package org.apache.accumulo.server.security;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import org.apache.accumulo.core.Constants;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.security.thrift.AuthInfo;
import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
import org.apache.accumulo.core.util.ByteBufferUtil;
import org.apache.accumulo.core.zookeeper.ZooUtil;
import org.apache.accumulo.server.client.HdfsZooInstance;
import org.apache.accumulo.server.zookeeper.IZooReaderWriter;
import org.apache.accumulo.server.zookeeper.ZooCache;
import org.apache.accumulo.server.zookeeper.ZooReaderWriter;
import org.apache.log4j.Logger;
import org.apache.zookeeper.KeeperException;

/* loaded from: input_file:org/apache/accumulo/server/security/ZKAuthenticator.class */
public final class ZKAuthenticator implements Authenticator {
    private static final Logger log = Logger.getLogger(ZKAuthenticator.class);
    private static Authenticator zkAuthenticatorInstance = null;
    private static String rootUserName = null;
    private final String ZKUserAuths = "/Authorizations";
    private final String ZKUserSysPerms = "/System";
    private final String ZKUserTablePerms = "/Tables";
    private final String ZKUserPath;
    private final ZooCache zooCache;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/accumulo/server/security/ZKAuthenticator$Tool.class */
    public static class Tool {
        private static final int SALT_LENGTH = 8;

        Tool() {
        }

        private static byte[] generateSalt() {
            SecureRandom secureRandom = new SecureRandom();
            byte[] bArr = new byte[SALT_LENGTH];
            secureRandom.nextBytes(bArr);
            return bArr;
        }

        private static byte[] hash(byte[] bArr) throws NoSuchAlgorithmException {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            return messageDigest.digest();
        }

        public static boolean checkPass(byte[] bArr, byte[] bArr2) {
            if (bArr2 == null) {
                return false;
            }
            byte[] bArr3 = new byte[SALT_LENGTH];
            System.arraycopy(bArr2, 0, bArr3, 0, SALT_LENGTH);
            try {
                return Arrays.equals(convertPass(bArr, bArr3), bArr2);
            } catch (NoSuchAlgorithmException e) {
                ZKAuthenticator.log.error("Count not create hashed password", e);
                return false;
            }
        }

        public static byte[] createPass(byte[] bArr) throws AccumuloException {
            try {
                return convertPass(bArr, generateSalt());
            } catch (NoSuchAlgorithmException e) {
                ZKAuthenticator.log.error("Count not create hashed password", e);
                throw new AccumuloException("Count not create hashed password", e);
            }
        }

        private static byte[] convertPass(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException {
            byte[] bArr3 = new byte[bArr.length + SALT_LENGTH];
            System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
            System.arraycopy(bArr2, 0, bArr3, bArr.length, SALT_LENGTH);
            byte[] hash = hash(bArr3);
            byte[] bArr4 = new byte[SALT_LENGTH + hash.length];
            System.arraycopy(bArr2, 0, bArr4, 0, SALT_LENGTH);
            System.arraycopy(hash, 0, bArr4, SALT_LENGTH, hash.length);
            return bArr4;
        }

        public static Authorizations convertAuthorizations(byte[] bArr) {
            return new Authorizations(bArr);
        }

        public static byte[] convertAuthorizations(Authorizations authorizations) {
            return authorizations.getAuthorizationsArray();
        }

        public static byte[] convertSystemPermissions(Set<SystemPermission> set) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(set.size());
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            try {
                Iterator<SystemPermission> it = set.iterator();
                while (it.hasNext()) {
                    dataOutputStream.writeByte(it.next().getId());
                }
                return byteArrayOutputStream.toByteArray();
            } catch (IOException e) {
                ZKAuthenticator.log.error(e, e);
                throw new RuntimeException(e);
            }
        }

