package org.apache.accumulo.server.security.handler;

import com.google.common.base.Charsets;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.TableNotFoundException;
import org.apache.accumulo.core.client.impl.thrift.SecurityErrorCode;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.security.thrift.TCredentials;
import org.apache.accumulo.fate.zookeeper.IZooReaderWriter;
import org.apache.accumulo.fate.zookeeper.ZooUtil;
import org.apache.accumulo.server.zookeeper.ZooCache;
import org.apache.accumulo.server.zookeeper.ZooReaderWriter;
import org.apache.log4j.Logger;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.data.Stat;

/* loaded from: input_file:org/apache/accumulo/server/security/handler/ZKPermHandler.class */
public class ZKPermHandler implements PermissionHandler {
    private static final Logger log = Logger.getLogger(ZKAuthorizor.class);
    private static PermissionHandler zkPermHandlerInstance = null;
    private String ZKUserPath;
    private String ZKTablePath;
    private final ZooCache zooCache = new ZooCache();
    private static final String ZKUserSysPerms = "/System";
    private static final String ZKUserTablePerms = "/Tables";

    public static synchronized PermissionHandler getInstance() {
        if (zkPermHandlerInstance == null) {
            zkPermHandlerInstance = new ZKPermHandler();
        }
        return zkPermHandlerInstance;
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void initialize(String str, boolean z) {
        this.ZKUserPath = ZKSecurityTool.getInstancePath(str) + "/users";
        this.ZKTablePath = ZKSecurityTool.getInstancePath(str) + "/tables";
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public boolean hasTablePermission(String str, String str2, TablePermission tablePermission) throws TableNotFoundException {
        try {
            String str3 = this.ZKUserPath + "/" + str + ZKUserTablePerms + "/" + str2;
            ZooReaderWriter.getRetryingInstance().sync(str3);
            byte[] data = ZooReaderWriter.getRetryingInstance().getData(str3, (Stat) null);
            if (data != null) {
                return ZKSecurityTool.convertTablePermissions(data).contains(tablePermission);
            }
            return false;
        } catch (InterruptedException e) {
            log.warn("Unhandled InterruptedException, failing closed for table permission check", e);
            return false;
        } catch (KeeperException e2) {
            if (e2.code() != KeeperException.Code.NONODE) {
                log.warn("Unhandled KeeperException, failing closed for table permission check", e2);
                return false;
            }
            try {
                ZooReaderWriter.getRetryingInstance().getData(this.ZKTablePath + "/" + str2, (Stat) null);
                return false;
            } catch (KeeperException e3) {
                if (e2.code() == KeeperException.Code.NONODE) {
                    throw new TableNotFoundException((String) null, str2, "while checking permissions");
                }
                log.warn("Unhandled InterruptedException, failing closed for table permission check", e2);
                return false;
            } catch (InterruptedException e4) {
                log.warn("Unhandled InterruptedException, failing closed for table permission check", e2);
                return false;
            }
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public boolean hasCachedTablePermission(String str, String str2, TablePermission tablePermission) throws AccumuloSecurityException, TableNotFoundException {
        byte[] bArr = this.zooCache.get(this.ZKUserPath + "/" + str + ZKUserTablePerms + "/" + str2);
        if (bArr != null) {
            return ZKSecurityTool.convertTablePermissions(bArr).contains(tablePermission);
        }
        return false;
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void grantSystemPermission(String str, SystemPermission systemPermission) throws AccumuloSecurityException {
        try {
            byte[] bArr = this.zooCache.get(this.ZKUserPath + "/" + str + ZKUserSysPerms);
            Set<SystemPermission> treeSet = bArr == null ? new TreeSet() : ZKSecurityTool.convertSystemPermissions(bArr);
            if (treeSet.add(systemPermission)) {
                synchronized (this.zooCache) {
                    this.zooCache.clear();
                    ZooReaderWriter.getRetryingInstance().putPersistentData(this.ZKUserPath + "/" + str + ZKUserSysPerms, ZKSecurityTool.convertSystemPermissions(treeSet), ZooUtil.NodeExistsPolicy.OVERWRITE);
                }
            }
        } catch (InterruptedException e) {
            log.error(e, e);
            throw new RuntimeException(e);
        } catch (KeeperException e2) {
            log.error(e2, e2);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void grantTablePermission(String str, String str2, TablePermission tablePermission) throws AccumuloSecurityException {
        byte[] bArr = this.zooCache.get(this.ZKUserPath + "/" + str + ZKUserTablePerms + "/" + str2);
        Set convertTablePermissions = bArr != null ? ZKSecurityTool.convertTablePermissions(bArr) : new TreeSet();
        try {
            if (convertTablePermissions.add(tablePermission)) {
                synchronized (this.zooCache) {
                    this.zooCache.clear(this.ZKUserPath + "/" + str + ZKUserTablePerms + "/" + str2);
                    ZooReaderWriter.getRetryingInstance().putPersistentData(this.ZKUserPath + "/" + str + ZKUserTablePerms + "/" + str2, ZKSecurityTool.convertTablePermissions((Set<TablePermission>) convertTablePermissions), ZooUtil.NodeExistsPolicy.OVERWRITE);
