package org.apache.sentry.binding.metastore;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.MetaStoreEventListener;
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.hive.metastore.api.Partition;
import org.apache.hadoop.hive.metastore.events.AddPartitionEvent;
import org.apache.hadoop.hive.metastore.events.AlterPartitionEvent;
import org.apache.hadoop.hive.metastore.events.AlterTableEvent;
import org.apache.hadoop.hive.metastore.events.CreateDatabaseEvent;
import org.apache.hadoop.hive.metastore.events.CreateTableEvent;
import org.apache.hadoop.hive.metastore.events.DropDatabaseEvent;
import org.apache.hadoop.hive.metastore.events.DropPartitionEvent;
import org.apache.hadoop.hive.metastore.events.DropTableEvent;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.sentry.SentryUserException;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.model.db.Database;
import org.apache.sentry.core.model.db.Server;
import org.apache.sentry.core.model.db.Table;
import org.apache.sentry.provider.db.SentryMetastoreListenerPlugin;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
import org.apache.sentry.service.thrift.SentryServiceClientFactory;
import org.apache.sentry.service.thrift.ServiceConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/binding/metastore/SentryMetastorePostEventListenerBase.class */
public class SentryMetastorePostEventListenerBase extends MetaStoreEventListener {
    private static final Logger LOGGER = LoggerFactory.getLogger(SentryMetastoreListenerPlugin.class);
    private final HiveAuthzConf authzConf;
    private final Server server;
    protected List<SentryMetastoreListenerPlugin> sentryPlugins;

    public SentryMetastorePostEventListenerBase(Configuration configuration) {
        super(configuration);
        this.sentryPlugins = new ArrayList();
        if (!(configuration instanceof HiveConf)) {
            LOGGER.error("Could not initialize Plugin - Configuration is not an instanceof HiveConf");
            throw new RuntimeException("Could not initialize Plugin - Configuration is not an instanceof HiveConf");
        }
        this.authzConf = HiveAuthzConf.getAuthzConf((HiveConf) configuration);
        this.server = new Server(this.authzConf.get(HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME.getVar()));
        try {
            for (String str : ServiceConstants.ConfUtilties.CLASS_SPLITTER.split(configuration.get("sentry.metastore.plugins", "").trim())) {
                Class classByName = configuration.getClassByName(str);
                if (!SentryMetastoreListenerPlugin.class.isAssignableFrom(classByName)) {
                    throw new IllegalArgumentException("Class [" + str + "] is not a " + SentryMetastoreListenerPlugin.class.getName());
                }
                this.sentryPlugins.add((SentryMetastoreListenerPlugin) classByName.getConstructor(Configuration.class, Configuration.class).newInstance(configuration, this.authzConf));
            }
        } catch (Exception e) {
            LOGGER.error("Could not initialize Plugin !!", e);
            throw new RuntimeException(e);
        }
    }

    public void onCreateTable(CreateTableEvent createTableEvent) throws MetaException {
        if (!createTableEvent.getStatus()) {
            LOGGER.debug("Skip sync paths/privileges with Sentry server for onCreateTable event, since the operation failed. \n");
            return;
        }
        if (createTableEvent.getTable().getSd().getLocation() != null) {
            String str = createTableEvent.getTable().getDbName() + "." + createTableEvent.getTable().getTableName();
            String location = createTableEvent.getTable().getSd().getLocation();
            Iterator<SentryMetastoreListenerPlugin> it = this.sentryPlugins.iterator();
            while (it.hasNext()) {
                it.next().addPath(str, location);
            }
        }
        if (syncWithPolicyStore(HiveAuthzConf.AuthzConfVars.AUTHZ_SYNC_CREATE_WITH_POLICY_STORE)) {
            dropSentryTablePrivilege(createTableEvent.getTable().getDbName(), createTableEvent.getTable().getTableName());
        }
    }

    public void onDropTable(DropTableEvent dropTableEvent) throws MetaException {
        if (!dropTableEvent.getStatus()) {
            LOGGER.debug("Skip syncing paths/privileges with Sentry server for onDropTable event, since the operation failed. \n");
            return;
        }
        if (dropTableEvent.getTable().getSd().getLocation() != null) {
            String str = dropTableEvent.getTable().getDbName() + "." + dropTableEvent.getTable().getTableName();
            Iterator<SentryMetastoreListenerPlugin> it = this.sentryPlugins.iterator();
            while (it.hasNext()) {
                it.next().removeAllPaths(str, (List) null);
            }
        }
        if (syncWithPolicyStore(HiveAuthzConf.AuthzConfVars.AUTHZ_SYNC_DROP_WITH_POLICY_STORE) && dropTableEvent.getStatus()) {
            dropSentryTablePrivilege(dropTableEvent.getTable().getDbName(), dropTableEvent.getTable().getTableName());
        }
    }

