package org.apache.ranger.authorization.hive.authorizer;

import com.google.common.collect.Sets;
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.hive.common.FileUtils;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.api.HiveObjectRef;
import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePolicyProvider;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.apache.hadoop.ipc.Server;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerRole;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResource;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor;
import org.apache.ranger.plugin.policyengine.RangerResourceACLs;
import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.GrantRevokeRoleRequest;
import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
import org.apache.ranger.plugin.util.RangerPerfTracer;
import org.apache.ranger.plugin.util.RangerRequestedResources;

/* loaded from: input_file:org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.class */
public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
    private static final char COLUMN_SEP = ',';
    private static final String HIVE_CONF_VAR_QUERY_STRING = "hive.query.string";
    private static final String DEFAULT_RANGER_POLICY_GRANTOR = "ranger";
    private static final String ROLE_ALL = "ALL";
    private static final String ROLE_DEFAULT = "DEFAULT";
    private static final String ROLE_NONE = "NONE";
    private static final String ROLE_ADMIN = "admin";
    private static final String CMD_CREATE_ROLE = "create role %s";
    private static final String CMD_DROP_ROLE = "drop role %s";
    private static final String CMD_SHOW_ROLES = "show roles";
    private static final String CMD_SHOW_ROLE_GRANT = "show role grant %s %s";
    private static final String CMD_SHOW_PRINCIPALS = "show principals %s";
    private static final String CMD_GRANT_ROLE = "grant role %s to %s ";
    private static final String CMD_REVOKE_ROLE = "revoke role %s from %s";
    private static final Set<String> RESERVED_ROLE_NAMES;
    private String currentUserName;
    private Set<String> currentRoles;
    private String adminRole;
    private static final Log LOG = LogFactory.getLog(RangerHiveAuthorizer.class);
    private static final Log PERF_HIVEAUTH_REQUEST_LOG = RangerPerfTracer.getPerfLogger("hiveauth.request");
    private static volatile RangerHivePlugin hivePlugin = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveAuthzSessionContext$CLIENT_TYPE;
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrincipal$HivePrincipalType;
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType;
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType;
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivObjectActionType;
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType = new int[org.apache.hadoop.hive.metastore.api.HiveObjectType.values().length];

        static {
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType[org.apache.hadoop.hive.metastore.api.HiveObjectType.DATABASE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType[org.apache.hadoop.hive.metastore.api.HiveObjectType.TABLE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivObjectActionType = new int[HivePrivilegeObject.HivePrivObjectActionType.values().length];
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivObjectActionType[HivePrivilegeObject.HivePrivObjectActionType.INSERT.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivObjectActionType[HivePrivilegeObject.HivePrivObjectActionType.INSERT_OVERWRITE.ordinal()] = 2;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivObjectActionType[HivePrivilegeObject.HivePrivObjectActionType.UPDATE.ordinal()] = 3;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivObjectActionType[HivePrivilegeObject.HivePrivObjectActionType.DELETE.ordinal()] = 4;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivObjectActionType[HivePrivilegeObject.HivePrivObjectActionType.OTHER.ordinal()] = 5;
            } catch (NoSuchFieldError e7) {
            }
            $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType = new int[HiveOperationType.values().length];
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.CREATEDATABASE.ordinal()] = 1;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.CREATEFUNCTION.ordinal()] = 2;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.CREATETABLE.ordinal()] = 3;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.CREATEVIEW.ordinal()] = 4;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.CREATETABLE_AS_SELECT.ordinal()] = 5;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.CREATE_MATERIALIZED_VIEW.ordinal()] = 6;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERDATABASE.ordinal()] = 7;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERDATABASE_LOCATION.ordinal()] = 8;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERDATABASE_OWNER.ordinal()] = 9;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERINDEX_PROPS.ordinal()] = 10;
            } catch (NoSuchFieldError e17) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERINDEX_REBUILD.ordinal()] = 11;
            } catch (NoSuchFieldError e18) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERPARTITION_BUCKETNUM.ordinal()] = 12;
            } catch (NoSuchFieldError e19) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERPARTITION_FILEFORMAT.ordinal()] = 13;
            } catch (NoSuchFieldError e20) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERPARTITION_LOCATION.ordinal()] = 14;
            } catch (NoSuchFieldError e21) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERPARTITION_MERGEFILES.ordinal()] = 15;
            } catch (NoSuchFieldError e22) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERPARTITION_PROTECTMODE.ordinal()] = 16;
            } catch (NoSuchFieldError e23) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERPARTITION_SERDEPROPERTIES.ordinal()] = 17;
            } catch (NoSuchFieldError e24) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERPARTITION_SERIALIZER.ordinal()] = 18;
            } catch (NoSuchFieldError e25) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_ADDCOLS.ordinal()] = 19;
            } catch (NoSuchFieldError e26) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_ADDPARTS.ordinal()] = 20;
            } catch (NoSuchFieldError e27) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_ARCHIVE.ordinal()] = 21;
            } catch (NoSuchFieldError e28) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_BUCKETNUM.ordinal()] = 22;
            } catch (NoSuchFieldError e29) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_CLUSTER_SORT.ordinal()] = 23;
            } catch (NoSuchFieldError e30) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_COMPACT.ordinal()] = 24;
            } catch (NoSuchFieldError e31) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_DROPPARTS.ordinal()] = 25;
            } catch (NoSuchFieldError e32) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_DROPCONSTRAINT.ordinal()] = 26;
            } catch (NoSuchFieldError e33) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_ADDCONSTRAINT.ordinal()] = 27;
            } catch (NoSuchFieldError e34) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_FILEFORMAT.ordinal()] = 28;
            } catch (NoSuchFieldError e35) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_LOCATION.ordinal()] = 29;
            } catch (NoSuchFieldError e36) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_MERGEFILES.ordinal()] = 30;
            } catch (NoSuchFieldError e37) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_PARTCOLTYPE.ordinal()] = 31;
            } catch (NoSuchFieldError e38) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_PROPERTIES.ordinal()] = 32;
            } catch (NoSuchFieldError e39) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_PROTECTMODE.ordinal()] = 33;
            } catch (NoSuchFieldError e40) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_RENAME.ordinal()] = 34;
            } catch (NoSuchFieldError e41) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_RENAMECOL.ordinal()] = 35;
            } catch (NoSuchFieldError e42) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_RENAMEPART.ordinal()] = 36;
            } catch (NoSuchFieldError e43) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_REPLACECOLS.ordinal()] = 37;
            } catch (NoSuchFieldError e44) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_SERDEPROPERTIES.ordinal()] = 38;
            } catch (NoSuchFieldError e45) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_SERIALIZER.ordinal()] = 39;
            } catch (NoSuchFieldError e46) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_SKEWED.ordinal()] = 40;
            } catch (NoSuchFieldError e47) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_TOUCH.ordinal()] = 41;
            } catch (NoSuchFieldError e48) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_UNARCHIVE.ordinal()] = 42;
            } catch (NoSuchFieldError e49) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_UPDATEPARTSTATS.ordinal()] = 43;
            } catch (NoSuchFieldError e50) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_UPDATETABLESTATS.ordinal()] = RangerHiveAuthorizer.COLUMN_SEP;
            } catch (NoSuchFieldError e51) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_UPDATECOLUMNS.ordinal()] = 45;
            } catch (NoSuchFieldError e52) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTBLPART_SKEWED_LOCATION.ordinal()] = 46;
            } catch (NoSuchFieldError e53) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERVIEW_AS.ordinal()] = 47;
            } catch (NoSuchFieldError e54) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERVIEW_PROPERTIES.ordinal()] = 48;
            } catch (NoSuchFieldError e55) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERVIEW_RENAME.ordinal()] = 49;
            } catch (NoSuchFieldError e56) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DROPVIEW_PROPERTIES.ordinal()] = 50;
            } catch (NoSuchFieldError e57) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.MSCK.ordinal()] = 51;
            } catch (NoSuchFieldError e58) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DROPFUNCTION.ordinal()] = 52;
            } catch (NoSuchFieldError e59) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DROPINDEX.ordinal()] = 53;
            } catch (NoSuchFieldError e60) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DROPTABLE.ordinal()] = 54;
            } catch (NoSuchFieldError e61) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DROPVIEW.ordinal()] = 55;
            } catch (NoSuchFieldError e62) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DROP_MATERIALIZED_VIEW.ordinal()] = 56;
            } catch (NoSuchFieldError e63) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DROPDATABASE.ordinal()] = 57;
            } catch (NoSuchFieldError e64) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.CREATEINDEX.ordinal()] = 58;
            } catch (NoSuchFieldError e65) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.IMPORT.ordinal()] = 59;
            } catch (NoSuchFieldError e66) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.EXPORT.ordinal()] = 60;
            } catch (NoSuchFieldError e67) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.LOAD.ordinal()] = 61;
            } catch (NoSuchFieldError e68) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.LOCKDB.ordinal()] = 62;
            } catch (NoSuchFieldError e69) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.LOCKTABLE.ordinal()] = 63;
            } catch (NoSuchFieldError e70) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.UNLOCKDB.ordinal()] = 64;
            } catch (NoSuchFieldError e71) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.UNLOCKTABLE.ordinal()] = 65;
            } catch (NoSuchFieldError e72) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.QUERY.ordinal()] = 66;
            } catch (NoSuchFieldError e73) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOW_TABLESTATUS.ordinal()] = 67;
            } catch (NoSuchFieldError e74) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOW_CREATETABLE.ordinal()] = 68;
            } catch (NoSuchFieldError e75) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOWINDEXES.ordinal()] = 69;
            } catch (NoSuchFieldError e76) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOWPARTITIONS.ordinal()] = 70;
            } catch (NoSuchFieldError e77) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOW_TBLPROPERTIES.ordinal()] = 71;
            } catch (NoSuchFieldError e78) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ANALYZE_TABLE.ordinal()] = 72;
            } catch (NoSuchFieldError e79) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOWCOLUMNS.ordinal()] = 73;
            } catch (NoSuchFieldError e80) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DESCTABLE.ordinal()] = 74;
            } catch (NoSuchFieldError e81) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOWDATABASES.ordinal()] = 75;
            } catch (NoSuchFieldError e82) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SWITCHDATABASE.ordinal()] = 76;
            } catch (NoSuchFieldError e83) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DESCDATABASE.ordinal()] = 77;
            } catch (NoSuchFieldError e84) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOWTABLES.ordinal()] = 78;
            } catch (NoSuchFieldError e85) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOWVIEWS.ordinal()] = 79;
            } catch (NoSuchFieldError e86) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.TRUNCATETABLE.ordinal()] = 80;
            } catch (NoSuchFieldError e87) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.GRANT_PRIVILEGE.ordinal()] = 81;
            } catch (NoSuchFieldError e88) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.REVOKE_PRIVILEGE.ordinal()] = 82;
            } catch (NoSuchFieldError e89) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.REPLDUMP.ordinal()] = 83;
            } catch (NoSuchFieldError e90) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.REPLLOAD.ordinal()] = 84;
            } catch (NoSuchFieldError e91) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.REPLSTATUS.ordinal()] = 85;
            } catch (NoSuchFieldError e92) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.KILL_QUERY.ordinal()] = 86;
            } catch (NoSuchFieldError e93) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.CREATE_RESOURCEPLAN.ordinal()] = 87;
            } catch (NoSuchFieldError e94) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOW_RESOURCEPLAN.ordinal()] = 88;
            } catch (NoSuchFieldError e95) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTER_RESOURCEPLAN.ordinal()] = 89;
            } catch (NoSuchFieldError e96) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DROP_RESOURCEPLAN.ordinal()] = 90;
            } catch (NoSuchFieldError e97) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.CREATE_TRIGGER.ordinal()] = 91;
            } catch (NoSuchFieldError e98) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTER_TRIGGER.ordinal()] = 92;
            } catch (NoSuchFieldError e99) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DROP_TRIGGER.ordinal()] = 93;
            } catch (NoSuchFieldError e100) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.CREATE_POOL.ordinal()] = 94;
            } catch (NoSuchFieldError e101) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTER_POOL.ordinal()] = 95;
            } catch (NoSuchFieldError e102) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DROP_POOL.ordinal()] = 96;
            } catch (NoSuchFieldError e103) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.CREATE_MAPPING.ordinal()] = 97;
            } catch (NoSuchFieldError e104) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTER_MAPPING.ordinal()] = 98;
            } catch (NoSuchFieldError e105) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DROP_MAPPING.ordinal()] = 99;
            } catch (NoSuchFieldError e106) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.LLAP_CACHE_PURGE.ordinal()] = 100;
            } catch (NoSuchFieldError e107) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.LLAP_CLUSTER_INFO.ordinal()] = 101;
            } catch (NoSuchFieldError e108) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ADD.ordinal()] = 102;
            } catch (NoSuchFieldError e109) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.COMPILE.ordinal()] = 103;
            } catch (NoSuchFieldError e110) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DELETE.ordinal()] = 104;
            } catch (NoSuchFieldError e111) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.CREATEMACRO.ordinal()] = 105;
            } catch (NoSuchFieldError e112) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.CREATEROLE.ordinal()] = 106;
            } catch (NoSuchFieldError e113) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DESCFUNCTION.ordinal()] = 107;
            } catch (NoSuchFieldError e114) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DFS.ordinal()] = 108;
            } catch (NoSuchFieldError e115) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DROPMACRO.ordinal()] = 109;
            } catch (NoSuchFieldError e116) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.DROPROLE.ordinal()] = 110;
            } catch (NoSuchFieldError e117) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.EXPLAIN.ordinal()] = 111;
            } catch (NoSuchFieldError e118) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.GRANT_ROLE.ordinal()] = 112;
            } catch (NoSuchFieldError e119) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.REVOKE_ROLE.ordinal()] = 113;
            } catch (NoSuchFieldError e120) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.RESET.ordinal()] = 114;
            } catch (NoSuchFieldError e121) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SET.ordinal()] = 115;
            } catch (NoSuchFieldError e122) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOWCONF.ordinal()] = 116;
            } catch (NoSuchFieldError e123) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOWFUNCTIONS.ordinal()] = 117;
            } catch (NoSuchFieldError e124) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOWLOCKS.ordinal()] = 118;
            } catch (NoSuchFieldError e125) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOW_COMPACTIONS.ordinal()] = 119;
            } catch (NoSuchFieldError e126) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOW_GRANT.ordinal()] = 120;
            } catch (NoSuchFieldError e127) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOW_ROLES.ordinal()] = 121;
            } catch (NoSuchFieldError e128) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOW_ROLE_GRANT.ordinal()] = 122;
            } catch (NoSuchFieldError e129) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOW_ROLE_PRINCIPALS.ordinal()] = 123;
            } catch (NoSuchFieldError e130) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOW_TRANSACTIONS.ordinal()] = 124;
            } catch (NoSuchFieldError e131) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_EXCHANGEPARTITION.ordinal()] = 125;
            } catch (NoSuchFieldError e132) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ALTERTABLE_OWNER.ordinal()] = 126;
            } catch (NoSuchFieldError e133) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.CACHE_METADATA.ordinal()] = 127;
            } catch (NoSuchFieldError e134) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SHOW_CREATEDATABASE.ordinal()] = 128;
            } catch (NoSuchFieldError e135) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.RELOADFUNCTION.ordinal()] = 129;
            } catch (NoSuchFieldError e136) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ABORT_TRANSACTIONS.ordinal()] = 130;
            } catch (NoSuchFieldError e137) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.START_TRANSACTION.ordinal()] = 131;
            } catch (NoSuchFieldError e138) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.COMMIT.ordinal()] = 132;
            } catch (NoSuchFieldError e139) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.ROLLBACK.ordinal()] = 133;
            } catch (NoSuchFieldError e140) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.SET_AUTOCOMMIT.ordinal()] = 134;
            } catch (NoSuchFieldError e141) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.GET_CATALOGS.ordinal()] = 135;
            } catch (NoSuchFieldError e142) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.GET_COLUMNS.ordinal()] = 136;
            } catch (NoSuchFieldError e143) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.GET_FUNCTIONS.ordinal()] = 137;
            } catch (NoSuchFieldError e144) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.GET_SCHEMAS.ordinal()] = 138;
            } catch (NoSuchFieldError e145) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.GET_TABLES.ordinal()] = 139;
            } catch (NoSuchFieldError e146) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.GET_TABLETYPES.ordinal()] = 140;
            } catch (NoSuchFieldError e147) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[HiveOperationType.GET_TYPEINFO.ordinal()] = 141;
            } catch (NoSuchFieldError e148) {
            }
            $SwitchMap$org$apache$ranger$authorization$hive$authorizer$HiveObjectType = new int[HiveObjectType.values().length];
            try {
                $SwitchMap$org$apache$ranger$authorization$hive$authorizer$HiveObjectType[HiveObjectType.DATABASE.ordinal()] = 1;
            } catch (NoSuchFieldError e149) {
            }
            try {
                $SwitchMap$org$apache$ranger$authorization$hive$authorizer$HiveObjectType[HiveObjectType.TABLE.ordinal()] = 2;
            } catch (NoSuchFieldError e150) {
            }
            try {
                $SwitchMap$org$apache$ranger$authorization$hive$authorizer$HiveObjectType[HiveObjectType.VIEW.ordinal()] = 3;
            } catch (NoSuchFieldError e151) {
            }
            try {
                $SwitchMap$org$apache$ranger$authorization$hive$authorizer$HiveObjectType[HiveObjectType.FUNCTION.ordinal()] = 4;
            } catch (NoSuchFieldError e152) {
            }
            try {
                $SwitchMap$org$apache$ranger$authorization$hive$authorizer$HiveObjectType[HiveObjectType.PARTITION.ordinal()] = 5;
            } catch (NoSuchFieldError e153) {
            }
            try {
                $SwitchMap$org$apache$ranger$authorization$hive$authorizer$HiveObjectType[HiveObjectType.INDEX.ordinal()] = 6;
            } catch (NoSuchFieldError e154) {
            }
            try {
                $SwitchMap$org$apache$ranger$authorization$hive$authorizer$HiveObjectType[HiveObjectType.COLUMN.ordinal()] = 7;
            } catch (NoSuchFieldError e155) {
            }
            try {
                $SwitchMap$org$apache$ranger$authorization$hive$authorizer$HiveObjectType[HiveObjectType.URI.ordinal()] = 8;
            } catch (NoSuchFieldError e156) {
            }
            try {
                $SwitchMap$org$apache$ranger$authorization$hive$authorizer$HiveObjectType[HiveObjectType.SERVICE_NAME.ordinal()] = 9;
            } catch (NoSuchFieldError e157) {
            }
            try {
                $SwitchMap$org$apache$ranger$authorization$hive$authorizer$HiveObjectType[HiveObjectType.GLOBAL.ordinal()] = 10;
            } catch (NoSuchFieldError e158) {
            }
            try {
                $SwitchMap$org$apache$ranger$authorization$hive$authorizer$HiveObjectType[HiveObjectType.NONE.ordinal()] = 11;
            } catch (NoSuchFieldError e159) {
            }
            $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType = new int[HivePrivilegeObject.HivePrivilegeObjectType.values().length];
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.DATABASE.ordinal()] = 1;
            } catch (NoSuchFieldError e160) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.TABLE_OR_VIEW.ordinal()] = 2;
            } catch (NoSuchFieldError e161) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.COLUMN.ordinal()] = 3;
            } catch (NoSuchFieldError e162) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.PARTITION.ordinal()] = 4;
            } catch (NoSuchFieldError e163) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.FUNCTION.ordinal()] = 5;
            } catch (NoSuchFieldError e164) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.DFS_URI.ordinal()] = 6;
            } catch (NoSuchFieldError e165) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.LOCAL_URI.ordinal()] = 7;
            } catch (NoSuchFieldError e166) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.COMMAND_PARAMS.ordinal()] = 8;
            } catch (NoSuchFieldError e167) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.GLOBAL.ordinal()] = 9;
            } catch (NoSuchFieldError e168) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[HivePrivilegeObject.HivePrivilegeObjectType.SERVICE_NAME.ordinal()] = 10;
            } catch (NoSuchFieldError e169) {
            }
            $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrincipal$HivePrincipalType = new int[HivePrincipal.HivePrincipalType.values().length];
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrincipal$HivePrincipalType[HivePrincipal.HivePrincipalType.USER.ordinal()] = 1;
            } catch (NoSuchFieldError e170) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrincipal$HivePrincipalType[HivePrincipal.HivePrincipalType.GROUP.ordinal()] = 2;
            } catch (NoSuchFieldError e171) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrincipal$HivePrincipalType[HivePrincipal.HivePrincipalType.ROLE.ordinal()] = 3;
            } catch (NoSuchFieldError e172) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrincipal$HivePrincipalType[HivePrincipal.HivePrincipalType.UNKNOWN.ordinal()] = 4;
            } catch (NoSuchFieldError e173) {
            }
            $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveAuthzSessionContext$CLIENT_TYPE = new int[HiveAuthzSessionContext.CLIENT_TYPE.values().length];
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveAuthzSessionContext$CLIENT_TYPE[HiveAuthzSessionContext.CLIENT_TYPE.HIVECLI.ordinal()] = 1;
            } catch (NoSuchFieldError e174) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveAuthzSessionContext$CLIENT_TYPE[HiveAuthzSessionContext.CLIENT_TYPE.HIVESERVER2.ordinal()] = 2;
            } catch (NoSuchFieldError e175) {
            }
        }
    }

