package org.apache.hadoop.hbase.security.access;

import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.ListMultimap;
import java.io.ByteArrayOutputStream;
import java.io.DataInput;
import java.io.DataOutput;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.KeyValue;
import org.apache.hadoop.hbase.catalog.MetaReader;
import org.apache.hadoop.hbase.client.Delete;
import org.apache.hadoop.hbase.client.Get;
import org.apache.hadoop.hbase.client.HTable;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.ResultScanner;
import org.apache.hadoop.hbase.client.Scan;
import org.apache.hadoop.hbase.filter.CompareFilter;
import org.apache.hadoop.hbase.filter.QualifierFilter;
import org.apache.hadoop.hbase.filter.RegexStringComparator;
import org.apache.hadoop.hbase.io.HbaseObjectWritable;
import org.apache.hadoop.hbase.io.hfile.Compression;
import org.apache.hadoop.hbase.master.MasterServices;
import org.apache.hadoop.hbase.regionserver.HRegion;
import org.apache.hadoop.hbase.regionserver.RegionScanner;
import org.apache.hadoop.hbase.regionserver.StoreFile;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hbase.util.Pair;
import org.apache.hadoop.io.Text;
import org.codehaus.jackson.util.MinimalPrettyPrinter;

/* loaded from: input_file:org/apache/hadoop/hbase/security/access/AccessControlLists.class */
public class AccessControlLists {
    public static final String ACL_TABLE_NAME_STR = "_acl_";
    public static final byte[] ACL_TABLE_NAME = Bytes.toBytes(ACL_TABLE_NAME_STR);
    public static final byte[] ACL_GLOBAL_NAME = ACL_TABLE_NAME;
    public static final String ACL_LIST_FAMILY_STR = "l";
    public static final byte[] ACL_LIST_FAMILY = Bytes.toBytes(ACL_LIST_FAMILY_STR);
    public static final HTableDescriptor ACL_TABLEDESC = new HTableDescriptor(ACL_TABLE_NAME);
    public static final char ACL_KEY_DELIMITER = ',';
    public static final String GROUP_PREFIX = "@";
    public static final String SUPERUSER_CONF_KEY = "hbase.superuser";
    private static Log LOG;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void init(MasterServices masterServices) throws IOException {
        if (MetaReader.tableExists(masterServices.getCatalogTracker(), ACL_TABLE_NAME_STR)) {
            return;
        }
        masterServices.createTable(ACL_TABLEDESC, (byte[][]) null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addUserPermission(Configuration configuration, UserPermission userPermission) throws IOException {
        Permission.Action[] actions = userPermission.getActions();
        Put put = new Put(userPermission.isGlobal() ? ACL_GLOBAL_NAME : userPermission.getTable());
        byte[] userPermissionKey = userPermissionKey(userPermission);
        if (actions == null || actions.length == 0) {
            String str = "No actions associated with user '" + Bytes.toString(userPermission.getUser()) + "'";
            LOG.warn(str);
            throw new IOException(str);
        }
        byte[] bArr = new byte[actions.length];
        for (int i = 0; i < actions.length; i++) {
            bArr[i] = actions[i].code();
        }
        put.add(ACL_LIST_FAMILY, userPermissionKey, bArr);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Writing permission for table " + Bytes.toString(userPermission.getTable()) + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + Bytes.toString(userPermissionKey) + ": " + Bytes.toStringBinary(bArr));
        }
        HTable hTable = null;
        try {
            hTable = new HTable(configuration, ACL_TABLE_NAME);
            hTable.put(put);
            if (hTable != null) {
                hTable.close();
            }
        } catch (Throwable th) {
            if (hTable != null) {
                hTable.close();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void removeUserPermission(Configuration configuration, UserPermission userPermission) throws IOException {
        Delete delete = new Delete(userPermission.isGlobal() ? ACL_GLOBAL_NAME : userPermission.getTable());
        byte[] userPermissionKey = userPermissionKey(userPermission);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Removing permission " + userPermission.toString());
        }
        delete.deleteColumns(ACL_LIST_FAMILY, userPermissionKey);
        HTable hTable = null;
        try {
            hTable = new HTable(configuration, ACL_TABLE_NAME);
            hTable.delete(delete);
            if (hTable != null) {
                hTable.close();
            }
        } catch (Throwable th) {
            if (hTable != null) {
                hTable.close();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void removeTablePermissions(Configuration configuration, byte[] bArr) throws IOException {
        Delete delete = new Delete(bArr);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Removing permissions of removed table " + Bytes.toString(bArr));
        }
        HTable hTable = null;
        try {
            hTable = new HTable(configuration, ACL_TABLE_NAME);
            hTable.delete(delete);
            if (hTable != null) {
                hTable.close();
            }
        } catch (Throwable th) {
            if (hTable != null) {
                hTable.close();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Finally extract failed */
    public static void removeTablePermissions(Configuration configuration, byte[] bArr, byte[] bArr2) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Removing permissions of removed column " + Bytes.toString(bArr2) + " from table " + Bytes.toString(bArr));
        }
        HTable hTable = null;
        try {
            hTable = new HTable(configuration, ACL_TABLE_NAME);
            Scan scan = new Scan();
            scan.addFamily(ACL_LIST_FAMILY);
            String bytes = Bytes.toString(bArr2);
            scan.setFilter(new QualifierFilter(CompareFilter.CompareOp.EQUAL, new RegexStringComparator(String.format("(%s%s%s)|(%s%s)$", ',', bytes, ',', ',', bytes))));
            TreeSet treeSet = new TreeSet(Bytes.BYTES_COMPARATOR);
            ResultScanner scanner = hTable.getScanner(scan);
            try {
                Iterator<Result> it = scanner.iterator();
                while (it.hasNext()) {
                    Iterator<byte[]> it2 = it.next().getFamilyMap(ACL_LIST_FAMILY).navigableKeySet().iterator();
                    while (it2.hasNext()) {
                        treeSet.add(it2.next());
                    }
                }
                scanner.close();
                if (treeSet.size() > 0) {
                    Delete delete = new Delete(bArr);
                    Iterator it3 = treeSet.iterator();
                    while (it3.hasNext()) {
                        delete.deleteColumns(ACL_LIST_FAMILY, (byte[]) it3.next());
                    }
                    hTable.delete(delete);
                }
                if (hTable != null) {
                    hTable.close();
                }
            } catch (Throwable th) {
                scanner.close();
                throw th;
            }
        } catch (Throwable th2) {
            if (hTable != null) {
                hTable.close();
            }
            throw th2;
        }
    }

