package org.apache.ranger.authorization.hive.authorizer;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.validation.constraints.NotNull;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePolicyChangeListener;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePolicyProvider;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerResourceACLs;
import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
import org.apache.ranger.plugin.service.RangerAuthContextListener;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.apache.ranger.plugin.util.RangerPerfTracer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/authorization/hive/authorizer/RangerHivePolicyProvider.class */
public class RangerHivePolicyProvider implements HivePolicyProvider {
    private static final Logger LOG = LoggerFactory.getLogger(RangerHivePolicyProvider.class);
    private static final Logger PERF_HIVEACLPROVIDER_REQUEST_LOG = RangerPerfTracer.getPerfLogger("hiveACLProvider.request");
    private final RangerHiveAuthContextListener authContextListener = new RangerHiveAuthContextListener();
    private final Set<String> hivePrivileges;
    private final RangerBasePlugin rangerPlugin;
    private final RangerHiveAuthorizer authorizer;

    /* loaded from: input_file:org/apache/ranger/authorization/hive/authorizer/RangerHivePolicyProvider$RangerHiveAuthContextListener.class */
    static class RangerHiveAuthContextListener implements RangerAuthContextListener {
        Set<HivePolicyChangeListener> providerChangeListeners = new HashSet();

        RangerHiveAuthContextListener() {
        }

        public void contextChanged() {
            Iterator<HivePolicyChangeListener> it = this.providerChangeListeners.iterator();
            while (it.hasNext()) {
                it.next().notifyPolicyChange((List) null);
            }
        }
    }

    public RangerHivePolicyProvider(@NotNull RangerBasePlugin rangerBasePlugin, @NotNull RangerHiveAuthorizer rangerHiveAuthorizer) {
        HashSet hashSet = new HashSet();
        for (HiveResourceACLs.Privilege privilege : HiveResourceACLs.Privilege.values()) {
            hashSet.add(privilege.name().toLowerCase());
        }
        this.hivePrivileges = new HashSet(hashSet);
        this.rangerPlugin = rangerBasePlugin;
        this.authorizer = rangerHiveAuthorizer;
    }

    public HiveResourceACLs getResourceACLs(HivePrivilegeObject hivePrivilegeObject) {
        RangerPerfTracer rangerPerfTracer = null;
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_HIVEACLPROVIDER_REQUEST_LOG)) {
            rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_HIVEACLPROVIDER_REQUEST_LOG, "RangerHivePolicyProvider.getResourceACLS()");
        }
        HiveResourceACLs resourceACLs = getResourceACLs(this.authorizer.createHiveResource(hivePrivilegeObject));
        RangerPerfTracer.log(rangerPerfTracer);
        return resourceACLs;
    }

    public void registerHivePolicyChangeListener(HivePolicyChangeListener hivePolicyChangeListener) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerHiveACLProviderFactory.registerACLProviderChangeListener()");
        }
        this.authContextListener.providerChangeListeners.add(hivePolicyChangeListener);
        this.rangerPlugin.registerAuthContextEventListener(this.authContextListener);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerHiveACLProviderFactory.registerACLProviderChangeListener()");
        }
    }

    public HiveResourceACLs getResourceACLs(RangerHiveResource rangerHiveResource) {
        RangerResourceACLs resourceACLs = this.rangerPlugin.getResourceACLs(new RangerAccessRequestImpl(rangerHiveResource, "_any", (String) null, (Set) null, (Set) null));
        if (LOG.isDebugEnabled()) {
            LOG.debug("HiveResource:[" + rangerHiveResource.getAsString() + "], Computed ACLS:[" + resourceACLs + "]");
        }
        return new RangerHiveResourceACLs(convertRangerACLsToHiveACLs(resourceACLs.getUserACLs()), convertRangerACLsToHiveACLs(resourceACLs.getGroupACLs()));
    }

    private Map<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> convertRangerACLsToHiveACLs(Map<String, Map<String, RangerResourceACLs.AccessResult>> map) {
        HashMap hashMap = new HashMap();
        if (MapUtils.isNotEmpty(map)) {
            for (Map.Entry<String, Map<String, RangerResourceACLs.AccessResult>> entry : map.entrySet()) {
                HashMap hashMap2 = new HashMap();
                hashMap.put(entry.getKey(), hashMap2);
                for (Map.Entry<String, RangerResourceACLs.AccessResult> entry2 : entry.getValue().entrySet()) {
                    if (this.hivePrivileges.contains(entry2.getKey())) {
                        HiveResourceACLs.Privilege valueOf = HiveResourceACLs.Privilege.valueOf(StringUtils.upperCase(entry2.getKey()));
                        int result = entry2.getValue().getResult();
                        hashMap2.put(valueOf, result == RangerPolicyEvaluator.ACCESS_ALLOWED.intValue() ? HiveResourceACLs.AccessResult.ALLOWED : result == RangerPolicyEvaluator.ACCESS_DENIED.intValue() ? HiveResourceACLs.AccessResult.NOT_ALLOWED : result == RangerPolicyEvaluator.ACCESS_CONDITIONAL.intValue() ? HiveResourceACLs.AccessResult.CONDITIONAL_ALLOWED : HiveResourceACLs.AccessResult.NOT_ALLOWED);
                    }
                }
            }
        }
        return hashMap;
    }
}