    public RangerHiveAuthorizer(HiveMetastoreClientFactory hiveMetastoreClientFactory, HiveConf hiveConf, HiveAuthenticationProvider hiveAuthenticationProvider, HiveAuthzSessionContext hiveAuthzSessionContext) {
        super(hiveMetastoreClientFactory, hiveConf, hiveAuthenticationProvider, hiveAuthzSessionContext);
        LOG.debug("RangerHiveAuthorizer.RangerHiveAuthorizer()");
        if (hivePlugin == null) {
            synchronized (RangerHiveAuthorizer.class) {
                if (hivePlugin == null) {
                    String str = "unknown";
                    if (hiveAuthzSessionContext != null) {
                        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveAuthzSessionContext$CLIENT_TYPE[hiveAuthzSessionContext.getClientType().ordinal()]) {
                            case 1:
                                str = "hiveCLI";
                                break;
                            case 2:
                                str = "hiveServer2";
                                break;
                        }
                    }
                    RangerHivePlugin rangerHivePlugin = new RangerHivePlugin(str);
                    rangerHivePlugin.init();
                    hivePlugin = rangerHivePlugin;
                }
            }
        }
    }

    @Override // org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerBase
    public HivePolicyProvider getHivePolicyProvider() throws HiveAuthzPluginException {
        if (hivePlugin == null) {
            throw new HiveAuthzPluginException();
        }
        return new RangerHivePolicyProvider(hivePlugin);
    }

    public void createRole(String str, HivePrincipal hivePrincipal) throws HiveAuthzPluginException, HiveAccessControlException {
        if (LOG.isDebugEnabled()) {
            LOG.debug(" ==> RangerHiveAuthorizer.createRole()");
        }
        RangerAccessResultProcessor rangerHiveAuditHandler = new RangerHiveAuditHandler();
        String grantorUsername = getGrantorUsername(hivePrincipal);
        List<String> asList = Arrays.asList(str);
        List<String> asList2 = Arrays.asList(grantorUsername);
        try {
            if (RESERVED_ROLE_NAMES.contains(str.trim().toUpperCase())) {
                throw new HiveAuthzPluginException("Role name cannot be one of the reserved roles: " + RESERVED_ROLE_NAMES);
            }
            try {
                RangerRole rangerRole = new RangerRole();
                rangerRole.setName(str);
                rangerRole.setCreatedByUser(grantorUsername);
                rangerRole.setCreatedBy(grantorUsername);
                rangerRole.setUpdatedBy(grantorUsername);
                RangerRole.RoleMember roleMember = new RangerRole.RoleMember(grantorUsername, true);
                ArrayList arrayList = new ArrayList();
                arrayList.add(roleMember);
                rangerRole.setUsers(arrayList);
                RangerRole createRole = hivePlugin.createRole(rangerRole, rangerHiveAuditHandler);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== createRole(): " + createRole);
                }
                rangerHiveAuditHandler.processResult(createAuditEvent(hivePlugin, grantorUsername, asList2, HiveOperationType.CREATEROLE, HiveAccessType.CREATE, asList, true));
                rangerHiveAuditHandler.flushAudit();
            } catch (Exception e) {
                throw new HiveAccessControlException(e);
            }
        } catch (Throwable th) {
            rangerHiveAuditHandler.processResult(createAuditEvent(hivePlugin, grantorUsername, asList2, HiveOperationType.CREATEROLE, HiveAccessType.CREATE, asList, false));
            rangerHiveAuditHandler.flushAudit();
            throw th;
        }
    }

    public void dropRole(String str) throws HiveAuthzPluginException, HiveAccessControlException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("RangerHiveAuthorizer.dropRole()");
        }
        RangerAccessResultProcessor rangerHiveAuditHandler = new RangerHiveAuditHandler();
        UserGroupInformation currentUserGroupInfo = getCurrentUserGroupInfo();
        boolean z = false;
        List<String> asList = Arrays.asList(str);
        if (currentUserGroupInfo == null) {
            throw new HiveAccessControlException("Permission denied: user information not available");
        }
        if (RESERVED_ROLE_NAMES.contains(str.trim().toUpperCase())) {
            throw new HiveAuthzPluginException("Role name cannot be one of the reserved roles: " + RESERVED_ROLE_NAMES);
        }
        String shortUserName = currentUserGroupInfo.getShortUserName();
        List<String> asList2 = Arrays.asList(shortUserName);
        try {
            try {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== dropRole(): " + str);
                }
                hivePlugin.dropRole(shortUserName, str, rangerHiveAuditHandler);
                z = true;
                rangerHiveAuditHandler.processResult(createAuditEvent(hivePlugin, shortUserName, asList2, HiveOperationType.DROPROLE, HiveAccessType.DROP, asList, true));
                rangerHiveAuditHandler.flushAudit();
            } catch (Exception e) {
                throw new HiveAccessControlException(e);
            }
        } catch (Throwable th) {
            rangerHiveAuditHandler.processResult(createAuditEvent(hivePlugin, shortUserName, asList2, HiveOperationType.DROPROLE, HiveAccessType.DROP, asList, z));
            rangerHiveAuditHandler.flushAudit();
            throw th;
        }
    }

    public List<String> getCurrentRoleNames() throws HiveAuthzPluginException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("RangerHiveAuthorizer.getCurrentRoleNames()");
        }
        UserGroupInformation currentUserGroupInfo = getCurrentUserGroupInfo();
        if (currentUserGroupInfo == null) {
            throw new HiveAuthzPluginException("User information not available");
        }
        ArrayList arrayList = new ArrayList();
        String shortUserName = currentUserGroupInfo.getShortUserName();
        List<String> asList = Arrays.asList(shortUserName);
        RangerHiveAuditHandler rangerHiveAuditHandler = new RangerHiveAuditHandler();
        try {
            try {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== getCurrentRoleNames() for user " + shortUserName);
                }
                Iterator<String> it = getCurrentRoles().iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next());
                }
                rangerHiveAuditHandler.processResult(createAuditEvent(hivePlugin, shortUserName, asList, HiveOperationType.SHOW_ROLES, HiveAccessType.SELECT, arrayList, true));
                rangerHiveAuditHandler.flushAudit();
                return arrayList;
            } catch (Exception e) {
                throw new HiveAuthzPluginException(e);
            }
        } catch (Throwable th) {
            rangerHiveAuditHandler.processResult(createAuditEvent(hivePlugin, shortUserName, asList, HiveOperationType.SHOW_ROLES, HiveAccessType.SELECT, arrayList, false));
            rangerHiveAuditHandler.flushAudit();
            throw th;
        }
    }

    private void initUserRoles() {
        if (LOG.isDebugEnabled()) {
            LOG.debug(" ==> RangerHiveAuthorizer.initUserRoles()");
        }
        String userName = getHiveAuthenticator().getUserName();
        if (Objects.equals(this.currentUserName, userName)) {
            return;
        }
        this.currentUserName = userName;
        try {
            this.currentRoles = getCurrentRoleNamesFromRanger();
        } catch (HiveAuthzPluginException e) {
            LOG.error("Error while fetching roles from ranger for user : " + this.currentUserName, e);
        }
        LOG.info("Current user : " + this.currentUserName + ", Current Roles : " + this.currentRoles);
    }

    private Set<String> getCurrentRoles() {
        initUserRoles();
        return this.currentRoles;
    }

