package org.apache.accumulo.server.security.handler;

import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.NamespaceNotFoundException;
import org.apache.accumulo.core.client.TableNotFoundException;
import org.apache.accumulo.core.clientImpl.Namespace;
import org.apache.accumulo.core.clientImpl.thrift.SecurityErrorCode;
import org.apache.accumulo.core.data.InstanceId;
import org.apache.accumulo.core.data.NamespaceId;
import org.apache.accumulo.core.data.TableId;
import org.apache.accumulo.core.fate.zookeeper.ZooCache;
import org.apache.accumulo.core.fate.zookeeper.ZooReaderWriter;
import org.apache.accumulo.core.fate.zookeeper.ZooUtil;
import org.apache.accumulo.core.metadata.MetadataTable;
import org.apache.accumulo.core.metadata.RootTable;
import org.apache.accumulo.core.security.NamespacePermission;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.securityImpl.thrift.TCredentials;
import org.apache.accumulo.server.ServerContext;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.Watcher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/accumulo/server/security/handler/ZKPermHandler.class */
public class ZKPermHandler implements PermissionHandler {
    private static final Logger log = LoggerFactory.getLogger(ZKPermHandler.class);
    private ZooReaderWriter zoo;
    private String zkUserPath;
    private String ZKTablePath;
    private String ZKNamespacePath;
    private ZooCache zooCache;
    private final String ZKUserSysPerms = "/System";
    private final String ZKUserTablePerms = "/Tables";
    private final String ZKUserNamespacePerms = "/Namespaces";

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void initialize(ServerContext serverContext) {
        this.zooCache = new ZooCache(serverContext.getZooReader(), (Watcher) null);
        this.zoo = serverContext.getZooReaderWriter();
        InstanceId instanceID = serverContext.getInstanceID();
        this.zkUserPath = serverContext.zkUserPath();
        this.ZKTablePath = ZKSecurityTool.getInstancePath(instanceID) + "/tables";
        this.ZKNamespacePath = ZKSecurityTool.getInstancePath(instanceID) + "/namespaces";
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public boolean hasTablePermission(String str, String str2, TablePermission tablePermission) throws TableNotFoundException {
        try {
            String str3 = this.zkUserPath + "/" + str + "/Tables/" + str2;
            this.zoo.sync(str3);
            byte[] data = this.zoo.getData(str3);
            if (data != null) {
                return ZKSecurityTool.convertTablePermissions(data).contains(tablePermission);
            }
            return false;
        } catch (InterruptedException e) {
            log.warn("Unhandled InterruptedException, failing closed for table permission check", e);
            return false;
        } catch (KeeperException e2) {
            if (e2.code() != KeeperException.Code.NONODE) {
                log.warn("Unhandled KeeperException, failing closed for table permission check", e2);
                return false;
            }
            try {
                this.zoo.getData(this.ZKTablePath + "/" + str2);
                return false;
            } catch (InterruptedException e3) {
                log.warn("Unhandled InterruptedException, failing closed for table permission check", e2);
                return false;
            } catch (KeeperException e4) {
                if (e2.code() == KeeperException.Code.NONODE) {
                    throw new TableNotFoundException((String) null, str2, "while checking permissions");
                }
                log.warn("Unhandled InterruptedException, failing closed for table permission check", e2);
                return false;
            }
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public boolean hasCachedTablePermission(String str, String str2, TablePermission tablePermission) {
        byte[] bArr = this.zooCache.get(this.zkUserPath + "/" + str + "/Tables/" + str2);
        if (bArr != null) {
            return ZKSecurityTool.convertTablePermissions(bArr).contains(tablePermission);
        }
        return false;
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public boolean hasNamespacePermission(String str, String str2, NamespacePermission namespacePermission) throws NamespaceNotFoundException {
        try {
            String str3 = this.zkUserPath + "/" + str + "/Namespaces/" + str2;
            this.zoo.sync(str3);
            byte[] data = this.zoo.getData(str3);
            if (data != null) {
                return ZKSecurityTool.convertNamespacePermissions(data).contains(namespacePermission);
            }
            return false;
        } catch (InterruptedException e) {
            log.warn("Unhandled InterruptedException, failing closed for table permission check", e);
            return false;
        } catch (KeeperException e2) {
            if (e2.code() != KeeperException.Code.NONODE) {
                log.warn("Unhandled KeeperException, failing closed for table permission check", e2);
                return false;
            }
            try {
