package org.apache.hadoop.hive.ql.security.authorization;

import io.trino.hive.$internal.org.slf4j.Logger;
import io.trino.hive.$internal.org.slf4j.LoggerFactory;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.curator.framework.recipes.leader.LeaderLatch;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.DefaultMetaStoreFilterHookImpl;
import org.apache.hadoop.hive.metastore.IMetaStoreClient;
import org.apache.hadoop.hive.metastore.api.FieldSchema;
import org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege;
import org.apache.hadoop.hive.metastore.api.HiveObjectRef;
import org.apache.hadoop.hive.metastore.api.HiveObjectType;
import org.apache.hadoop.hive.metastore.api.PrincipalType;
import org.apache.hadoop.hive.metastore.api.PrivilegeBag;
import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo;
import org.apache.hadoop.hive.metastore.api.Table;
import org.apache.hadoop.hive.metastore.conf.MetastoreConf;
import org.apache.hadoop.hive.ql.metadata.Hive;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePolicyProvider;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs;

/* loaded from: input_file:org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchonizer.class */
public class PrivilegeSynchonizer implements Runnable {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) PrivilegeSynchonizer.class);
    public static final String GRANTOR = "ranger";
    private IMetaStoreClient hiveClient;
    private LeaderLatch privilegeSynchonizerLatch;
    private HiveConf hiveConf;
    private PolicyProviderContainer policyProviderContainer;

    public PrivilegeSynchonizer(LeaderLatch leaderLatch, PolicyProviderContainer policyProviderContainer, HiveConf hiveConf) {
        this.hiveConf = new HiveConf(hiveConf);
        this.hiveConf.set(MetastoreConf.ConfVars.FILTER_HOOK.getVarname(), DefaultMetaStoreFilterHookImpl.class.getName());
        try {
            this.hiveClient = Hive.get(this.hiveConf).getMSC();
            this.privilegeSynchonizerLatch = leaderLatch;
            this.policyProviderContainer = policyProviderContainer;
            this.hiveConf = hiveConf;
        } catch (Exception e) {
            throw new RuntimeException("Error creating HiveMetastoreClient", e);
        }
    }

    private void addACLsToBag(Map<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> map, PrivilegeBag privilegeBag, HiveObjectType hiveObjectType, String str, String str2, String str3, PrincipalType principalType, String str4) {
        for (Map.Entry<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> entry : map.entrySet()) {
            String key = entry.getKey();
            for (Map.Entry<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult> entry2 : entry.getValue().entrySet()) {
                if (entry2.getValue() == HiveResourceACLs.AccessResult.ALLOWED) {
                    switch (hiveObjectType) {
                        case DATABASE:
                            privilegeBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.DATABASE, str, null, null, null), key, principalType, new PrivilegeGrantInfo(entry2.getKey().toString(), (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false), str4));
                            break;
                        case TABLE:
                            privilegeBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, str, str2, null, null), key, principalType, new PrivilegeGrantInfo(entry2.getKey().toString(), (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false), str4));
                            break;
                        case COLUMN:
                            privilegeBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.COLUMN, str, str2, null, str3), key, principalType, new PrivilegeGrantInfo(entry2.getKey().toString(), (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false), str4));
                            break;
                        default:
                            throw new RuntimeException("Get unknown object type " + hiveObjectType);
                    }
                }
            }
        }
    }

    private HiveObjectRef getObjToRefresh(HiveObjectType hiveObjectType, String str, String str2) throws Exception {
        HiveObjectRef hiveObjectRef;
        switch (hiveObjectType) {
            case DATABASE:
                hiveObjectRef = new HiveObjectRef(HiveObjectType.DATABASE, str, null, null, null);
                break;
            case TABLE:
                hiveObjectRef = new HiveObjectRef(HiveObjectType.TABLE, str, str2, null, null);
                break;
            case COLUMN:
                hiveObjectRef = new HiveObjectRef(HiveObjectType.COLUMN, str, str2, null, null);
                break;
            default:
                throw new RuntimeException("Get unknown object type " + hiveObjectType);
        }
        return hiveObjectRef;
    }

