package org.apache.impala.authorization;

import com.google.common.base.Preconditions;
import com.google.common.collect.Sets;
import com.sun.jersey.api.client.ClientResponse;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.ws.rs.core.Response;
import org.apache.impala.analysis.AnalysisContext;
import org.apache.impala.authorization.ranger.RangerAuthorizationConfig;
import org.apache.impala.authorization.ranger.RangerAuthorizationFactory;
import org.apache.impala.authorization.ranger.RangerCatalogdAuthorizationManager;
import org.apache.impala.authorization.ranger.RangerImpalaPlugin;
import org.apache.impala.catalog.CatalogServiceCatalog;
import org.apache.impala.catalog.Function;
import org.apache.impala.catalog.ScalarFunction;
import org.apache.impala.catalog.Type;
import org.apache.impala.common.AnalysisException;
import org.apache.impala.common.FrontendTestBase;
import org.apache.impala.common.ImpalaException;
import org.apache.impala.service.Frontend;
import org.apache.impala.testutil.CatalogServiceTestCatalog;
import org.apache.impala.testutil.ImpaladTestCatalog;
import org.apache.impala.thrift.TColumnValue;
import org.apache.impala.thrift.TDescribeOutputStyle;
import org.apache.impala.thrift.TDescribeResult;
import org.apache.impala.thrift.TDescribeTableParams;
import org.apache.impala.thrift.TFunctionBinaryType;
import org.apache.impala.thrift.TPrivilege;
import org.apache.impala.thrift.TPrivilegeLevel;
import org.apache.impala.thrift.TPrivilegeScope;
import org.apache.impala.thrift.TResultRow;
import org.apache.impala.thrift.TTableName;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.RangerRESTClient;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
import org.junit.Assert;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/impala/authorization/AuthorizationTestBase.class */
public abstract class AuthorizationTestBase extends FrontendTestBase {
    protected static final String RANGER_ADMIN_URL = "http://localhost:6080";
    protected static final String RANGER_USER = "admin";
    protected static final String RANGER_PASSWORD = "admin";
    protected static final String SERVER_NAME = "server1";
    protected static final String RANGER_SERVICE_TYPE = "hive";
    protected static final String RANGER_SERVICE_NAME = "test_impala";
    protected static final String RANGER_APP_ID = "impala";
    protected final AuthorizationConfig authzConfig_;
    protected final AuthorizationFactory authzFactory_;
    protected final AuthorizationProvider authzProvider_;
    protected final AnalysisContext authzCtx_;
    protected final ImpaladTestCatalog authzCatalog_;
    protected final Frontend authzFrontend_;
    protected final RangerImpalaPlugin rangerImpalaPlugin_;
    protected final RangerRESTClient rangerRestClient_;
    protected final CatalogServiceTestCatalog testCatalog_;
    public static final Logger LOG = LoggerFactory.getLogger(AuthorizationTestBase.class);
    protected static final User OWNER_USER = new User(System.getProperty("user.name"));
    protected static final List<String> GROUPS = Collections.singletonList("non_owner");
    protected static final List<String> OWNER_GROUPS = Collections.singletonList(System.getProperty("user.name"));
    protected static final User RANGER_ADMIN = new User("admin");
    protected static User user_ = null;
    protected static boolean as_owner_ = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.impala.authorization.AuthorizationTestBase$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/impala/authorization/AuthorizationTestBase$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$impala$authorization$AuthorizationProvider = new int[AuthorizationProvider.values().length];

        static {
            try {
                $SwitchMap$org$apache$impala$authorization$AuthorizationProvider[AuthorizationProvider.RANGER.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
        }
    }