                this.zoo.getData(this.ZKNamespacePath + "/" + str2);
                return false;
            } catch (InterruptedException e3) {
                log.warn("Unhandled InterruptedException, failing closed for namespace permission check", e2);
                return false;
            } catch (KeeperException e4) {
                if (e2.code() == KeeperException.Code.NONODE) {
                    throw new NamespaceNotFoundException(str2, (String) null, "while checking permissions");
                }
                log.warn("Unhandled InterruptedException, failing closed for table permission check", e2);
                return false;
            }
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public boolean hasCachedNamespacePermission(String str, String str2, NamespacePermission namespacePermission) {
        byte[] bArr = this.zooCache.get(this.zkUserPath + "/" + str + "/Namespaces/" + str2);
        if (bArr != null) {
            return ZKSecurityTool.convertNamespacePermissions(bArr).contains(namespacePermission);
        }
        return false;
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void grantSystemPermission(String str, SystemPermission systemPermission) throws AccumuloSecurityException {
        try {
            byte[] bArr = this.zooCache.get(this.zkUserPath + "/" + str + "/System");
            Set<SystemPermission> treeSet = bArr == null ? new TreeSet() : ZKSecurityTool.convertSystemPermissions(bArr);
            if (treeSet.add(systemPermission)) {
                synchronized (this.zooCache) {
                    this.zooCache.clear();
                    this.zoo.putPersistentData(this.zkUserPath + "/" + str + "/System", ZKSecurityTool.convertSystemPermissions(treeSet), ZooUtil.NodeExistsPolicy.OVERWRITE);
                }
            }
        } catch (KeeperException e) {
            log.error("{}", e.getMessage(), e);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e);
        } catch (InterruptedException e2) {
            log.error("{}", e2.getMessage(), e2);
            throw new IllegalStateException(e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void grantTablePermission(String str, String str2, TablePermission tablePermission) throws AccumuloSecurityException {
        byte[] bArr = this.zooCache.get(this.zkUserPath + "/" + str + "/Tables/" + str2);
        Set convertTablePermissions = bArr != null ? ZKSecurityTool.convertTablePermissions(bArr) : new TreeSet();
        try {
            if (convertTablePermissions.add(tablePermission)) {
                synchronized (this.zooCache) {
                    this.zooCache.clear(this.zkUserPath + "/" + str + "/Tables/" + str2);
                    this.zoo.putPersistentData(this.zkUserPath + "/" + str + "/Tables/" + str2, ZKSecurityTool.convertTablePermissions((Set<TablePermission>) convertTablePermissions), ZooUtil.NodeExistsPolicy.OVERWRITE);
                }
            }
        } catch (KeeperException e) {
            log.error("{}", e.getMessage(), e);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e);
        } catch (InterruptedException e2) {
            log.error("{}", e2.getMessage(), e2);
            throw new IllegalStateException(e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void grantNamespacePermission(String str, String str2, NamespacePermission namespacePermission) throws AccumuloSecurityException {
        byte[] bArr = this.zooCache.get(this.zkUserPath + "/" + str + "/Namespaces/" + str2);
        Set convertNamespacePermissions = bArr != null ? ZKSecurityTool.convertNamespacePermissions(bArr) : new TreeSet();
        try {
            if (convertNamespacePermissions.add(namespacePermission)) {
                synchronized (this.zooCache) {
                    this.zooCache.clear(this.zkUserPath + "/" + str + "/Namespaces/" + str2);
                    this.zoo.putPersistentData(this.zkUserPath + "/" + str + "/Namespaces/" + str2, ZKSecurityTool.convertNamespacePermissions((Set<NamespacePermission>) convertNamespacePermissions), ZooUtil.NodeExistsPolicy.OVERWRITE);
                }
            }
        } catch (KeeperException e) {
            log.error("{}", e.getMessage(), e);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e);
        } catch (InterruptedException e2) {
            log.error("{}", e2.getMessage(), e2);
            throw new IllegalStateException(e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void revokeSystemPermission(String str, SystemPermission systemPermission) throws AccumuloSecurityException {
        byte[] bArr = this.zooCache.get(this.zkUserPath + "/" + str + "/System");
        if (bArr == null) {
            return;
        }
        Set<SystemPermission> convertSystemPermissions = ZKSecurityTool.convertSystemPermissions(bArr);
        try {
            if (convertSystemPermissions.remove(systemPermission)) {
                synchronized (this.zooCache) {
                    this.zooCache.clear();
                    this.zoo.putPersistentData(this.zkUserPath + "/" + str + "/System", ZKSecurityTool.convertSystemPermissions(convertSystemPermissions), ZooUtil.NodeExistsPolicy.OVERWRITE);
