this.fullUpdateHMSWait.get()) {
            LOGGER.warn("SIGNAL HANDLING: sending partial update to NameNode: still waiting for full update from HMS");
            return this.pathsUpdater.getAllUpdatesFrom(j);
        }
        LOGGER.info("SIGNAL HANDLING: sending full update to NameNode");
        this.fullUpdateNN.set(false);
        List<PathsUpdate> allUpdatesFrom = this.pathsUpdater.getAllUpdatesFrom(NO_LAST_SEEN_HMS_PATH_SEQ_NUM);
        if (allUpdatesFrom == null) {
            LOGGER.warn("SIGNAL HANDLING: returned NULL instead of full update to NameNode (???)");
        } else if (allUpdatesFrom.isEmpty()) {
            LOGGER.warn("SIGNAL HANDLING: Sending empty instead of full update to NameNode (???)");
        } else if (allUpdatesFrom.get(0).hasFullImage()) {
            LOGGER.info("SIGNAL HANDLING: Confirmed full update to NameNode");
        } else {
            LOGGER.warn("SIGNAL HANDLING: Sending partial instead of full update to NameNode (???)");
        }
        return allUpdatesFrom;
    }

    public List<PermissionsUpdate> getAllPermsUpdatesFrom(long j) throws Exception {
        return this.permsUpdater.getAllUpdatesFrom(j);
    }

    public void handlePathUpdateNotification(PathsUpdate pathsUpdate) throws SentryPolicyStorePlugin.SentryPluginException {
        this.pathsUpdater.handleUpdateNotification(pathsUpdate);
        if (!pathsUpdate.hasFullImage()) {
            LOGGER.debug("Recieved Authz Path update [" + pathsUpdate.getSeqNum() + "]..");
        } else {
            LOGGER.warn("Recieved Authz Path FULL update [" + pathsUpdate.getSeqNum() + "]..");
            this.fullUpdateHMSWait.set(false);
        }
    }

    public void onAlterSentryRoleAddGroups(TAlterSentryRoleAddGroupsRequest tAlterSentryRoleAddGroupsRequest) throws SentryPolicyStorePlugin.SentryPluginException {
        PermissionsUpdate permissionsUpdate = new PermissionsUpdate(this.permSeqNum.incrementAndGet(), false);
        TRoleChanges addRoleUpdate = permissionsUpdate.addRoleUpdate(tAlterSentryRoleAddGroupsRequest.getRoleName());
        Iterator it = tAlterSentryRoleAddGroupsRequest.getGroups().iterator();
        while (it.hasNext()) {
            addRoleUpdate.addToAddGroups(((TSentryGroup) it.next()).getGroupName());
        }
        this.permsUpdater.handleUpdateNotification(permissionsUpdate);
        LOGGER.debug("Authz Perm preUpdate [" + permissionsUpdate.getSeqNum() + ", " + tAlterSentryRoleAddGroupsRequest.getRoleName() + "]..");
    }

    public void onAlterSentryRoleDeleteGroups(TAlterSentryRoleDeleteGroupsRequest tAlterSentryRoleDeleteGroupsRequest) throws SentryPolicyStorePlugin.SentryPluginException {
        PermissionsUpdate permissionsUpdate = new PermissionsUpdate(this.permSeqNum.incrementAndGet(), false);
        TRoleChanges addRoleUpdate = permissionsUpdate.addRoleUpdate(tAlterSentryRoleDeleteGroupsRequest.getRoleName());
        Iterator it = tAlterSentryRoleDeleteGroupsRequest.getGroups().iterator();
        while (it.hasNext()) {
            addRoleUpdate.addToDelGroups(((TSentryGroup) it.next()).getGroupName());
        }
        this.permsUpdater.handleUpdateNotification(permissionsUpdate);
        LOGGER.debug("Authz Perm preUpdate [" + permissionsUpdate.getSeqNum() + ", " + tAlterSentryRoleDeleteGroupsRequest.getRoleName() + "]..");
    }

    public void onAlterSentryRoleGrantPrivilege(TAlterSentryRoleGrantPrivilegeRequest tAlterSentryRoleGrantPrivilegeRequest) throws SentryPolicyStorePlugin.SentryPluginException {
        if (tAlterSentryRoleGrantPrivilegeRequest.isSetPrivileges()) {
            String roleName = tAlterSentryRoleGrantPrivilegeRequest.getRoleName();
            for (TSentryPrivilege tSentryPrivilege : tAlterSentryRoleGrantPrivilegeRequest.getPrivileges()) {
                if (!"COLUMN".equalsIgnoreCase(tSentryPrivilege.getPrivilegeScope())) {
                    onAlterSentryRoleGrantPrivilegeCore(roleName, tSentryPrivilege);
                }
            }
        }
    }

    private void onAlterSentryRoleGrantPrivilegeCore(String str, TSentryPrivilege tSentryPrivilege) throws SentryPolicyStorePlugin.SentryPluginException {
        String authzObj = getAuthzObj(tSentryPrivilege);
        if (authzObj != null) {
            PermissionsUpdate permissionsUpdate = new PermissionsUpdate(this.permSeqNum.incrementAndGet(), false);
            permissionsUpdate.addPrivilegeUpdate(authzObj).putToAddPrivileges(str, tSentryPrivilege.getAction().toUpperCase());
            this.permsUpdater.handleUpdateNotification(permissionsUpdate);
            LOGGER.debug("Authz Perm preUpdate [" + permissionsUpdate.getSeqNum() + "]..");
        }
    }

