package com.expediagroup.apiary.extensions.rangerauth.listener;

import com.google.common.collect.Sets;
import java.util.Date;
import java.util.HashSet;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.metastore.MetaStorePreEventListener;
import org.apache.hadoop.hive.metastore.api.Database;
import org.apache.hadoop.hive.metastore.api.InvalidOperationException;
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.hive.metastore.api.NoSuchObjectException;
import org.apache.hadoop.hive.metastore.api.Table;
import org.apache.hadoop.hive.metastore.events.PreAddIndexEvent;
import org.apache.hadoop.hive.metastore.events.PreAddPartitionEvent;
import org.apache.hadoop.hive.metastore.events.PreAlterIndexEvent;
import org.apache.hadoop.hive.metastore.events.PreAlterPartitionEvent;
import org.apache.hadoop.hive.metastore.events.PreAlterTableEvent;
import org.apache.hadoop.hive.metastore.events.PreCreateDatabaseEvent;
import org.apache.hadoop.hive.metastore.events.PreCreateTableEvent;
import org.apache.hadoop.hive.metastore.events.PreDropDatabaseEvent;
import org.apache.hadoop.hive.metastore.events.PreDropIndexEvent;
import org.apache.hadoop.hive.metastore.events.PreDropPartitionEvent;
import org.apache.hadoop.hive.metastore.events.PreDropTableEvent;
import org.apache.hadoop.hive.metastore.events.PreEventContext;
import org.apache.hadoop.hive.metastore.events.PreReadDatabaseEvent;
import org.apache.hadoop.hive.metastore.events.PreReadTableEvent;
import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
import org.apache.hadoop.hive.shims.Utils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/expediagroup/apiary/extensions/rangerauth/listener/ApiaryRangerAuthPreEventListener.class */
public class ApiaryRangerAuthPreEventListener extends MetaStorePreEventListener {
    private static final Logger log = LoggerFactory.getLogger(ApiaryRangerAuthPreEventListener.class);
    private RangerBasePlugin plugin;

    /* renamed from: com.expediagroup.apiary.extensions.rangerauth.listener.ApiaryRangerAuthPreEventListener$1, reason: invalid class name */
    /* loaded from: input_file:com/expediagroup/apiary/extensions/rangerauth/listener/ApiaryRangerAuthPreEventListener$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType = new int[PreEventContext.PreEventType.values().length];

        static {
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.CREATE_TABLE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.DROP_TABLE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.ALTER_TABLE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.READ_TABLE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.ADD_PARTITION.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.DROP_PARTITION.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.ALTER_PARTITION.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.ADD_INDEX.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.DROP_INDEX.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.ALTER_INDEX.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.READ_DATABASE.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.CREATE_DATABASE.ordinal()] = 12;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[PreEventContext.PreEventType.DROP_DATABASE.ordinal()] = 13;
            } catch (NoSuchFieldError e13) {
            }
        }
    }

    public ApiaryRangerAuthPreEventListener(Configuration configuration) throws HiveException {
        super(configuration);
        this.plugin = null;
        this.plugin = new RangerBasePlugin("hive", "metastore");
        this.plugin.init();
        this.plugin.setResultProcessor(new RangerDefaultAuditHandler());
        log.debug("ApiaryRangerAuthPreEventListener created");
    }

    public ApiaryRangerAuthPreEventListener(Configuration configuration, RangerBasePlugin rangerBasePlugin) throws HiveException {
        super(configuration);
        this.plugin = null;
        this.plugin = rangerBasePlugin;
        log.debug("ApiaryRangerAuthPreEventListener created");
    }