    private Set<String> getCurrentRoleNamesFromRanger() throws HiveAuthzPluginException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("RangerHiveAuthorizer.getCurrentRoleNamesFromRanger()");
        }
        UserGroupInformation currentUserGroupInfo = getCurrentUserGroupInfo();
        if (currentUserGroupInfo == null) {
            throw new HiveAuthzPluginException("User information not available");
        }
        HashSet hashSet = new HashSet();
        String shortUserName = currentUserGroupInfo.getShortUserName();
        RangerAccessResultProcessor rangerHiveAuditHandler = new RangerHiveAuditHandler();
        try {
            try {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== getCurrentRoleNamesFromRanger() for user " + shortUserName);
                }
                List<String> userRoles = hivePlugin.getUserRoles(shortUserName, rangerHiveAuditHandler);
                if (userRoles == null) {
                    userRoles = Collections.emptyList();
                }
                for (String str : userRoles) {
                    if (ROLE_ADMIN.equalsIgnoreCase(str)) {
                        this.adminRole = str;
                    } else {
                        hashSet.add(str);
                    }
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== RangerHiveAuthorizer.getCurrentRoleNamesFromRanger() for user " + shortUserName);
                }
                return hashSet;
            } catch (Exception e) {
                throw new HiveAuthzPluginException(e);
            }
        } finally {
            rangerHiveAuditHandler.flushAudit();
        }
    }

    public void setCurrentRole(String str) throws HiveAccessControlException, HiveAuthzPluginException {
        initUserRoles();
        if (ROLE_NONE.equalsIgnoreCase(str)) {
            this.currentRoles.clear();
            return;
        }
        if (ROLE_ALL.equalsIgnoreCase(str)) {
            this.currentRoles.clear();
            this.currentRoles.addAll(getCurrentRoleNamesFromRanger());
            return;
        }
        for (String str2 : getCurrentRoleNamesFromRanger()) {
            if (str2.equalsIgnoreCase(str)) {
                this.currentRoles.clear();
                this.currentRoles.add(str2);
                return;
            }
        }
        if (!ROLE_ADMIN.equalsIgnoreCase(str) || null == this.adminRole) {
            LOG.info("Current user : " + this.currentUserName + ", Current Roles : " + this.currentRoles);
            throw new HiveAccessControlException(this.currentUserName + " doesn't belong to role " + str);
        }
        this.currentRoles.clear();
        this.currentRoles.add(this.adminRole);
    }

    public List<String> getAllRoles() throws HiveAuthzPluginException, HiveAccessControlException {
        LOG.debug("RangerHiveAuthorizer.getAllRoles()");
        boolean z = false;
        RangerAccessResultProcessor rangerHiveAuditHandler = new RangerHiveAuditHandler();
        UserGroupInformation currentUserGroupInfo = getCurrentUserGroupInfo();
        if (currentUserGroupInfo == null) {
            throw new HiveAccessControlException("Permission denied: user information not available");
        }
        String shortUserName = currentUserGroupInfo.getShortUserName();
        List<String> asList = Arrays.asList(shortUserName);
        try {
            try {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== getAllRoles()");
                }
                List<String> allRoles = hivePlugin.getAllRoles(currentUserGroupInfo.getShortUserName(), rangerHiveAuditHandler);
                z = true;
                rangerHiveAuditHandler.processResult(createAuditEvent(hivePlugin, shortUserName, asList, HiveOperationType.SHOW_ROLES, HiveAccessType.SELECT, null, true));
                rangerHiveAuditHandler.flushAudit();
                return allRoles;
            } catch (Exception e) {
                throw new HiveAuthzPluginException(e);
            }
        } catch (Throwable th) {
            rangerHiveAuditHandler.processResult(createAuditEvent(hivePlugin, shortUserName, asList, HiveOperationType.SHOW_ROLES, HiveAccessType.SELECT, null, z));
            rangerHiveAuditHandler.flushAudit();
            throw th;
        }
    }

    public List<HiveRoleGrant> getPrincipalGrantInfoForRole(String str) throws HiveAuthzPluginException, HiveAccessControlException {
        LOG.debug("RangerHiveAuthorizer.getPrincipalGrantInfoForRole()");
        boolean z = false;
        List<String> asList = Arrays.asList(str);
        RangerAccessResultProcessor rangerHiveAuditHandler = new RangerHiveAuditHandler();
        UserGroupInformation currentUserGroupInfo = getCurrentUserGroupInfo();
        if (currentUserGroupInfo == null) {
            throw new HiveAccessControlException("Permission denied: user information not available");
        }
        ArrayList arrayList = new ArrayList();
        String shortUserName = currentUserGroupInfo.getShortUserName();
        List<String> asList2 = Arrays.asList(shortUserName);
        try {
            try {
                RangerRole role = hivePlugin.getRole(currentUserGroupInfo.getShortUserName(), str, rangerHiveAuditHandler);
                for (RangerRole.RoleMember roleMember : role.getRoles()) {
                    HiveRoleGrant hiveRoleGrant = new HiveRoleGrant();
                    hiveRoleGrant.setGrantOption(roleMember.getIsAdmin());
                    hiveRoleGrant.setGrantor(role.getCreatedByUser());
                    hiveRoleGrant.setGrantorType(HivePrincipal.HivePrincipalType.USER.name());
                    hiveRoleGrant.setPrincipalName(roleMember.getName());
                    hiveRoleGrant.setPrincipalType(HivePrincipal.HivePrincipalType.ROLE.toString());
                    hiveRoleGrant.setGrantTime((int) (role.getUpdateTime().getTime() / 1000));
                    arrayList.add(hiveRoleGrant);
                }
                for (RangerRole.RoleMember roleMember2 : role.getGroups()) {
                    HiveRoleGrant hiveRoleGrant2 = new HiveRoleGrant();
                    hiveRoleGrant2.setGrantOption(roleMember2.getIsAdmin());
                    hiveRoleGrant2.setGrantor(role.getCreatedByUser());
                    hiveRoleGrant2.setGrantorType(HivePrincipal.HivePrincipalType.USER.name());
                    hiveRoleGrant2.setPrincipalName(roleMember2.getName());
                    hiveRoleGrant2.setPrincipalType(HivePrincipal.HivePrincipalType.GROUP.toString());
                    hiveRoleGrant2.setGrantTime((int) (role.getUpdateTime().getTime() / 1000));
                    arrayList.add(hiveRoleGrant2);
                }
                for (RangerRole.RoleMember roleMember3 : role.getUsers()) {
                    HiveRoleGrant hiveRoleGrant3 = new HiveRoleGrant();
                    hiveRoleGrant3.setGrantOption(roleMember3.getIsAdmin());
                    hiveRoleGrant3.setGrantor(role.getCreatedByUser());
                    hiveRoleGrant3.setGrantorType(HivePrincipal.HivePrincipalType.USER.name());
                    hiveRoleGrant3.setPrincipalName(roleMember3.getName());
                    hiveRoleGrant3.setPrincipalType(HivePrincipal.HivePrincipalType.USER.toString());
                    hiveRoleGrant3.setGrantTime((int) (role.getUpdateTime().getTime() / 1000));
                    arrayList.add(hiveRoleGrant3);
                }
                z = true;
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== getPrincipalGrantInfoForRole() for role " + role);
                }
                rangerHiveAuditHandler.processResult(createAuditEvent(hivePlugin, shortUserName, asList2, HiveOperationType.SHOW_ROLE_PRINCIPALS, HiveAccessType.SELECT, asList, true));
                rangerHiveAuditHandler.flushAudit();
                return arrayList;
            } catch (Exception e) {
                throw new HiveAuthzPluginException(e);
            }
        } catch (Throwable th) {
            rangerHiveAuditHandler.processResult(createAuditEvent(hivePlugin, shortUserName, asList2, HiveOperationType.SHOW_ROLE_PRINCIPALS, HiveAccessType.SELECT, asList, z));
            rangerHiveAuditHandler.flushAudit();
            throw th;
        }
    }

    public void grantRole(List<HivePrincipal> list, List<String> list2, boolean z, HivePrincipal hivePrincipal) throws HiveAuthzPluginException, HiveAccessControlException {
        LOG.debug("RangerHiveAuthorizerBase.grantRole()");
        boolean z2 = false;
        RangerAccessResultProcessor rangerHiveAuditHandler = new RangerHiveAuditHandler();
        String grantorUsername = getGrantorUsername(hivePrincipal);
        ArrayList arrayList = new ArrayList();
        try {
            try {
                GrantRevokeRoleRequest grantRevokeRoleRequest = new GrantRevokeRoleRequest();
                grantRevokeRoleRequest.setGrantor(grantorUsername);
                grantRevokeRoleRequest.setGrantorGroups(getGrantorGroupNames(hivePrincipal));
                HashSet hashSet = new HashSet();
                HashSet hashSet2 = new HashSet();
                HashSet hashSet3 = new HashSet();
                for (HivePrincipal hivePrincipal2 : list) {
                    switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrincipal$HivePrincipalType[hivePrincipal2.getType().ordinal()]) {
                        case 1:
                            String name = hivePrincipal2.getName();
                            hashSet.add(name);
                            arrayList.add("USER " + name);
                            break;
                        case 2:
                            String name2 = hivePrincipal2.getName();
                            hashSet3.add(name2);
                            arrayList.add("GROUP " + name2);
                            break;
                        case 3:
                            String name3 = hivePrincipal2.getName();
                            hashSet2.add(name3);
                            arrayList.add("ROLE " + name3);
                            break;
                    }
                }
                grantRevokeRoleRequest.setUsers(hashSet);
                grantRevokeRoleRequest.setGroups(hashSet3);
                grantRevokeRoleRequest.setRoles(hashSet2);
                grantRevokeRoleRequest.setGrantOption(Boolean.valueOf(z));
                grantRevokeRoleRequest.setTargetRoles(new HashSet(list2));
                SessionState sessionState = SessionState.get();
                if (sessionState != null) {
                    grantRevokeRoleRequest.setClientIPAddress(sessionState.getUserIpAddress());
                    grantRevokeRoleRequest.setSessionId(sessionState.getSessionId());
                    HiveConf conf = sessionState.getConf();
                    if (conf != null) {
                        grantRevokeRoleRequest.setRequestData(conf.get(HIVE_CONF_VAR_QUERY_STRING));
                    }
                }
                HiveAuthzSessionContext hiveAuthzSessionContext = getHiveAuthzSessionContext();
                if (hiveAuthzSessionContext != null) {
                    grantRevokeRoleRequest.setClientType(hiveAuthzSessionContext.getClientType() == null ? null : hiveAuthzSessionContext.getClientType().toString());
                }
                hivePlugin.grantRole(grantRevokeRoleRequest, rangerHiveAuditHandler);
                z2 = true;
                rangerHiveAuditHandler.processResult(createAuditEvent(hivePlugin, grantorUsername, arrayList, HiveOperationType.GRANT_ROLE, HiveAccessType.ALTER, list2, true));
                rangerHiveAuditHandler.flushAudit();
            } catch (Exception e) {
                throw new HiveAccessControlException(e);
            }
        } catch (Throwable th) {
            rangerHiveAuditHandler.processResult(createAuditEvent(hivePlugin, grantorUsername, arrayList, HiveOperationType.GRANT_ROLE, HiveAccessType.ALTER, list2, z2));
            rangerHiveAuditHandler.flushAudit();
            throw th;
        }
    }

    public void revokeRole(List<HivePrincipal> list, List<String> list2, boolean z, HivePrincipal hivePrincipal) throws HiveAuthzPluginException, HiveAccessControlException {
        LOG.debug("RangerHiveAuthorizerBase.revokeRole()");
        boolean z2 = false;
        RangerAccessResultProcessor rangerHiveAuditHandler = new RangerHiveAuditHandler();
        String grantorUsername = getGrantorUsername(hivePrincipal);
        ArrayList arrayList = new ArrayList();
        try {
            try {
                GrantRevokeRoleRequest grantRevokeRoleRequest = new GrantRevokeRoleRequest();
                grantRevokeRoleRequest.setGrantor(grantorUsername);
                grantRevokeRoleRequest.setGrantorGroups(getGrantorGroupNames(hivePrincipal));
                HashSet hashSet = new HashSet();
                HashSet hashSet2 = new HashSet();
                HashSet hashSet3 = new HashSet();
                for (HivePrincipal hivePrincipal2 : list) {
                    switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrincipal$HivePrincipalType[hivePrincipal2.getType().ordinal()]) {
                        case 1:
                            String name = hivePrincipal2.getName();
                            hashSet.add(name);
                            arrayList.add("USER " + name);
                            break;
                        case 2:
                            String name2 = hivePrincipal2.getName();
                            hashSet3.add(name2);
                            arrayList.add("GROUP " + name2);
                            break;
                        case 3:
                            String name3 = hivePrincipal2.getName();
                            hashSet2.add(name3);
                            arrayList.add("ROLE " + name3);
                            break;
                    }
                }
                grantRevokeRoleRequest.setUsers(hashSet);
                grantRevokeRoleRequest.setGroups(hashSet3);
                grantRevokeRoleRequest.setRoles(hashSet2);
                grantRevokeRoleRequest.setGrantOption(Boolean.valueOf(z));
                grantRevokeRoleRequest.setTargetRoles(new HashSet(list2));
                SessionState sessionState = SessionState.get();
                if (sessionState != null) {
                    grantRevokeRoleRequest.setClientIPAddress(sessionState.getUserIpAddress());
                    grantRevokeRoleRequest.setSessionId(sessionState.getSessionId());
                    HiveConf conf = sessionState.getConf();
                    if (conf != null) {
                        grantRevokeRoleRequest.setRequestData(conf.get(HIVE_CONF_VAR_QUERY_STRING));
                    }
                }
                HiveAuthzSessionContext hiveAuthzSessionContext = getHiveAuthzSessionContext();
                if (hiveAuthzSessionContext != null) {
                    grantRevokeRoleRequest.setClientType(hiveAuthzSessionContext.getClientType() == null ? null : hiveAuthzSessionContext.getClientType().toString());
                }
                LOG.info("revokeRole(): " + grantRevokeRoleRequest);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("revokeRole(): " + grantRevokeRoleRequest);
                }
                hivePlugin.revokeRole(grantRevokeRoleRequest, rangerHiveAuditHandler);
                z2 = true;
                rangerHiveAuditHandler.processResult(createAuditEvent(hivePlugin, grantorUsername, arrayList, HiveOperationType.REVOKE_ROLE, HiveAccessType.ALTER, list2, true));
                rangerHiveAuditHandler.flushAudit();
            } catch (Exception e) {
                throw new HiveAccessControlException(e);
            }
        } catch (Throwable th) {
            rangerHiveAuditHandler.processResult(createAuditEvent(hivePlugin, grantorUsername, arrayList, HiveOperationType.REVOKE_ROLE, HiveAccessType.ALTER, list2, z2));
            rangerHiveAuditHandler.flushAudit();
            throw th;
        }
    }

