package org.apache.accumulo.server.security;

import java.util.Set;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
import org.apache.accumulo.core.security.AuditLevel;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.security.thrift.TCredentials;
import org.apache.accumulo.server.client.HdfsZooInstance;
import org.apache.accumulo.server.security.handler.Authenticator;
import org.apache.accumulo.server.security.handler.Authorizor;
import org.apache.accumulo.server.security.handler.PermissionHandler;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/apache/accumulo/server/security/AuditedSecurityOperation.class */
public class AuditedSecurityOperation extends SecurityOperation {
    public static final Logger log = Logger.getLogger(AuditedSecurityOperation.class);

    public AuditedSecurityOperation(Authorizor authorizor, Authenticator authenticator, PermissionHandler permissionHandler, String str) {
        super(authorizor, authenticator, permissionHandler, str);
    }

    public static synchronized SecurityOperation getInstance() {
        return getInstance(HdfsZooInstance.getInstance().getInstanceID(), false);
    }

    public static synchronized SecurityOperation getInstance(String str, boolean z) {
        if (instance == null) {
            instance = new AuditedSecurityOperation(getAuthorizor(str, z), getAuthenticator(str, z), getPermHandler(str, z), str);
        }
        return instance;
    }

    private void audit(TCredentials tCredentials, ThriftSecurityException thriftSecurityException, String str, Object... objArr) {
        log.log(AuditLevel.AUDIT, "Error: authenticated operation failed: " + tCredentials.getPrincipal() + ": " + String.format(str, objArr));
    }