    /* loaded from: input_file:org/apache/impala/authorization/AuthorizationTestBase$AuthzTest.class */
    protected class AuthzTest {
        private final AnalysisContext context_;
        private final String stmt_;

        public AuthzTest(AuthorizationTestBase authorizationTestBase, String str) {
            this(null, str);
        }

        public AuthzTest(AnalysisContext analysisContext, String str) {
            Preconditions.checkNotNull(str);
            this.context_ = analysisContext;
            this.stmt_ = str;
        }

        public AuthzTest ok(TPrivilege[]... tPrivilegeArr) throws ImpalaException {
            ok(true, tPrivilegeArr);
            return this;
        }

        public AuthzTest ok(boolean z, TPrivilege[]... tPrivilegeArr) throws ImpalaException {
            Iterator<WithPrincipal> it = AuthorizationTestBase.this.buildWithPrincipals().iterator();
            while (it.hasNext()) {
                WithPrincipal next = it.next();
                try {
                    next.init(tPrivilegeArr);
                    if (this.context_ != null) {
                        AuthorizationTestBase.this.authzOk(this.context_, this.stmt_, next, z);
                    } else {
                        AuthorizationTestBase.this.authzOk(this.stmt_, next, z);
                    }
                } finally {
                    next.cleanUp();
                }
            }
            return this;
        }

        public AuthzTest okDescribe(TTableName tTableName, DescribeOutput describeOutput, TPrivilege[]... tPrivilegeArr) throws ImpalaException {
            for (WithPrincipal withPrincipal : AuthorizationTestBase.this.buildWithPrincipals()) {
                try {
                    withPrincipal.init(tPrivilegeArr);
                    if (this.context_ != null) {
                        AuthorizationTestBase.this.authzOk(this.context_, this.stmt_, withPrincipal);
                    } else {
                        AuthorizationTestBase.this.authzOk(this.stmt_, withPrincipal);
                    }
                    describeOutput.validate(tTableName);
                    withPrincipal.cleanUp();
                } catch (Throwable th) {
                    withPrincipal.cleanUp();
                    throw th;
                }
            }
            return this;
        }

        public AuthzTest error(String str, TPrivilege[]... tPrivilegeArr) throws ImpalaException {
            Iterator<WithPrincipal> it = AuthorizationTestBase.this.buildWithPrincipals().iterator();
            while (it.hasNext()) {
                WithPrincipal next = it.next();
                try {
                    next.init(tPrivilegeArr);
                    if (this.context_ != null) {
                        AuthorizationTestBase.this.authzError(this.context_, this.stmt_, str, next);
                    } else {
                        AuthorizationTestBase.this.authzError(this.stmt_, str, next);
                    }
                } finally {
                    next.cleanUp();
                }
            }
            return this;
        }
    }

    /* loaded from: input_file:org/apache/impala/authorization/AuthorizationTestBase$DescribeOutput.class */
    protected class DescribeOutput {
        private String[] excludedStrings_ = new String[0];
        private String[] includedStrings_ = new String[0];
        private final TDescribeOutputStyle outputStyle_;

        public DescribeOutput(TDescribeOutputStyle tDescribeOutputStyle) {
            this.outputStyle_ = tDescribeOutputStyle;
        }

        public DescribeOutput excludeStrings(String[] strArr) {
            this.excludedStrings_ = strArr;
            return this;
        }

        public DescribeOutput includeStrings(String[] strArr) {
            this.includedStrings_ = strArr;
            return this;
        }

        public void validate(TTableName tTableName) throws ImpalaException {
            Preconditions.checkArgument((this.includedStrings_.length == 0 && this.excludedStrings_.length == 0) ? false : true, "One or both of included or excluded strings must be defined.");
            TDescribeTableParams tDescribeTableParams = new TDescribeTableParams();
            tDescribeTableParams.setTable_name(tTableName);
            tDescribeTableParams.setOutput_style(this.outputStyle_);
            List resultToStringList = AuthorizationTestBase.resultToStringList(AuthorizationTestBase.this.authzFrontend_.describeTable(tDescribeTableParams, AuthorizationTestBase.user_));
            for (String str : this.includedStrings_) {
                Assert.assertTrue(String.format("\"%s\" is not in the describe output.\nExpected : %s\n Actual   : %s", str, Arrays.toString(this.includedStrings_), resultToStringList), resultToStringList.contains(str));
            }
            for (String str2 : this.excludedStrings_) {
                Assert.assertTrue(String.format("\"%s\" should not be in the describe output.", str2), !resultToStringList.contains(str2));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @FunctionalInterface
    /* loaded from: input_file:org/apache/impala/authorization/AuthorizationTestBase$Matcher.class */
    public interface Matcher {
        boolean match(String str, String str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/impala/authorization/AuthorizationTestBase$WithPrincipal.class */
    public interface WithPrincipal {
        void init(TPrivilege[]... tPrivilegeArr) throws ImpalaException;

        void cleanUp() throws ImpalaException;

