package org.apache.hadoop.hive.ql.security.authorization;

import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.common.classification.InterfaceAudience;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.MetaStorePreEventListener;
import org.apache.hadoop.hive.metastore.MetaStoreUtils;
import org.apache.hadoop.hive.metastore.TableType;
import org.apache.hadoop.hive.metastore.api.Database;
import org.apache.hadoop.hive.metastore.api.InvalidOperationException;
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.hive.metastore.api.NoSuchObjectException;
import org.apache.hadoop.hive.metastore.events.PreAddPartitionEvent;
import org.apache.hadoop.hive.metastore.events.PreAlterPartitionEvent;
import org.apache.hadoop.hive.metastore.events.PreAlterTableEvent;
import org.apache.hadoop.hive.metastore.events.PreCreateDatabaseEvent;
import org.apache.hadoop.hive.metastore.events.PreCreateTableEvent;
import org.apache.hadoop.hive.metastore.events.PreDropDatabaseEvent;
import org.apache.hadoop.hive.metastore.events.PreDropPartitionEvent;
import org.apache.hadoop.hive.metastore.events.PreDropTableEvent;
import org.apache.hadoop.hive.metastore.events.PreEventContext;
import org.apache.hadoop.hive.metastore.events.PreReadDatabaseEvent;
import org.apache.hadoop.hive.metastore.events.PreReadTableEvent;
import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.metadata.HiveUtils;
import org.apache.hadoop.hive.ql.metadata.Partition;
import org.apache.hadoop.hive.ql.metadata.Table;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
import org.apache.hadoop.hive.ql.security.HiveMetastoreAuthenticationProvider;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hadoop/hive/ql/security/authorization/AuthorizationPreEventListener.class */
public class AuthorizationPreEventListener extends MetaStorePreEventListener {
    public static final Log LOG = LogFactory.getLog(AuthorizationPreEventListener.class);
    private final ThreadLocal<Configuration> tConfig;
    private final ThreadLocal<HiveMetastoreAuthenticationProvider> tAuthenticator;
    private final ThreadLocal<List<HiveMetastoreAuthorizationProvider>> tAuthorizers;
    private final ThreadLocal<Boolean> tConfigSetOnAuths;

    /* loaded from: input_file:org/apache/hadoop/hive/ql/security/authorization/AuthorizationPreEventListener$PartitionWrapper.class */
    public static class PartitionWrapper extends Partition {
        public PartitionWrapper(Table table, org.apache.hadoop.hive.metastore.api.Partition partition) throws HiveException {
            initialize(table, partition);
        }

        public PartitionWrapper(org.apache.hadoop.hive.metastore.api.Partition partition, PreEventContext preEventContext) throws HiveException, NoSuchObjectException, MetaException {
            org.apache.hadoop.hive.metastore.api.Partition deepCopy = partition.deepCopy();
            org.apache.hadoop.hive.metastore.api.Table table = preEventContext.getHandler().get_table_core(partition.getDbName(), partition.getTableName());
            if (deepCopy.getSd() == null) {
                deepCopy.setSd(table.getSd());
            }
            initialize(new TableWrapper(table), deepCopy);
        }
    }

    /* loaded from: input_file:org/apache/hadoop/hive/ql/security/authorization/AuthorizationPreEventListener$TableWrapper.class */
    public static class TableWrapper extends Table {
        public TableWrapper(org.apache.hadoop.hive.metastore.api.Table table) {
            org.apache.hadoop.hive.metastore.api.Table deepCopy = table.deepCopy();
            if (deepCopy.getTableType() == null) {
                if (MetaStoreUtils.isExternalTable(deepCopy)) {
                    deepCopy.setTableType(TableType.EXTERNAL_TABLE.toString());
                } else if (MetaStoreUtils.isIndexTable(deepCopy)) {
                    deepCopy.setTableType(TableType.INDEX_TABLE.toString());
                } else if (deepCopy.getSd() == null || deepCopy.getSd().getLocation() == null) {
                    deepCopy.setTableType(TableType.VIRTUAL_VIEW.toString());
                } else {
                    deepCopy.setTableType(TableType.MANAGED_TABLE.toString());
                }
            }
            initialize(deepCopy);
        }
    }