    private void audit(TCredentials tCredentials, String str, Object... objArr) {
        log.log(AuditLevel.AUDIT, "Using credentials " + tCredentials.getPrincipal() + ": " + String.format(str, objArr));
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean authenticateUser(TCredentials tCredentials, TCredentials tCredentials2) throws ThriftSecurityException {
        try {
            boolean authenticateUser = super.authenticateUser(tCredentials, tCredentials2);
            audit(tCredentials, authenticateUser ? "authenticated" : "failed authentication", new Object[0]);
            return authenticateUser;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "authenticateUser", new Object[0]);
            log.debug(e);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public Authorizations getUserAuthorizations(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            Authorizations userAuthorizations = super.getUserAuthorizations(tCredentials, str);
            audit(tCredentials, "got authorizations for %s", str);
            return userAuthorizations;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "getting authorizations for %s", str);
            log.debug(e);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public Authorizations getUserAuthorizations(TCredentials tCredentials) throws ThriftSecurityException {
        try {
            return getUserAuthorizations(tCredentials, tCredentials.getPrincipal());
        } catch (ThriftSecurityException e) {
            log.debug(e);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void changeAuthorizations(TCredentials tCredentials, String str, Authorizations authorizations) throws ThriftSecurityException {
        try {
            super.changeAuthorizations(tCredentials, str, authorizations);
            audit(tCredentials, "changed authorizations for %s to %s", str, authorizations);
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "changing authorizations for %s", str);
            log.debug(e);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void changePassword(TCredentials tCredentials, TCredentials tCredentials2) throws ThriftSecurityException {
        try {
            super.changePassword(tCredentials, tCredentials2);
            audit(tCredentials, "changed password for %s", tCredentials2.getPrincipal());
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "changing password for %s", tCredentials2.getPrincipal());
            log.debug(e);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void createUser(TCredentials tCredentials, TCredentials tCredentials2, Authorizations authorizations) throws ThriftSecurityException {
        try {
            super.createUser(tCredentials, tCredentials2, authorizations);
            audit(tCredentials, "createUser", new Object[0]);
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "createUser %s", tCredentials2.getPrincipal());
            log.debug(e);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void dropUser(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            super.dropUser(tCredentials, str);
            audit(tCredentials, "dropUser", new Object[0]);
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "dropUser %s", str);
            log.debug(e);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void grantSystemPermission(TCredentials tCredentials, String str, SystemPermission systemPermission) throws ThriftSecurityException {
        try {
            super.grantSystemPermission(tCredentials, str, systemPermission);
            audit(tCredentials, "granted permission %s for %s", systemPermission, str);
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "granting permission %s for %s", systemPermission, str);
            log.debug(e);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void grantTablePermission(TCredentials tCredentials, String str, String str2, TablePermission tablePermission) throws ThriftSecurityException {
        try {
            super.grantTablePermission(tCredentials, str, str2, tablePermission);
            audit(tCredentials, "granted permission %s on table %s for %s", tablePermission, str2, str);
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "granting permission %s on table for %s", tablePermission, str2, str);
            log.debug(e);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void revokeSystemPermission(TCredentials tCredentials, String str, SystemPermission systemPermission) throws ThriftSecurityException {
        try {
            super.revokeSystemPermission(tCredentials, str, systemPermission);
            audit(tCredentials, "revoked permission %s for %s", systemPermission, str);
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "revoking permission %s on %s", systemPermission, str);
            log.debug(e);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void revokeTablePermission(TCredentials tCredentials, String str, String str2, TablePermission tablePermission) throws ThriftSecurityException {
        try {
            super.revokeTablePermission(tCredentials, str, str2, tablePermission);
            audit(tCredentials, "revoked permission %s on table %s for %s", tablePermission, str2, str);
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "revoking permission %s on table for %s", tablePermission, str2, str);
            log.debug(e);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean hasSystemPermission(TCredentials tCredentials, String str, SystemPermission systemPermission) throws ThriftSecurityException {
        try {
            boolean hasSystemPermission = super.hasSystemPermission(tCredentials, str, systemPermission);
            if (hasSystemPermission) {
                audit(tCredentials, "checked permission %s on %s", systemPermission, str);
            } else {
                audit(tCredentials, "checked permission %s on %s denied", systemPermission, str);
            }
            return hasSystemPermission;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "checking permission %s on %s denied", systemPermission, str);
            log.debug(e);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean hasTablePermission(TCredentials tCredentials, String str, String str2, TablePermission tablePermission) throws ThriftSecurityException {
        try {
            boolean hasTablePermission = super.hasTablePermission(tCredentials, str, str2, tablePermission);
            audit(tCredentials, "checked permission %s on table %s for %s", tablePermission, str2, str);
            return hasTablePermission;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "checking permission %s on %s", tablePermission, str);
            log.debug(e);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public Set<String> listUsers(TCredentials tCredentials) throws ThriftSecurityException {
        try {
            Set<String> listUsers = super.listUsers(tCredentials);
            audit(tCredentials, "listUsers", new Object[0]);
            return listUsers;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "listUsers", new Object[0]);
            log.debug(e);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void deleteTable(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            super.deleteTable(tCredentials, str);
            audit(tCredentials, "deleted table %s", str);
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "deleting table %s", str);
            log.debug(e);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canCreateTable(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canCreateTable = super.canCreateTable(tCredentials, str);
            if (canCreateTable) {
                audit(tCredentials, "create table %s allowed", str);
            } else {
                audit(tCredentials, "create table %s denied", str);
            }
            return canCreateTable;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "create table %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canRenameTable(TCredentials tCredentials, String str, String str2, String str3) throws ThriftSecurityException {
        try {
            boolean canRenameTable = super.canRenameTable(tCredentials, str, str2, str3);
            if (canRenameTable) {
                audit(tCredentials, "rename table on tableId %s from %s to %s allowed", str, str3, str2);
            } else {
                audit(tCredentials, "rename table on tableId %s from %s to %s denied", str, str3, str2);
            }
            return canRenameTable;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "rename table on tableId %s from %s to %s denied", str, str3, str2);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canSplitTablet(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canSplitTablet = super.canSplitTablet(tCredentials, str);
            if (canSplitTablet) {
                audit(tCredentials, "split tablet on table %s allowed", str);
            } else {
                audit(tCredentials, "split tablet on table %s denied", str);
            }
            return canSplitTablet;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "split tablet on table %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canPerformSystemActions(TCredentials tCredentials) throws ThriftSecurityException {
        try {
            boolean canPerformSystemActions = super.canPerformSystemActions(tCredentials);
            if (canPerformSystemActions) {
                audit(tCredentials, "system action allowed", new Object[0]);
            } else {
                audit(tCredentials, "system action denied", new Object[0]);
            }
            return canPerformSystemActions;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "system action denied", new Object[0]);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canFlush(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canFlush = super.canFlush(tCredentials, str);
            if (canFlush) {
                audit(tCredentials, "flush on tableId %s allowed ", str);
            } else {