        String getName();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/impala/authorization/AuthorizationTestBase$WithRanger.class */
    public abstract class WithRanger implements WithPrincipal {
        private final List<GrantRevokeRequest> grants = new ArrayList();
        private final RangerCatalogdAuthorizationManager authzManager = new RangerCatalogdAuthorizationManager(() -> {
            return AuthorizationTestBase.this.rangerImpalaPlugin_;
        }, (CatalogServiceCatalog) null);

        protected WithRanger() {
        }

        @Override // org.apache.impala.authorization.AuthorizationTestBase.WithPrincipal
        public void init(TPrivilege[]... tPrivilegeArr) throws ImpalaException {
            for (TPrivilege[] tPrivilegeArr2 : tPrivilegeArr) {
                this.grants.addAll((Collection) buildRequest(Arrays.asList(tPrivilegeArr2)).stream().peek(grantRevokeRequest -> {
                    grantRevokeRequest.setResource(AuthorizationTestBase.updateUri(grantRevokeRequest.getResource()));
                    if (grantRevokeRequest.getAccessTypes().contains("owner")) {
                        grantRevokeRequest.getAccessTypes().remove("owner");
                        grantRevokeRequest.getAccessTypes().add("all");
                    }
                }).collect(Collectors.toList()));
            }
            this.authzManager.grantPrivilege(this.grants, "", "127.0.0.1");
            AuthorizationTestBase.this.rangerImpalaPlugin_.refreshPoliciesAndTags();
        }

        protected abstract List<GrantRevokeRequest> buildRequest(List<TPrivilege> list);

        @Override // org.apache.impala.authorization.AuthorizationTestBase.WithPrincipal
        public void cleanUp() throws ImpalaException {
            this.authzManager.revokePrivilege(this.grants, "", "127.0.0.1");
        }

        @Override // org.apache.impala.authorization.AuthorizationTestBase.WithPrincipal
        public String getName() {
            return AuthorizationTestBase.as_owner_ ? AuthorizationTestBase.OWNER_USER.getName() : AuthorizationTestBase.user_.getName();
        }
    }

    /* loaded from: input_file:org/apache/impala/authorization/AuthorizationTestBase$WithRangerGroup.class */
    public class WithRangerGroup extends WithRanger {
        public WithRangerGroup() {
            super();
        }

        @Override // org.apache.impala.authorization.AuthorizationTestBase.WithRanger
        protected List<GrantRevokeRequest> buildRequest(List<TPrivilege> list) {
            return RangerCatalogdAuthorizationManager.createGrantRevokeRequests(AuthorizationTestBase.RANGER_ADMIN.getName(), true, (String) null, AuthorizationTestBase.as_owner_ ? AuthorizationTestBase.OWNER_GROUPS : AuthorizationTestBase.GROUPS, Collections.emptyList(), AuthorizationTestBase.this.rangerImpalaPlugin_.getClusterName(), "127.0.0.1", list, (String) null);
        }

        @Override // org.apache.impala.authorization.AuthorizationTestBase.WithRanger, org.apache.impala.authorization.AuthorizationTestBase.WithPrincipal
        public /* bridge */ /* synthetic */ String getName() {
            return super.getName();
        }

        @Override // org.apache.impala.authorization.AuthorizationTestBase.WithRanger, org.apache.impala.authorization.AuthorizationTestBase.WithPrincipal
        public /* bridge */ /* synthetic */ void cleanUp() throws ImpalaException {
            super.cleanUp();
        }