    public AuthorizationPreEventListener(Configuration configuration) throws HiveException {
        super(configuration);
        this.tConfig = new ThreadLocal<Configuration>() { // from class: org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.lang.ThreadLocal
            public Configuration initialValue() {
                return new HiveConf((Class<?>) AuthorizationPreEventListener.class);
            }
        };
        this.tAuthenticator = new ThreadLocal<HiveMetastoreAuthenticationProvider>() { // from class: org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener.2
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.lang.ThreadLocal
            public HiveMetastoreAuthenticationProvider initialValue() {
                try {
                    return (HiveMetastoreAuthenticationProvider) HiveUtils.getAuthenticator((Configuration) AuthorizationPreEventListener.this.tConfig.get(), HiveConf.ConfVars.HIVE_METASTORE_AUTHENTICATOR_MANAGER);
                } catch (HiveException e) {
                    throw new IllegalStateException("Authentication provider instantiation failure", e);
                }
            }
        };
        this.tAuthorizers = new ThreadLocal<List<HiveMetastoreAuthorizationProvider>>() { // from class: org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener.3
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.lang.ThreadLocal
            public List<HiveMetastoreAuthorizationProvider> initialValue() {
                try {
                    return HiveUtils.getMetaStoreAuthorizeProviderManagers((Configuration) AuthorizationPreEventListener.this.tConfig.get(), HiveConf.ConfVars.HIVE_METASTORE_AUTHORIZATION_MANAGER, (HiveAuthenticationProvider) AuthorizationPreEventListener.this.tAuthenticator.get());
                } catch (HiveException e) {
                    throw new IllegalStateException("Authorization provider instantiation failure", e);
                }
            }
        };
        this.tConfigSetOnAuths = new ThreadLocal<Boolean>() { // from class: org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener.4
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.lang.ThreadLocal
            public Boolean initialValue() {
                return false;
            }
        };
    }

    @Override // org.apache.hadoop.hive.metastore.MetaStorePreEventListener
    public void onEvent(PreEventContext preEventContext) throws MetaException, NoSuchObjectException, InvalidOperationException {
        if (!this.tConfigSetOnAuths.get().booleanValue()) {
            this.tConfig.set(preEventContext.getHandler().getConf());
            this.tAuthenticator.get().setConf(this.tConfig.get());
            Iterator<HiveMetastoreAuthorizationProvider> it = this.tAuthorizers.get().iterator();
            while (it.hasNext()) {
                it.next().setConf(this.tConfig.get());
            }
            this.tConfigSetOnAuths.set(true);
        }
        this.tAuthenticator.get().setMetaStoreHandler(preEventContext.getHandler());
        Iterator<HiveMetastoreAuthorizationProvider> it2 = this.tAuthorizers.get().iterator();
        while (it2.hasNext()) {
            it2.next().setMetaStoreHandler(preEventContext.getHandler());
        }
        switch (preEventContext.getEventType()) {
            case CREATE_TABLE:
                authorizeCreateTable((PreCreateTableEvent) preEventContext);
                return;
            case DROP_TABLE:
                authorizeDropTable((PreDropTableEvent) preEventContext);
                return;
            case ALTER_TABLE:
                authorizeAlterTable((PreAlterTableEvent) preEventContext);
                return;
            case READ_TABLE:
                authorizeReadTable((PreReadTableEvent) preEventContext);
                return;
            case READ_DATABASE:
                authorizeReadDatabase((PreReadDatabaseEvent) preEventContext);
                return;
            case ADD_PARTITION:
                authorizeAddPartition((PreAddPartitionEvent) preEventContext);
                return;
            case DROP_PARTITION:
                authorizeDropPartition((PreDropPartitionEvent) preEventContext);
                return;
            case ALTER_PARTITION:
                authorizeAlterPartition((PreAlterPartitionEvent) preEventContext);
                return;
            case CREATE_DATABASE:
                authorizeCreateDatabase((PreCreateDatabaseEvent) preEventContext);
                return;
            case DROP_DATABASE:
                authorizeDropDatabase((PreDropDatabaseEvent) preEventContext);
                return;
            case LOAD_PARTITION_DONE:
            default:
                return;
            case AUTHORIZATION_API_CALL:
                authorizeAuthorizationAPICall();
                return;
        }
    }