    private void addGrantPrivilegesToBag(HivePolicyProvider hivePolicyProvider, PrivilegeBag privilegeBag, HiveObjectType hiveObjectType, String str, String str2, String str3, String str4) throws Exception {
        HiveResourceACLs resourceACLs;
        switch (hiveObjectType) {
            case DATABASE:
                resourceACLs = hivePolicyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.DATABASE, str, (String) null));
                break;
            case TABLE:
                resourceACLs = hivePolicyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.TABLE_OR_VIEW, str, str2));
                break;
            case COLUMN:
                resourceACLs = hivePolicyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.COLUMN, str, str2, null, str3));
                break;
            default:
                throw new RuntimeException("Get unknown object type " + hiveObjectType);
        }
        if (resourceACLs == null) {
            return;
        }
        addACLsToBag(resourceACLs.getUserPermissions(), privilegeBag, hiveObjectType, str, str2, str3, PrincipalType.USER, str4);
        addACLsToBag(resourceACLs.getGroupPermissions(), privilegeBag, hiveObjectType, str, str2, str3, PrincipalType.GROUP, str4);
    }

    @Override // java.lang.Runnable
    public void run() {
        while (true) {
            long timeVar = HiveConf.getTimeVar(this.hiveConf, HiveConf.ConfVars.HIVE_PRIVILEGE_SYNCHRONIZER_INTERVAL, TimeUnit.SECONDS);
            try {
                Iterator<HivePolicyProvider> it = this.policyProviderContainer.iterator();
                while (it.hasNext()) {
                    HivePolicyProvider next = it.next();
                    String simpleName = next.getClass().getSimpleName();
                    if (this.privilegeSynchonizerLatch.await(timeVar, TimeUnit.SECONDS)) {
                        LOG.info("Start synchonize privilege");
                        for (String str : this.hiveClient.getAllDatabases()) {
                            HiveObjectRef objToRefresh = getObjToRefresh(HiveObjectType.DATABASE, str, null);
                            PrivilegeBag privilegeBag = new PrivilegeBag();
                            addGrantPrivilegesToBag(next, privilegeBag, HiveObjectType.DATABASE, str, null, null, simpleName);
                            this.hiveClient.refresh_privileges(objToRefresh, simpleName, privilegeBag);
                            for (String str2 : this.hiveClient.getAllTables(str)) {
                                HiveObjectRef objToRefresh2 = getObjToRefresh(HiveObjectType.TABLE, str, str2);
                                PrivilegeBag privilegeBag2 = new PrivilegeBag();
                                addGrantPrivilegesToBag(next, privilegeBag2, HiveObjectType.TABLE, str, str2, null, simpleName);
                                this.hiveClient.refresh_privileges(objToRefresh2, simpleName, privilegeBag2);
                                HiveObjectRef objToRefresh3 = getObjToRefresh(HiveObjectType.COLUMN, str, str2);
                                PrivilegeBag privilegeBag3 = new PrivilegeBag();
                                Table table = this.hiveClient.getTable(str, str2);
                                Iterator<FieldSchema> it2 = table.getPartitionKeys().iterator();
                                while (it2.hasNext()) {
                                    addGrantPrivilegesToBag(next, privilegeBag3, HiveObjectType.COLUMN, str, str2, it2.next().getName(), simpleName);
                                }
                                Iterator<FieldSchema> it3 = table.getSd().getCols().iterator();
                                while (it3.hasNext()) {
                                    addGrantPrivilegesToBag(next, privilegeBag3, HiveObjectType.COLUMN, str, str2, it3.next().getName(), simpleName);
                                }
                                this.hiveClient.refresh_privileges(objToRefresh3, simpleName, privilegeBag3);
                            }
                        }
                    }
                }
                Thread.sleep(timeVar * 1000);
                LOG.info("Success synchonize privilege");
            } catch (Exception e) {
                LOG.error("Error initializing PrivilegeSynchonizer: " + e.getMessage(), (Throwable) e);
            }
        }
    }
}