        @Override // org.apache.impala.authorization.AuthorizationTestBase.WithRanger, org.apache.impala.authorization.AuthorizationTestBase.WithPrincipal
        public /* bridge */ /* synthetic */ void init(TPrivilege[][] tPrivilegeArr) throws ImpalaException {
            super.init(tPrivilegeArr);
        }
    }

    /* loaded from: input_file:org/apache/impala/authorization/AuthorizationTestBase$WithRangerUser.class */
    public class WithRangerUser extends WithRanger {
        public WithRangerUser() {
            super();
        }

        @Override // org.apache.impala.authorization.AuthorizationTestBase.WithRanger
        protected List<GrantRevokeRequest> buildRequest(List<TPrivilege> list) {
            return RangerCatalogdAuthorizationManager.createGrantRevokeRequests(AuthorizationTestBase.RANGER_ADMIN.getName(), true, getName(), Collections.emptyList(), Collections.emptyList(), AuthorizationTestBase.this.rangerImpalaPlugin_.getClusterName(), "127.0.0.1", list, (String) null);
        }

        @Override // org.apache.impala.authorization.AuthorizationTestBase.WithRanger, org.apache.impala.authorization.AuthorizationTestBase.WithPrincipal
        public /* bridge */ /* synthetic */ String getName() {
            return super.getName();
        }

        @Override // org.apache.impala.authorization.AuthorizationTestBase.WithRanger, org.apache.impala.authorization.AuthorizationTestBase.WithPrincipal
        public /* bridge */ /* synthetic */ void cleanUp() throws ImpalaException {
            super.cleanUp();
        }

        @Override // org.apache.impala.authorization.AuthorizationTestBase.WithRanger, org.apache.impala.authorization.AuthorizationTestBase.WithPrincipal
        public /* bridge */ /* synthetic */ void init(TPrivilege[][] tPrivilegeArr) throws ImpalaException {
            super.init(tPrivilegeArr);
        }
    }

    public AuthorizationTestBase(AuthorizationProvider authorizationProvider) throws ImpalaException {
        this.authzProvider_ = authorizationProvider;
        switch (AnonymousClass1.$SwitchMap$org$apache$impala$authorization$AuthorizationProvider[authorizationProvider.ordinal()]) {
            case 1:
                user_ = new User("non_owner");
                this.authzConfig_ = new RangerAuthorizationConfig(RANGER_SERVICE_TYPE, RANGER_APP_ID, SERVER_NAME, (String) null, (String) null, (RangerPolicyEngineOptions) null);
                this.authzFactory_ = createAuthorizationFactory(authorizationProvider);
                this.authzCtx_ = createAnalysisCtx(this.authzFactory_, user_.getName());
                this.testCatalog_ = CatalogServiceTestCatalogWithRanger.createWithAuth(this.authzFactory_);
                this.authzCatalog_ = new ImpaladTestCatalog(this.testCatalog_);
                this.authzFrontend_ = new Frontend(this.authzFactory_, this.authzCatalog_);
                this.rangerImpalaPlugin_ = this.authzFrontend_.getAuthzChecker().getRangerImpalaPlugin();
                Assert.assertEquals("test-cluster", this.rangerImpalaPlugin_.getClusterName());
                this.rangerRestClient_ = new RangerRESTClient(RANGER_ADMIN_URL, (String) null, this.rangerImpalaPlugin_.getConfig());
                this.rangerRestClient_.setBasicAuthInfo("admin", "admin");
                return;
            default:
                throw new IllegalArgumentException(String.format("Unsupported authorization provider: %s", authorizationProvider));
        }
    }

    protected AuthorizationFactory createAuthorizationFactory(AuthorizationProvider authorizationProvider) {
        return new RangerAuthorizationFactory(this.authzConfig_);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Map<String, String> updateUri(Map<String, String> map) {
        String str = map.get("url");
        if (str != null && str.startsWith("/")) {
            str = "hdfs://localhost:20500" + str;
        }
        map.put("url", str);
        return map;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DescribeOutput describeOutput(TDescribeOutputStyle tDescribeOutputStyle) {
        return new DescribeOutput(tDescribeOutputStyle);
    }

