package org.apache.sentry.provider.db.generic;

import com.google.common.collect.HashBasedTable;
import com.google.common.collect.Table;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.TimeUnit;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.sentry.provider.common.TableCache;
import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory;
import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole;
import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/provider/db/generic/UpdatableCache.class */
class UpdatableCache implements TableCache {
    private static final Logger LOGGER = LoggerFactory.getLogger(UpdatableCache.class);
    private final String componentType;
    private final String serviceName;
    private final long cacheTtlNs;
    private final int allowedUpdateFailuresCount;
    private final Configuration conf;
    private final TSentryPrivilegeConverter tSentryPrivilegeConverter;
    private volatile long lastRefreshedNs = 0;
    private int consecutiveUpdateFailuresCount = 0;
    private volatile Table<String, String, Set<String>> table;

    /* JADX INFO: Access modifiers changed from: package-private */
    public UpdatableCache(Configuration configuration, String str, String str2, TSentryPrivilegeConverter tSentryPrivilegeConverter) {
        this.conf = configuration;
        this.componentType = str;
        this.serviceName = str2;
        this.tSentryPrivilegeConverter = tSentryPrivilegeConverter;
        this.cacheTtlNs = TimeUnit.MILLISECONDS.toNanos(configuration.getLong("sentry.provider.backend.generic.cache.ttl.ms", 30000L));
        this.allowedUpdateFailuresCount = configuration.getInt("sentry.provider.backend.generic.cache.update.failures.count", 3);
    }

    public Table<String, String, Set<String>> getCache() {
        return this.table;
    }

    private Table<String, String, Set<String>> loadFromRemote() throws Exception {
        HashBasedTable create = HashBasedTable.create();
        String shortUserName = UserGroupInformation.getLoginUser().getShortUserName();
        SentryGenericServiceClient sentryGenericServiceClient = null;
        try {
            sentryGenericServiceClient = getClient();
            for (TSentryRole tSentryRole : sentryGenericServiceClient.listAllRoles(shortUserName, this.componentType)) {
                String roleName = tSentryRole.getRoleName();
                Set listPrivilegesByRoleName = sentryGenericServiceClient.listPrivilegesByRoleName(shortUserName, roleName, this.componentType, this.serviceName);
                for (String str : tSentryRole.getGroups()) {
                    Set set = (Set) create.get(str, roleName);
                    if (set == null) {
                        set = new HashSet();
                        create.put(str, roleName, set);
                    }
                    Iterator it = listPrivilegesByRoleName.iterator();
                    while (it.hasNext()) {
                        set.add(this.tSentryPrivilegeConverter.toString((TSentryPrivilege) it.next()));
                    }
                }
            }
            if (sentryGenericServiceClient != null) {
                sentryGenericServiceClient.close();
            }
            return create;
        } catch (Throwable th) {
            if (sentryGenericServiceClient != null) {
                sentryGenericServiceClient.close();
            }
            throw th;
        }
    }

    private SentryGenericServiceClient getClient() throws Exception {
        return SentryGenericServiceClientFactory.create(this.conf);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void startUpdateThread(boolean z) throws Exception {
        if (z) {
            reloadData();
        }
        Timer timer = new Timer();
        long millis = TimeUnit.NANOSECONDS.toMillis(this.cacheTtlNs);
        timer.scheduleAtFixedRate(new TimerTask() { // from class: org.apache.sentry.provider.db.generic.UpdatableCache.1
            @Override // java.util.TimerTask, java.lang.Runnable
            public void run() {
                if (UpdatableCache.this.shouldRefresh()) {
                    try {
                        UpdatableCache.LOGGER.debug("Loading all data.");
                        UpdatableCache.this.reloadData();
                    } catch (Exception e) {
                        UpdatableCache.LOGGER.warn("Exception while updating data from DB", e);
                        UpdatableCache.this.revokeAllPrivilegesIfRequired();
                    }
                }
            }
        }, z ? millis : 0L, millis);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void revokeAllPrivilegesIfRequired() {
        int i = this.consecutiveUpdateFailuresCount + 1;
        this.consecutiveUpdateFailuresCount = i;
        if (i > this.allowedUpdateFailuresCount) {
            this.table = HashBasedTable.create();
            LOGGER.error("Failed to update roles and privileges cache for " + this.consecutiveUpdateFailuresCount + " times. Revoking all privileges from cache, which will cause all authorization requests to fail.");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void reloadData() throws Exception {
        this.table = loadFromRemote();
        this.lastRefreshedNs = System.nanoTime();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean shouldRefresh() {
        return this.lastRefreshedNs + this.cacheTtlNs < System.nanoTime();
    }
}
