package oracle.hadoop.sql.authz.sentry;

import java.util.List;
import oracle.hadoop.sql.JXADException;
import oracle.hadoop.sql.authz.Authorizables;
import oracle.hadoop.sql.authz.AuthzCore;
import oracle.hadoop.sql.authz.AuthzPrivileges;
import oracle.hadoop.sql.messages.HSqlMessage;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;

/* loaded from: input_file:oracle/hadoop/sql/authz/sentry/SentryPolicyEngine.class */
public class SentryPolicyEngine extends AuthzCore.AuthzPolicyEngine {
    private static final Log LOG = LogFactory.getLog(SentryPolicyEngine.class);
    private final Configuration sentryConf;
    protected AuthzPrivileges privileges;

    public SentryPolicyEngine(Configuration configuration, SentryAuthzConf sentryAuthzConf, SentryProviderBackend sentryProviderBackend) throws JXADException {
        super(configuration, sentryProviderBackend);
        this.sentryConf = sentryAuthzConf.getSentryConf();
    }

    @Override // oracle.hadoop.sql.authz.AuthzCore.AuthzPolicyEngine
    public void checkPrivileges(Authorizables.AuthzUser authzUser, Authorizables.AuthzDatabase authzDatabase, Authorizables.AuthzTable authzTable, List<Authorizables.AuthzColumn> list) throws JXADException {
        String serverScope = SentryAuthzConf.getServerScope(this.sentryConf);
        if (LOG.isDebugEnabled()) {
            LOG.debug("policy engine sentry global server scope name=" + serverScope);
        }
        if (null == this.privileges) {
            this.privileges = this.providerBackend.getPrivileges(authzUser, authzDatabase, authzTable);
        }
        if (null == this.privileges) {
            throw new JXADException(JXADException.CODE.INTERNAL, HSqlMessage.MSG.GENERAL, "authz context not set up");
        }
        if (this.privileges.hasNoPrivileges()) {
            throwTblPrivException(serverScope, authzUser, authzDatabase, authzTable);
        }
        if (this.privileges.hasTablePrivileges()) {
            return;
        }
        if (null == list || list.isEmpty()) {
            throwTblPrivException(serverScope, authzUser, authzDatabase, authzTable);
        }
        for (Authorizables.AuthzColumn authzColumn : list) {
            String fieldName = authzColumn.getFieldName();
            if (null != fieldName && !this.privileges.isPrivileged(fieldName)) {
                throwColPrivException(serverScope, authzUser, authzDatabase, authzTable, authzColumn);
            }
        }
    }

    private static void throwColPrivException(String str, Authorizables.AuthzUser authzUser, Authorizables.AuthzDatabase authzDatabase, Authorizables.AuthzTable authzTable, Authorizables.AuthzColumn authzColumn) throws JXADException {
        throw new JXADException(JXADException.CODE.PRIVILEGE, HSqlMessage.MSG.SENTRY_COL_PRIV, authzUser.getUserName(), authzTable.getOracleTableName(), authzColumn.getColName(), str, authzDatabase.getDatabaseName(), authzTable.getTableName(), authzColumn.getFieldName());
    }

    private static void throwTblPrivException(String str, Authorizables.AuthzUser authzUser, Authorizables.AuthzDatabase authzDatabase, Authorizables.AuthzTable authzTable) throws JXADException {
        throw new JXADException(JXADException.CODE.PRIVILEGE, HSqlMessage.MSG.SENTRY_TBL_PRIV, authzUser.getUserName(), authzTable.getOracleTableName(), str, authzDatabase.getDatabaseName(), authzTable.getTableName());
    }

    public boolean hasOnlyColPrivileges() {
        return null != this.privileges && ((SentryPrivileges) this.privileges).hasOnlyColPrivileges();
    }

    public boolean hasOnlyServerPrivileges() {
        return null != this.privileges && ((SentryPrivileges) this.privileges).hasOnlyServerPrivileges();
    }
}
