package org.apache.impala.analysis;

import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.impala.authorization.DefaultAuthorizableFactory;
import org.apache.impala.authorization.Privilege;
import org.apache.impala.catalog.FeDataSourceTable;
import org.apache.impala.catalog.FeTable;
import org.apache.impala.catalog.TableLoadingException;
import org.apache.impala.common.AnalysisException;
import org.apache.impala.common.FileSystemUtil;
import org.apache.impala.thrift.TPrivilege;
import org.apache.impala.thrift.TPrivilegeLevel;
import org.apache.impala.thrift.TPrivilegeScope;

/* loaded from: input_file:org/apache/impala/analysis/PrivilegeSpec.class */
public class PrivilegeSpec extends StmtNode {
    private final TPrivilegeScope scope_;
    private final TPrivilegeLevel privilegeLevel_;
    private final TableName tableName_;
    private final HdfsUri uri_;
    private final String storageType_;
    private final String storageUri_;
    private final List<String> columnNames_;
    private final FunctionName functionName_;
    private String dbName_;
    private String serverName_;
    private String ownerName_;

    private PrivilegeSpec(TPrivilegeLevel tPrivilegeLevel, TPrivilegeScope tPrivilegeScope, String str, String str2, TableName tableName, HdfsUri hdfsUri, String str3, String str4, List<String> list, FunctionName functionName) {
        Preconditions.checkNotNull(tPrivilegeScope);
        Preconditions.checkNotNull(tPrivilegeLevel);
        this.privilegeLevel_ = tPrivilegeLevel;
        this.scope_ = tPrivilegeScope;
        this.serverName_ = str;
        this.tableName_ = tableName;
        this.dbName_ = this.tableName_ != null ? this.tableName_.getDb() : str2;
        this.uri_ = hdfsUri;
        this.storageType_ = str3;
        this.storageUri_ = str4;
        this.columnNames_ = list;
        this.functionName_ = functionName;
    }

    public static PrivilegeSpec createServerScopedPriv(TPrivilegeLevel tPrivilegeLevel) {
        return createServerScopedPriv(tPrivilegeLevel, null);
    }

    public static PrivilegeSpec createServerScopedPriv(TPrivilegeLevel tPrivilegeLevel, String str) {
        return new PrivilegeSpec(tPrivilegeLevel, TPrivilegeScope.SERVER, str, null, null, null, null, null, null, null);
    }

    public static PrivilegeSpec createDbScopedPriv(TPrivilegeLevel tPrivilegeLevel, String str) {
        Preconditions.checkNotNull(str);
        return new PrivilegeSpec(tPrivilegeLevel, TPrivilegeScope.DATABASE, null, str, null, null, null, null, null, null);
    }

    public static PrivilegeSpec createTableScopedPriv(TPrivilegeLevel tPrivilegeLevel, TableName tableName) {
        Preconditions.checkNotNull(tableName);
        return new PrivilegeSpec(tPrivilegeLevel, TPrivilegeScope.TABLE, null, null, tableName, null, null, null, null, null);
    }

    public static PrivilegeSpec createUdfScopedPriv(TPrivilegeLevel tPrivilegeLevel, FunctionName functionName) {
        Preconditions.checkNotNull(functionName);
        return new PrivilegeSpec(tPrivilegeLevel, TPrivilegeScope.USER_DEFINED_FN, null, null, null, null, null, null, null, functionName);
    }

    public static PrivilegeSpec createColumnScopedPriv(TPrivilegeLevel tPrivilegeLevel, TableName tableName, List<String> list) {
        Preconditions.checkNotNull(tableName);
        Preconditions.checkNotNull(list);
        return new PrivilegeSpec(tPrivilegeLevel, TPrivilegeScope.COLUMN, null, null, tableName, null, null, null, list, null);
    }

    public static PrivilegeSpec createUriScopedPriv(TPrivilegeLevel tPrivilegeLevel, HdfsUri hdfsUri) {
        Preconditions.checkNotNull(hdfsUri);
        return new PrivilegeSpec(tPrivilegeLevel, TPrivilegeScope.URI, null, null, null, hdfsUri, null, null, null, null);
    }

    public static PrivilegeSpec createStorageHandlerUriScopedPriv(TPrivilegeLevel tPrivilegeLevel, StorageHandlerUri storageHandlerUri) {
        Preconditions.checkNotNull(storageHandlerUri);
        return new PrivilegeSpec(tPrivilegeLevel, TPrivilegeScope.STORAGEHANDLER_URI, null, null, null, null, storageHandlerUri.getStorageType(), storageHandlerUri.getStoreUrl(), null, null);
    }

    public List<TPrivilege> toThrift() {
        ArrayList arrayList = new ArrayList();
        if (this.scope_ == TPrivilegeScope.COLUMN) {
            Iterator<String> it = this.columnNames_.iterator();
            while (it.hasNext()) {
                arrayList.add(createTPrivilege(it.next()));
            }
        } else {
            arrayList.add(createTPrivilege(null));
        }
        return arrayList;
    }