    public void grantPrivileges(List<HivePrincipal> list, List<HivePrivilege> list2, HivePrivilegeObject hivePrivilegeObject, HivePrincipal hivePrincipal, boolean z) throws HiveAuthzPluginException, HiveAccessControlException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("grantPrivileges() => HivePrivilegeObject:" + ((Object) toString(hivePrivilegeObject, new StringBuilder())) + "grantorPrincipal: " + hivePrincipal + "hivePrincipals" + list + "hivePrivileges" + list2);
        }
        if (!RangerHivePlugin.UpdateXaPoliciesOnGrantRevoke) {
            throw new HiveAuthzPluginException("GRANT/REVOKE not supported in Ranger HiveAuthorizer. Please use Ranger Security Admin to setup access control.");
        }
        RangerAccessResultProcessor rangerHiveAuditHandler = new RangerHiveAuditHandler();
        try {
            try {
                GrantRevokeRequest createGrantRevokeData = createGrantRevokeData(getHiveResource(HiveOperationType.GRANT_PRIVILEGE, hivePrivilegeObject, null, new ArrayList(Arrays.asList(hivePrivilegeObject))), list, list2, hivePrincipal, z);
                LOG.info("grantPrivileges(): " + createGrantRevokeData);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("grantPrivileges(): " + createGrantRevokeData);
                }
                hivePlugin.grantAccess(createGrantRevokeData, rangerHiveAuditHandler);
                rangerHiveAuditHandler.flushAudit();
            } catch (Exception e) {
                throw new HiveAccessControlException(e);
            }
        } catch (Throwable th) {
            rangerHiveAuditHandler.flushAudit();
            throw th;
        }
    }

    public void revokePrivileges(List<HivePrincipal> list, List<HivePrivilege> list2, HivePrivilegeObject hivePrivilegeObject, HivePrincipal hivePrincipal, boolean z) throws HiveAuthzPluginException, HiveAccessControlException {
        if (!RangerHivePlugin.UpdateXaPoliciesOnGrantRevoke) {
            throw new HiveAuthzPluginException("GRANT/REVOKE not supported in Ranger HiveAuthorizer. Please use Ranger Security Admin to setup access control.");
        }
        RangerAccessResultProcessor rangerHiveAuditHandler = new RangerHiveAuditHandler();
        try {
            try {
                GrantRevokeRequest createGrantRevokeData = createGrantRevokeData(getHiveResource(HiveOperationType.REVOKE_PRIVILEGE, hivePrivilegeObject, null, new ArrayList(Arrays.asList(hivePrivilegeObject))), list, list2, hivePrincipal, z);
                LOG.info("revokePrivileges(): " + createGrantRevokeData);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("revokePrivileges(): " + createGrantRevokeData);
                }
                hivePlugin.revokeAccess(createGrantRevokeData, rangerHiveAuditHandler);
                rangerHiveAuditHandler.flushAudit();
            } catch (Exception e) {
                throw new HiveAccessControlException(e);
            }
        } catch (Throwable th) {
            rangerHiveAuditHandler.flushAudit();
            throw th;
        }
    }

    public void checkPrivileges(HiveOperationType hiveOperationType, List<HivePrivilegeObject> list, List<HivePrivilegeObject> list2, HiveAuthzContext hiveAuthzContext) throws HiveAuthzPluginException, HiveAccessControlException {
        UserGroupInformation currentUserGroupInfo = getCurrentUserGroupInfo();
        if (currentUserGroupInfo == null) {
            throw new HiveAccessControlException("Permission denied: user information not available");
        }
        RangerHiveAuditHandler rangerHiveAuditHandler = new RangerHiveAuditHandler();
        try {
            HiveAuthzSessionContext hiveAuthzSessionContext = getHiveAuthzSessionContext();
            String shortUserName = currentUserGroupInfo.getShortUserName();
            HashSet newHashSet = Sets.newHashSet(currentUserGroupInfo.getGroupNames());
            Set<String> currentRoles = getCurrentRoles();
            if (LOG.isDebugEnabled()) {
                LOG.debug(toString(hiveOperationType, list, list2, hiveAuthzContext, hiveAuthzSessionContext));
            }
            if (hiveOperationType == HiveOperationType.DFS) {
                handleDfsCommand(hiveOperationType, list, shortUserName, rangerHiveAuditHandler);
                rangerHiveAuditHandler.flushAudit();
                RangerPerfTracer.log((RangerPerfTracer) null);
                return;
            }
            RangerPerfTracer perfTracer = RangerPerfTracer.isPerfTraceEnabled(PERF_HIVEAUTH_REQUEST_LOG) ? RangerPerfTracer.getPerfTracer(PERF_HIVEAUTH_REQUEST_LOG, "RangerHiveAuthorizer.checkPrivileges(hiveOpType=" + hiveOperationType + ")") : null;
            List<RangerHiveAccessRequest> arrayList = new ArrayList<>();
            if (!CollectionUtils.isEmpty(list)) {
                for (HivePrivilegeObject hivePrivilegeObject : list) {
                    RangerHiveResource hiveResource = getHiveResource(hiveOperationType, hivePrivilegeObject, list, list2);
                    if (hiveResource != null) {
                        String objectName = hivePrivilegeObject.getObjectName();
                        HiveObjectType objectType = hiveResource.getObjectType();
                        if (objectType == HiveObjectType.URI && isPathInFSScheme(objectName)) {
                            FsAction uRIAccessType = getURIAccessType(hiveOperationType);
                            if (!isURIAccessAllowed(shortUserName, uRIAccessType, objectName, getHiveConf())) {
                                throw new HiveAccessControlException(String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]", shortUserName, uRIAccessType.name(), objectName));
                            }
                        } else {
                            HiveAccessType accessType = getAccessType(hivePrivilegeObject, hiveOperationType, objectType, true);
                            if (accessType != HiveAccessType.NONE) {
                                if (!existsByResourceAndAccessType(arrayList, hiveResource, accessType)) {
                                    arrayList.add(new RangerHiveAccessRequest(hiveResource, shortUserName, newHashSet, currentRoles, hiveOperationType, accessType, hiveAuthzContext, hiveAuthzSessionContext));
                                }
                            }
                        }
                    }
                }
            } else if (hiveOperationType == HiveOperationType.SHOWDATABASES) {
                arrayList.add(new RangerHiveAccessRequest(new RangerHiveResource(HiveObjectType.DATABASE, null), shortUserName, newHashSet, currentRoles, hiveOperationType.name(), HiveAccessType.USE, hiveAuthzContext, hiveAuthzSessionContext));
            } else if (hiveOperationType == HiveOperationType.REPLDUMP) {
                HiveObj hiveObj = new HiveObj(hiveAuthzContext);
                String databaseName = hiveObj.getDatabaseName();
                String tableName = hiveObj.getTableName();
                LOG.debug("Database: " + databaseName + " Table: " + tableName);
                arrayList.add(new RangerHiveAccessRequest(!StringUtil.isEmpty(tableName) ? new RangerHiveResource(HiveObjectType.TABLE, databaseName, tableName) : new RangerHiveResource(HiveObjectType.DATABASE, databaseName, null), shortUserName, newHashSet, currentRoles, hiveOperationType.name(), HiveAccessType.REPLADMIN, hiveAuthzContext, hiveAuthzSessionContext));
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("RangerHiveAuthorizer.checkPrivileges: Unexpected operation type[" + hiveOperationType + "] received with empty input objects list!");
            }
            if (!CollectionUtils.isEmpty(list2)) {
                for (HivePrivilegeObject hivePrivilegeObject2 : list2) {
                    RangerHiveResource hiveResource2 = getHiveResource(hiveOperationType, hivePrivilegeObject2, list, list2);
                    if (hiveResource2 != null) {
                        String objectName2 = hivePrivilegeObject2.getObjectName();
                        HiveObjectType objectType2 = hiveResource2.getObjectType();
                        if (objectType2 == HiveObjectType.URI && isPathInFSScheme(objectName2)) {
                            FsAction uRIAccessType2 = getURIAccessType(hiveOperationType);
                            if (!isURIAccessAllowed(shortUserName, uRIAccessType2, objectName2, getHiveConf())) {
                                throw new HiveAccessControlException(String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]", shortUserName, uRIAccessType2.name(), objectName2));
                            }
                        } else {
                            HiveAccessType accessType2 = getAccessType(hivePrivilegeObject2, hiveOperationType, objectType2, false);
                            if (accessType2 != HiveAccessType.NONE) {
                                if (!existsByResourceAndAccessType(arrayList, hiveResource2, accessType2)) {
                                    arrayList.add(new RangerHiveAccessRequest(hiveResource2, shortUserName, newHashSet, currentRoles, hiveOperationType, accessType2, hiveAuthzContext, hiveAuthzSessionContext));
                                }
                            }
                        }
                    }
                }
            } else if (hiveOperationType == HiveOperationType.REPLLOAD) {
                HiveObj hiveObj2 = new HiveObj(hiveAuthzContext);
                String databaseName2 = hiveObj2.getDatabaseName();
                String tableName2 = hiveObj2.getTableName();
                LOG.debug("Database: " + databaseName2 + " Table: " + tableName2);
                arrayList.add(new RangerHiveAccessRequest(!StringUtil.isEmpty(tableName2) ? new RangerHiveResource(HiveObjectType.TABLE, databaseName2, tableName2) : new RangerHiveResource(HiveObjectType.DATABASE, databaseName2, null), shortUserName, newHashSet, currentRoles, hiveOperationType.name(), HiveAccessType.REPLADMIN, hiveAuthzContext, hiveAuthzSessionContext));
            }
            buildRequestContextWithAllAccessedResources(arrayList);
            for (RangerHiveAccessRequest rangerHiveAccessRequest : arrayList) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("request: " + rangerHiveAccessRequest);
                }
                RangerAccessResource rangerAccessResource = (RangerHiveResource) rangerHiveAccessRequest.getResource();
                r27 = null;
                if (rangerAccessResource.getObjectType() == HiveObjectType.COLUMN && StringUtils.contains(rangerAccessResource.getColumn(), ',')) {
                    ArrayList arrayList2 = new ArrayList();
                    String[] split = StringUtils.split(rangerAccessResource.getColumn(), ',');
                    rangerAccessResource.setServiceDef(hivePlugin.getServiceDef());
                    int length = split.length;
                    for (int i = 0; i < length; i++) {
                        String str = split[i];
                        if (str != null) {
                            str = str.trim();
                        }
                        if (!StringUtils.isBlank(str)) {
                            RangerAccessResource rangerHiveResource = new RangerHiveResource(HiveObjectType.COLUMN, rangerAccessResource.getDatabase(), rangerAccessResource.getTable(), str);
                            rangerHiveResource.setOwnerUser(rangerAccessResource.getOwnerUser());
                            RangerHiveAccessRequest copy = rangerHiveAccessRequest.copy();
                            copy.setResource(rangerHiveResource);
                            arrayList2.add(copy);
                        }
                    }
                    Collection<RangerAccessResult> isAccessAllowed = hivePlugin.isAccessAllowed(arrayList2, rangerHiveAuditHandler);
                    if (isAccessAllowed != null) {
                        for (RangerAccessResult rangerAccessResult : isAccessAllowed) {
                            if (rangerAccessResult != null && !rangerAccessResult.getIsAllowed()) {
                                break;
                            }
                        }
                    }
                } else {
                    rangerAccessResult = hivePlugin.isAccessAllowed(rangerHiveAccessRequest, rangerHiveAuditHandler);
                }
                if ((rangerAccessResult == null || rangerAccessResult.getIsAllowed()) && isBlockAccessIfRowfilterColumnMaskSpecified(hiveOperationType, rangerHiveAccessRequest)) {
                    HiveAccessType hiveAccessType = rangerHiveAccessRequest.getHiveAccessType();
                    RangerAccessResource rangerHiveResource2 = new RangerHiveResource(HiveObjectType.TABLE, rangerAccessResource.getDatabase(), rangerAccessResource.getTable());
                    rangerHiveAccessRequest.setHiveAccessType(HiveAccessType.SELECT);
                    rangerHiveAccessRequest.setResource(rangerHiveResource2);
                    RangerAccessResult rowFilterResult = getRowFilterResult(rangerHiveAccessRequest);
                    if (isRowFilterEnabled(rowFilterResult)) {
                        if (rangerAccessResult == null) {
                            rangerAccessResult = new RangerAccessResult(0, rowFilterResult.getServiceName(), rowFilterResult.getServiceDef(), rangerHiveAccessRequest);
                        }
                        rangerAccessResult.setIsAllowed(false);
                        rangerAccessResult.setPolicyId(rowFilterResult.getPolicyId());
                        rangerAccessResult.setReason("User does not have access to all rows of the table");
                    } else {
                        rangerHiveAccessRequest.setResourceMatchingScope(RangerAccessRequest.ResourceMatchingScope.SELF_OR_DESCENDANTS);
                        RangerAccessResult dataMaskResult = getDataMaskResult(rangerHiveAccessRequest);
                        if (isDataMaskEnabled(dataMaskResult)) {
                            if (rangerAccessResult == null) {
                                rangerAccessResult = new RangerAccessResult(0, dataMaskResult.getServiceName(), dataMaskResult.getServiceDef(), rangerHiveAccessRequest);
                            }
                            rangerAccessResult.setIsAllowed(false);
                            rangerAccessResult.setPolicyId(dataMaskResult.getPolicyId());
                            rangerAccessResult.setReason("User does not have access to unmasked column values");
                        }
                    }
                    rangerHiveAccessRequest.setHiveAccessType(hiveAccessType);
                    rangerHiveAccessRequest.setResource(rangerAccessResource);
                    if (rangerAccessResult != null && !rangerAccessResult.getIsAllowed()) {
                        rangerHiveAuditHandler.processResult(rangerAccessResult);
                    }
                }
                if (rangerAccessResult == null || !rangerAccessResult.getIsAllowed()) {
                    String asString = rangerAccessResource.getAsString();
                    throw new HiveAccessControlException(String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]", shortUserName, rangerHiveAccessRequest.getHiveAccessType().name(), asString == null ? "Unknown resource!!" : buildPathForException(asString, hiveOperationType)));
                }
            }
            rangerHiveAuditHandler.flushAudit();
            RangerPerfTracer.log(perfTracer);
        } catch (Throwable th) {
            rangerHiveAuditHandler.flushAudit();
            RangerPerfTracer.log((RangerPerfTracer) null);
            throw th;
        }
    }