                }
            }
        } catch (InterruptedException e) {
            log.error(e, e);
            throw new RuntimeException(e);
        } catch (KeeperException e2) {
            log.error(e2, e2);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void revokeSystemPermission(String str, SystemPermission systemPermission) throws AccumuloSecurityException {
        byte[] bArr = this.zooCache.get(this.ZKUserPath + "/" + str + ZKUserSysPerms);
        if (bArr == null) {
            return;
        }
        Set<SystemPermission> convertSystemPermissions = ZKSecurityTool.convertSystemPermissions(bArr);
        try {
            if (convertSystemPermissions.remove(systemPermission)) {
                synchronized (this.zooCache) {
                    this.zooCache.clear();
                    ZooReaderWriter.getRetryingInstance().putPersistentData(this.ZKUserPath + "/" + str + ZKUserSysPerms, ZKSecurityTool.convertSystemPermissions(convertSystemPermissions), ZooUtil.NodeExistsPolicy.OVERWRITE);
                }
            }
        } catch (KeeperException e) {
            log.error(e, e);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e);
        } catch (InterruptedException e2) {
            log.error(e2, e2);
            throw new RuntimeException(e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void revokeTablePermission(String str, String str2, TablePermission tablePermission) throws AccumuloSecurityException {
        byte[] bArr = this.zooCache.get(this.ZKUserPath + "/" + str + ZKUserTablePerms + "/" + str2);
        if (bArr == null) {
            return;
        }
        Set<TablePermission> convertTablePermissions = ZKSecurityTool.convertTablePermissions(bArr);
        try {
            if (convertTablePermissions.remove(tablePermission)) {
                this.zooCache.clear();
                IZooReaderWriter retryingInstance = ZooReaderWriter.getRetryingInstance();
                if (convertTablePermissions.size() == 0) {
                    retryingInstance.recursiveDelete(this.ZKUserPath + "/" + str + ZKUserTablePerms + "/" + str2, ZooUtil.NodeMissingPolicy.SKIP);
                } else {
                    retryingInstance.putPersistentData(this.ZKUserPath + "/" + str + ZKUserTablePerms + "/" + str2, ZKSecurityTool.convertTablePermissions(convertTablePermissions), ZooUtil.NodeExistsPolicy.OVERWRITE);
                }
            }
        } catch (KeeperException e) {
            log.error(e, e);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e);
        } catch (InterruptedException e2) {
            log.error(e2, e2);
            throw new RuntimeException(e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void cleanTablePermissions(String str) throws AccumuloSecurityException {
        try {
            synchronized (this.zooCache) {
                this.zooCache.clear();
                IZooReaderWriter retryingInstance = ZooReaderWriter.getRetryingInstance();
                Iterator it = this.zooCache.getChildren(this.ZKUserPath).iterator();
                while (it.hasNext()) {
                    retryingInstance.recursiveDelete(this.ZKUserPath + "/" + ((String) it.next()) + ZKUserTablePerms + "/" + str, ZooUtil.NodeMissingPolicy.SKIP);
                }
            }
        } catch (InterruptedException e) {
            log.error(e, e);
            throw new RuntimeException(e);
        } catch (KeeperException e2) {
            log.error(e2, e2);
            throw new AccumuloSecurityException("unknownUser", SecurityErrorCode.CONNECTION_ERROR, e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void initializeSecurity(TCredentials tCredentials, String str) throws AccumuloSecurityException {
        IZooReaderWriter retryingInstance = ZooReaderWriter.getRetryingInstance();
        TreeSet treeSet = new TreeSet();
        for (SystemPermission systemPermission : SystemPermission.values()) {
            treeSet.add(systemPermission);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("!0", Collections.singleton(TablePermission.ALTER_TABLE));
        try {
            if (!retryingInstance.exists(this.ZKUserPath)) {
                retryingInstance.putPersistentData(this.ZKUserPath, str.getBytes(Charsets.UTF_8), ZooUtil.NodeExistsPolicy.FAIL);
            }
            initUser(str);
            retryingInstance.putPersistentData(this.ZKUserPath + "/" + str + ZKUserSysPerms, ZKSecurityTool.convertSystemPermissions(treeSet), ZooUtil.NodeExistsPolicy.FAIL);
            for (Map.Entry entry : hashMap.entrySet()) {
                createTablePerm(str, (String) entry.getKey(), (Set) entry.getValue());
            }
        } catch (InterruptedException e) {
            log.error(e, e);
            throw new RuntimeException(e);
        } catch (KeeperException e2) {
            log.error(e2, e2);
            throw new RuntimeException((Throwable) e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void initUser(String str) throws AccumuloSecurityException {
        IZooReaderWriter retryingInstance = ZooReaderWriter.getRetryingInstance();
        try {
            retryingInstance.putPersistentData(this.ZKUserPath + "/" + str, new byte[0], ZooUtil.NodeExistsPolicy.SKIP);
            retryingInstance.putPersistentData(this.ZKUserPath + "/" + str + ZKUserTablePerms, new byte[0], ZooUtil.NodeExistsPolicy.SKIP);
        } catch (InterruptedException e) {
            log.error(e, e);
            throw new RuntimeException(e);
        } catch (KeeperException e2) {
            log.error(e2, e2);
            throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e2);
        }
    }