        public static Set<SystemPermission> convertSystemPermissions(byte[] bArr) {
            DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
            HashSet hashSet = new HashSet();
            while (dataInputStream.available() > 0) {
                try {
                    hashSet.add(SystemPermission.getPermissionById(dataInputStream.readByte()));
                } catch (IOException e) {
                    ZKAuthenticator.log.error("User database is corrupt; error converting system permissions", e);
                    hashSet.clear();
                }
            }
            return hashSet;
        }

        public static byte[] convertTablePermissions(Set<TablePermission> set) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(set.size());
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            try {
                Iterator<TablePermission> it = set.iterator();
                while (it.hasNext()) {
                    dataOutputStream.writeByte(it.next().getId());
                }
                return byteArrayOutputStream.toByteArray();
            } catch (IOException e) {
                ZKAuthenticator.log.error(e, e);
                throw new RuntimeException(e);
            }
        }

        public static Set<TablePermission> convertTablePermissions(byte[] bArr) {
            HashSet hashSet = new HashSet();
            for (byte b : bArr) {
                hashSet.add(TablePermission.getPermissionById(b));
            }
            return hashSet;
        }
    }

    public static synchronized Authenticator getInstance() {
        if (zkAuthenticatorInstance == null) {
            zkAuthenticatorInstance = new Auditor(new ZKAuthenticator());
        }
        return zkAuthenticatorInstance;
    }

    private ZKAuthenticator() {
        this(HdfsZooInstance.getInstance().getInstanceID());
    }

    public ZKAuthenticator(String str) {
        this.ZKUserAuths = "/Authorizations";
        this.ZKUserSysPerms = "/System";
        this.ZKUserTablePerms = "/Tables";
        this.ZKUserPath = "/accumulo/" + str + "/users";
        this.zooCache = new ZooCache();
    }

    private boolean authenticate(AuthInfo authInfo) throws AccumuloSecurityException {
        if (!authInfo.instanceId.equals(HdfsZooInstance.getInstance().getInstanceID())) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.INVALID_INSTANCEID);
        }
        if (authInfo.user.equals(SecurityConstants.SYSTEM_USERNAME)) {
            return authInfo.equals(SecurityConstants.getSystemCredentials());
        }
        String str = this.ZKUserPath + "/" + authInfo.user;
        boolean checkPass = Tool.checkPass(ByteBufferUtil.toBytes(authInfo.password), this.zooCache.get(str));
        if (!checkPass) {
            this.zooCache.clear(str);
            checkPass = Tool.checkPass(ByteBufferUtil.toBytes(authInfo.password), this.zooCache.get(str));
        }
        return checkPass;
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public void initializeSecurity(AuthInfo authInfo, String str, byte[] bArr) throws AccumuloSecurityException {
        if (!authInfo.user.equals(SecurityConstants.SYSTEM_USERNAME) || !authenticate(authInfo)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        try {
            IZooReaderWriter retryingInstance = ZooReaderWriter.getRetryingInstance();
            synchronized (this.zooCache) {
                this.zooCache.clear();
                if (retryingInstance.exists(this.ZKUserPath)) {
                    retryingInstance.recursiveDelete(this.ZKUserPath, ZooUtil.NodeMissingPolicy.SKIP);
                    log.info("Removed " + this.ZKUserPath + "/ from zookeeper");
                }
                retryingInstance.putPersistentData(this.ZKUserPath, str.getBytes(), ZooUtil.NodeExistsPolicy.FAIL);
                TreeSet treeSet = new TreeSet();
                for (SystemPermission systemPermission : SystemPermission.values()) {
                    treeSet.add(systemPermission);
                }
                HashMap hashMap = new HashMap();
                hashMap.put("!0", Collections.singleton(TablePermission.ALTER_TABLE));
                constructUser(str, Tool.createPass(bArr), treeSet, hashMap, Constants.NO_AUTHS);
            }
            log.info("Initialized root user with username: " + str + " at the request of user " + authInfo.user);
        } catch (AccumuloException e) {
            log.error(e, e);
            throw new RuntimeException((Throwable) e);
        } catch (KeeperException e2) {
            log.error(e2, e2);
            throw new RuntimeException((Throwable) e2);
        } catch (InterruptedException e3) {
            log.error(e3, e3);
            throw new RuntimeException(e3);
        }
    }