    protected List<WithPrincipal> buildWithPrincipals() {
        ArrayList arrayList = new ArrayList();
        switch (AnonymousClass1.$SwitchMap$org$apache$impala$authorization$AuthorizationProvider[this.authzProvider_.ordinal()]) {
            case 1:
                arrayList.add(new WithRangerUser());
                arrayList.add(new WithRangerGroup());
                return arrayList;
            default:
                throw new IllegalArgumentException(String.format("Unsupported authorization provider: %s", this.authzProvider_));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthzTest authorize(String str) {
        return new AuthzTest(this, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthzTest authorize(AnalysisContext analysisContext, String str) {
        return new AuthzTest(analysisContext, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TPrivilege[] onServer(TPrivilegeLevel... tPrivilegeLevelArr) {
        return onServer(false, tPrivilegeLevelArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TPrivilege[] onServer(boolean z, TPrivilegeLevel... tPrivilegeLevelArr) {
        TPrivilege[] tPrivilegeArr = new TPrivilege[tPrivilegeLevelArr.length];
        for (int i = 0; i < tPrivilegeLevelArr.length; i++) {
            tPrivilegeArr[i] = new TPrivilege(tPrivilegeLevelArr[i], TPrivilegeScope.SERVER, false);
            tPrivilegeArr[i].setServer_name(SERVER_NAME);
            tPrivilegeArr[i].setHas_grant_opt(z);
        }
        return tPrivilegeArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TPrivilege[] onDatabase(String str, TPrivilegeLevel... tPrivilegeLevelArr) {
        return onDatabase(false, str, tPrivilegeLevelArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TPrivilege[] onDatabase(boolean z, String str, TPrivilegeLevel... tPrivilegeLevelArr) {
        TPrivilege[] tPrivilegeArr = new TPrivilege[tPrivilegeLevelArr.length];
        for (int i = 0; i < tPrivilegeLevelArr.length; i++) {
            tPrivilegeArr[i] = new TPrivilege(tPrivilegeLevelArr[i], TPrivilegeScope.DATABASE, false);
            tPrivilegeArr[i].setServer_name(SERVER_NAME);
            tPrivilegeArr[i].setDb_name(str);
            tPrivilegeArr[i].setHas_grant_opt(z);
        }
        return tPrivilegeArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TPrivilege[] onTable(String str, String str2, TPrivilegeLevel... tPrivilegeLevelArr) {
        return onTable(false, str, str2, tPrivilegeLevelArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TPrivilege[] onTable(boolean z, String str, String str2, TPrivilegeLevel... tPrivilegeLevelArr) {
        TPrivilege[] tPrivilegeArr = new TPrivilege[tPrivilegeLevelArr.length];
        for (int i = 0; i < tPrivilegeLevelArr.length; i++) {
            tPrivilegeArr[i] = new TPrivilege(tPrivilegeLevelArr[i], TPrivilegeScope.TABLE, false);
            tPrivilegeArr[i].setServer_name(SERVER_NAME);
            tPrivilegeArr[i].setDb_name(str);
            tPrivilegeArr[i].setTable_name(str2);
            tPrivilegeArr[i].setHas_grant_opt(z);
        }
        return tPrivilegeArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TPrivilege[] onColumn(String str, String str2, String str3, TPrivilegeLevel... tPrivilegeLevelArr) {
        return onColumn(str, str2, new String[]{str3}, tPrivilegeLevelArr);
    }

    protected TPrivilege[] onColumn(boolean z, String str, String str2, String str3, TPrivilegeLevel... tPrivilegeLevelArr) {
        return onColumn(z, str, str2, new String[]{str3}, tPrivilegeLevelArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TPrivilege[] onColumn(String str, String str2, String[] strArr, TPrivilegeLevel... tPrivilegeLevelArr) {
        return onColumn(false, str, str2, strArr, tPrivilegeLevelArr);
    }