    private TPrivilege createTPrivilege(String str) {
        Preconditions.checkState((str == null) ^ (this.scope_ == TPrivilegeScope.COLUMN));
        TPrivilege tPrivilege = new TPrivilege();
        tPrivilege.setScope(this.scope_);
        tPrivilege.setServer_name(this.serverName_);
        tPrivilege.setPrivilege_level(this.privilegeLevel_);
        if (this.dbName_ != null) {
            tPrivilege.setDb_name(this.dbName_);
        }
        if (this.tableName_ != null) {
            tPrivilege.setTable_name(this.tableName_.getTbl());
        }
        if (this.uri_ != null) {
            tPrivilege.setUri(this.uri_.toString());
        }
        if (this.storageType_ != null) {
            tPrivilege.setStorage_type(this.storageType_);
        }
        if (this.storageUri_ != null) {
            tPrivilege.setStorage_url(this.storageUri_);
        }
        if (str != null) {
            tPrivilege.setColumn_name(str);
        }
        if (this.functionName_ != null) {
            tPrivilege.setFn_name(this.functionName_.getFunction());
        }
        tPrivilege.setCreate_time_ms(-1L);
        return tPrivilege;
    }

    public static String getTablePath(TPrivilege tPrivilege) {
        Preconditions.checkState(tPrivilege.getScope() == TPrivilegeScope.COLUMN);
        return Joiner.on(FileSystemUtil.DOT).join(tPrivilege.getServer_name(), tPrivilege.getDb_name(), new Object[]{tPrivilege.getTable_name()});
    }

    @Override // org.apache.impala.analysis.ParseNode
    public final String toSql() {
        return toSql(ToSqlOptions.DEFAULT);
    }

    @Override // org.apache.impala.analysis.ParseNode
    public String toSql(ToSqlOptions toSqlOptions) {
        StringBuilder sb = new StringBuilder(this.privilegeLevel_.toString());
        if (this.scope_ != TPrivilegeScope.COLUMN) {
            sb.append(" ON ");
            sb.append(this.scope_.toString());
        }
        if (this.scope_ == TPrivilegeScope.SERVER && this.serverName_ != null) {
            sb.append(" " + this.serverName_);
        } else if (this.scope_ == TPrivilegeScope.DATABASE) {
            sb.append(" " + this.dbName_);
        } else if (this.scope_ == TPrivilegeScope.TABLE) {
            sb.append(" " + this.tableName_.toString());
        } else if (this.scope_ == TPrivilegeScope.USER_DEFINED_FN) {
            sb.append(" " + this.functionName_.toString());
        } else if (this.scope_ == TPrivilegeScope.COLUMN) {
            sb.append(" (");
            sb.append(Joiner.on(",").join(this.columnNames_));
            sb.append(")");
            sb.append(" ON TABLE " + this.tableName_.toString());
        } else if (this.scope_ == TPrivilegeScope.URI) {
            sb.append(" '" + this.uri_.getLocation() + "'");
        } else if (this.scope_ == TPrivilegeScope.STORAGEHANDLER_URI) {
            sb.append(" '" + this.storageType_ + "://" + this.storageUri_ + "'");
        }
        return sb.toString();
    }

    public void collectTableRefs(List<TableRef> list) {
        if (this.tableName_ != null) {
            list.add(new TableRef(this.tableName_.toPath(), null));
        }
    }

    @Override // org.apache.impala.analysis.StmtNode
    public void analyze(Analyzer analyzer) throws AnalysisException {
        String serverName = analyzer.getAuthzConfig().getServerName();
        if (this.serverName_ != null && !this.serverName_.equals(serverName)) {
            throw new AnalysisException(String.format("Specified server name '%s' does not match the configured server name '%s'", this.serverName_, serverName));
        }
        this.serverName_ = serverName;
        Preconditions.checkState(!Strings.isNullOrEmpty(this.serverName_));
        Preconditions.checkNotNull(this.scope_);
        switch (this.scope_) {
            case SERVER:
                return;
            case DATABASE:
                analyzeTargetDatabase(analyzer);
                return;
            case URI:
                Preconditions.checkNotNull(this.uri_);
                if (this.privilegeLevel_ != TPrivilegeLevel.ALL) {
                    throw new AnalysisException("Only 'ALL' privilege may be applied at URI scope in privilege spec.");
                }
                this.uri_.analyze(analyzer, Privilege.ALL, false);
                return;
            case STORAGEHANDLER_URI:
                if (this.privilegeLevel_ != TPrivilegeLevel.RWSTORAGE) {
                    throw new AnalysisException("Only 'RWSTORAGE' privilege may be applied at storage handler URI scope in privilege spec.");
                }
                return;
            case TABLE:
                analyzeTargetTable(analyzer);
                return;
            case COLUMN:
                analyzeColumnPrivScope(analyzer);
                return;
            case USER_DEFINED_FN:
                analyzeUdf(analyzer);
                return;
            default:
                throw new IllegalStateException("Unknown TPrivilegeScope in privilege spec: " + this.scope_.toString());
        }
    }

