package org.apache.accumulo.server.security.handler;

import com.google.common.base.Charsets;
import java.nio.ByteBuffer;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.TreeSet;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.impl.thrift.SecurityErrorCode;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.security.thrift.TCredentials;
import org.apache.accumulo.fate.zookeeper.ZooUtil;
import org.apache.accumulo.server.zookeeper.ZooCache;
import org.apache.accumulo.server.zookeeper.ZooReaderWriter;
import org.apache.log4j.Logger;
import org.apache.zookeeper.KeeperException;

/* loaded from: input_file:org/apache/accumulo/server/security/handler/ZKAuthorizor.class */
public class ZKAuthorizor implements Authorizor {
    private static final Logger log = Logger.getLogger(ZKAuthorizor.class);
    private static Authorizor zkAuthorizorInstance = null;
    private String ZKUserPath;
    private final String ZKUserAuths = "/Authorizations";
    private final ZooCache zooCache = new ZooCache();

    public static synchronized Authorizor getInstance() {
        if (zkAuthorizorInstance == null) {
            zkAuthorizorInstance = new ZKAuthorizor();
        }
        return zkAuthorizorInstance;
    }

    @Override // org.apache.accumulo.server.security.handler.Authorizor
    public void initialize(String str, boolean z) {
        this.ZKUserPath = ZKSecurityTool.getInstancePath(str) + "/users";
    }

    @Override // org.apache.accumulo.server.security.handler.Authorizor
    public Authorizations getCachedUserAuthorizations(String str) {
        byte[] bArr = this.zooCache.get(this.ZKUserPath + "/" + str + "/Authorizations");
        return bArr != null ? ZKSecurityTool.convertAuthorizations(bArr) : Authorizations.EMPTY;
    }

    @Override // org.apache.accumulo.server.security.handler.Authorizor
    public boolean validSecurityHandlers(Authenticator authenticator, PermissionHandler permissionHandler) {
        return true;
    }

    @Override // org.apache.accumulo.server.security.handler.Authorizor
    public void initializeSecurity(TCredentials tCredentials, String str) throws AccumuloSecurityException {
        ZooReaderWriter zooReaderWriter = ZooReaderWriter.getInstance();
        TreeSet treeSet = new TreeSet();
        for (SystemPermission systemPermission : SystemPermission.values()) {
            treeSet.add(systemPermission);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("!0", Collections.singleton(TablePermission.ALTER_TABLE));
        hashMap.put("+r", Collections.singleton(TablePermission.ALTER_TABLE));
        try {
            if (!zooReaderWriter.exists(this.ZKUserPath)) {
                zooReaderWriter.putPersistentData(this.ZKUserPath, str.getBytes(Charsets.UTF_8), ZooUtil.NodeExistsPolicy.FAIL);
            }
            initUser(str);
            zooReaderWriter.putPersistentData(this.ZKUserPath + "/" + str + "/Authorizations", ZKSecurityTool.convertAuthorizations(Authorizations.EMPTY), ZooUtil.NodeExistsPolicy.FAIL);
        } catch (InterruptedException e) {
            log.error(e, e);
            throw new RuntimeException(e);
        } catch (KeeperException e2) {
            log.error(e2, e2);
            throw new RuntimeException((Throwable) e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.Authorizor
    public void initUser(String str) throws AccumuloSecurityException {
        try {
            ZooReaderWriter.getInstance().putPersistentData(this.ZKUserPath + "/" + str, new byte[0], ZooUtil.NodeExistsPolicy.SKIP);
        } catch (InterruptedException e) {
            log.error(e, e);
            throw new RuntimeException(e);
        } catch (KeeperException e2) {
            log.error(e2, e2);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.Authorizor
    public void dropUser(String str) throws AccumuloSecurityException {
        try {
            synchronized (this.zooCache) {
                ZooReaderWriter.getInstance().recursiveDelete(this.ZKUserPath + "/" + str + "/Authorizations", ZooUtil.NodeMissingPolicy.SKIP);
                this.zooCache.clear(this.ZKUserPath + "/" + str);
            }
        } catch (InterruptedException e) {
            log.error(e, e);
            throw new RuntimeException(e);
        } catch (KeeperException e2) {
            log.error(e2, e2);
            if (!e2.code().equals(KeeperException.Code.NONODE)) {
                throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e2);
            }
            throw new AccumuloSecurityException(str, SecurityErrorCode.USER_DOESNT_EXIST, e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.Authorizor
    public void changeAuthorizations(String str, Authorizations authorizations) throws AccumuloSecurityException {
        try {
            synchronized (this.zooCache) {
                this.zooCache.clear();
                ZooReaderWriter.getInstance().putPersistentData(this.ZKUserPath + "/" + str + "/Authorizations", ZKSecurityTool.convertAuthorizations(authorizations), ZooUtil.NodeExistsPolicy.OVERWRITE);
            }
        } catch (InterruptedException e) {
            log.error(e, e);
            throw new RuntimeException(e);
        } catch (KeeperException e2) {
            log.error(e2, e2);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.Authorizor
    public boolean isValidAuthorizations(String str, List<ByteBuffer> list) throws AccumuloSecurityException {
        List authorizationsBB = getCachedUserAuthorizations(str).getAuthorizationsBB();
        Iterator<ByteBuffer> it = list.iterator();
        while (it.hasNext()) {
            if (!authorizationsBB.contains(it.next())) {
                return false;
            }
        }
        return true;
    }
}