    private void constructUser(String str, byte[] bArr, Set<SystemPermission> set, Map<String, Set<TablePermission>> map, Authorizations authorizations) throws KeeperException, InterruptedException {
        synchronized (this.zooCache) {
            this.zooCache.clear();
            IZooReaderWriter retryingInstance = ZooReaderWriter.getRetryingInstance();
            retryingInstance.putPrivatePersistentData(this.ZKUserPath + "/" + str, bArr, ZooUtil.NodeExistsPolicy.FAIL);
            retryingInstance.putPersistentData(this.ZKUserPath + "/" + str + "/Authorizations", Tool.convertAuthorizations(authorizations), ZooUtil.NodeExistsPolicy.FAIL);
            retryingInstance.putPersistentData(this.ZKUserPath + "/" + str + "/System", Tool.convertSystemPermissions(set), ZooUtil.NodeExistsPolicy.FAIL);
            retryingInstance.putPersistentData(this.ZKUserPath + "/" + str + "/Tables", new byte[0], ZooUtil.NodeExistsPolicy.FAIL);
            for (Map.Entry<String, Set<TablePermission>> entry : map.entrySet()) {
                createTablePerm(str, entry.getKey(), entry.getValue());
            }
        }
    }

    private void createTablePerm(String str, String str2, Set<TablePermission> set) throws KeeperException, InterruptedException {
        synchronized (this.zooCache) {
            this.zooCache.clear();
            ZooReaderWriter.getRetryingInstance().putPersistentData(this.ZKUserPath + "/" + str + "/Tables/" + str2, Tool.convertTablePermissions(set), ZooUtil.NodeExistsPolicy.FAIL);
        }
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public synchronized String getRootUsername() {
        if (rootUserName == null) {
            rootUserName = new String(this.zooCache.get(this.ZKUserPath));
        }
        return rootUserName;
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public boolean authenticateUser(AuthInfo authInfo, String str, ByteBuffer byteBuffer) throws AccumuloSecurityException {
        if (!authenticate(authInfo)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.BAD_CREDENTIALS);
        }
        if (authInfo.user.equals(str) || hasSystemPermission(authInfo, authInfo.user, SystemPermission.SYSTEM)) {
            return authenticate(new AuthInfo(str, byteBuffer, authInfo.instanceId));
        }
        throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
    }