    private void analyzeColumnPrivScope(Analyzer analyzer) throws AnalysisException {
        Preconditions.checkState(this.scope_ == TPrivilegeScope.COLUMN);
        Preconditions.checkNotNull(this.columnNames_);
        if (this.columnNames_.isEmpty()) {
            throw new AnalysisException("Empty column list in column privilege spec.");
        }
        if (this.privilegeLevel_ != TPrivilegeLevel.SELECT) {
            throw new AnalysisException("Only 'SELECT' privileges are allowed in a column privilege spec.");
        }
        FeTable analyzeTargetTable = analyzeTargetTable(analyzer);
        if (analyzeTargetTable instanceof FeDataSourceTable) {
            throw new AnalysisException("Column-level privileges on external data source tables are not supported.");
        }
        Iterator<String> it = this.columnNames_.iterator();
        while (it.hasNext()) {
            if (analyzeTargetTable.getColumn(it.next()) == null) {
                throw new AnalysisException(String.format("Error setting/showing column-level privileges for table '%s'. Verify that both table and columns exist and that you have permissions to issue a GRANT/REVOKE/SHOW GRANT statement.", this.tableName_.toString()));
            }
        }
    }

    private FeTable analyzeTargetTable(Analyzer analyzer) throws AnalysisException {
        Preconditions.checkState(this.scope_ == TPrivilegeScope.TABLE || this.scope_ == TPrivilegeScope.COLUMN);
        Preconditions.checkState(!Strings.isNullOrEmpty(this.tableName_.getTbl()));
        if (this.privilegeLevel_ == TPrivilegeLevel.CREATE) {
            throw new AnalysisException("Create-level privileges on tables are not supported.");
        }
        try {
            this.dbName_ = analyzer.getTargetDbName(this.tableName_);
            Preconditions.checkNotNull(this.dbName_);
            FeTable table = analyzer.getTable(this.dbName_, this.tableName_.getTbl(), true);
            this.ownerName_ = table.getOwnerUser();
            Preconditions.checkNotNull(table);
            return table;
        } catch (TableLoadingException e) {
            throw new AnalysisException(e.getMessage(), e);
        } catch (AnalysisException e2) {
            throw new AnalysisException(String.format("Error setting/showing privileges for table '%s'. Verify that the table exists and that you have permissions to issue a GRANT/REVOKE/SHOW GRANT statement.", this.tableName_.toString()));
        }
    }

    private void analyzeTargetDatabase(Analyzer analyzer) throws AnalysisException {
        Preconditions.checkState(!Strings.isNullOrEmpty(this.dbName_));
        try {
            this.ownerName_ = analyzer.getDb(this.dbName_, true).getOwnerUser();
        } catch (AnalysisException e) {
            throw new AnalysisException(String.format("Error setting/showing privileges for database '%s'. Verify that the database exists and that you have permissions to issue a GRANT/REVOKE/SHOW GRANT statement.", this.dbName_));
        }
    }

    private void analyzeUdf(Analyzer analyzer) throws AnalysisException {
        Preconditions.checkState(this.scope_ == TPrivilegeScope.USER_DEFINED_FN);
        List<String> fnNamePath = this.functionName_.getFnNamePath();
        if (fnNamePath.size() == 2 && (fnNamePath.get(0).equals(DefaultAuthorizableFactory.ALL) || fnNamePath.get(1).equals(DefaultAuthorizableFactory.ALL))) {
            this.dbName_ = fnNamePath.get(0);
            this.functionName_.setDb(fnNamePath.get(0));
            this.functionName_.setFunction(fnNamePath.get(1));
        } else {
            this.functionName_.analyze(analyzer, false);
            Preconditions.checkArgument(!this.functionName_.getDb().equals(DefaultAuthorizableFactory.ALL));
            Preconditions.checkArgument(!this.functionName_.getFunction().equals(DefaultAuthorizableFactory.ALL));
            this.dbName_ = analyzer.getTargetDbName(this.functionName_);
        }
    }

    public TPrivilegeScope getScope() {
        return this.scope_;
    }

    public TableName getTableName() {
        return this.tableName_;
    }

    public HdfsUri getUri() {
        return this.uri_;
    }

    public String getStorageType() {
        return this.storageType_;
    }

    public String getStorageUri() {
        return this.storageUri_;
    }

    public String getDbName() {
        return this.dbName_;
    }

    public String getServerName() {
        return this.serverName_;
    }

    public String getOwnerName() {
        return this.ownerName_;
    }
}
