package org.apache.accumulo.server.security.handler;

import java.util.HashSet;
import java.util.Set;
import java.util.TreeSet;
import org.apache.accumulo.core.Constants;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.impl.thrift.SecurityErrorCode;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.security.thrift.TCredentials;
import org.apache.accumulo.fate.zookeeper.IZooReaderWriter;
import org.apache.accumulo.fate.zookeeper.ZooUtil;
import org.apache.accumulo.server.zookeeper.ZooCache;
import org.apache.accumulo.server.zookeeper.ZooReaderWriter;
import org.apache.log4j.Logger;
import org.apache.zookeeper.KeeperException;

/* loaded from: input_file:org/apache/accumulo/server/security/handler/ZKAuthenticator.class */
public final class ZKAuthenticator implements Authenticator {
    static final Logger log = Logger.getLogger(ZKAuthenticator.class);
    private static Authenticator zkAuthenticatorInstance = null;
    private String ZKUserPath;
    private final ZooCache zooCache = new ZooCache();

    public static synchronized Authenticator getInstance() {
        if (zkAuthenticatorInstance == null) {
            zkAuthenticatorInstance = new ZKAuthenticator();
        }
        return zkAuthenticatorInstance;
    }

    @Override // org.apache.accumulo.server.security.handler.Authenticator
    public void initialize(String str, boolean z) {
        this.ZKUserPath = "/accumulo/" + str + "/users";
    }

    @Override // org.apache.accumulo.server.security.handler.Authenticator
    public void initializeSecurity(TCredentials tCredentials, String str, byte[] bArr) throws AccumuloSecurityException {
        try {
            IZooReaderWriter retryingInstance = ZooReaderWriter.getRetryingInstance();
            synchronized (this.zooCache) {
                this.zooCache.clear();
                if (retryingInstance.exists(this.ZKUserPath)) {
                    retryingInstance.recursiveDelete(this.ZKUserPath, ZooUtil.NodeMissingPolicy.SKIP);
                    log.info("Removed " + this.ZKUserPath + "/ from zookeeper");
                }
                retryingInstance.putPersistentData(this.ZKUserPath, str.getBytes(Constants.UTF8), ZooUtil.NodeExistsPolicy.FAIL);
                constructUser(str, ZKSecurityTool.createPass(bArr));
            }
        } catch (KeeperException e) {
            log.error(e, e);
            throw new RuntimeException((Throwable) e);
        } catch (AccumuloException e2) {
            log.error(e2, e2);
            throw new RuntimeException((Throwable) e2);
        } catch (InterruptedException e3) {
            log.error(e3, e3);
            throw new RuntimeException(e3);
        }
    }

    private void constructUser(String str, byte[] bArr) throws KeeperException, InterruptedException {
        synchronized (this.zooCache) {
            this.zooCache.clear();
            ZooReaderWriter.getRetryingInstance().putPrivatePersistentData(this.ZKUserPath + "/" + str, bArr, ZooUtil.NodeExistsPolicy.FAIL);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.Authenticator
    public Set<String> listUsers() {
        return new TreeSet(this.zooCache.getChildren(this.ZKUserPath));
    }