                }
            }
        } catch (InterruptedException e) {
            log.error("{}", e.getMessage(), e);
            throw new IllegalStateException(e);
        } catch (KeeperException e2) {
            log.error("{}", e2.getMessage(), e2);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void revokeTablePermission(String str, String str2, TablePermission tablePermission) throws AccumuloSecurityException {
        byte[] bArr = this.zooCache.get(this.zkUserPath + "/" + str + "/Tables/" + str2);
        if (bArr == null) {
            return;
        }
        Set<TablePermission> convertTablePermissions = ZKSecurityTool.convertTablePermissions(bArr);
        try {
            if (convertTablePermissions.remove(tablePermission)) {
                this.zooCache.clear();
                if (convertTablePermissions.isEmpty()) {
                    this.zoo.recursiveDelete(this.zkUserPath + "/" + str + "/Tables/" + str2, ZooUtil.NodeMissingPolicy.SKIP);
                } else {
                    this.zoo.putPersistentData(this.zkUserPath + "/" + str + "/Tables/" + str2, ZKSecurityTool.convertTablePermissions(convertTablePermissions), ZooUtil.NodeExistsPolicy.OVERWRITE);
                }
            }
        } catch (InterruptedException e) {
            log.error("{}", e.getMessage(), e);
            throw new IllegalStateException(e);
        } catch (KeeperException e2) {
            log.error("{}", e2.getMessage(), e2);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void revokeNamespacePermission(String str, String str2, NamespacePermission namespacePermission) throws AccumuloSecurityException {
        byte[] bArr = this.zooCache.get(this.zkUserPath + "/" + str + "/Namespaces/" + str2);
        if (bArr == null) {
            return;
        }
        Set<NamespacePermission> convertNamespacePermissions = ZKSecurityTool.convertNamespacePermissions(bArr);
        try {
            if (convertNamespacePermissions.remove(namespacePermission)) {
                this.zooCache.clear();
                if (convertNamespacePermissions.isEmpty()) {
                    this.zoo.recursiveDelete(this.zkUserPath + "/" + str + "/Namespaces/" + str2, ZooUtil.NodeMissingPolicy.SKIP);
                } else {
                    this.zoo.putPersistentData(this.zkUserPath + "/" + str + "/Namespaces/" + str2, ZKSecurityTool.convertNamespacePermissions(convertNamespacePermissions), ZooUtil.NodeExistsPolicy.OVERWRITE);
                }
            }
        } catch (InterruptedException e) {
            log.error("{}", e.getMessage(), e);
            throw new IllegalStateException(e);
        } catch (KeeperException e2) {
            log.error("{}", e2.getMessage(), e2);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void cleanTablePermissions(String str) throws AccumuloSecurityException {
        try {
            synchronized (this.zooCache) {
                this.zooCache.clear();
                Iterator it = this.zooCache.getChildren(this.zkUserPath).iterator();
                while (it.hasNext()) {
                    this.zoo.recursiveDelete(this.zkUserPath + "/" + ((String) it.next()) + "/Tables/" + str, ZooUtil.NodeMissingPolicy.SKIP);
                }
            }
        } catch (KeeperException e) {
            log.error("{}", e.getMessage(), e);
            throw new AccumuloSecurityException("unknownUser", SecurityErrorCode.CONNECTION_ERROR, e);
        } catch (InterruptedException e2) {
            log.error("{}", e2.getMessage(), e2);
            throw new IllegalStateException(e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void cleanNamespacePermissions(String str) throws AccumuloSecurityException {
        try {
            synchronized (this.zooCache) {
                this.zooCache.clear();
                Iterator it = this.zooCache.getChildren(this.zkUserPath).iterator();
                while (it.hasNext()) {
                    this.zoo.recursiveDelete(this.zkUserPath + "/" + ((String) it.next()) + "/Namespaces/" + str, ZooUtil.NodeMissingPolicy.SKIP);
                }
            }
        } catch (KeeperException e) {
            log.error("{}", e.getMessage(), e);
            throw new AccumuloSecurityException("unknownUser", SecurityErrorCode.CONNECTION_ERROR, e);
        } catch (InterruptedException e2) {
            log.error("{}", e2.getMessage(), e2);
            throw new IllegalStateException(e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void initializeSecurity(TCredentials tCredentials, String str) throws AccumuloSecurityException {
        TreeSet treeSet = new TreeSet();
        Collections.addAll(treeSet, SystemPermission.values());
        HashMap hashMap = new HashMap();
        hashMap.put(RootTable.ID, Collections.singleton(TablePermission.ALTER_TABLE));
        hashMap.put(MetadataTable.ID, Collections.singleton(TablePermission.ALTER_TABLE));
        HashMap hashMap2 = new HashMap();
        hashMap2.put(Namespace.ACCUMULO.id(), Collections.singleton(NamespacePermission.ALTER_NAMESPACE));