    public void onRenameSentryPrivilege(TRenamePrivilegesRequest tRenamePrivilegesRequest) throws SentryPolicyStorePlugin.SentryPluginException {
        String authzObj = getAuthzObj(tRenamePrivilegesRequest.getOldAuthorizable());
        String authzObj2 = getAuthzObj(tRenamePrivilegesRequest.getNewAuthorizable());
        PermissionsUpdate permissionsUpdate = new PermissionsUpdate(this.permSeqNum.incrementAndGet(), false);
        TPrivilegeChanges addPrivilegeUpdate = permissionsUpdate.addPrivilegeUpdate("__RENAME_PRIV__");
        addPrivilegeUpdate.putToAddPrivileges(authzObj2, authzObj2);
        addPrivilegeUpdate.putToDelPrivileges(authzObj, authzObj);
        this.permsUpdater.handleUpdateNotification(permissionsUpdate);
        LOGGER.debug("Authz Perm preUpdate [" + permissionsUpdate.getSeqNum() + ", " + authzObj2 + ", " + authzObj + "]..");
    }

    public void onAlterSentryRoleRevokePrivilege(TAlterSentryRoleRevokePrivilegeRequest tAlterSentryRoleRevokePrivilegeRequest) throws SentryPolicyStorePlugin.SentryPluginException {
        if (tAlterSentryRoleRevokePrivilegeRequest.isSetPrivileges()) {
            String roleName = tAlterSentryRoleRevokePrivilegeRequest.getRoleName();
            for (TSentryPrivilege tSentryPrivilege : tAlterSentryRoleRevokePrivilegeRequest.getPrivileges()) {
                if (!"COLUMN".equalsIgnoreCase(tSentryPrivilege.getPrivilegeScope())) {
                    onAlterSentryRoleRevokePrivilegeCore(roleName, tSentryPrivilege);
                }
            }
        }
    }

    public boolean isOutOfSync() {
        return this.outOfSync;
    }

    public void setOutOfSync(boolean z) {
        this.outOfSync = z;
    }

    private void onAlterSentryRoleRevokePrivilegeCore(String str, TSentryPrivilege tSentryPrivilege) throws SentryPolicyStorePlugin.SentryPluginException {
        String authzObj = getAuthzObj(tSentryPrivilege);
        if (authzObj != null) {
            PermissionsUpdate permissionsUpdate = new PermissionsUpdate(this.permSeqNum.incrementAndGet(), false);
            permissionsUpdate.addPrivilegeUpdate(authzObj).putToDelPrivileges(str, tSentryPrivilege.getAction().toUpperCase());
            this.permsUpdater.handleUpdateNotification(permissionsUpdate);
            LOGGER.debug("Authz Perm preUpdate [" + permissionsUpdate.getSeqNum() + ", " + authzObj + "]..");
        }
    }

    public void onDropSentryRole(TDropSentryRoleRequest tDropSentryRoleRequest) throws SentryPolicyStorePlugin.SentryPluginException {
        PermissionsUpdate permissionsUpdate = new PermissionsUpdate(this.permSeqNum.incrementAndGet(), false);
        permissionsUpdate.addPrivilegeUpdate("__ALL_AUTHZ_OBJ__").putToDelPrivileges(tDropSentryRoleRequest.getRoleName(), "__ALL_AUTHZ_OBJ__");
        permissionsUpdate.addRoleUpdate(tDropSentryRoleRequest.getRoleName()).addToDelGroups("__ALL_GROUPS__");
        this.permsUpdater.handleUpdateNotification(permissionsUpdate);
        LOGGER.debug("Authz Perm preUpdate [" + permissionsUpdate.getSeqNum() + ", " + tDropSentryRoleRequest.getRoleName() + "]..");
    }

    public void onDropSentryPrivilege(TDropPrivilegesRequest tDropPrivilegesRequest) throws SentryPolicyStorePlugin.SentryPluginException {
        PermissionsUpdate permissionsUpdate = new PermissionsUpdate(this.permSeqNum.incrementAndGet(), false);
        String authzObj = getAuthzObj(tDropPrivilegesRequest.getAuthorizable());
        permissionsUpdate.addPrivilegeUpdate(authzObj).putToDelPrivileges("__ALL_ROLES__", "__ALL_ROLES__");
        this.permsUpdater.handleUpdateNotification(permissionsUpdate);
        LOGGER.debug("Authz Perm preUpdate [" + permissionsUpdate.getSeqNum() + ", " + authzObj + "]..");
    }

    public void onSignal(String str) {
        LOGGER.info("SIGNAL HANDLING: Received signal " + str + ", triggering full update");
        this.fullUpdateHMS.set(true);
        this.fullUpdateHMSWait.set(true);
        this.fullUpdateNN.set(true);
    }

    private String getAuthzObj(TSentryPrivilege tSentryPrivilege) {
        String str = null;
        if (!SentryStore.isNULL(tSentryPrivilege.getDbName())) {
            String dbName = tSentryPrivilege.getDbName();
            String tableName = tSentryPrivilege.getTableName();
            str = SentryStore.isNULL(tableName) ? dbName : dbName + "." + tableName;
        }
        if (str == null) {
            return null;
        }
        return str.toLowerCase();
    }

    private String getAuthzObj(TSentryAuthorizable tSentryAuthorizable) {
        String str = null;
        if (!SentryStore.isNULL(tSentryAuthorizable.getDb())) {
            String db = tSentryAuthorizable.getDb();
            String table = tSentryAuthorizable.getTable();
            str = SentryStore.isNULL(table) ? db : db + "." + table;
        }
        if (str == null) {
            return null;
        }
        return str.toLowerCase();
    }
}