    @Override // org.apache.accumulo.server.security.handler.Authenticator
    public void createUser(String str, AuthenticationToken authenticationToken) throws AccumuloSecurityException {
        try {
            if (!(authenticationToken instanceof PasswordToken)) {
                throw new AccumuloSecurityException(str, SecurityErrorCode.INVALID_TOKEN);
            }
            constructUser(str, ZKSecurityTool.createPass(((PasswordToken) authenticationToken).getPassword()));
        } catch (KeeperException e) {
            if (!e.code().equals(KeeperException.Code.NODEEXISTS)) {
                throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e);
            }
            throw new AccumuloSecurityException(str, SecurityErrorCode.USER_EXISTS, e);
        } catch (InterruptedException e2) {
            log.error(e2, e2);
            throw new RuntimeException(e2);
        } catch (AccumuloException e3) {
            log.error(e3, e3);
            throw new AccumuloSecurityException(str, SecurityErrorCode.DEFAULT_SECURITY_ERROR, e3);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.Authenticator
    public void dropUser(String str) throws AccumuloSecurityException {
        try {
            synchronized (this.zooCache) {
                this.zooCache.clear();
                ZooReaderWriter.getRetryingInstance().recursiveDelete(this.ZKUserPath + "/" + str, ZooUtil.NodeMissingPolicy.FAIL);
            }
        } catch (KeeperException e) {
            if (e.code().equals(KeeperException.Code.NONODE)) {
                throw new AccumuloSecurityException(str, SecurityErrorCode.USER_DOESNT_EXIST, e);
            }
            log.error(e, e);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e);
        } catch (InterruptedException e2) {
            log.error(e2, e2);
            throw new RuntimeException(e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.Authenticator
    public void changePassword(String str, AuthenticationToken authenticationToken) throws AccumuloSecurityException {
        if (!(authenticationToken instanceof PasswordToken)) {
            throw new AccumuloSecurityException(str, SecurityErrorCode.INVALID_TOKEN);
        }
        PasswordToken passwordToken = (PasswordToken) authenticationToken;
        if (!userExists(str)) {
            throw new AccumuloSecurityException(str, SecurityErrorCode.USER_DOESNT_EXIST);
        }
        try {
            synchronized (this.zooCache) {
                this.zooCache.clear(this.ZKUserPath + "/" + str);
                ZooReaderWriter.getRetryingInstance().putPrivatePersistentData(this.ZKUserPath + "/" + str, ZKSecurityTool.createPass(passwordToken.getPassword()), ZooUtil.NodeExistsPolicy.OVERWRITE);
            }
        } catch (AccumuloException e) {
            log.error(e, e);
            throw new AccumuloSecurityException(str, SecurityErrorCode.DEFAULT_SECURITY_ERROR, e);
        } catch (InterruptedException e2) {
            log.error(e2, e2);
            throw new RuntimeException(e2);
        } catch (KeeperException e3) {
            log.error(e3, e3);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e3);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.Authenticator
    public boolean userExists(String str) {
        return this.zooCache.get(new StringBuilder().append(this.ZKUserPath).append("/").append(str).toString()) != null;
    }

    @Override // org.apache.accumulo.server.security.handler.Authenticator
    public boolean validSecurityHandlers(Authorizor authorizor, PermissionHandler permissionHandler) {
        return true;
    }

    @Override // org.apache.accumulo.server.security.handler.Authenticator
    public boolean authenticateUser(String str, AuthenticationToken authenticationToken) throws AccumuloSecurityException {
        if (!(authenticationToken instanceof PasswordToken)) {
            throw new AccumuloSecurityException(str, SecurityErrorCode.INVALID_TOKEN);
        }
        PasswordToken passwordToken = (PasswordToken) authenticationToken;
        String str2 = this.ZKUserPath + "/" + str;
        boolean checkPass = ZKSecurityTool.checkPass(passwordToken.getPassword(), this.zooCache.get(str2));
        if (!checkPass) {
            this.zooCache.clear(str2);
            checkPass = ZKSecurityTool.checkPass(passwordToken.getPassword(), this.zooCache.get(str2));
        }
        return checkPass;
    }

    @Override // org.apache.accumulo.server.security.handler.Authenticator
    public Set<Class<? extends AuthenticationToken>> getSupportedTokenTypes() {
        HashSet hashSet = new HashSet();
        hashSet.add(PasswordToken.class);
        return hashSet;
    }

    @Override // org.apache.accumulo.server.security.handler.Authenticator
    public boolean validTokenClass(String str) {
        return str.equals(PasswordToken.class.getCanonicalName());
    }
}