    public boolean authenticateUser(AuthInfo authInfo, String str, byte[] bArr) throws AccumuloSecurityException {
        return authenticateUser(authInfo, str, ByteBuffer.wrap(bArr));
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public Set<String> listUsers(AuthInfo authInfo) throws AccumuloSecurityException {
        if (authenticate(authInfo)) {
            return new TreeSet(this.zooCache.getChildren(this.ZKUserPath));
        }
        throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.BAD_CREDENTIALS);
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public void createUser(AuthInfo authInfo, String str, byte[] bArr, Authorizations authorizations) throws AccumuloSecurityException {
        if (!hasSystemPermission(authInfo, authInfo.user, SystemPermission.CREATE_USER)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (!hasSystemPermission(authInfo, authInfo.user, SystemPermission.ALTER_USER)) {
            Authorizations userAuthorizations = getUserAuthorizations(authInfo, authInfo.user);
            for (byte[] bArr2 : authorizations.getAuthorizations()) {
                if (!userAuthorizations.contains(bArr2)) {
                    log.info("User " + authInfo.user + " attempted to create a user " + str + " with authorization " + new String(bArr2) + " they did not have");
                    throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.BAD_AUTHORIZATIONS);
                }
            }
        }
        if (str.equals(SecurityConstants.SYSTEM_USERNAME)) {
            throw new AccumuloSecurityException(str, SecurityErrorCode.PERMISSION_DENIED);
        }
        try {
            constructUser(str, Tool.createPass(bArr), new TreeSet(), new HashMap(), authorizations);
            log.info("Created user " + str + " at the request of user " + authInfo.user);
        } catch (AccumuloException e) {
            log.error(e, e);
            throw new AccumuloSecurityException(str, SecurityErrorCode.DEFAULT_SECURITY_ERROR, e);
        } catch (KeeperException e2) {
            log.error(e2, e2);
            if (!e2.code().equals(KeeperException.Code.NODEEXISTS)) {
                throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e2);
            }
            throw new AccumuloSecurityException(str, SecurityErrorCode.USER_EXISTS, e2);
        } catch (InterruptedException e3) {
            log.error(e3, e3);
            throw new RuntimeException(e3);
        }
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public void dropUser(AuthInfo authInfo, String str) throws AccumuloSecurityException {
        if (!hasSystemPermission(authInfo, authInfo.user, SystemPermission.DROP_USER)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (str.equals(getRootUsername()) || str.equals(SecurityConstants.SYSTEM_USERNAME)) {
            throw new AccumuloSecurityException(str, SecurityErrorCode.PERMISSION_DENIED);
        }
        try {
            synchronized (this.zooCache) {
                this.zooCache.clear();
                ZooReaderWriter.getRetryingInstance().recursiveDelete(this.ZKUserPath + "/" + str, ZooUtil.NodeMissingPolicy.FAIL);
            }
            log.info("Deleted user " + str + " at the request of user " + authInfo.user);
        } catch (InterruptedException e) {
            log.error(e, e);
            throw new RuntimeException(e);
        } catch (KeeperException e2) {
            log.error(e2, e2);
            if (!e2.code().equals(KeeperException.Code.NONODE)) {
                throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e2);
            }
            throw new AccumuloSecurityException(str, SecurityErrorCode.USER_DOESNT_EXIST, e2);
        }
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public void changePassword(AuthInfo authInfo, String str, byte[] bArr) throws AccumuloSecurityException {
        if (!hasSystemPermission(authInfo, authInfo.user, SystemPermission.ALTER_USER) && !authInfo.user.equals(str)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (str.equals(SecurityConstants.SYSTEM_USERNAME)) {
            throw new AccumuloSecurityException(str, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (!userExists(str)) {
            throw new AccumuloSecurityException(str, SecurityErrorCode.USER_DOESNT_EXIST);
        }
        try {
            synchronized (this.zooCache) {
                this.zooCache.clear();
                ZooReaderWriter.getRetryingInstance().putPrivatePersistentData(this.ZKUserPath + "/" + str, Tool.createPass(bArr), ZooUtil.NodeExistsPolicy.OVERWRITE);
            }
            log.info("Changed password for user " + str + " at the request of user " + authInfo.user);
        } catch (KeeperException e) {
            log.error(e, e);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e);
        } catch (InterruptedException e2) {
            log.error(e2, e2);
            throw new RuntimeException(e2);
        } catch (AccumuloException e3) {
            log.error(e3, e3);
            throw new AccumuloSecurityException(str, SecurityErrorCode.DEFAULT_SECURITY_ERROR, e3);
        }
    }