        hashMap2.put(Namespace.ACCUMULO.id(), Collections.singleton(NamespacePermission.ALTER_TABLE));
        try {
            if (!this.zoo.exists(this.zkUserPath)) {
                this.zoo.putPersistentData(this.zkUserPath, str.getBytes(StandardCharsets.UTF_8), ZooUtil.NodeExistsPolicy.FAIL);
            }
            initUser(str);
            this.zoo.putPersistentData(this.zkUserPath + "/" + str + "/System", ZKSecurityTool.convertSystemPermissions(treeSet), ZooUtil.NodeExistsPolicy.FAIL);
            for (Map.Entry entry : hashMap.entrySet()) {
                createTablePerm(str, (TableId) entry.getKey(), (Set) entry.getValue());
            }
            for (Map.Entry entry2 : hashMap2.entrySet()) {
                createNamespacePerm(str, (NamespaceId) entry2.getKey(), (Set) entry2.getValue());
            }
        } catch (KeeperException | InterruptedException e) {
            log.error("{}", e.getMessage(), e);
            throw new IllegalStateException((Throwable) e);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void initUser(String str) throws AccumuloSecurityException {
        try {
            this.zoo.putPersistentData(this.zkUserPath + "/" + str, new byte[0], ZooUtil.NodeExistsPolicy.SKIP);
            this.zoo.putPersistentData(this.zkUserPath + "/" + str + "/Tables", new byte[0], ZooUtil.NodeExistsPolicy.SKIP);
            this.zoo.putPersistentData(this.zkUserPath + "/" + str + "/Namespaces", new byte[0], ZooUtil.NodeExistsPolicy.SKIP);
        } catch (KeeperException e) {
            log.error("{}", e.getMessage(), e);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e);
        } catch (InterruptedException e2) {
            log.error("{}", e2.getMessage(), e2);
            throw new IllegalStateException(e2);
        }
    }

    private void createTablePerm(String str, TableId tableId, Set<TablePermission> set) throws KeeperException, InterruptedException {
        synchronized (this.zooCache) {
            this.zooCache.clear();
            this.zoo.putPersistentData(this.zkUserPath + "/" + str + "/Tables/" + tableId, ZKSecurityTool.convertTablePermissions(set), ZooUtil.NodeExistsPolicy.FAIL);
        }
    }

    private void createNamespacePerm(String str, NamespaceId namespaceId, Set<NamespacePermission> set) throws KeeperException, InterruptedException {
        synchronized (this.zooCache) {
            this.zooCache.clear();
            this.zoo.putPersistentData(this.zkUserPath + "/" + str + "/Namespaces/" + namespaceId, ZKSecurityTool.convertNamespacePermissions(set), ZooUtil.NodeExistsPolicy.FAIL);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void cleanUser(String str) throws AccumuloSecurityException {
        try {
            synchronized (this.zooCache) {
                this.zoo.recursiveDelete(this.zkUserPath + "/" + str + "/System", ZooUtil.NodeMissingPolicy.SKIP);
                this.zoo.recursiveDelete(this.zkUserPath + "/" + str + "/Tables", ZooUtil.NodeMissingPolicy.SKIP);
                this.zoo.recursiveDelete(this.zkUserPath + "/" + str + "/Namespaces", ZooUtil.NodeMissingPolicy.SKIP);
                this.zooCache.clear(this.zkUserPath + "/" + str);
            }
        } catch (InterruptedException e) {
            log.error("{}", e.getMessage(), e);
            throw new IllegalStateException(e);
        } catch (KeeperException e2) {
            log.error("{}", e2.getMessage(), e2);
            if (!e2.code().equals(KeeperException.Code.NONODE)) {
                throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e2);
            }
            throw new AccumuloSecurityException(str, SecurityErrorCode.USER_DOESNT_EXIST, e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public boolean hasSystemPermission(String str, SystemPermission systemPermission) {
        try {
            String str2 = this.zkUserPath + "/" + str + "/System";
            this.zoo.sync(str2);
            byte[] data = this.zoo.getData(str2);
            if (data == null) {
                return false;
            }
            return ZKSecurityTool.convertSystemPermissions(data).contains(systemPermission);
        } catch (KeeperException e) {
            if (e.code() == KeeperException.Code.NONODE) {
                return false;
            }
            log.warn("Unhandled KeeperException, failing closed for table permission check", e);
            return false;
        } catch (InterruptedException e2) {
            log.warn("Unhandled InterruptedException, failing closed for table permission check", e2);
            return false;
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public boolean hasCachedSystemPermission(String str, SystemPermission systemPermission) {
        byte[] bArr = this.zooCache.get(this.zkUserPath + "/" + str + "/System");
        if (bArr == null) {
            return false;
        }
        return ZKSecurityTool.convertSystemPermissions(bArr).contains(systemPermission);
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public boolean validSecurityHandlers(Authenticator authenticator, Authorizor authorizor) {
        return true;
    }
}