    protected TPrivilege[] onColumn(boolean z, String str, String str2, String[] strArr, TPrivilegeLevel... tPrivilegeLevelArr) {
        TPrivilege[] tPrivilegeArr = new TPrivilege[strArr.length * tPrivilegeLevelArr.length];
        int i = 0;
        for (TPrivilegeLevel tPrivilegeLevel : tPrivilegeLevelArr) {
            for (String str3 : strArr) {
                tPrivilegeArr[i] = new TPrivilege(tPrivilegeLevel, TPrivilegeScope.COLUMN, false);
                tPrivilegeArr[i].setServer_name(SERVER_NAME);
                tPrivilegeArr[i].setDb_name(str);
                tPrivilegeArr[i].setTable_name(str2);
                tPrivilegeArr[i].setColumn_name(str3);
                tPrivilegeArr[i].setHas_grant_opt(z);
                i++;
            }
        }
        return tPrivilegeArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TPrivilege[] onUri(String str, TPrivilegeLevel... tPrivilegeLevelArr) {
        return onUri(false, str, tPrivilegeLevelArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TPrivilege[] onUri(boolean z, String str, TPrivilegeLevel... tPrivilegeLevelArr) {
        TPrivilege[] tPrivilegeArr = new TPrivilege[tPrivilegeLevelArr.length];
        for (int i = 0; i < tPrivilegeLevelArr.length; i++) {
            tPrivilegeArr[i] = new TPrivilege(tPrivilegeLevelArr[i], TPrivilegeScope.URI, false);
            tPrivilegeArr[i].setServer_name(SERVER_NAME);
            tPrivilegeArr[i].setUri(str);
            tPrivilegeArr[i].setHas_grant_opt(z);
        }
        return tPrivilegeArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TPrivilege[] onStorageHandlerUri(String str, String str2, TPrivilegeLevel... tPrivilegeLevelArr) {
        return onStorageHandlerUri(false, str, str2, tPrivilegeLevelArr);
    }

    protected TPrivilege[] onStorageHandlerUri(boolean z, String str, String str2, TPrivilegeLevel... tPrivilegeLevelArr) {
        TPrivilege[] tPrivilegeArr = new TPrivilege[tPrivilegeLevelArr.length];
        for (int i = 0; i < tPrivilegeLevelArr.length; i++) {
            tPrivilegeArr[i] = new TPrivilege(tPrivilegeLevelArr[i], TPrivilegeScope.STORAGEHANDLER_URI, false);
            tPrivilegeArr[i].setServer_name(SERVER_NAME);
            tPrivilegeArr[i].setStorage_type(str);
            tPrivilegeArr[i].setStorage_url(str2);
            tPrivilegeArr[i].setHas_grant_opt(z);
        }
        return tPrivilegeArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TPrivilege[] onUdf(String str, String str2, TPrivilegeLevel... tPrivilegeLevelArr) {
        return onUdf(false, str, str2, tPrivilegeLevelArr);
    }

    protected TPrivilege[] onUdf(boolean z, String str, String str2, TPrivilegeLevel... tPrivilegeLevelArr) {
        TPrivilege[] tPrivilegeArr = new TPrivilege[tPrivilegeLevelArr.length];
        for (int i = 0; i < tPrivilegeLevelArr.length; i++) {
            tPrivilegeArr[i] = new TPrivilege(tPrivilegeLevelArr[i], TPrivilegeScope.USER_DEFINED_FN, false);
            tPrivilegeArr[i].setServer_name(SERVER_NAME);
            tPrivilegeArr[i].setDb_name(str);
            tPrivilegeArr[i].setFn_name(str2);
            tPrivilegeArr[i].setHas_grant_opt(z);
        }
        return tPrivilegeArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void authzOk(String str, WithPrincipal withPrincipal) throws ImpalaException {
        authzOk(this.authzCtx_, str, withPrincipal, true);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void authzOk(String str, WithPrincipal withPrincipal, boolean z) throws ImpalaException {
        authzOk(this.authzCtx_, str, withPrincipal, z);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void authzOk(AnalysisContext analysisContext, String str, WithPrincipal withPrincipal) throws ImpalaException {
        authzOk(analysisContext, str, withPrincipal, true);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void authzOk(AnalysisContext analysisContext, String str, WithPrincipal withPrincipal, boolean z) throws ImpalaException {
        try {
            LOG.info("Testing authzOk for {}", str);
            parseAndAnalyze(str, analysisContext, this.authzFrontend_);
        } catch (AnalysisException e) {
            if (z) {
                throw new AnalysisException(String.format("\nPrincipal: %s\nStatement: %s\nError: %s", withPrincipal.getName(), str, e.getMessage(), e));
            }
        } catch (AuthorizationException e2) {
            throw new AuthorizationException(String.format("\nPrincipal: %s\nStatement: %s\nError: %s", withPrincipal.getName(), str, e2.getMessage(), e2));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void authzError(String str, String str2, WithPrincipal withPrincipal) throws ImpalaException {
        authzError(this.authzCtx_, str, str2, startsWith(), withPrincipal);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void authzError(AnalysisContext analysisContext, String str, String str2, WithPrincipal withPrincipal) throws ImpalaException {
        authzError(analysisContext, str, str2, startsWith(), withPrincipal);
    }