    private boolean userExists(String str) {
        if (this.zooCache.get(this.ZKUserPath + "/" + str) != null) {
            return true;
        }
        this.zooCache.clear(this.ZKUserPath + "/" + str);
        return this.zooCache.get(new StringBuilder().append(this.ZKUserPath).append("/").append(str).toString()) != null;
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public void changeAuthorizations(AuthInfo authInfo, String str, Authorizations authorizations) throws AccumuloSecurityException {
        if (!hasSystemPermission(authInfo, authInfo.user, SystemPermission.ALTER_USER)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (str.equals(SecurityConstants.SYSTEM_USERNAME)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (!userExists(str)) {
            throw new AccumuloSecurityException(str, SecurityErrorCode.USER_DOESNT_EXIST);
        }
        try {
            synchronized (this.zooCache) {
                this.zooCache.clear();
                ZooReaderWriter.getRetryingInstance().putPersistentData(this.ZKUserPath + "/" + str + "/Authorizations", Tool.convertAuthorizations(authorizations), ZooUtil.NodeExistsPolicy.OVERWRITE);
            }
            log.info("Changed authorizations for user " + str + " at the request of user " + authInfo.user);
        } catch (KeeperException e) {
            log.error(e, e);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e);
        } catch (InterruptedException e2) {
            log.error(e2, e2);
            throw new RuntimeException(e2);
        }
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public Authorizations getUserAuthorizations(AuthInfo authInfo, String str) throws AccumuloSecurityException {
        byte[] bArr;
        if (!hasSystemPermission(authInfo, authInfo.user, SystemPermission.SYSTEM) && !authInfo.user.equals(str)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (str.equals(SecurityConstants.SYSTEM_USERNAME)) {
            return Constants.NO_AUTHS;
        }
        if (!userExists(str) || (bArr = this.zooCache.get(this.ZKUserPath + "/" + str + "/Authorizations")) == null) {
            throw new AccumuloSecurityException(str, SecurityErrorCode.USER_DOESNT_EXIST);
        }
        return Tool.convertAuthorizations(bArr);
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public boolean hasSystemPermission(AuthInfo authInfo, String str, SystemPermission systemPermission) throws AccumuloSecurityException {
        if (!authenticate(authInfo)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.BAD_CREDENTIALS);
        }
        if (!authInfo.user.equals(str) && !hasSystemPermission(authInfo, authInfo.user, SystemPermission.SYSTEM) && !hasSystemPermission(authInfo, authInfo.user, SystemPermission.CREATE_USER) && !hasSystemPermission(authInfo, authInfo.user, SystemPermission.ALTER_USER) && !hasSystemPermission(authInfo, authInfo.user, SystemPermission.DROP_USER)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (str.equals(getRootUsername()) || str.equals(SecurityConstants.SYSTEM_USERNAME)) {
            return true;
        }
        byte[] bArr = this.zooCache.get(this.ZKUserPath + "/" + str + "/System");
        if (bArr == null) {
            throw new AccumuloSecurityException(str, SecurityErrorCode.USER_DOESNT_EXIST);
        }
        if (Tool.convertSystemPermissions(bArr).contains(systemPermission)) {
            return true;
        }
        this.zooCache.clear(this.ZKUserPath + "/" + str + "/System");
        byte[] bArr2 = this.zooCache.get(this.ZKUserPath + "/" + str + "/System");
        if (bArr2 == null) {
            return false;
        }
        return Tool.convertSystemPermissions(bArr2).contains(systemPermission);
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public boolean hasTablePermission(AuthInfo authInfo, String str, String str2, TablePermission tablePermission) throws AccumuloSecurityException {
        if (_hasTablePermission(authInfo, str, str2, tablePermission)) {
            return true;
        }
        this.zooCache.clear(this.ZKUserPath + "/" + str + "/Tables/" + str2);
        return _hasTablePermission(authInfo, str, str2, tablePermission);
    }