    static byte[] userPermissionKey(UserPermission userPermission) {
        byte[] qualifier = userPermission.getQualifier();
        byte[] family = userPermission.getFamily();
        byte[] user = userPermission.getUser();
        if (family != null && family.length > 0) {
            user = Bytes.add(user, Bytes.add(new byte[]{44}, family));
            if (qualifier != null && qualifier.length > 0) {
                user = Bytes.add(user, Bytes.add(new byte[]{44}, qualifier));
            }
        }
        return user;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isAclRegion(HRegion hRegion) {
        return Bytes.equals(ACL_TABLE_NAME, hRegion.getTableDesc().getName());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isAclTable(HTableDescriptor hTableDescriptor) {
        return Bytes.equals(ACL_TABLE_NAME, hTableDescriptor.getName());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Map<byte[], ListMultimap<String, TablePermission>> loadAll(HRegion hRegion) throws IOException {
        boolean next;
        if (!isAclRegion(hRegion)) {
            throw new IOException("Can only load permissions from _acl_");
        }
        TreeMap treeMap = new TreeMap(Bytes.BYTES_COMPARATOR);
        Scan scan = new Scan();
        scan.addFamily(ACL_LIST_FAMILY);
        RegionScanner regionScanner = null;
        try {
            regionScanner = hRegion.getScanner(scan);
            do {
                ArrayList arrayList = new ArrayList();
                next = regionScanner.next(arrayList);
                ArrayListMultimap create = ArrayListMultimap.create();
                byte[] bArr = null;
                for (KeyValue keyValue : arrayList) {
                    if (bArr == null) {
                        bArr = keyValue.getRow();
                    }
                    Pair<String, TablePermission> parseTablePermissionRecord = parseTablePermissionRecord(bArr, keyValue);
                    if (parseTablePermissionRecord != null) {
                        create.put(parseTablePermissionRecord.getFirst(), parseTablePermissionRecord.getSecond());
                    }
                }
                if (bArr != null) {
                    treeMap.put(bArr, create);
                }
            } while (next);
            if (regionScanner != null) {
                regionScanner.close();
            }
            return treeMap;
        } catch (Throwable th) {
            if (regionScanner != null) {
                regionScanner.close();
            }
            throw th;
        }
    }