    public List<HivePrivilegeObject> filterListCmdObjects(List<HivePrivilegeObject> list, HiveAuthzContext hiveAuthzContext) throws HiveAuthzPluginException, HiveAccessControlException {
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("==> filterListCmdObjects(%s, %s)", list, hiveAuthzContext));
        }
        RangerAccessResultProcessor rangerHiveAuditHandler = new RangerHiveAuditHandler();
        RangerPerfTracer perfTracer = RangerPerfTracer.isPerfTraceEnabled(PERF_HIVEAUTH_REQUEST_LOG) ? RangerPerfTracer.getPerfTracer(PERF_HIVEAUTH_REQUEST_LOG, "RangerHiveAuthorizer.filterListCmdObjects()") : null;
        if (list == null) {
            LOG.debug("filterListCmdObjects: meta objects list was null!");
        } else if (list.isEmpty()) {
            LOG.debug("filterListCmdObjects: meta objects list was empty!");
            r14 = list;
        } else if (getCurrentUserGroupInfo() == null) {
            LOG.warn("filterListCmdObjects: user information not available");
            r14 = list;
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("filterListCmdObjects: number of input objects[" + list.size() + "]");
            }
            UserGroupInformation currentUserGroupInfo = getCurrentUserGroupInfo();
            HiveAuthzSessionContext hiveAuthzSessionContext = getHiveAuthzSessionContext();
            String shortUserName = currentUserGroupInfo.getShortUserName();
            HashSet newHashSet = Sets.newHashSet(currentUserGroupInfo.getGroupNames());
            Set<String> currentRoles = getCurrentRoles();
            if (LOG.isDebugEnabled()) {
                LOG.debug(String.format("filterListCmdObjects: user[%s], groups%s", shortUserName, newHashSet));
            }
            r14 = 0 == 0 ? new ArrayList(list.size()) : null;
            for (HivePrivilegeObject hivePrivilegeObject : list) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug(String.format("filterListCmdObjects: actionType[%s], objectType[%s], objectName[%s], dbName[%s], columns[%s], partitionKeys[%s]; context: commandString[%s], ipAddress[%s]", hivePrivilegeObject.getActionType(), hivePrivilegeObject.getType(), hivePrivilegeObject.getObjectName(), hivePrivilegeObject.getDbname(), hivePrivilegeObject.getColumns(), hivePrivilegeObject.getPartKeys(), hiveAuthzContext == null ? null : hiveAuthzContext.getCommandString(), hiveAuthzContext == null ? null : hiveAuthzContext.getIpAddress()));
                }
                RangerHiveResource createHiveResourceForFiltering = createHiveResourceForFiltering(hivePrivilegeObject);
                if (createHiveResourceForFiltering == null) {
                    LOG.error("filterListCmdObjects: RangerHiveResource returned by createHiveResource is null");
                } else {
                    RangerAccessRequest rangerHiveAccessRequest = new RangerHiveAccessRequest(createHiveResourceForFiltering, shortUserName, newHashSet, currentRoles, hiveAuthzContext, hiveAuthzSessionContext);
                    RangerAccessResult isAccessAllowed = hivePlugin.isAccessAllowed(rangerHiveAccessRequest, rangerHiveAuditHandler);
                    if (isAccessAllowed == null) {
                        LOG.error("filterListCmdObjects: Internal error: null RangerAccessResult object received back from isAccessAllowed()!");
                    } else if (isAccessAllowed.getIsAllowed()) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug(String.format("filterListCmdObjects: access allowed. resource[%s], request[%s], result[%s]", createHiveResourceForFiltering, rangerHiveAccessRequest, isAccessAllowed));
                        }
                        r14.add(hivePrivilegeObject);
                    } else if (!LOG.isDebugEnabled()) {
                        LOG.debug(String.format("filterListCmdObjects: Permission denied: user [%s] does not have [%s] privilege on [%s]. resource[%s], request[%s], result[%s]", shortUserName, rangerHiveAccessRequest.getHiveAccessType().name(), createHiveResourceForFiltering.getAsString(), createHiveResourceForFiltering, rangerHiveAccessRequest, isAccessAllowed));
                    }
                }
            }
        }
        rangerHiveAuditHandler.flushAudit();
        RangerPerfTracer.log(perfTracer);
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("<== filterListCmdObjects: count[%d], ret[%s]", Integer.valueOf(r14 == null ? 0 : r14.size()), r14));
        }
        return r14;
    }

    public List<HivePrivilegeObject> applyRowFilterAndColumnMasking(HiveAuthzContext hiveAuthzContext, List<HivePrivilegeObject> list) throws SemanticException {
        ArrayList arrayList = new ArrayList();
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> applyRowFilterAndColumnMasking(" + hiveAuthzContext + ", objCount=" + list.size() + ")");
        }
        RangerPerfTracer perfTracer = RangerPerfTracer.isPerfTraceEnabled(PERF_HIVEAUTH_REQUEST_LOG) ? RangerPerfTracer.getPerfTracer(PERF_HIVEAUTH_REQUEST_LOG, "RangerHiveAuthorizer.applyRowFilterAndColumnMasking()") : null;
        if (CollectionUtils.isNotEmpty(list)) {
            for (HivePrivilegeObject hivePrivilegeObject : list) {
                HivePrivilegeObject.HivePrivilegeObjectType type = hivePrivilegeObject.getType();
                if (type == null) {
                    type = HivePrivilegeObject.HivePrivilegeObjectType.TABLE_OR_VIEW;
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("applyRowFilterAndColumnMasking(hiveObjType=" + type + ")");
                }
                boolean z = false;
                if (type == HivePrivilegeObject.HivePrivilegeObjectType.TABLE_OR_VIEW) {
                    String dbname = hivePrivilegeObject.getDbname();
                    String objectName = hivePrivilegeObject.getObjectName();
                    String rowFilterExpression = getRowFilterExpression(hiveAuthzContext, dbname, objectName);
                    if (StringUtils.isNotBlank(rowFilterExpression)) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("rowFilter(database=" + dbname + ", table=" + objectName + "): " + rowFilterExpression);
                        }
                        hivePrivilegeObject.setRowFilterExpression(rowFilterExpression);
                        z = true;
                    }
                    if (CollectionUtils.isNotEmpty(hivePrivilegeObject.getColumns())) {
                        ArrayList arrayList2 = new ArrayList();
                        for (String str : hivePrivilegeObject.getColumns()) {
                            boolean addCellValueTransformerAndCheckIfTransformed = addCellValueTransformerAndCheckIfTransformed(hiveAuthzContext, dbname, objectName, str, arrayList2);
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("addCellValueTransformerAndCheckIfTransformed(database=" + dbname + ", table=" + objectName + ", column=" + str + "): " + addCellValueTransformerAndCheckIfTransformed);
                            }
                            z = z || addCellValueTransformerAndCheckIfTransformed;
                        }
                        hivePrivilegeObject.setCellValueTransformers(arrayList2);
                    }
                }
                if (z) {
                    arrayList.add(hivePrivilegeObject);
                }
            }
        }
        RangerPerfTracer.log(perfTracer);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== applyRowFilterAndColumnMasking(" + hiveAuthzContext + ", objCount=" + list.size() + "): retCount=" + arrayList.size());
        }
        return arrayList;
    }

    public boolean needTransform() {
        return true;
    }

    private RangerAccessResult getDataMaskResult(RangerHiveAccessRequest rangerHiveAccessRequest) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> getDataMaskResult(request=" + rangerHiveAccessRequest + ")");
        }
        RangerAccessResult evalDataMaskPolicies = hivePlugin.evalDataMaskPolicies(rangerHiveAccessRequest, null);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== getDataMaskResult(request=" + rangerHiveAccessRequest + "): ret=" + evalDataMaskPolicies);
        }
        return evalDataMaskPolicies;
    }

    private RangerAccessResult getRowFilterResult(RangerHiveAccessRequest rangerHiveAccessRequest) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> getRowFilterResult(request=" + rangerHiveAccessRequest + ")");
        }
        RangerAccessResult evalRowFilterPolicies = hivePlugin.evalRowFilterPolicies(rangerHiveAccessRequest, null);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== getRowFilterResult(request=" + rangerHiveAccessRequest + "): ret=" + evalRowFilterPolicies);
        }
        return evalRowFilterPolicies;
    }

    private boolean isDataMaskEnabled(RangerAccessResult rangerAccessResult) {
        return rangerAccessResult != null && rangerAccessResult.isMaskEnabled();
    }

    private boolean isRowFilterEnabled(RangerAccessResult rangerAccessResult) {
        return rangerAccessResult != null && rangerAccessResult.isRowFilterEnabled() && StringUtils.isNotEmpty(rangerAccessResult.getFilterExpr());
    }

    private String getRowFilterExpression(HiveAuthzContext hiveAuthzContext, String str, String str2) throws SemanticException {
        UserGroupInformation currentUserGroupInfo = getCurrentUserGroupInfo();
        if (currentUserGroupInfo == null) {
            throw new SemanticException("user information not available");
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> getRowFilterExpression(" + str + ", " + str2 + ")");
        }
        String str3 = null;
        RangerAccessResultProcessor rangerHiveAuditHandler = new RangerHiveAuditHandler();
        try {
            HiveAuthzSessionContext hiveAuthzSessionContext = getHiveAuthzSessionContext();
            String shortUserName = currentUserGroupInfo.getShortUserName();
            HashSet newHashSet = Sets.newHashSet(currentUserGroupInfo.getGroupNames());
            Set<String> currentRoles = getCurrentRoles();
            HiveObjectType hiveObjectType = HiveObjectType.TABLE;
            RangerAccessResult evalRowFilterPolicies = hivePlugin.evalRowFilterPolicies(new RangerHiveAccessRequest(new RangerHiveResource(hiveObjectType, str, str2), shortUserName, newHashSet, currentRoles, hiveObjectType.name(), HiveAccessType.SELECT, hiveAuthzContext, hiveAuthzSessionContext), rangerHiveAuditHandler);
            if (isRowFilterEnabled(evalRowFilterPolicies)) {
                str3 = evalRowFilterPolicies.getFilterExpr();
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== getRowFilterExpression(" + str + ", " + str2 + "): " + str3);
            }
            return str3;
        } finally {
            rangerHiveAuditHandler.flushAudit();
        }
    }

    private boolean addCellValueTransformerAndCheckIfTransformed(HiveAuthzContext hiveAuthzContext, String str, String str2, String str3, List<String> list) throws SemanticException {
        UserGroupInformation currentUserGroupInfo = getCurrentUserGroupInfo();
        if (currentUserGroupInfo == null) {
            throw new SemanticException("user information not available");
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> addCellValueTransformerAndCheckIfTransformed(" + str + ", " + str2 + ", " + str3 + ")");
        }
        String str4 = str3;
        RangerAccessResultProcessor rangerHiveAuditHandler = new RangerHiveAuditHandler();
        try {
            HiveAuthzSessionContext hiveAuthzSessionContext = getHiveAuthzSessionContext();
            String shortUserName = currentUserGroupInfo.getShortUserName();
            HashSet newHashSet = Sets.newHashSet(currentUserGroupInfo.getGroupNames());
            Set<String> currentRoles = getCurrentRoles();
            HiveObjectType hiveObjectType = HiveObjectType.COLUMN;
            RangerAccessResult evalDataMaskPolicies = hivePlugin.evalDataMaskPolicies(new RangerHiveAccessRequest(new RangerHiveResource(hiveObjectType, str, str2, str3), shortUserName, newHashSet, currentRoles, hiveObjectType.name(), HiveAccessType.SELECT, hiveAuthzContext, hiveAuthzSessionContext), rangerHiveAuditHandler);
            boolean isDataMaskEnabled = isDataMaskEnabled(evalDataMaskPolicies);
            if (isDataMaskEnabled) {
                String maskType = evalDataMaskPolicies.getMaskType();
                RangerServiceDef.RangerDataMaskTypeDef maskTypeDef = evalDataMaskPolicies.getMaskTypeDef();
                String str5 = null;
                if (maskTypeDef != null) {
                    str5 = maskTypeDef.getTransformer();
                }
                if (StringUtils.equalsIgnoreCase(maskType, "MASK_NULL")) {
                    str4 = "NULL";
                } else if (StringUtils.equalsIgnoreCase(maskType, "CUSTOM")) {
                    String maskedValue = evalDataMaskPolicies.getMaskedValue();
                    str4 = maskedValue == null ? "NULL" : maskedValue.replace("{col}", str3);
                } else if (StringUtils.isNotEmpty(str5)) {
                    str4 = str5.replace("{col}", str3);
                }
            }
            list.add(str4);
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== addCellValueTransformerAndCheckIfTransformed(" + str + ", " + str2 + ", " + str3 + "): " + isDataMaskEnabled);
            }
            return isDataMaskEnabled;
        } finally {
            rangerHiveAuditHandler.flushAudit();
        }
    }

    static RangerHiveResource createHiveResourceForFiltering(HivePrivilegeObject hivePrivilegeObject) {
        RangerHiveResource rangerHiveResource = null;
        HivePrivilegeObject.HivePrivilegeObjectType type = hivePrivilegeObject.getType();
        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[type.ordinal()]) {
            case 1:
            case 2:
                rangerHiveResource = createHiveResource(hivePrivilegeObject);
                break;
            default:
                LOG.warn("RangerHiveAuthorizer.getHiveResourceForFiltering: unexpected objectType:" + type);
                break;
        }
        return rangerHiveResource;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RangerHiveResource createHiveResource(HivePrivilegeObject hivePrivilegeObject) {
        RangerHiveResource rangerHiveResource = null;
        HivePrivilegeObject.HivePrivilegeObjectType type = hivePrivilegeObject.getType();
        String objectName = hivePrivilegeObject.getObjectName();
        String dbname = hivePrivilegeObject.getDbname();
        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[type.ordinal()]) {
            case 1:
                rangerHiveResource = new RangerHiveResource(HiveObjectType.DATABASE, dbname);
                break;
            case 2:
                rangerHiveResource = new RangerHiveResource(HiveObjectType.TABLE, dbname, objectName);
                break;
            case 3:
                List columns = hivePrivilegeObject.getColumns();
                int size = columns == null ? 0 : columns.size();
                if (size != 1) {
                    LOG.warn("RangerHiveAuthorizer.getHiveResource: unexpected number of columns requested:" + size + ", objectType:" + type);
                    break;
                } else {
                    rangerHiveResource = new RangerHiveResource(HiveObjectType.COLUMN, dbname, objectName, (String) columns.get(0));
                    break;
                }
            default:
                LOG.warn("RangerHiveAuthorizer.getHiveResource: unexpected objectType:" + type);
                break;
        }
        if (rangerHiveResource != null) {
            rangerHiveResource.setServiceDef(hivePlugin == null ? null : hivePlugin.getServiceDef());
        }
        return rangerHiveResource;
    }