    private boolean _hasTablePermission(AuthInfo authInfo, String str, String str2, TablePermission tablePermission) throws AccumuloSecurityException {
        if (!authenticate(authInfo)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.BAD_CREDENTIALS);
        }
        if (!authInfo.user.equals(str) && !hasSystemPermission(authInfo, authInfo.user, SystemPermission.SYSTEM) && !hasSystemPermission(authInfo, authInfo.user, SystemPermission.CREATE_USER) && !hasSystemPermission(authInfo, authInfo.user, SystemPermission.ALTER_USER) && !hasSystemPermission(authInfo, authInfo.user, SystemPermission.DROP_USER)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (str.equals(SecurityConstants.SYSTEM_USERNAME)) {
            return true;
        }
        if (!userExists(str)) {
            throw new AccumuloSecurityException(str, SecurityErrorCode.USER_DOESNT_EXIST);
        }
        if (str2.equals("!0") && tablePermission.equals(TablePermission.READ)) {
            return true;
        }
        byte[] bArr = this.zooCache.get(this.ZKUserPath + "/" + str + "/Tables/" + str2);
        if (bArr != null) {
            return Tool.convertTablePermissions(bArr).contains(tablePermission);
        }
        return false;
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public void grantSystemPermission(AuthInfo authInfo, String str, SystemPermission systemPermission) throws AccumuloSecurityException {
        if (!hasSystemPermission(authInfo, authInfo.user, SystemPermission.GRANT)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (str.equals(SecurityConstants.SYSTEM_USERNAME)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (systemPermission.equals(SystemPermission.GRANT)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.GRANT_INVALID);
        }
        if (!userExists(str)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.USER_DOESNT_EXIST);
        }
        try {
            byte[] bArr = this.zooCache.get(this.ZKUserPath + "/" + str + "/System");
            if (bArr == null) {
                throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.USER_DOESNT_EXIST);
            }
            Set<SystemPermission> convertSystemPermissions = Tool.convertSystemPermissions(bArr);
            if (convertSystemPermissions.add(systemPermission)) {
                synchronized (this.zooCache) {
                    this.zooCache.clear();
                    ZooReaderWriter.getRetryingInstance().putPersistentData(this.ZKUserPath + "/" + str + "/System", Tool.convertSystemPermissions(convertSystemPermissions), ZooUtil.NodeExistsPolicy.OVERWRITE);
                }
            }
            log.info("Granted system permission " + systemPermission + " for user " + str + " at the request of user " + authInfo.user);
        } catch (InterruptedException e) {
            log.error(e, e);
            throw new RuntimeException(e);
        } catch (KeeperException e2) {
            log.error(e2, e2);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.accumulo.server.security.Authenticator
    public void grantTablePermission(AuthInfo authInfo, String str, String str2, TablePermission tablePermission) throws AccumuloSecurityException {
        if (!hasSystemPermission(authInfo, authInfo.user, SystemPermission.ALTER_USER) && !hasTablePermission(authInfo, authInfo.user, str2, TablePermission.GRANT)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (str.equals(SecurityConstants.SYSTEM_USERNAME)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (!userExists(str)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.USER_DOESNT_EXIST);
        }
        byte[] bArr = this.zooCache.get(this.ZKUserPath + "/" + str + "/Tables/" + str2);
        Set convertTablePermissions = bArr != null ? Tool.convertTablePermissions(bArr) : new TreeSet();
        try {
            if (convertTablePermissions.add(tablePermission)) {
                synchronized (this.zooCache) {
                    this.zooCache.clear();
                    ZooReaderWriter.getRetryingInstance().putPersistentData(this.ZKUserPath + "/" + str + "/Tables/" + str2, Tool.convertTablePermissions((Set<TablePermission>) convertTablePermissions), ZooUtil.NodeExistsPolicy.OVERWRITE);
                }
            }
            log.info("Granted table permission " + tablePermission + " for user " + str + " on the table " + str2 + " at the request of user " + authInfo.user);
        } catch (InterruptedException e) {
            log.error(e, e);
            throw new RuntimeException(e);
        } catch (KeeperException e2) {
            log.error(e2, e2);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e2);
        }
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public void revokeSystemPermission(AuthInfo authInfo, String str, SystemPermission systemPermission) throws AccumuloSecurityException {