    private void authorizeReadTable(PreReadTableEvent preReadTableEvent) throws InvalidOperationException, MetaException {
        if (isReadAuthzEnabled()) {
            try {
                TableWrapper tableWrapper = new TableWrapper(preReadTableEvent.getTable());
                Iterator<HiveMetastoreAuthorizationProvider> it = this.tAuthorizers.get().iterator();
                while (it.hasNext()) {
                    it.next().authorize(tableWrapper, new Privilege[]{Privilege.SELECT}, (Privilege[]) null);
                }
            } catch (AuthorizationException e) {
                throw invalidOperationException(e);
            } catch (HiveException e2) {
                throw metaException(e2);
            }
        }
    }

    private void authorizeReadDatabase(PreReadDatabaseEvent preReadDatabaseEvent) throws InvalidOperationException, MetaException {
        if (isReadAuthzEnabled()) {
            try {
                Iterator<HiveMetastoreAuthorizationProvider> it = this.tAuthorizers.get().iterator();
                while (it.hasNext()) {
                    it.next().authorize(new Database(preReadDatabaseEvent.getDatabase()), new Privilege[]{Privilege.SELECT}, (Privilege[]) null);
                }
            } catch (AuthorizationException e) {
                throw invalidOperationException(e);
            } catch (HiveException e2) {
                throw metaException(e2);
            }
        }
    }

    private boolean isReadAuthzEnabled() {
        return this.tConfig.get().getBoolean(HiveConf.ConfVars.HIVE_METASTORE_AUTHORIZATION_AUTH_READS.varname, true);
    }

    private void authorizeAuthorizationAPICall() throws InvalidOperationException, MetaException {
        Iterator<HiveMetastoreAuthorizationProvider> it = this.tAuthorizers.get().iterator();
        while (it.hasNext()) {
            try {
                it.next().authorizeAuthorizationApiInvocation();
            } catch (AuthorizationException e) {
                throw invalidOperationException(e);
            } catch (HiveException e2) {
                throw metaException(e2);
            }
        }
    }

    private void authorizeCreateDatabase(PreCreateDatabaseEvent preCreateDatabaseEvent) throws InvalidOperationException, MetaException {
        try {
            Iterator<HiveMetastoreAuthorizationProvider> it = this.tAuthorizers.get().iterator();
            while (it.hasNext()) {
                it.next().authorize(new Database(preCreateDatabaseEvent.getDatabase()), HiveOperation.CREATEDATABASE.getInputRequiredPrivileges(), HiveOperation.CREATEDATABASE.getOutputRequiredPrivileges());
            }
        } catch (AuthorizationException e) {
            throw invalidOperationException(e);
        } catch (HiveException e2) {
            throw metaException(e2);
        }
    }

    private void authorizeDropDatabase(PreDropDatabaseEvent preDropDatabaseEvent) throws InvalidOperationException, MetaException {
        try {
            Iterator<HiveMetastoreAuthorizationProvider> it = this.tAuthorizers.get().iterator();
            while (it.hasNext()) {
                it.next().authorize(new Database(preDropDatabaseEvent.getDatabase()), HiveOperation.DROPDATABASE.getInputRequiredPrivileges(), HiveOperation.DROPDATABASE.getOutputRequiredPrivileges());
            }
        } catch (AuthorizationException e) {
            throw invalidOperationException(e);
        } catch (HiveException e2) {
            throw metaException(e2);
        }
    }

    private void authorizeCreateTable(PreCreateTableEvent preCreateTableEvent) throws InvalidOperationException, MetaException {
        try {
            TableWrapper tableWrapper = new TableWrapper(preCreateTableEvent.getTable());
            Iterator<HiveMetastoreAuthorizationProvider> it = this.tAuthorizers.get().iterator();
            while (it.hasNext()) {
                it.next().authorize(tableWrapper, HiveOperation.CREATETABLE.getInputRequiredPrivileges(), HiveOperation.CREATETABLE.getOutputRequiredPrivileges());
            }
        } catch (AuthorizationException e) {
            throw invalidOperationException(e);
        } catch (HiveException e2) {
            throw metaException(e2);
        }
    }