    private RangerHiveResource getHiveResource(HiveOperationType hiveOperationType, HivePrivilegeObject hivePrivilegeObject, List<HivePrivilegeObject> list, List<HivePrivilegeObject> list2) {
        RangerHiveResource rangerHiveResource = null;
        HiveObjectType objectType = getObjectType(hivePrivilegeObject, hiveOperationType);
        switch (objectType) {
            case DATABASE:
                rangerHiveResource = new RangerHiveResource(objectType, hivePrivilegeObject.getDbname());
                break;
            case TABLE:
            case VIEW:
            case FUNCTION:
                rangerHiveResource = new RangerHiveResource(objectType, hivePrivilegeObject.getDbname(), hivePrivilegeObject.getObjectName());
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Size of inputs = [" + (CollectionUtils.isNotEmpty(list) ? list.size() : 0) + ", Size of outputs = [" + (CollectionUtils.isNotEmpty(list2) ? list2.size() : 0) + "]");
                    break;
                }
                break;
            case PARTITION:
            case INDEX:
                rangerHiveResource = new RangerHiveResource(objectType, hivePrivilegeObject.getDbname(), hivePrivilegeObject.getObjectName());
                break;
            case COLUMN:
                rangerHiveResource = new RangerHiveResource(objectType, hivePrivilegeObject.getDbname(), hivePrivilegeObject.getObjectName(), StringUtils.join(hivePrivilegeObject.getColumns(), ','));
                break;
            case URI:
            case SERVICE_NAME:
                rangerHiveResource = new RangerHiveResource(objectType, hivePrivilegeObject.getObjectName());
                break;
            case GLOBAL:
                rangerHiveResource = new RangerHiveResource(objectType, hivePrivilegeObject.getObjectName());
                break;
        }
        if (rangerHiveResource != null) {
            rangerHiveResource.setServiceDef(hivePlugin == null ? null : hivePlugin.getServiceDef());
        }
        return rangerHiveResource;
    }

    private HiveObjectType getObjectType(HivePrivilegeObject hivePrivilegeObject, HiveOperationType hiveOperationType) {
        HiveObjectType hiveObjectType = HiveObjectType.NONE;
        String lowerCase = hiveOperationType.name().toLowerCase();
        if (hivePrivilegeObject.getType() == null) {
            return HiveObjectType.DATABASE;
        }
        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivilegeObjectType[hivePrivilegeObject.getType().ordinal()]) {
            case 1:
                hiveObjectType = HiveObjectType.DATABASE;
                break;
            case 2:
                if (!lowerCase.contains("index")) {
                    if (!StringUtil.isEmpty(hivePrivilegeObject.getColumns())) {
                        hiveObjectType = HiveObjectType.COLUMN;
                        break;
                    } else if (!lowerCase.contains("view")) {
                        hiveObjectType = HiveObjectType.TABLE;
                        break;
                    } else {
                        hiveObjectType = HiveObjectType.VIEW;
                        break;
                    }
                } else {
                    hiveObjectType = HiveObjectType.INDEX;
                    break;
                }
            case 4:
                hiveObjectType = HiveObjectType.PARTITION;
                break;
            case 5:
                hiveObjectType = HiveObjectType.FUNCTION;
                if (isTempUDFOperation(lowerCase, hivePrivilegeObject)) {
                    hiveObjectType = HiveObjectType.GLOBAL;
                    break;
                }
                break;
            case 6:
            case 7:
                hiveObjectType = HiveObjectType.URI;
                break;
            case 8:
            case 9:
                if ("add".equals(lowerCase) || "compile".equals(lowerCase)) {
                    hiveObjectType = HiveObjectType.GLOBAL;
                    break;
                }
                break;
            case 10:
                hiveObjectType = HiveObjectType.SERVICE_NAME;
                break;
        }
        return hiveObjectType;
    }

    private HiveAccessType getAccessType(HivePrivilegeObject hivePrivilegeObject, HiveOperationType hiveOperationType, HiveObjectType hiveObjectType, boolean z) {
        HiveAccessType hiveAccessType = HiveAccessType.NONE;
        HivePrivilegeObject.HivePrivObjectActionType actionType = hivePrivilegeObject.getActionType();
        if (hiveObjectType == HiveObjectType.URI && z) {
            return HiveAccessType.READ;
        }
        if (hiveObjectType == HiveObjectType.URI && !z) {
            return HiveAccessType.WRITE;
        }
        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrivilegeObject$HivePrivObjectActionType[actionType.ordinal()]) {
            case 1:
            case 2:
            case 3:
            case 4:
                hiveAccessType = HiveAccessType.UPDATE;
                break;
            case 5:
                switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[hiveOperationType.ordinal()]) {
                    case 1:
                        if (hivePrivilegeObject.getType() == HivePrivilegeObject.HivePrivilegeObjectType.DATABASE) {
                            hiveAccessType = HiveAccessType.CREATE;
                            break;
                        }
                        break;
                    case 2:
                        if (hivePrivilegeObject.getType() == HivePrivilegeObject.HivePrivilegeObjectType.FUNCTION) {
                            hiveAccessType = HiveAccessType.CREATE;
                        }
                        if (hiveObjectType == HiveObjectType.GLOBAL) {
                            hiveAccessType = HiveAccessType.TEMPUDFADMIN;
                            break;
                        }
                        break;
                    case 3:
                    case 4:
                    case 5:
                    case 6:
                        if (hivePrivilegeObject.getType() == HivePrivilegeObject.HivePrivilegeObjectType.TABLE_OR_VIEW) {
                            hiveAccessType = z ? HiveAccessType.SELECT : HiveAccessType.CREATE;
                            break;
                        }
                        break;
                    case 7:
                    case 8:
                    case 9:
                    case 10:
                    case 11:
                    case 12:
                    case 13:
                    case 14:
                    case 15:
                    case 16:
                    case 17:
                    case 18:
                    case 19:
                    case 20:
                    case 21:
                    case 22:
                    case 23:
                    case 24:
                    case 25:
                    case 26:
                    case 27:
                    case 28:
                    case 29:
                    case 30:
                    case 31:
                    case 32:
                    case 33:
                    case 34:
                    case 35:
                    case 36:
                    case 37:
                    case 38:
                    case 39:
                    case 40:
                    case 41:
                    case 42:
                    case 43:
                    case COLUMN_SEP /* 44 */:
                    case 45:
                    case 46:
                    case 47:
                    case 48:
                    case 49:
                    case 50:
                    case 51:
                        hiveAccessType = HiveAccessType.ALTER;
                        break;
                    case 52:
                    case 53:
                    case 54:
                    case 55:
                    case 56:
                    case 57:
                        hiveAccessType = HiveAccessType.DROP;
                        break;
                    case 58:
                        hiveAccessType = HiveAccessType.INDEX;
                        break;
                    case 59:
                        hiveAccessType = z ? HiveAccessType.SELECT : HiveAccessType.CREATE;
                        break;
                    case 60:
                    case 61:
                        hiveAccessType = z ? HiveAccessType.SELECT : HiveAccessType.UPDATE;
                        break;
                    case 62:
                    case 63:
                    case 64:
                    case 65:
                        hiveAccessType = HiveAccessType.LOCK;
                        break;
                    case 66:
                    case 67:
                    case 68:
                    case 69:
                    case 70:
                    case 71:
                    case 72:
                        hiveAccessType = HiveAccessType.SELECT;
                        break;
                    case 73:
                    case 74:
                        RangerHivePlugin rangerHivePlugin = hivePlugin;
                        String lower = StringUtil.toLower(RangerHivePlugin.DescribeShowTableAuth);
                        boolean z2 = -1;
                        switch (lower.hashCode()) {
                            case -710905128:
                                if (lower.equals("show-allowed")) {
                                    z2 = false;
                                    break;
                                }
                                break;
                            case -340000047:
                                if (lower.equals("show-all")) {
                                    z2 = 3;
                                    break;
                                }
                                break;
                            case 0:
                                if (lower.equals("")) {
                                    z2 = 2;
                                    break;
                                }
                                break;
                            case 3387192:
                                if (lower.equals("none")) {
                                    z2 = true;
                                    break;
                                }
                                break;
                        }
                        switch (z2) {
                            case false:
                            case true:
                            case true:
                                hiveAccessType = HiveAccessType.SELECT;
                                break;
                            case true:
                                hiveAccessType = HiveAccessType.USE;
                                break;
                        }
                    case 75:
                    case 76:
                    case 77:
                    case 78:
                    case 79:
                        hiveAccessType = HiveAccessType.USE;
                        break;
                    case 80:
                        hiveAccessType = HiveAccessType.UPDATE;
                        break;
                    case 81:
                    case 82:
                        hiveAccessType = HiveAccessType.NONE;
                        break;
                    case 83:
                    case 84:
                    case 85:
                        hiveAccessType = HiveAccessType.REPLADMIN;
                        break;
                    case 86:
                    case 87:
                    case 88:
                    case 89:
                    case 90:
                    case 91:
                    case 92:
                    case 93:
                    case 94:
                    case 95:
                    case 96:
                    case 97:
                    case 98:
                    case 99:
                    case 100:
                    case 101:
                        hiveAccessType = HiveAccessType.SERVICEADMIN;
                        break;
                    case 102:
                    case 103:
                        hiveAccessType = HiveAccessType.TEMPUDFADMIN;
                        break;
                }
        }
        return hiveAccessType;
    }

    private FsAction getURIAccessType(HiveOperationType hiveOperationType) {
        FsAction fsAction = FsAction.NONE;
        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[hiveOperationType.ordinal()]) {
            case 1:
            case 3:
            case 5:
            case 7:
            case 8:
            case 9:
            case 10:
            case 12:
            case 13:
            case 14:
            case 15:
            case 16:
            case 17:
            case 18:
            case 19:
            case 20:
            case 21:
            case 22:
            case 23:
            case 24:
            case 25:
            case 26:
            case 27:
            case 28:
            case 29:
            case 30:
            case 31:
            case 32:
            case 33:
            case 34:
            case 35:
            case 36:
            case 37:
            case 38:
            case 39:
            case 40:
            case 41:
            case 42:
            case 43:
            case COLUMN_SEP /* 44 */:
            case 45:
            case 46:
            case 66:
            case 125:
            case 126:
                fsAction = FsAction.ALL;
                break;
            case 59:
            case 61:
                fsAction = FsAction.READ;
                break;
            case 60:
                fsAction = FsAction.WRITE;
                break;
        }
        return fsAction;
    }

    private String buildPathForException(String str, HiveOperationType hiveOperationType) {
        String str2 = str;
        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[hiveOperationType.ordinal()]) {
            case 66:
                try {
                    str2 = str.substring(0, StringUtils.ordinalIndexOf(str, "/", 2)) + "/*";
                    break;
                } catch (Exception e) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("RangerHiveAuthorizer.buildPathForException(): Error while creating exception message ", e);
                        break;
                    }
                }
                break;
            case 74:
                str2 = str + "/*";
                break;
        }
        return str2;
    }

    private boolean isURIAccessAllowed(String str, FsAction fsAction, String str2, HiveConf hiveConf) {
        boolean z;
        if (fsAction == FsAction.NONE) {
            z = true;
        } else {
            try {
                Path path = new Path(str2);
                FileSystem fileSystem = FileSystem.get(path.toUri(), hiveConf);
                FileStatus[] globStatus = fileSystem.globStatus(path);
                if (globStatus == null || globStatus.length <= 0) {
                    FileUtils.checkFileAccessWithImpersonation(fileSystem, FileUtils.getPathOrParentThatExists(fileSystem, path), fsAction, str);
                    z = true;
                } else {
                    boolean z2 = false;
                    int length = globStatus.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        FileStatus fileStatus = globStatus[i];
                        if (!FileUtils.isOwnerOfFileHierarchy(fileSystem, fileStatus, str) && !FileUtils.isActionPermittedForFileHierarchy(fileSystem, fileStatus, str, fsAction)) {
                            z2 = true;
                            break;
                        }
                        i++;
                    }
                    z = !z2;
                }
            } catch (Exception e) {
                z = false;
                LOG.error("Error getting permissions for " + str2, e);
            }
        }
        return z;
    }

    private boolean isPathInFSScheme(String str) {
        boolean z = false;
        String[] fSScheme = hivePlugin.getFSScheme();
        if (fSScheme != null) {
            int length = fSScheme.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String str2 = fSScheme[i];
                if (!str.isEmpty() && str.startsWith(str2)) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        return z;
    }

    private void handleDfsCommand(HiveOperationType hiveOperationType, List<HivePrivilegeObject> list, String str, RangerHiveAuditHandler rangerHiveAuditHandler) throws HiveAuthzPluginException, HiveAccessControlException {
        String str2 = null;
        if (list != null) {
            for (HivePrivilegeObject hivePrivilegeObject : list) {
                if (hivePrivilegeObject.getType() == HivePrivilegeObject.HivePrivilegeObjectType.COMMAND_PARAMS) {
                    str2 = StringUtil.toString(hivePrivilegeObject.getCommandParams());
                    if (!StringUtil.isEmpty(str2)) {
                        break;
                    }
                }
            }
        }
        int i = -1;
        String str3 = null;
        if (hivePlugin != null) {
            i = hivePlugin.getServiceDefId();
            str3 = hivePlugin.getServiceName();
        }
        rangerHiveAuditHandler.logAuditEventForDfs(str, str2, false, i, str3);
        throw new HiveAccessControlException(String.format("Permission denied: user [%s] does not have privilege for [%s] command", str, hiveOperationType.name()));
    }

    private boolean existsByResourceAndAccessType(Collection<RangerHiveAccessRequest> collection, RangerHiveResource rangerHiveResource, HiveAccessType hiveAccessType) {
        boolean z = false;
        if (collection != null && rangerHiveResource != null) {
            Iterator<RangerHiveAccessRequest> it = collection.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RangerHiveAccessRequest next = it.next();
                if (next.getHiveAccessType() == hiveAccessType && next.getResource().equals(rangerHiveResource)) {
                    z = true;
                    break;
                }
            }
        }
        return z;
    }

    private String getGrantorUsername(HivePrincipal hivePrincipal) {
        String name = hivePrincipal != null ? hivePrincipal.getName() : null;
        if (StringUtil.isEmpty(name)) {
            UserGroupInformation currentUserGroupInfo = getCurrentUserGroupInfo();
            name = currentUserGroupInfo != null ? currentUserGroupInfo.getShortUserName() : null;
        }
        return name;
    }

    private Set<String> getGrantorGroupNames(HivePrincipal hivePrincipal) {
        HashSet hashSet = null;
        String name = hivePrincipal != null ? hivePrincipal.getName() : null;
        UserGroupInformation currentUserGroupInfo = StringUtil.isEmpty(name) ? getCurrentUserGroupInfo() : UserGroupInformation.createRemoteUser(name);
        String[] groupNames = currentUserGroupInfo != null ? currentUserGroupInfo.getGroupNames() : null;
        if (groupNames != null && groupNames.length > 0) {
            hashSet = new HashSet(Arrays.asList(groupNames));
        }
        return hashSet;
    }