    public void onEvent(PreEventContext preEventContext) throws MetaException, NoSuchObjectException, InvalidOperationException {
        String name;
        HiveAccessType hiveAccessType;
        try {
            UserGroupInformation ugi = Utils.getUGI();
            String userName = ugi.getUserName();
            HashSet newHashSet = Sets.newHashSet(ugi.getGroupNames());
            RangerAccessResourceImpl rangerAccessResourceImpl = new RangerAccessResourceImpl();
            switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hive$metastore$events$PreEventContext$PreEventType[preEventContext.getEventType().ordinal()]) {
                case 1:
                    Table table = ((PreCreateTableEvent) preEventContext).getTable();
                    name = HiveOperationType.CREATETABLE.name();
                    hiveAccessType = HiveAccessType.CREATE;
                    rangerAccessResourceImpl.setValue("database", table.getDbName());
                    rangerAccessResourceImpl.setValue("table", table.getTableName());
                    break;
                case 2:
                    Table table2 = ((PreDropTableEvent) preEventContext).getTable();
                    name = HiveOperationType.DROPTABLE.name();
                    hiveAccessType = HiveAccessType.DROP;
                    rangerAccessResourceImpl.setValue("database", table2.getDbName());
                    rangerAccessResourceImpl.setValue("table", table2.getTableName());
                    break;
                case 3:
                    Table oldTable = ((PreAlterTableEvent) preEventContext).getOldTable();
                    name = "ALTERTABLE";
                    hiveAccessType = HiveAccessType.ALTER;
                    rangerAccessResourceImpl.setValue("database", oldTable.getDbName());
                    rangerAccessResourceImpl.setValue("table", oldTable.getTableName());
                    break;
                case 4:
                    Table table3 = ((PreReadTableEvent) preEventContext).getTable();
                    name = HiveOperationType.QUERY.name();
                    hiveAccessType = HiveAccessType.SELECT;
                    rangerAccessResourceImpl.setValue("database", table3.getDbName());
                    rangerAccessResourceImpl.setValue("table", table3.getTableName());
                    break;
                case 5:
                    Table table4 = ((PreAddPartitionEvent) preEventContext).getTable();
                    name = "ADDPARTITION";
                    hiveAccessType = HiveAccessType.ALTER;
                    rangerAccessResourceImpl.setValue("database", table4.getDbName());
                    rangerAccessResourceImpl.setValue("table", table4.getTableName());
                    break;
                case 6:
                    Table table5 = ((PreDropPartitionEvent) preEventContext).getTable();
                    name = "DROPPARTITION";
                    hiveAccessType = HiveAccessType.ALTER;
                    rangerAccessResourceImpl.setValue("database", table5.getDbName());
                    rangerAccessResourceImpl.setValue("table", table5.getTableName());
                    break;
                case 7:
                    String dbName = ((PreAlterPartitionEvent) preEventContext).getDbName();
                    String tableName = ((PreAlterPartitionEvent) preEventContext).getTableName();
                    hiveAccessType = HiveAccessType.ALTER;
                    name = "ALTERPARTITION";
                    rangerAccessResourceImpl.setValue("database", dbName);
                    rangerAccessResourceImpl.setValue("table", tableName);
                    break;
                case 8:
                    String dbName2 = ((PreAddIndexEvent) preEventContext).getIndex().getDbName();
                    String origTableName = ((PreAddIndexEvent) preEventContext).getIndex().getOrigTableName();
                    name = "ADDINDEX";
                    hiveAccessType = HiveAccessType.CREATE;
                    rangerAccessResourceImpl.setValue("database", dbName2);
                    rangerAccessResourceImpl.setValue("table", origTableName);
                    break;
                case 9:
                    name = "DROPINDEX";
                    hiveAccessType = HiveAccessType.DROP;
                    String dbName3 = ((PreDropIndexEvent) preEventContext).getIndex().getDbName();
                    String origTableName2 = ((PreDropIndexEvent) preEventContext).getIndex().getOrigTableName();
                    rangerAccessResourceImpl.setValue("database", dbName3);
                    rangerAccessResourceImpl.setValue("table", origTableName2);
                    break;
                case 10:
                    name = "ALTERINDEX";
                    hiveAccessType = HiveAccessType.ALTER;
                    String dbName4 = ((PreAlterIndexEvent) preEventContext).getOldIndex().getDbName();
                    String origTableName3 = ((PreAlterIndexEvent) preEventContext).getOldIndex().getOrigTableName();
                    rangerAccessResourceImpl.setValue("database", dbName4);
                    rangerAccessResourceImpl.setValue("table", origTableName3);
                    break;
                case 11:
                    Database database = ((PreReadDatabaseEvent) preEventContext).getDatabase();
                    name = HiveOperationType.QUERY.name();
                    hiveAccessType = HiveAccessType.SELECT;
                    rangerAccessResourceImpl.setValue("database", database.getName());
                    break;
                case 12:
                    Database database2 = ((PreCreateDatabaseEvent) preEventContext).getDatabase();
                    name = HiveOperationType.CREATEDATABASE.name();
                    hiveAccessType = HiveAccessType.CREATE;
                    rangerAccessResourceImpl.setValue("database", database2.getName());
                    break;
                case 13:
                    Database database3 = ((PreDropDatabaseEvent) preEventContext).getDatabase();
                    name = HiveOperationType.DROPDATABASE.name();
                    hiveAccessType = HiveAccessType.DROP;
                    rangerAccessResourceImpl.setValue("database", database3.getName());
                    break;
                default:
                    return;
            }
            rangerAccessResourceImpl.setServiceDef(this.plugin.getServiceDef());
            RangerAccessRequestImpl rangerAccessRequestImpl = new RangerAccessRequestImpl(rangerAccessResourceImpl, hiveAccessType.name().toLowerCase(), userName, newHashSet);
            rangerAccessRequestImpl.setAccessTime(new Date());
            rangerAccessRequestImpl.setAction(name);
            RangerAccessResult isAccessAllowed = this.plugin.isAccessAllowed(rangerAccessRequestImpl);
            if (isAccessAllowed == null) {
                throw new InvalidOperationException("Permission denied: unable to evaluate ranger policy");
            }
            if (!isAccessAllowed.getIsAllowed()) {
                throw new InvalidOperationException(String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]", userName, hiveAccessType.name().toLowerCase(), rangerAccessResourceImpl.getAsString()));
            }
        } catch (Exception e) {
            throw new InvalidOperationException("Unable to read user/group information: " + e);
        }
    }
}