    private static Matcher exact() {
        return (str, str2) -> {
            return str.equals(str2);
        };
    }

    private static Matcher startsWith() {
        return (str, str2) -> {
            return str.startsWith(str2);
        };
    }

    private void authzError(AnalysisContext analysisContext, String str, String str2, Matcher matcher, WithPrincipal withPrincipal) throws ImpalaException {
        Preconditions.checkNotNull(str2);
        try {
            LOG.info("Testing authzError for {}", str);
            parseAndAnalyze(str, analysisContext, this.authzFrontend_);
            Assert.fail(String.format("Statement did not result in authorization error.\nPrincipal: %s\nStatement: %s", withPrincipal.getName(), str));
        } catch (AuthorizationException e) {
            String format = String.format(str2, analysisContext.getUser());
            String message = e.getMessage();
            Assert.assertTrue("got error:\n" + message + "\nexpected:\n" + format, matcher.match(message, format));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public long createRangerPolicy(String str, String str2) {
        ClientResponse clientResponse = (ClientResponse) this.rangerRestClient_.getResource("/service/public/v2/api/policy").accept(new String[]{"application/json"}).type("application/json").post(ClientResponse.class, str2);
        if (clientResponse.getStatusInfo().getFamily() != Response.Status.Family.SUCCESSFUL) {
            throw new RuntimeException(String.format("Unable to create a Ranger policy: %s Response: %s", str, clientResponse.getEntity(String.class)));
        }
        String str3 = (String) clientResponse.getEntity(String.class);
        long j = -1;
        try {
            j = ((Long) ((JSONObject) new JSONParser().parse(str3)).get("id")).longValue();
        } catch (ParseException e) {
            LOG.error("Error parsing response content: {}", str3);
        }
        LOG.info("Created ranger policy id={}, {}: {}", new Object[]{Long.valueOf(j), str, str2});
        return j;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void deleteRangerPolicy(String str) {
        if (((ClientResponse) this.rangerRestClient_.getResource("/service/public/v2/api/policy").queryParam("servicename", RANGER_SERVICE_NAME).queryParam("policyname", str).delete(ClientResponse.class)).getStatusInfo().getFamily() != Response.Status.Family.SUCCESSFUL) {
            throw new RuntimeException(String.format("Unable to delete Ranger policy: %s.", str));
        }
        LOG.info("Deleted ranger policy {}", str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static List<String> resultToStringList(TDescribeResult tDescribeResult) {
        ArrayList arrayList = new ArrayList();
        Iterator it = tDescribeResult.getResults().iterator();
        while (it.hasNext()) {
            for (TColumnValue tColumnValue : ((TResultRow) it.next()).getColVals()) {
                arrayList.add(tColumnValue.getString_val() == null ? "NULL" : tColumnValue.getString_val().trim());
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String selectError(String str) {
        return "User '%s' does not have privileges to execute 'SELECT' on: " + str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String insertError(String str) {
        return "User '%s' does not have privileges to execute 'INSERT' on: " + str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String createError(String str) {
        return "User '%s' does not have privileges to execute 'CREATE' on: " + str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String rwstorageError(String str) {
        return "User '%s' does not have privileges to execute 'RWSTORAGE' on: " + str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String alterError(String str) {
        return "User '%s' does not have privileges to execute 'ALTER' on: " + str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String dropError(String str) {
        return "User '%s' does not have privileges to execute 'DROP' on: " + str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String accessError(String str) {
        return accessError(false, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String accessError(boolean z, String str) {