    private GrantRevokeRequest createGrantRevokeData(RangerHiveResource rangerHiveResource, List<HivePrincipal> list, List<HivePrivilege> list2, HivePrincipal hivePrincipal, boolean z) throws HiveAccessControlException {
        if (rangerHiveResource == null || !(rangerHiveResource.getObjectType() == HiveObjectType.DATABASE || rangerHiveResource.getObjectType() == HiveObjectType.TABLE || rangerHiveResource.getObjectType() == HiveObjectType.VIEW || rangerHiveResource.getObjectType() == HiveObjectType.COLUMN)) {
            throw new HiveAccessControlException("grant/revoke: unexpected object type '" + (rangerHiveResource == null ? null : rangerHiveResource.getObjectType().name()));
        }
        GrantRevokeRequest grantRevokeRequest = new GrantRevokeRequest();
        grantRevokeRequest.setGrantor(getGrantorUsername(hivePrincipal));
        grantRevokeRequest.setGrantorGroups(getGrantorGroupNames(hivePrincipal));
        grantRevokeRequest.setDelegateAdmin(z ? Boolean.TRUE : Boolean.FALSE);
        grantRevokeRequest.setEnableAudit(Boolean.TRUE);
        grantRevokeRequest.setReplaceExistingPermissions(Boolean.FALSE);
        String database = StringUtils.isEmpty(rangerHiveResource.getDatabase()) ? "*" : rangerHiveResource.getDatabase();
        String table = StringUtils.isEmpty(rangerHiveResource.getTable()) ? "*" : rangerHiveResource.getTable();
        String column = StringUtils.isEmpty(rangerHiveResource.getColumn()) ? "*" : rangerHiveResource.getColumn();
        HashMap hashMap = new HashMap();
        hashMap.put("database", database);
        hashMap.put("table", table);
        hashMap.put("column", column);
        grantRevokeRequest.setOwnerUser(rangerHiveResource.getOwnerUser());
        grantRevokeRequest.setResource(hashMap);
        SessionState sessionState = SessionState.get();
        if (sessionState != null) {
            grantRevokeRequest.setClientIPAddress(sessionState.getUserIpAddress());
            grantRevokeRequest.setSessionId(sessionState.getSessionId());
            HiveConf conf = sessionState.getConf();
            if (conf != null) {
                grantRevokeRequest.setRequestData(conf.get(HIVE_CONF_VAR_QUERY_STRING));
            }
        }
        HiveAuthzSessionContext hiveAuthzSessionContext = getHiveAuthzSessionContext();
        if (hiveAuthzSessionContext != null) {
            grantRevokeRequest.setClientType(hiveAuthzSessionContext.getClientType() == null ? null : hiveAuthzSessionContext.getClientType().toString());
        }
        for (HivePrincipal hivePrincipal2 : list) {
            switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HivePrincipal$HivePrincipalType[hivePrincipal2.getType().ordinal()]) {
                case 1:
                    grantRevokeRequest.getUsers().add(hivePrincipal2.getName());
                    break;
                case 2:
                    grantRevokeRequest.getGroups().add(hivePrincipal2.getName());
                    break;
                case 3:
                    grantRevokeRequest.getRoles().add(hivePrincipal2.getName());
                    break;
            }
        }
        Iterator<HivePrivilege> it = list2.iterator();
        while (it.hasNext()) {
            String name = it.next().getName();
            if (StringUtils.equalsIgnoreCase(name, HiveAccessType.ALL.name()) || StringUtils.equalsIgnoreCase(name, HiveAccessType.ALTER.name()) || StringUtils.equalsIgnoreCase(name, HiveAccessType.CREATE.name()) || StringUtils.equalsIgnoreCase(name, HiveAccessType.DROP.name()) || StringUtils.equalsIgnoreCase(name, HiveAccessType.INDEX.name()) || StringUtils.equalsIgnoreCase(name, HiveAccessType.LOCK.name()) || StringUtils.equalsIgnoreCase(name, HiveAccessType.SELECT.name()) || StringUtils.equalsIgnoreCase(name, HiveAccessType.UPDATE.name())) {
                grantRevokeRequest.getAccessTypes().add(name.toLowerCase());
            } else if (StringUtils.equalsIgnoreCase(name, "Insert") || StringUtils.equalsIgnoreCase(name, "Delete")) {
                grantRevokeRequest.getAccessTypes().add(HiveAccessType.UPDATE.name().toLowerCase());
            } else {
                LOG.warn("grant/revoke: unexpected privilege type '" + name + "'. Ignored");
            }
        }
        return grantRevokeRequest;
    }

    @Override // org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerBase
    public List<HivePrivilegeInfo> showPrivileges(HivePrincipal hivePrincipal, HivePrivilegeObject hivePrivilegeObject) throws HiveAuthzPluginException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerHiveAuthorizer.showPrivileges ==>  principal: " + hivePrincipal + "HivePrivilegeObject : " + hivePrivilegeObject.getObjectName());
        }
        if (hivePlugin == null) {
            new HiveAuthzPluginException("RangerHiveAuthorizer.showPrivileges error: hivePlugin is null");
        }
        try {
            if (AuthorizationUtils.getThriftHiveObjectRef(hivePrivilegeObject).getDbName() == null) {
                throw new HiveAuthzPluginException("RangerHiveAuthorizer.showPrivileges() only supports SHOW PRIVILEGES for Hive resources and not user level");
            }
            List<HivePrivilegeInfo> hivePrivilegeInfos = getHivePrivilegeInfos(hivePrincipal, hivePrivilegeObject);
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RangerHiveAuthorizer.showPrivileges() Result: " + hivePrivilegeInfos);
            }
            return hivePrivilegeInfos;
        } catch (Exception e) {
            LOG.error("RangerHiveAuthorizer.showPrivileges() error", e);
            throw new HiveAuthzPluginException("RangerHiveAuthorizer.showPrivileges() error: " + e.getMessage(), e);
        }
    }

    private HivePrivilegeObject.HivePrivilegeObjectType getPluginPrivilegeObjType(org.apache.hadoop.hive.metastore.api.HiveObjectType hiveObjectType) {
        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$metastore$api$HiveObjectType[hiveObjectType.ordinal()]) {
            case 1:
                return HivePrivilegeObject.HivePrivilegeObjectType.DATABASE;
            case 2:
                return HivePrivilegeObject.HivePrivilegeObjectType.TABLE_OR_VIEW;
            default:
                throw new AssertionError("Unexpected object type " + hiveObjectType);
        }
    }

    static HiveObjectRef getThriftHiveObjectRef(HivePrivilegeObject hivePrivilegeObject) throws HiveAuthzPluginException {
        try {
            return AuthorizationUtils.getThriftHiveObjectRef(hivePrivilegeObject);
        } catch (HiveException e) {
            throw new HiveAuthzPluginException(e);
        }
    }

    private RangerRequestedResources buildRequestContextWithAllAccessedResources(List<RangerHiveAccessRequest> list) {
        RangerRequestedResources rangerRequestedResources = new RangerRequestedResources();
        for (RangerHiveAccessRequest rangerHiveAccessRequest : list) {
            RangerAccessRequestUtil.setRequestedResourcesInContext(rangerHiveAccessRequest.getContext(), rangerRequestedResources);
            RangerHiveResource resource = rangerHiveAccessRequest.getResource();
            if (resource.getObjectType() == HiveObjectType.COLUMN && StringUtils.contains(resource.getColumn(), ',')) {
                String[] split = StringUtils.split(resource.getColumn(), ',');
                resource.setServiceDef(hivePlugin.getServiceDef());
                int length = split.length;
                for (int i = 0; i < length; i++) {
                    String str = split[i];
                    if (str != null) {
                        str = str.trim();
                    }
                    if (!StringUtils.isBlank(str)) {
                        RangerHiveResource rangerHiveResource = new RangerHiveResource(HiveObjectType.COLUMN, resource.getDatabase(), resource.getTable(), str);
                        rangerHiveResource.setOwnerUser(resource.getOwnerUser());
                        rangerHiveResource.setServiceDef(hivePlugin.getServiceDef());
                        rangerRequestedResources.addRequestedResource(rangerHiveResource);
                    }
                }
            } else {
                resource.setServiceDef(hivePlugin.getServiceDef());
                rangerRequestedResources.addRequestedResource(resource);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("RangerHiveAuthorizer.buildRequestContextWithAllAccessedResources() - " + rangerRequestedResources);
        }
        return rangerRequestedResources;
    }

    private boolean isBlockAccessIfRowfilterColumnMaskSpecified(HiveOperationType hiveOperationType, RangerHiveAccessRequest rangerHiveAccessRequest) {
        boolean z = false;
        HiveObjectType objectType = rangerHiveAccessRequest.getResource().getObjectType();
        if (objectType == HiveObjectType.TABLE || objectType == HiveObjectType.VIEW || objectType == HiveObjectType.COLUMN) {
            z = hiveOperationType == HiveOperationType.EXPORT;
            if (!z && rangerHiveAccessRequest.getHiveAccessType() == HiveAccessType.UPDATE) {
                RangerHivePlugin rangerHivePlugin = hivePlugin;
                if (RangerHivePlugin.BlockUpdateIfRowfilterColumnMaskSpecified) {
                    z = true;
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("isBlockAccessIfRowfilterColumnMaskSpecified(" + hiveOperationType + ", " + rangerHiveAccessRequest + "): " + z);
        }
        return z;
    }

    private boolean isTempUDFOperation(String str, HivePrivilegeObject hivePrivilegeObject) {
        boolean z = false;
        if ((str.contains("createfunction") || str.contains("dropfunction")) && StringUtils.isEmpty(hivePrivilegeObject.getDbname())) {
            z = true;
        }
        return z;
    }

    private List<HivePrivilegeInfo> getHivePrivilegeInfos(HivePrincipal hivePrincipal, HivePrivilegeObject hivePrivilegeObject) throws HiveAuthzPluginException {
        ArrayList arrayList = new ArrayList();
        try {
            HiveObjectRef thriftHiveObjectRef = AuthorizationUtils.getThriftHiveObjectRef(hivePrivilegeObject);
            if (thriftHiveObjectRef != null && thriftHiveObjectRef.getDbName() != null) {
                HivePrivilegeObject.HivePrivilegeObjectType pluginPrivilegeObjType = getPluginPrivilegeObjType(thriftHiveObjectRef.getObjectType());
                String dbName = thriftHiveObjectRef.getDbName();
                String objectName = thriftHiveObjectRef.getObjectName();
                String str = thriftHiveObjectRef.getColumnName() == null ? new String() : thriftHiveObjectRef.getColumnName();
                List<String> arrayList2 = thriftHiveObjectRef.getPartValues() == null ? new ArrayList<>() : thriftHiveObjectRef.getPartValues();
                RangerResourceACLs rangerResourceACLs = getRangerResourceACLs(new HivePrivilegeObject(pluginPrivilegeObjType, dbName, objectName));
                if (rangerResourceACLs != null) {
                    Map<String, Map<String, RangerResourceACLs.AccessResult>> userACLs = rangerResourceACLs.getUserACLs();
                    Map<String, Map<String, RangerResourceACLs.AccessResult>> groupACLs = rangerResourceACLs.getGroupACLs();
                    Map<String, Map<String, RangerResourceACLs.AccessResult>> roleACLs = rangerResourceACLs.getRoleACLs();
                    Map<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> convertRangerACLsToHiveACLs = convertRangerACLsToHiveACLs(userACLs);
                    Map<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> convertRangerACLsToHiveACLs2 = convertRangerACLsToHiveACLs(groupACLs);
                    Map<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> convertRangerACLsToHiveACLs3 = convertRangerACLsToHiveACLs(roleACLs);
                    if (hivePrincipal == null) {
                        for (String str2 : userACLs.keySet()) {
                            HivePrincipal hivePrincipal2 = new HivePrincipal(str2, HivePrincipal.HivePrincipalType.USER);
                            Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult> map = convertRangerACLsToHiveACLs.get(str2);
                            if (map != null) {
                                Map<String, RangerResourceACLs.AccessResult> map2 = userACLs.get(str2);
                                for (HiveResourceACLs.Privilege privilege : map.keySet()) {
                                    RangerPolicy rangerPolicy = getRangerPolicy(map2, privilege.name());
                                    if (rangerPolicy != null) {
                                        arrayList.add(createHivePrivilegeInfo(hivePrincipal2, pluginPrivilegeObjType, dbName, objectName, str, arrayList2, getPermission(privilege, map2, rangerPolicy), rangerPolicy));
                                    }
                                }
                            }
                        }
                        for (String str3 : groupACLs.keySet()) {
                            HivePrincipal hivePrincipal3 = new HivePrincipal(str3, HivePrincipal.HivePrincipalType.GROUP);
                            Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult> map3 = convertRangerACLsToHiveACLs2.get(str3);
                            if (map3 != null) {
                                Map<String, RangerResourceACLs.AccessResult> map4 = groupACLs.get(str3);
                                for (HiveResourceACLs.Privilege privilege2 : map3.keySet()) {
                                    RangerPolicy rangerPolicy2 = getRangerPolicy(map4, privilege2.name());
                                    if (rangerPolicy2 != null) {
                                        arrayList.add(createHivePrivilegeInfo(hivePrincipal3, pluginPrivilegeObjType, dbName, objectName, str, arrayList2, getPermission(privilege2, map4, rangerPolicy2), rangerPolicy2));
                                    }
                                }
                            }
                        }
                        for (String str4 : roleACLs.keySet()) {
                            HivePrincipal hivePrincipal4 = new HivePrincipal(str4, HivePrincipal.HivePrincipalType.ROLE);
                            Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult> map5 = convertRangerACLsToHiveACLs3.get(str4);
                            if (map5 != null) {
                                Map<String, RangerResourceACLs.AccessResult> map6 = roleACLs.get(str4);
                                for (HiveResourceACLs.Privilege privilege3 : map5.keySet()) {
                                    RangerPolicy rangerPolicy3 = getRangerPolicy(map6, privilege3.name());
                                    if (rangerPolicy3 != null) {
                                        arrayList.add(createHivePrivilegeInfo(hivePrincipal4, pluginPrivilegeObjType, dbName, objectName, str, arrayList2, getPermission(privilege3, map6, rangerPolicy3), rangerPolicy3));
                                    }
                                }
                            }
                        }
                    } else if (hivePrincipal.getType() == HivePrincipal.HivePrincipalType.USER) {
                        String name = hivePrincipal.getName();
                        Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult> map7 = convertRangerACLsToHiveACLs.get(name);
                        if (map7 != null) {
                            Map<String, RangerResourceACLs.AccessResult> map8 = userACLs.get(name);
                            for (HiveResourceACLs.Privilege privilege4 : map7.keySet()) {
                                RangerPolicy rangerPolicy4 = getRangerPolicy(map8, privilege4.name());
                                if (rangerPolicy4 != null) {
                                    arrayList.add(createHivePrivilegeInfo(hivePrincipal, pluginPrivilegeObjType, dbName, objectName, str, arrayList2, getPermission(privilege4, map8, rangerPolicy4), rangerPolicy4));
                                }
                            }
                        }
                        for (String str5 : getPrincipalGroup(name)) {
                            Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult> map9 = convertRangerACLsToHiveACLs2.get(str5);
                            if (map9 != null) {
                                Map<String, RangerResourceACLs.AccessResult> map10 = groupACLs.get(str5);
                                for (HiveResourceACLs.Privilege privilege5 : map9.keySet()) {
                                    RangerPolicy rangerPolicy5 = getRangerPolicy(map10, privilege5.name());
                                    if (rangerPolicy5 != null) {
                                        arrayList.add(createHivePrivilegeInfo(hivePrincipal, pluginPrivilegeObjType, dbName, objectName, str, arrayList2, getPermission(privilege5, map10, rangerPolicy5), rangerPolicy5));
                                    }
                                }
                            }
                        }
                    } else if (hivePrincipal.getType() == HivePrincipal.HivePrincipalType.ROLE) {
                        String name2 = hivePrincipal.getName();
                        Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult> map11 = convertRangerACLsToHiveACLs3.get(name2);
                        if (map11 != null) {
                            Map<String, RangerResourceACLs.AccessResult> map12 = roleACLs.get(name2);
                            for (HiveResourceACLs.Privilege privilege6 : map11.keySet()) {
                                RangerPolicy rangerPolicy6 = getRangerPolicy(map12, privilege6.name());
                                if (rangerPolicy6 != null) {
                                    arrayList.add(createHivePrivilegeInfo(hivePrincipal, pluginPrivilegeObjType, dbName, objectName, str, arrayList2, getPermission(privilege6, map12, rangerPolicy6), rangerPolicy6));
                                }
                            }
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e) {
            throw new HiveAuthzPluginException("hive showPrivileges: " + e.getMessage(), e);
        }
    }

