package com.facebook.presto.hive.security.ranger;

import com.facebook.airlift.log.Logger;
import com.facebook.presto.hive.HiveErrorCode;
import com.facebook.presto.spi.PrestoException;
import com.google.common.base.Strings;
import java.io.File;
import java.net.MalformedURLException;
import java.util.Locale;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Supplier;
import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.audit.provider.AuditProviderFactory;
import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.apache.ranger.plugin.util.ServicePolicies;

/* loaded from: input_file:com/facebook/presto/hive/security/ranger/RangerAuthorizer.class */
public class RangerAuthorizer {
    private static final Logger log = Logger.get(RangerAuthorizer.class);
    private static final String KEY_DATABASE = "database";
    private static final String KEY_TABLE = "table";
    private static final String KEY_COLUMN = "column";
    private static final String CLUSTER_NAME = "Presto";
    private static final String HIVE = "hive";
    private final RangerBasePlugin plugin;
    private final Supplier<ServicePolicies> servicePolicies;
    private final AtomicReference<ServicePolicies> currentServicePolicies = new AtomicReference<>();

    public RangerAuthorizer(Supplier<ServicePolicies> supplier, RangerBasedAccessControlConfig rangerBasedAccessControlConfig) {
        this.servicePolicies = (Supplier) Objects.requireNonNull(supplier, "ServicePolicies is null");
        RangerPolicyEngineOptions rangerPolicyEngineOptions = new RangerPolicyEngineOptions();
        rangerPolicyEngineOptions.configureDefaultRangerAdmin(new Configuration(), HIVE);
        this.plugin = new RangerBasePlugin(new RangerPluginConfig(HIVE, rangerBasedAccessControlConfig.getRangerHiveServiceName(), HIVE, CLUSTER_NAME, (String) null, rangerPolicyEngineOptions));
        String rangerHiveAuditPath = rangerBasedAccessControlConfig.getRangerHiveAuditPath();
        if (!Strings.isNullOrEmpty(rangerHiveAuditPath)) {
            try {
                this.plugin.getConfig().addResource(new File(rangerHiveAuditPath).toURI().toURL());
            } catch (MalformedURLException e) {
                log.error(e, "Invalid audit file is provided ");
            }
        }
        AuditProviderFactory auditProviderFactory = AuditProviderFactory.getInstance();
        if (!auditProviderFactory.isInitDone()) {
            if (this.plugin.getConfig().getProperties() != null) {
                auditProviderFactory.init(this.plugin.getConfig().getProperties(), HIVE);
            } else {
                log.info("Audit subsystem is not initialized correctly. Please check audit configuration. ");
                log.info("No authorization audits will be generated. ");
            }
        }
        this.plugin.setResultProcessor(new RangerDefaultAuditHandler());
    }

    private void updateRangerPolicies() {
        ServicePolicies rangerServicePolicies = getRangerServicePolicies();
        ServicePolicies servicePolicies = this.currentServicePolicies.get();
        if (rangerServicePolicies == servicePolicies || !this.currentServicePolicies.compareAndSet(servicePolicies, rangerServicePolicies)) {
            return;
        }
        this.plugin.setPolicies(rangerServicePolicies);
    }

    private ServicePolicies getRangerServicePolicies() {
        try {
            return this.servicePolicies.get();
        } catch (Exception e) {
            throw new PrestoException(HiveErrorCode.HIVE_RANGER_SERVER_ERROR, "Unable to fetch policy information from ranger", e);
        }
    }

    public boolean authorizeHiveResource(String str, String str2, String str3, String str4, String str5, Set<String> set, Set<String> set2) {
        updateRangerPolicies();
        RangerAccessResourceImpl rangerAccessResourceImpl = new RangerAccessResourceImpl();
        if (!Strings.isNullOrEmpty(str)) {
            rangerAccessResourceImpl.setValue(KEY_DATABASE, str);
        }
        if (!Strings.isNullOrEmpty(str2)) {
            rangerAccessResourceImpl.setValue(KEY_TABLE, str2);
        }
        if (!Strings.isNullOrEmpty(str3)) {
            rangerAccessResourceImpl.setValue(KEY_COLUMN, str3);
        }
        RangerAccessResult isAccessAllowed = this.plugin.isAccessAllowed(new RangerAccessRequestImpl(rangerAccessResourceImpl, str4.toLowerCase(Locale.ENGLISH), str5, set, set2));
        return isAccessAllowed != null && isAccessAllowed.getIsAllowed();
    }
}
