package com.qubole.shaded.hadoop.hive.ql.security.authorization;

import com.qubole.shaded.hadoop.hive.common.FileUtils;
import com.qubole.shaded.hadoop.hive.metastore.HiveMetaStore;
import com.qubole.shaded.hadoop.hive.ql.metadata.Hive;
import com.qubole.shaded.hadoop.hive.ql.security.authorization.plugin.HivePolicyChangeListener;
import com.qubole.shaded.hadoop.hive.ql.security.authorization.plugin.HivePolicyProvider;
import com.qubole.shaded.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import com.qubole.shaded.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs;
import com.qubole.shaded.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLsImpl;
import java.io.IOException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;

/* loaded from: input_file:com/qubole/shaded/hadoop/hive/ql/security/authorization/HDFSPermissionPolicyProvider.class */
public class HDFSPermissionPolicyProvider implements HivePolicyProvider {
    private Configuration conf;

    public HDFSPermissionPolicyProvider(Configuration configuration) {
        this.conf = configuration;
    }

    @Override // com.qubole.shaded.hadoop.hive.ql.security.authorization.plugin.HivePolicyProvider
    public HiveResourceACLs getResourceACLs(HivePrivilegeObject hivePrivilegeObject) {
        HiveResourceACLs hiveResourceACLs = null;
        try {
            switch (hivePrivilegeObject.getType()) {
                case DATABASE:
                    hiveResourceACLs = getResourceACLs(new Path(Hive.get().getDatabase(hivePrivilegeObject.getDbname()).getLocationUri()));
                    break;
                case TABLE_OR_VIEW:
                case COLUMN:
                    hiveResourceACLs = getResourceACLs(new Path(Hive.get().getTable(hivePrivilegeObject.getDbname(), hivePrivilegeObject.getObjectName()).getTTable().getSd().getLocation()));
                    break;
                default:
                    throw new RuntimeException("Unknown request type:" + hivePrivilegeObject.getType());
            }
        } catch (Exception e) {
        }
        return hiveResourceACLs;
    }

    private HiveResourceACLs getResourceACLs(Path path) throws IOException {
        if (path == null) {
            throw new IllegalArgumentException("path is null");
        }
        FileSystem fileSystem = path.getFileSystem(this.conf);
        FileStatus fileStatusOrNull = FileUtils.getFileStatusOrNull(fileSystem, path);
        if (fileStatusOrNull != null) {
            return getResourceACLs(fileSystem, fileStatusOrNull);
        }
        if (path.getParent() == null) {
            return null;
        }
        FileStatus fileStatus = null;
        for (Path parent = path.getParent(); parent != null; parent = parent.getParent()) {
            fileStatus = FileUtils.getFileStatusOrNull(fileSystem, parent);
            if (fileStatus != null) {
                break;
            }
        }
        return getResourceACLs(fileSystem, fileStatus);
    }

    private HiveResourceACLs getResourceACLs(FileSystem fileSystem, FileStatus fileStatus) {
        String owner = fileStatus.getOwner();
        String group = fileStatus.getGroup();
        HiveResourceACLsImpl hiveResourceACLsImpl = new HiveResourceACLsImpl();
        FsPermission permission = fileStatus.getPermission();
        if (permission.getUserAction().implies(FsAction.READ)) {
            hiveResourceACLsImpl.addUserEntry(owner, HiveResourceACLs.Privilege.SELECT, HiveResourceACLs.AccessResult.ALLOWED);
        }
        if (permission.getGroupAction().implies(FsAction.READ)) {
            hiveResourceACLsImpl.addGroupEntry(group, HiveResourceACLs.Privilege.SELECT, HiveResourceACLs.AccessResult.ALLOWED);
        }
        if (permission.getOtherAction().implies(FsAction.READ)) {
            hiveResourceACLsImpl.addGroupEntry(HiveMetaStore.PUBLIC, HiveResourceACLs.Privilege.SELECT, HiveResourceACLs.AccessResult.ALLOWED);
        }
        return hiveResourceACLsImpl;
    }

    @Override // com.qubole.shaded.hadoop.hive.ql.security.authorization.plugin.HivePolicyProvider
    public void registerHivePolicyChangeListener(HivePolicyChangeListener hivePolicyChangeListener) {
    }
}