    private void createTablePerm(String str, String str2, Set<TablePermission> set) throws KeeperException, InterruptedException {
        synchronized (this.zooCache) {
            this.zooCache.clear();
            ZooReaderWriter.getRetryingInstance().putPersistentData(this.ZKUserPath + "/" + str + ZKUserTablePerms + "/" + str2, ZKSecurityTool.convertTablePermissions(set), ZooUtil.NodeExistsPolicy.FAIL);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void cleanUser(String str) throws AccumuloSecurityException {
        try {
            synchronized (this.zooCache) {
                IZooReaderWriter retryingInstance = ZooReaderWriter.getRetryingInstance();
                retryingInstance.recursiveDelete(this.ZKUserPath + "/" + str + ZKUserSysPerms, ZooUtil.NodeMissingPolicy.SKIP);
                retryingInstance.recursiveDelete(this.ZKUserPath + "/" + str + ZKUserTablePerms, ZooUtil.NodeMissingPolicy.SKIP);
                this.zooCache.clear(this.ZKUserPath + "/" + str);
            }
        } catch (KeeperException e) {
            log.error(e, e);
            if (!e.code().equals(KeeperException.Code.NONODE)) {
                throw new AccumuloSecurityException(str, SecurityErrorCode.CONNECTION_ERROR, e);
            }
            throw new AccumuloSecurityException(str, SecurityErrorCode.USER_DOESNT_EXIST, e);
        } catch (InterruptedException e2) {
            log.error(e2, e2);
            throw new RuntimeException(e2);
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public boolean hasSystemPermission(String str, SystemPermission systemPermission) throws AccumuloSecurityException {
        try {
            String str2 = this.ZKUserPath + "/" + str + ZKUserSysPerms;
            ZooReaderWriter.getRetryingInstance().sync(str2);
            byte[] data = ZooReaderWriter.getRetryingInstance().getData(str2, (Stat) null);
            if (data == null) {
                return false;
            }
            return ZKSecurityTool.convertSystemPermissions(data).contains(systemPermission);
        } catch (InterruptedException e) {
            log.warn("Unhandled InterruptedException, failing closed for table permission check", e);
            return false;
        } catch (KeeperException e2) {
            if (e2.code() == KeeperException.Code.NONODE) {
                return false;
            }
            log.warn("Unhandled KeeperException, failing closed for table permission check", e2);
            return false;
        }
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public boolean hasCachedSystemPermission(String str, SystemPermission systemPermission) throws AccumuloSecurityException {
        byte[] bArr = this.zooCache.get(this.ZKUserPath + "/" + str + ZKUserSysPerms);
        if (bArr == null) {
            return false;
        }
        return ZKSecurityTool.convertSystemPermissions(bArr).contains(systemPermission);
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public boolean validSecurityHandlers(Authenticator authenticator, Authorizor authorizor) {
        return true;
    }

    @Override // org.apache.accumulo.server.security.handler.PermissionHandler
    public void initTable(String str) throws AccumuloSecurityException {
    }
}
