package org.apache.ranger.authorization.hive.authorizer;

import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.audit.model.AuthzAuditEvent;
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
import org.apache.ranger.plugin.policyengine.RangerAccessResource;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;

/* loaded from: input_file:org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.class */
public class RangerHiveAuditHandler extends RangerDefaultAuditHandler {
    public static final String ACCESS_TYPE_ROWFILTER = "ROW_FILTER";
    Collection<AuthzAuditEvent> auditEvents = null;
    boolean deniedExists = false;

    AuthzAuditEvent createAuditEvent(RangerAccessResult rangerAccessResult, String str, String str2) {
        RangerHiveAccessRequest accessRequest = rangerAccessResult.getAccessRequest();
        RangerHiveResource resource = accessRequest.getResource();
        String leafName = resource != null ? resource.getLeafName() : null;
        AuthzAuditEvent authzEvents = super.getAuthzEvents(rangerAccessResult);
        authzEvents.setAccessType(str);
        authzEvents.setResourcePath(str2);
        authzEvents.setResourceType("@" + leafName);
        if ((accessRequest instanceof RangerHiveAccessRequest) && (resource instanceof RangerHiveResource)) {
            RangerHiveAccessRequest rangerHiveAccessRequest = accessRequest;
            RangerHiveResource rangerHiveResource = resource;
            if (rangerHiveAccessRequest.getHiveAccessType() == HiveAccessType.USE && rangerHiveResource.getObjectType() == HiveObjectType.DATABASE) {
                authzEvents.setTags((Set) null);
            }
        }
        return authzEvents;
    }

    AuthzAuditEvent createAuditEvent(RangerAccessResult rangerAccessResult) {
        AuthzAuditEvent createAuditEvent;
        RangerHiveAccessRequest accessRequest = rangerAccessResult.getAccessRequest();
        RangerAccessResource resource = accessRequest.getResource();
        String asString = resource != null ? resource.getAsString() : null;
        int policyType = rangerAccessResult.getPolicyType();
        if (policyType == 1 && rangerAccessResult.isMaskEnabled()) {
            createAuditEvent = createAuditEvent(rangerAccessResult, rangerAccessResult.getMaskType(), asString);
        } else if (policyType == 2) {
            createAuditEvent = createAuditEvent(rangerAccessResult, ACCESS_TYPE_ROWFILTER, asString);
        } else {
            String str = null;
            if (accessRequest instanceof RangerHiveAccessRequest) {
                str = accessRequest.getHiveAccessType().toString();
            }
            if (StringUtils.isEmpty(str)) {
                str = accessRequest.getAccessType();
            }
            createAuditEvent = createAuditEvent(rangerAccessResult, str, asString);
        }
        return createAuditEvent;
    }

    List<AuthzAuditEvent> createAuditEvents(Collection<RangerAccessResult> collection) {
        HashMap hashMap = new HashMap();
        Iterator<RangerAccessResult> it = collection.iterator();
        AuthzAuditEvent authzAuditEvent = null;
        while (it.hasNext() && authzAuditEvent == null) {
            RangerAccessResult next = it.next();
            if (next.getIsAudited()) {
                if (next.getIsAllowed()) {
                    long policyId = next.getPolicyId();
                    if (hashMap.containsKey(Long.valueOf(policyId))) {
                        AuthzAuditEvent authzAuditEvent2 = (AuthzAuditEvent) hashMap.get(Long.valueOf(policyId));
                        RangerHiveAccessRequest accessRequest = next.getAccessRequest();
                        authzAuditEvent2.setResourcePath(authzAuditEvent2.getResourcePath() + "," + accessRequest.getResource().getColumn());
                        Set tags = getTags(accessRequest);
                        if (tags != null) {
                            authzAuditEvent2.getTags().addAll(tags);
                        }
                    } else {
                        AuthzAuditEvent createAuditEvent = createAuditEvent(next);
                        if (createAuditEvent != null) {
                            hashMap.put(Long.valueOf(policyId), createAuditEvent);
                        }
                    }
                } else {
                    authzAuditEvent = createAuditEvent(next);
                }
            }
        }
        return authzAuditEvent == null ? new ArrayList(hashMap.values()) : Lists.newArrayList(new AuthzAuditEvent[]{authzAuditEvent});
    }

    public void processResult(RangerAccessResult rangerAccessResult) {
        AuthzAuditEvent createAuditEvent;
        if (rangerAccessResult.getIsAudited() && (createAuditEvent = createAuditEvent(rangerAccessResult)) != null) {
            addAuthzAuditEvent(createAuditEvent);
        }
    }

    public void processResults(Collection<RangerAccessResult> collection) {
        Iterator<AuthzAuditEvent> it = createAuditEvents(collection).iterator();
        while (it.hasNext()) {
            addAuthzAuditEvent(it.next());
        }
    }

    public void logAuditEventForDfs(String str, String str2, boolean z, int i, String str3) {
        AuthzAuditEvent authzAuditEvent = new AuthzAuditEvent();
        authzAuditEvent.setAclEnforcer(RangerDefaultAuditHandler.RangerModuleName);
        authzAuditEvent.setResourceType("@dfs");
        authzAuditEvent.setAccessType("DFS");
        authzAuditEvent.setAction("DFS");
        authzAuditEvent.setUser(str);
        authzAuditEvent.setAccessResult((short) (z ? 1 : 0));
        authzAuditEvent.setEventTime(new Date());
        authzAuditEvent.setRepositoryType(i);
        authzAuditEvent.setRepositoryName(str3);
        authzAuditEvent.setRequestData(str2);
        authzAuditEvent.setResourcePath(str2);
        addAuthzAuditEvent(authzAuditEvent);
    }

    public void flushAudit() {
        if (this.auditEvents == null) {
            return;
        }
        for (AuthzAuditEvent authzAuditEvent : this.auditEvents) {
            if (!this.deniedExists || authzAuditEvent.getAccessResult() == 0) {
                super.logAuthzAudit(authzAuditEvent);
            }
        }
    }

    private void addAuthzAuditEvent(AuthzAuditEvent authzAuditEvent) {
        if (authzAuditEvent != null) {
            if (this.auditEvents == null) {
                this.auditEvents = new ArrayList();
            }
            this.auditEvents.add(authzAuditEvent);
            if (authzAuditEvent.getAccessResult() == 0) {
                this.deniedExists = true;
            }
        }
    }
}