        return "User '%s' does not have privileges" + (z ? " with 'GRANT OPTION'" : "") + " to access: " + str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String refreshError(String str) {
        return "User '%s' does not have privileges to execute 'INVALIDATE METADATA/REFRESH' on: " + str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String systemDbError() {
        return "Cannot modify system database.";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String viewDefError(String str) {
        return "User '%s' does not have privileges to see the definition of view '" + str + "'.";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String createFunctionError(String str) {
        return "User '%s' does not have privileges to CREATE functions in: " + str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String dropFunctionError(String str) {
        return "User '%s' does not have privileges to DROP functions in: " + str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String accessFunctionError(String str) {
        return "User '%s' does not have privileges to ANY functions in: " + str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String selectFunctionError(String str) {
        return "User '%s' does not have privileges to SELECT functions in: " + str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String columnMaskError(String str) {
        return "Column masking is disabled by --enable_column_masking flag. Can't access column " + str + " that has column masking policy.";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String rowFilterError(String str) {
        return "Row filtering is disabled by --enable_row_filtering flag. Can't access table " + str + " that has row filtering policy.";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String mvSelectError(String str) {
        return "Materialized view " + str + " references tables with column masking or row filtering policies.";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ScalarFunction addFunction(String str, String str2, List<Type> list, Type type, String str3, String str4) {
        Function createForTesting = ScalarFunction.createForTesting(str, str2, list, type, str3, str4, (String) null, (String) null, TFunctionBinaryType.NATIVE);
        this.authzCatalog_.addFunction(createForTesting);
        return createForTesting;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ScalarFunction addFunction(String str, String str2) {
        return addFunction(str, str2, new ArrayList(), Type.INT, "/dummy", "dummy.class");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeFunction(ScalarFunction scalarFunction) {
        this.authzCatalog_.removeFunction(scalarFunction);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TPrivilegeLevel[] join(TPrivilegeLevel[] tPrivilegeLevelArr, TPrivilegeLevel... tPrivilegeLevelArr2) {
        TPrivilegeLevel[] tPrivilegeLevelArr3 = new TPrivilegeLevel[tPrivilegeLevelArr.length + tPrivilegeLevelArr2.length];
        int i = 0;
        for (TPrivilegeLevel tPrivilegeLevel : tPrivilegeLevelArr) {
            int i2 = i;
            i++;
            tPrivilegeLevelArr3[i2] = tPrivilegeLevel;
        }
        for (TPrivilegeLevel tPrivilegeLevel2 : tPrivilegeLevelArr2) {
            int i3 = i;
            i++;
            tPrivilegeLevelArr3[i3] = tPrivilegeLevel2;
        }
        return tPrivilegeLevelArr3;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TPrivilegeLevel[] viewMetadataPrivileges() {
        return new TPrivilegeLevel[]{TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.SELECT, TPrivilegeLevel.INSERT, TPrivilegeLevel.REFRESH};
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static TPrivilegeLevel[] allExcept(TPrivilegeLevel... tPrivilegeLevelArr) {
        HashSet newHashSet = Sets.newHashSet(tPrivilegeLevelArr);
        ArrayList arrayList = new ArrayList();
        for (TPrivilegeLevel tPrivilegeLevel : TPrivilegeLevel.values()) {
            if (!newHashSet.contains(tPrivilegeLevel)) {
                arrayList.add(tPrivilegeLevel);
            }
        }
        return (TPrivilegeLevel[]) arrayList.toArray(new TPrivilegeLevel[0]);
    }
}