        if (!hasSystemPermission(authInfo, authInfo.user, SystemPermission.GRANT)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (str.equals(SecurityConstants.SYSTEM_USERNAME) || str.equals(getRootUsername())) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (systemPermission.equals(SystemPermission.GRANT)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.GRANT_INVALID);
        }
        if (!userExists(str)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.USER_DOESNT_EXIST);
        }
        byte[] bArr = this.zooCache.get(this.ZKUserPath + "/" + str + "/System");
        if (bArr == null) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.USER_DOESNT_EXIST);
        }
        Set<SystemPermission> convertSystemPermissions = Tool.convertSystemPermissions(bArr);
        try {
            if (convertSystemPermissions.remove(systemPermission)) {
                synchronized (this.zooCache) {
                    this.zooCache.clear();
                    ZooReaderWriter.getRetryingInstance().putPersistentData(this.ZKUserPath + "/" + str + "/System", Tool.convertSystemPermissions(convertSystemPermissions), ZooUtil.NodeExistsPolicy.OVERWRITE);
                }
            }
            log.info("Revoked system permission " + systemPermission + " for user " + str + " at the request of user " + authInfo.user);
        } catch (KeeperException e) {
            log.error(e, e);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e);
        } catch (InterruptedException e2) {
            log.error(e2, e2);
            throw new RuntimeException(e2);
        }
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public void revokeTablePermission(AuthInfo authInfo, String str, String str2, TablePermission tablePermission) throws AccumuloSecurityException {
        if (!hasSystemPermission(authInfo, authInfo.user, SystemPermission.ALTER_USER) && !hasTablePermission(authInfo, authInfo.user, str2, TablePermission.GRANT)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (str.equals(SecurityConstants.SYSTEM_USERNAME)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        if (!userExists(str)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.USER_DOESNT_EXIST);
        }
        byte[] bArr = this.zooCache.get(this.ZKUserPath + "/" + str + "/Tables/" + str2);
        if (bArr == null) {
            return;
        }
        Set<TablePermission> convertTablePermissions = Tool.convertTablePermissions(bArr);
        try {
            if (convertTablePermissions.remove(tablePermission)) {
                this.zooCache.clear();
                IZooReaderWriter retryingInstance = ZooReaderWriter.getRetryingInstance();
                if (convertTablePermissions.size() == 0) {
                    retryingInstance.recursiveDelete(this.ZKUserPath + "/" + str + "/Tables/" + str2, ZooUtil.NodeMissingPolicy.SKIP);
                } else {
                    retryingInstance.putPersistentData(this.ZKUserPath + "/" + str + "/Tables/" + str2, Tool.convertTablePermissions(convertTablePermissions), ZooUtil.NodeExistsPolicy.OVERWRITE);
                }
            }
            log.info("Revoked table permission " + tablePermission + " for user " + str + " on the table " + str2 + " at the request of user " + authInfo.user);
        } catch (KeeperException e) {
            log.error(e, e);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e);
        } catch (InterruptedException e2) {
            log.error(e2, e2);
            throw new RuntimeException(e2);
        }
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public void deleteTable(AuthInfo authInfo, String str) throws AccumuloSecurityException {
        if (!hasSystemPermission(authInfo, authInfo.user, SystemPermission.DROP_TABLE) && !hasTablePermission(authInfo, authInfo.user, str, TablePermission.DROP_TABLE)) {
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.PERMISSION_DENIED);
        }
        try {
            synchronized (this.zooCache) {
                this.zooCache.clear();
                IZooReaderWriter retryingInstance = ZooReaderWriter.getRetryingInstance();
                Iterator it = this.zooCache.getChildren(this.ZKUserPath).iterator();
                while (it.hasNext()) {
                    retryingInstance.recursiveDelete(this.ZKUserPath + "/" + ((String) it.next()) + "/Tables/" + str, ZooUtil.NodeMissingPolicy.SKIP);
                }
            }
        } catch (KeeperException e) {
            log.error(e, e);
            throw new AccumuloSecurityException(authInfo.user, SecurityErrorCode.CONNECTION_ERROR, e);
        } catch (InterruptedException e2) {
            log.error(e2, e2);
            throw new RuntimeException(e2);
        }
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public void clearCache(String str) {
        this.zooCache.clear(this.ZKUserPath + "/" + str);
    }

    @Override // org.apache.accumulo.server.security.Authenticator
    public void clearCache(String str, String str2) {
        this.zooCache.clear(this.ZKUserPath + "/" + str + "/Tables/" + str2);
    }
}