    static Map<byte[], ListMultimap<String, TablePermission>> loadAll(Configuration configuration) throws IOException {
        TreeMap treeMap = new TreeMap(Bytes.BYTES_COMPARATOR);
        Scan scan = new Scan();
        scan.addFamily(ACL_LIST_FAMILY);
        HTable hTable = null;
        ResultScanner resultScanner = null;
        try {
            hTable = new HTable(configuration, ACL_TABLE_NAME);
            resultScanner = hTable.getScanner(scan);
            for (Result result : resultScanner) {
                treeMap.put(result.getRow(), parseTablePermissions(result.getRow(), result));
            }
            if (resultScanner != null) {
                resultScanner.close();
            }
            if (hTable != null) {
                hTable.close();
            }
            return treeMap;
        } catch (Throwable th) {
            if (resultScanner != null) {
                resultScanner.close();
            }
            if (hTable != null) {
                hTable.close();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public static ListMultimap<String, TablePermission> getTablePermissions(Configuration configuration, byte[] bArr) throws IOException {
        if (bArr == null) {
            bArr = ACL_TABLE_NAME;
        }
        ListMultimap create = ArrayListMultimap.create();
        AutoCloseable autoCloseable = null;
        try {
            HTable hTable = new HTable(configuration, ACL_TABLE_NAME);
            Get get = new Get(bArr);
            get.addFamily(ACL_LIST_FAMILY);
            Result result = hTable.get(get);
            if (result.isEmpty()) {
                LOG.info("No permissions found in _acl_ for table " + Bytes.toString(bArr));
            } else {
                create = parseTablePermissions(bArr, result);
            }
            if (hTable != null) {
                hTable.close();
            }
            return create;
        } catch (Throwable th) {
            if (0 != 0) {
                autoCloseable.close();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<UserPermission> getUserPermissions(Configuration configuration, byte[] bArr) throws IOException {
        ListMultimap<String, TablePermission> tablePermissions = getTablePermissions(configuration, bArr);
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, TablePermission> entry : tablePermissions.entries()) {
            arrayList.add(new UserPermission(Bytes.toBytes(entry.getKey()), entry.getValue().getTable(), entry.getValue().getFamily(), entry.getValue().getQualifier(), entry.getValue().getActions()));
        }
        return arrayList;
    }

    private static ListMultimap<String, TablePermission> parseTablePermissions(byte[] bArr, Result result) {
        ArrayListMultimap create = ArrayListMultimap.create();
        if (result != null && result.size() > 0) {
            for (KeyValue keyValue : result.raw()) {
                Pair<String, TablePermission> parseTablePermissionRecord = parseTablePermissionRecord(bArr, keyValue);
                if (parseTablePermissionRecord != null) {
                    create.put(parseTablePermissionRecord.getFirst(), parseTablePermissionRecord.getSecond());
                }
            }
        }
        return create;
    }

    private static Pair<String, TablePermission> parseTablePermissionRecord(byte[] bArr, KeyValue keyValue) {
        if (!Bytes.equals(keyValue.getFamily(), ACL_LIST_FAMILY)) {
            return null;
        }
        byte[] qualifier = keyValue.getQualifier();
        byte[] value = keyValue.getValue();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Read acl: kv [" + Bytes.toStringBinary(qualifier) + ": " + Bytes.toStringBinary(value) + "]");
        }
        String bytes = Bytes.toString(qualifier);
        int indexOf = bytes.indexOf(44);
        byte[] bArr2 = null;
        byte[] bArr3 = null;
        if (indexOf > 0 && indexOf < bytes.length() - 1) {
            String substring = bytes.substring(indexOf + 1);
            bytes = bytes.substring(0, indexOf);
            int indexOf2 = substring.indexOf(44);
            if (indexOf2 <= 0 || indexOf2 >= substring.length() - 1) {
                bArr2 = Bytes.toBytes(substring);
            } else {
                bArr2 = Bytes.toBytes(substring.substring(0, indexOf2));
                bArr3 = Bytes.toBytes(substring.substring(indexOf2 + 1));
            }
        }
        return new Pair<>(bytes, new TablePermission(bArr, bArr2, bArr3, value));
    }

    public static void writePermissions(DataOutput dataOutput, ListMultimap<String, ? extends Permission> listMultimap, Configuration configuration) throws IOException {
        Set<String> keySet = listMultimap.keySet();
        dataOutput.writeInt(keySet.size());
        for (String str : keySet) {
            Text.writeString(dataOutput, str);
            HbaseObjectWritable.writeObject(dataOutput, listMultimap.get((ListMultimap<String, ? extends Permission>) str), List.class, configuration);
        }
    }

    public static byte[] writePermissionsAsBytes(ListMultimap<String, ? extends Permission> listMultimap, Configuration configuration) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            writePermissions(new DataOutputStream(byteArrayOutputStream), listMultimap, configuration);
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            LOG.error("Error serializing permissions", e);
            return null;
        }
    }

    public static <T extends Permission> ListMultimap<String, T> readPermissions(DataInput dataInput, Configuration configuration) throws IOException {
        ArrayListMultimap create = ArrayListMultimap.create();
        int readInt = dataInput.readInt();
        for (int i = 0; i < readInt; i++) {
            create.putAll(Text.readString(dataInput), (List) HbaseObjectWritable.readObject(dataInput, configuration));
        }
        return create;
    }

    public static boolean isGroupPrincipal(String str) {
        return str != null && str.startsWith("@");
    }

    public static String getGroupName(String str) {
        return !isGroupPrincipal(str) ? str : str.substring("@".length());
    }

    static {
        ACL_TABLEDESC.addFamily(new HColumnDescriptor(ACL_LIST_FAMILY, 10, Compression.Algorithm.NONE.getName(), true, true, 8192, Integer.MAX_VALUE, StoreFile.BloomType.NONE.toString(), 0));
        LOG = LogFactory.getLog(AccessControlLists.class);
    }
}