    public void onCreateDatabase(CreateDatabaseEvent createDatabaseEvent) throws MetaException {
        if (!createDatabaseEvent.getStatus()) {
            LOGGER.debug("Skip syncing paths/privileges with Sentry server for onCreateDatabase event, since the operation failed. \n");
            return;
        }
        if (createDatabaseEvent.getDatabase().getLocationUri() != null) {
            String name = createDatabaseEvent.getDatabase().getName();
            String locationUri = createDatabaseEvent.getDatabase().getLocationUri();
            Iterator<SentryMetastoreListenerPlugin> it = this.sentryPlugins.iterator();
            while (it.hasNext()) {
                it.next().addPath(name, locationUri);
            }
        }
        if (syncWithPolicyStore(HiveAuthzConf.AuthzConfVars.AUTHZ_SYNC_CREATE_WITH_POLICY_STORE)) {
            dropSentryDbPrivileges(createDatabaseEvent.getDatabase().getName());
        }
    }

    public void onDropDatabase(DropDatabaseEvent dropDatabaseEvent) throws MetaException {
        if (!dropDatabaseEvent.getStatus()) {
            LOGGER.debug("Skip syncing paths/privileges with Sentry server for onDropDatabase event, since the operation failed. \n");
            return;
        }
        String name = dropDatabaseEvent.getDatabase().getName();
        Iterator<SentryMetastoreListenerPlugin> it = this.sentryPlugins.iterator();
        while (it.hasNext()) {
            it.next().removeAllPaths(name, dropDatabaseEvent.getHandler().get_all_tables(name));
        }
        if (syncWithPolicyStore(HiveAuthzConf.AuthzConfVars.AUTHZ_SYNC_DROP_WITH_POLICY_STORE)) {
            dropSentryDbPrivileges(dropDatabaseEvent.getDatabase().getName());
        }
    }

    public void onAlterTable(AlterTableEvent alterTableEvent) throws MetaException {
        if (alterTableEvent.getStatus()) {
            renameSentryTablePrivilege(alterTableEvent.getOldTable().getDbName(), alterTableEvent.getOldTable().getTableName(), alterTableEvent.getOldTable().getSd().getLocation(), alterTableEvent.getNewTable().getDbName(), alterTableEvent.getNewTable().getTableName(), alterTableEvent.getNewTable().getSd().getLocation());
        } else {
            LOGGER.debug("Skip syncing privileges with Sentry server for onAlterTable event, since the operation failed. \n");
        }
    }

    public void onAlterPartition(AlterPartitionEvent alterPartitionEvent) throws MetaException {
        if (!alterPartitionEvent.getStatus()) {
            LOGGER.debug("Skip syncing privileges with Sentry server for onAlterPartition event, since the operation failed. \n");
            return;
        }
        String str = null;
        String str2 = null;
        if (alterPartitionEvent.getOldPartition() != null) {
            str = alterPartitionEvent.getOldPartition().getSd().getLocation();
        }
        if (alterPartitionEvent.getNewPartition() != null) {
            str2 = alterPartitionEvent.getNewPartition().getSd().getLocation();
        }
        if (str == null || str2 == null || str.equals(str2)) {
            return;
        }
        String str3 = alterPartitionEvent.getOldPartition().getDbName() + "." + alterPartitionEvent.getOldPartition().getTableName();
        Iterator<SentryMetastoreListenerPlugin> it = this.sentryPlugins.iterator();
        while (it.hasNext()) {
            it.next().renameAuthzObject(str3, str, str3, str2);
        }
    }

    public void onAddPartition(AddPartitionEvent addPartitionEvent) throws MetaException {
        if (!addPartitionEvent.getStatus()) {
            LOGGER.debug("Skip syncing path with Sentry server for onAddPartition event, since the operation failed. \n");
            return;
        }
        for (Partition partition : addPartitionEvent.getPartitions()) {
            if (partition.getSd() != null && partition.getSd().getLocation() != null) {
                String str = partition.getDbName() + "." + partition.getTableName();
                String location = partition.getSd().getLocation();
                Iterator<SentryMetastoreListenerPlugin> it = this.sentryPlugins.iterator();
                while (it.hasNext()) {
                    it.next().addPath(str, location);
                }
            }
        }
        super.onAddPartition(addPartitionEvent);
    }