    private RangerPolicy getRangerPolicy(Map<String, RangerResourceACLs.AccessResult> map, String str) {
        RangerResourceACLs.AccessResult accessResult;
        RangerPolicy rangerPolicy = null;
        if (MapUtils.isNotEmpty(map) && (accessResult = map.get(str.toLowerCase())) != null) {
            rangerPolicy = accessResult.getPolicy();
        }
        return rangerPolicy;
    }

    private HivePrivilegeInfo createHivePrivilegeInfo(HivePrincipal hivePrincipal, HivePrivilegeObject.HivePrivilegeObjectType hivePrivilegeObjectType, String str, String str2, String str3, List<String> list, String str4, RangerPolicy rangerPolicy) {
        int i = 0;
        boolean z = false;
        for (RangerPolicy.RangerPolicyItem rangerPolicyItem : rangerPolicy.getPolicyItems()) {
            List accesses = rangerPolicyItem.getAccesses();
            List users = rangerPolicyItem.getUsers();
            List groups = rangerPolicyItem.getGroups();
            ArrayList arrayList = new ArrayList();
            Iterator it = accesses.iterator();
            while (it.hasNext()) {
                arrayList.add(((RangerPolicy.RangerPolicyItemAccess) it.next()).getType());
            }
            if (arrayList.contains(str4.toLowerCase()) && (users.contains(hivePrincipal.getName()) || groups.contains(hivePrincipal.getName()))) {
                i = rangerPolicy.getCreateTime() == null ? i : (int) (rangerPolicy.getCreateTime().getTime() / 1000);
                z = rangerPolicyItem.getDelegateAdmin() == null ? z : rangerPolicyItem.getDelegateAdmin().booleanValue();
            }
        }
        return new HivePrivilegeInfo(hivePrincipal, new HivePrivilege(str4, (List) null), new HivePrivilegeObject(hivePrivilegeObjectType, str, str2, list, str3), new HivePrincipal(DEFAULT_RANGER_POLICY_GRANTOR, HivePrincipal.HivePrincipalType.USER), z, i);
    }

    private Set<String> getPrincipalGroup(String str) {
        return Sets.newHashSet(UserGroupInformation.createRemoteUser(str).getGroupNames());
    }

    private RangerResourceACLs getRangerResourceACLs(HivePrivilegeObject hivePrivilegeObject) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerHivePolicyProvider.getRangerResourceACLs:[" + hivePrivilegeObject + "]");
        }
        RangerResourceACLs resourceACLs = hivePlugin.getResourceACLs(new RangerAccessRequestImpl(createHiveResource(hivePrivilegeObject), "_any", (String) null, (Set) null, (Set) null));
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerHivePolicyProvider.getRangerResourceACLs:[" + hivePrivilegeObject + "], Computed ACLS:[" + resourceACLs + "]");
        }
        return resourceACLs;
    }

    private Map<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> convertRangerACLsToHiveACLs(Map<String, Map<String, RangerResourceACLs.AccessResult>> map) {
        HashMap hashMap = new HashMap();
        if (MapUtils.isNotEmpty(map)) {
            HashSet hashSet = new HashSet();
            for (HiveResourceACLs.Privilege privilege : HiveResourceACLs.Privilege.values()) {
                hashSet.add(privilege.name().toLowerCase());
            }
            for (Map.Entry<String, Map<String, RangerResourceACLs.AccessResult>> entry : map.entrySet()) {
                HashMap hashMap2 = new HashMap();
                hashMap.put(entry.getKey(), hashMap2);
                for (Map.Entry<String, RangerResourceACLs.AccessResult> entry2 : entry.getValue().entrySet()) {
                    if (hashSet.contains(entry2.getKey())) {
                        HiveResourceACLs.Privilege valueOf = HiveResourceACLs.Privilege.valueOf(StringUtils.upperCase(entry2.getKey()));
                        int result = entry2.getValue().getResult();
                        hashMap2.put(valueOf, result == RangerPolicyEvaluator.ACCESS_ALLOWED.intValue() ? HiveResourceACLs.AccessResult.ALLOWED : result == RangerPolicyEvaluator.ACCESS_DENIED.intValue() ? HiveResourceACLs.AccessResult.NOT_ALLOWED : result == RangerPolicyEvaluator.ACCESS_CONDITIONAL.intValue() ? HiveResourceACLs.AccessResult.CONDITIONAL_ALLOWED : HiveResourceACLs.AccessResult.NOT_ALLOWED);
                    }
                }
            }
        }
        return hashMap;
    }

    private String getPermission(HiveResourceACLs.Privilege privilege, Map<String, RangerResourceACLs.AccessResult> map, RangerPolicy rangerPolicy) {
        String name = privilege.name();
        int checkACLIsAllowed = checkACLIsAllowed(privilege, map);
        if (checkACLIsAllowed > RangerPolicyEvaluator.ACCESS_DENIED.intValue() && rangerPolicy != null) {
            if (checkACLIsAllowed == RangerPolicyEvaluator.ACCESS_UNDETERMINED.intValue()) {
                name = name + " (ACCESS_UNDETERMINED)";
            } else if (checkACLIsAllowed == RangerPolicyEvaluator.ACCESS_CONDITIONAL.intValue()) {
                name = name + " (ACCESS_CONDITIONAL)";
            }
        }
        return name;
    }

    private int checkACLIsAllowed(HiveResourceACLs.Privilege privilege, Map<String, RangerResourceACLs.AccessResult> map) {
        int i = -1;
        RangerResourceACLs.AccessResult accessResult = map.get(privilege.name().toLowerCase());
        if (accessResult != null) {
            i = accessResult.getResult();
        }
        return i;
    }

    private String toString(HiveOperationType hiveOperationType, List<HivePrivilegeObject> list, List<HivePrivilegeObject> list2, HiveAuthzContext hiveAuthzContext, HiveAuthzSessionContext hiveAuthzSessionContext) {
        StringBuilder sb = new StringBuilder();
        sb.append("'checkPrivileges':{");
        sb.append("'hiveOpType':").append(hiveOperationType);
        sb.append(", 'inputHObjs':[");
        toString(list, sb);
        sb.append("]");
        sb.append(", 'outputHObjs':[");
        toString(list2, sb);
        sb.append("]");
        sb.append(", 'context':{");
        sb.append("'clientType':").append(hiveAuthzSessionContext == null ? null : hiveAuthzSessionContext.getClientType());
        sb.append(", 'commandString':").append(hiveAuthzContext == null ? "null" : hiveAuthzContext.getCommandString());
        sb.append(", 'ipAddress':").append(hiveAuthzContext == null ? "null" : hiveAuthzContext.getIpAddress());
        sb.append(", 'forwardedAddresses':").append(hiveAuthzContext == null ? "null" : StringUtils.join(hiveAuthzContext.getForwardedAddresses(), ", "));
        sb.append(", 'sessionString':").append(hiveAuthzSessionContext == null ? "null" : hiveAuthzSessionContext.getSessionString());
        sb.append("}");
        sb.append(", 'user':").append(getCurrentUserGroupInfo().getUserName());
        sb.append(", 'groups':[").append(StringUtil.toString(getCurrentUserGroupInfo().getGroupNames())).append("]");
        sb.append("}");
        return sb.toString();
    }

    private StringBuilder toString(List<HivePrivilegeObject> list, StringBuilder sb) {
        if (list != null && list.size() > 0) {
            toString(list.get(0), sb);
            for (int i = 1; i < list.size(); i++) {
                sb.append(",");
                toString(list.get(i), sb);
            }
        }
        return sb;
    }

    private StringBuilder toString(HivePrivilegeObject hivePrivilegeObject, StringBuilder sb) {
        sb.append("'HivePrivilegeObject':{");
        sb.append("'type':").append(hivePrivilegeObject.getType().toString());
        sb.append(", 'dbName':").append(hivePrivilegeObject.getDbname());
        sb.append(", 'objectType':").append(hivePrivilegeObject.getType());
        sb.append(", 'objectName':").append(hivePrivilegeObject.getObjectName());
        sb.append(", 'columns':[").append(StringUtil.toString(hivePrivilegeObject.getColumns())).append("]");
        sb.append(", 'partKeys':[").append(StringUtil.toString(hivePrivilegeObject.getPartKeys())).append("]");
        sb.append(", 'commandParams':[").append(StringUtil.toString(hivePrivilegeObject.getCommandParams())).append("]");
        sb.append(", 'actionType':").append(hivePrivilegeObject.getActionType().toString());
        sb.append("}");
        return sb;
    }

    private RangerAccessResult createAuditEvent(RangerHivePlugin rangerHivePlugin, String str, List<String> list, HiveOperationType hiveOperationType, HiveAccessType hiveAccessType, List<String> list2, boolean z) {
        return createRangerHiveAccessResult(rangerHivePlugin, str, createRangerHiveAccessRequest(str, list, hiveOperationType, hiveAccessType, list2), z);
    }

    private RangerHiveAccessRequest createRangerHiveAccessRequest(String str, List<String> list, HiveOperationType hiveOperationType, HiveAccessType hiveAccessType, List<String> list2) {
        HiveAuthzContext.Builder builder = new HiveAuthzContext.Builder();
        String commandString = getCommandString(hiveOperationType, createUserString(list), createRoleString(list2));
        builder.setCommandString(commandString != null ? commandString : "");
        RangerHiveAccessRequest rangerHiveAccessRequest = new RangerHiveAccessRequest(new RangerHiveResource(HiveObjectType.GLOBAL, "*"), str, (Set<String>) null, (Set<String>) null, hiveOperationType, hiveAccessType, builder.build(), (HiveAuthzSessionContext) null);
        rangerHiveAccessRequest.setClusterName(hivePlugin.getClusterName());
        rangerHiveAccessRequest.setAction(hiveOperationType.name());
        rangerHiveAccessRequest.setClientIPAddress(getRemoteIp());
        rangerHiveAccessRequest.setRemoteIPAddress(getRemoteIp());
        return rangerHiveAccessRequest;
    }

    private RangerAccessResult createRangerHiveAccessResult(RangerHivePlugin rangerHivePlugin, String str, RangerHiveAccessRequest rangerHiveAccessRequest, boolean z) {
        String serviceName = rangerHivePlugin.getServiceName();
        RangerServiceDef serviceDef = rangerHivePlugin.getServiceDef();
        String format = String.format("%s is not an Admin", str);
        if (z) {
            format = String.format("%s is Admin", str);
        }
        RangerAccessResult rangerAccessResult = new RangerAccessResult(0, serviceName, serviceDef, rangerHiveAccessRequest);
        rangerAccessResult.setIsAccessDetermined(true);
        rangerAccessResult.setIsAudited(true);
        rangerAccessResult.setIsAllowed(z);
        rangerAccessResult.setAuditPolicyId(-1L);
        rangerAccessResult.setPolicyId(-1L);
        rangerAccessResult.setPolicyPriority(0);
        rangerAccessResult.setZoneName((String) null);
        rangerAccessResult.setPolicyVersion((Long) null);
        rangerAccessResult.setReason(format);
        rangerAccessResult.setAdditionalInfo(MapUtils.EMPTY_MAP);
        return rangerAccessResult;
    }

    private String getCommandString(HiveOperationType hiveOperationType, String str, String str2) {
        String str3 = "";
        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$ql$security$authorization$plugin$HiveOperationType[hiveOperationType.ordinal()]) {
            case 106:
                str3 = String.format(CMD_CREATE_ROLE, str2);
                break;
            case 110:
                str3 = String.format(CMD_DROP_ROLE, str2);
                break;
            case 112:
                str3 = String.format(CMD_GRANT_ROLE, str2, str);
                break;
            case 113:
                str3 = String.format(CMD_REVOKE_ROLE, str, str2);
                break;
            case 121:
                str3 = CMD_SHOW_ROLES;
                break;
            case 122:
                str3 = String.format(CMD_SHOW_ROLE_GRANT, str);
                break;
            case 123:
                str3 = String.format(CMD_SHOW_PRINCIPALS, str2);
                break;
        }
        return str3;
    }

    private String createRoleString(List<String> list) {
        return CollectionUtils.isEmpty(list) ? "" : list.size() > 1 ? StringUtils.join(list, ",") : list.get(0);
    }

    private String createUserString(List<String> list) {
        return CollectionUtils.isEmpty(list) ? "" : list.size() > 1 ? StringUtils.join(list, ",") : list.get(0);
    }

    private static String getRemoteIp() {
        String str = null;
        InetAddress remoteIp = Server.getRemoteIp();
        if (remoteIp != null) {
            str = remoteIp.getHostAddress();
        }
        return str;
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add(ROLE_ALL);
        hashSet.add(ROLE_DEFAULT);
        hashSet.add(ROLE_NONE);
        RESERVED_ROLE_NAMES = Collections.unmodifiableSet(hashSet);
    }
}