    private void authorizeDropTable(PreDropTableEvent preDropTableEvent) throws InvalidOperationException, MetaException {
        try {
            TableWrapper tableWrapper = new TableWrapper(preDropTableEvent.getTable());
            Iterator<HiveMetastoreAuthorizationProvider> it = this.tAuthorizers.get().iterator();
            while (it.hasNext()) {
                it.next().authorize(tableWrapper, HiveOperation.DROPTABLE.getInputRequiredPrivileges(), HiveOperation.DROPTABLE.getOutputRequiredPrivileges());
            }
        } catch (AuthorizationException e) {
            throw invalidOperationException(e);
        } catch (HiveException e2) {
            throw metaException(e2);
        }
    }

    private void authorizeAlterTable(PreAlterTableEvent preAlterTableEvent) throws InvalidOperationException, MetaException {
        try {
            TableWrapper tableWrapper = new TableWrapper(preAlterTableEvent.getOldTable());
            Iterator<HiveMetastoreAuthorizationProvider> it = this.tAuthorizers.get().iterator();
            while (it.hasNext()) {
                it.next().authorize(tableWrapper, (Privilege[]) null, new Privilege[]{Privilege.ALTER_METADATA});
            }
        } catch (AuthorizationException e) {
            throw invalidOperationException(e);
        } catch (HiveException e2) {
            throw metaException(e2);
        }
    }

    private void authorizeAddPartition(PreAddPartitionEvent preAddPartitionEvent) throws InvalidOperationException, MetaException {
        try {
            Iterator<org.apache.hadoop.hive.metastore.api.Partition> it = preAddPartitionEvent.getPartitions().iterator();
            while (it.hasNext()) {
                PartitionWrapper partitionWrapper = new PartitionWrapper(it.next(), preAddPartitionEvent);
                Iterator<HiveMetastoreAuthorizationProvider> it2 = this.tAuthorizers.get().iterator();
                while (it2.hasNext()) {
                    it2.next().authorize(partitionWrapper, HiveOperation.ALTERTABLE_ADDPARTS.getInputRequiredPrivileges(), HiveOperation.ALTERTABLE_ADDPARTS.getOutputRequiredPrivileges());
                }
            }
        } catch (NoSuchObjectException e) {
            throw invalidOperationException(e);
        } catch (AuthorizationException e2) {
            throw invalidOperationException(e2);
        } catch (HiveException e3) {
            throw metaException(e3);
        }
    }

    private void authorizeDropPartition(PreDropPartitionEvent preDropPartitionEvent) throws InvalidOperationException, MetaException {
        try {
            PartitionWrapper partitionWrapper = new PartitionWrapper(preDropPartitionEvent.getPartition(), preDropPartitionEvent);
            Iterator<HiveMetastoreAuthorizationProvider> it = this.tAuthorizers.get().iterator();
            while (it.hasNext()) {
                it.next().authorize(partitionWrapper, HiveOperation.ALTERTABLE_DROPPARTS.getInputRequiredPrivileges(), HiveOperation.ALTERTABLE_DROPPARTS.getOutputRequiredPrivileges());
            }
        } catch (NoSuchObjectException e) {
            throw invalidOperationException(e);
        } catch (AuthorizationException e2) {
            throw invalidOperationException(e2);
        } catch (HiveException e3) {
            throw metaException(e3);
        }
    }

    private void authorizeAlterPartition(PreAlterPartitionEvent preAlterPartitionEvent) throws InvalidOperationException, MetaException {
        try {
            PartitionWrapper partitionWrapper = new PartitionWrapper(preAlterPartitionEvent.getNewPartition(), preAlterPartitionEvent);
            Iterator<HiveMetastoreAuthorizationProvider> it = this.tAuthorizers.get().iterator();
            while (it.hasNext()) {
                it.next().authorize(partitionWrapper, (Privilege[]) null, new Privilege[]{Privilege.ALTER_METADATA});
            }
        } catch (NoSuchObjectException e) {
            throw invalidOperationException(e);
        } catch (AuthorizationException e2) {
            throw invalidOperationException(e2);
        } catch (HiveException e3) {
            throw metaException(e3);
        }
    }

    private InvalidOperationException invalidOperationException(Exception exc) {
        InvalidOperationException invalidOperationException = new InvalidOperationException(exc.getMessage());
        invalidOperationException.initCause(exc.getCause());
        return invalidOperationException;
    }

    private MetaException metaException(HiveException hiveException) {
        MetaException metaException = new MetaException(hiveException.getMessage());
        metaException.initCause(hiveException);
        return metaException;
    }
}