    public void onDropPartition(DropPartitionEvent dropPartitionEvent) throws MetaException {
        if (!dropPartitionEvent.getStatus()) {
            LOGGER.debug("Skip syncing path with Sentry server for onDropPartition event, since the operation failed. \n");
            return;
        }
        String str = dropPartitionEvent.getTable().getDbName() + "." + dropPartitionEvent.getTable().getTableName();
        String location = dropPartitionEvent.getPartition().getSd().getLocation();
        Iterator<SentryMetastoreListenerPlugin> it = this.sentryPlugins.iterator();
        while (it.hasNext()) {
            it.next().removePath(str, location);
        }
        super.onDropPartition(dropPartitionEvent);
    }

    private SentryPolicyServiceClient getSentryServiceClient() throws MetaException {
        try {
            return SentryServiceClientFactory.create(this.authzConf);
        } catch (Exception e) {
            throw new MetaException("Failed to connect to Sentry service " + e.getMessage());
        }
    }

    private void dropSentryDbPrivileges(String str) throws MetaException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.server);
        arrayList.add(new Database(str));
        try {
            dropSentryPrivileges(arrayList);
        } catch (SentryUserException e) {
            throw new MetaException("Failed to remove Sentry policies for drop DB " + str + " Error: " + e.getMessage());
        } catch (IOException e2) {
            throw new MetaException("Failed to find local user " + e2.getMessage());
        }
    }

    private void dropSentryTablePrivilege(String str, String str2) throws MetaException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.server);
        arrayList.add(new Database(str));
        arrayList.add(new Table(str2));
        try {
            dropSentryPrivileges(arrayList);
        } catch (SentryUserException e) {
            throw new MetaException("Failed to remove Sentry policies for drop table " + str + "." + str2 + " Error: " + e.getMessage());
        } catch (IOException e2) {
            throw new MetaException("Failed to find local user " + e2.getMessage());
        }
    }

    private void dropSentryPrivileges(List<? extends Authorizable> list) throws SentryUserException, IOException, MetaException {
        String shortUserName = UserGroupInformation.getCurrentUser().getShortUserName();
        SentryPolicyServiceClient sentryServiceClient = getSentryServiceClient();
        sentryServiceClient.dropPrivileges(shortUserName, list);
        sentryServiceClient.close();
    }

    private void renameSentryTablePrivilege(String str, String str2, String str3, String str4, String str5, String str6) throws MetaException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.server);
        arrayList.add(new Database(str));
        arrayList.add(new Table(str2));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(this.server);
        arrayList2.add(new Database(str4));
        arrayList2.add(new Table(str5));
        if (!str2.equalsIgnoreCase(str5) && syncWithPolicyStore(HiveAuthzConf.AuthzConfVars.AUTHZ_SYNC_ALTER_WITH_POLICY_STORE)) {
            SentryPolicyServiceClient sentryServiceClient = getSentryServiceClient();
            try {
                try {
                    try {
                        sentryServiceClient.renamePrivileges(UserGroupInformation.getCurrentUser().getShortUserName(), arrayList, arrayList2);
                        sentryServiceClient.close();
                    } catch (SentryUserException e) {
                        throw new MetaException("Failed to remove Sentry policies for rename table " + str + "." + str2 + "to " + str4 + "." + str5 + " Error: " + e.getMessage());
                    }
                } catch (IOException e2) {
                    throw new MetaException("Failed to find local user " + e2.getMessage());
                }
            } catch (Throwable th) {
                sentryServiceClient.close();
                throw th;
            }
        }
        Iterator<SentryMetastoreListenerPlugin> it = this.sentryPlugins.iterator();
        while (it.hasNext()) {
            it.next().renameAuthzObject(str + "." + str2, str3, str4 + "." + str5, str6);
        }
    }

    private boolean syncWithPolicyStore(HiveAuthzConf.AuthzConfVars authzConfVars) {
        return "true".equalsIgnoreCase(this.authzConf.get(authzConfVars.getVar(), "true"));
    }
}