                audit(tCredentials, "flush on tableId %s denied ", str);
            }
            return canFlush;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "flush on tableId %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canAlterTable(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canAlterTable = super.canAlterTable(tCredentials, str);
            if (canAlterTable) {
                audit(tCredentials, "alter table on tableId %s allowed", str);
            } else {
                audit(tCredentials, "alter table on tableId %s denied", str);
            }
            return canAlterTable;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "alter table on tableId %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canCloneTable(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canCloneTable = super.canCloneTable(tCredentials, str);
            if (canCloneTable) {
                audit(tCredentials, "clone table on tableId %s allowed", str);
            } else {
                audit(tCredentials, "clone table on tableId %s denied", str);
            }
            return canCloneTable;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "clone table on tableId %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canDeleteTable(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canDeleteTable = super.canDeleteTable(tCredentials, str);
            if (canDeleteTable) {
                audit(tCredentials, "delete table on tableId %s allowed", str);
            } else {
                audit(tCredentials, "delete table on tableId %s denied", str);
            }
            return canDeleteTable;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "delete table on tableId %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canOnlineOfflineTable(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canOnlineOfflineTable = super.canOnlineOfflineTable(tCredentials, str);
            if (canOnlineOfflineTable) {
                audit(tCredentials, "offline table on tableId %s allowed", str);
            } else {
                audit(tCredentials, "offline table on tableId %s denied", str);
            }
            return canOnlineOfflineTable;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "offline table on tableId %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canMerge(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canMerge = super.canMerge(tCredentials, str);
            if (canMerge) {
                audit(tCredentials, "merge table on tableId %s allowed", str);
            } else {
                audit(tCredentials, "merge table on tableId %s denied", str);
            }
            return canMerge;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "merge table on tableId %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canDeleteRange(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canDeleteRange = super.canDeleteRange(tCredentials, str);
            if (canDeleteRange) {
                audit(tCredentials, "delete range on tableId %s allowed", str);
            } else {
                audit(tCredentials, "delete range on tableId %s denied", str);
            }
            return canDeleteRange;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "delete range on tableId %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canBulkImport(TCredentials tCredentials, String str, String str2) throws ThriftSecurityException {
        try {
            boolean canBulkImport = super.canBulkImport(tCredentials, str, str2);
            if (canBulkImport) {
                audit(tCredentials, "bulk import on tableId %s from directory %s allowed", str, str2);
            } else {
                audit(tCredentials, "bulk import on tableId %s from directory %s denied", str, str2);
            }
            return canBulkImport;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "bulk import on tableId %s from directory %s denied", str, str2);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canCompact(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canCompact = super.canCompact(tCredentials, str);
            if (canCompact) {
                audit(tCredentials, "compact on tableId %s allowed", str);
            } else {
                audit(tCredentials, "compact on tableId %s denied", str);
            }
            return canCompact;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "compact on tableId %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canChangeAuthorizations(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canChangeAuthorizations = super.canChangeAuthorizations(tCredentials, str);
            if (canChangeAuthorizations) {
                audit(tCredentials, "change authorizations on user %s allowed", str);
            } else {
                audit(tCredentials, "change authorizations on user %s denied", str);
            }
            return canChangeAuthorizations;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "change authorizations on user %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canChangePassword(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canChangePassword = super.canChangePassword(tCredentials, str);
            if (canChangePassword) {
                audit(tCredentials, "change password on user %s allowed", str);
            } else {
                audit(tCredentials, "change password on user %s denied", str);
            }
            return canChangePassword;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "change password on user %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canCreateUser(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canCreateUser = super.canCreateUser(tCredentials, str);
            if (canCreateUser) {
                audit(tCredentials, "create user on user %s allowed", str);
            } else {
                audit(tCredentials, "create user on user %s denied", str);
            }
            return canCreateUser;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "create user on user %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canDropUser(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canDropUser = super.canDropUser(tCredentials, str);
            if (canDropUser) {
                audit(tCredentials, "drop user on user %s allowed", str);
            } else {
                audit(tCredentials, "drop user on user %s denied", str);
            }
            return canDropUser;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "drop user on user %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canGrantSystem(TCredentials tCredentials, String str, SystemPermission systemPermission) throws ThriftSecurityException {
        try {
            boolean canGrantSystem = super.canGrantSystem(tCredentials, str, systemPermission);
            if (canGrantSystem) {
                audit(tCredentials, "grant system permission %s for user %s allowed", systemPermission, str);
            } else {
                audit(tCredentials, "grant system permission %s for user %s denied", systemPermission, str);
            }
            return canGrantSystem;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "grant system permission %s for user %s denied", systemPermission, str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canGrantTable(TCredentials tCredentials, String str, String str2) throws ThriftSecurityException {
        try {
            boolean canGrantTable = super.canGrantTable(tCredentials, str, str2);
            if (canGrantTable) {
                audit(tCredentials, "grant table on table %s for user %s allowed", str2, str);
            } else {
                audit(tCredentials, "grant table on table %s for user %s denied", str2, str);
            }
            return canGrantTable;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "grant table on table %s for user %s denied", str2, str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canRevokeSystem(TCredentials tCredentials, String str, SystemPermission systemPermission) throws ThriftSecurityException {
        try {
            boolean canRevokeSystem = super.canRevokeSystem(tCredentials, str, systemPermission);
            if (canRevokeSystem) {
                audit(tCredentials, "revoke system permission %s for user %s allowed", systemPermission, str);
            } else {
                audit(tCredentials, "revoke system permission %s for user %s denied", systemPermission, str);
            }
            return canRevokeSystem;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "revoke system permission %s for user %s denied", systemPermission, str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canRevokeTable(TCredentials tCredentials, String str, String str2) throws ThriftSecurityException {
        try {
            boolean canRevokeTable = super.canRevokeTable(tCredentials, str, str2);
            if (canRevokeTable) {
                audit(tCredentials, "revoke table on table %s for user %s allowed", str2, str);
            } else {
                audit(tCredentials, "revoke table on table %s for user %s denied", str2, str);
            }
            return canRevokeTable;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "revoke table on table %s for user %s denied", str2, str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canExport(TCredentials tCredentials, String str, String str2) throws ThriftSecurityException {
        try {
            boolean canExport = super.canExport(tCredentials, str, str2);
            if (canExport) {
                audit(tCredentials, "export table on tableId %s to directory %s allowed", str, str2);
            } else {
                audit(tCredentials, "export table on tableId %s to directory %s denied", str, str2);
            }
            return canExport;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "export table on tableId %s to directory %s denied", str, str2);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canImport(TCredentials tCredentials, String str, String str2) throws ThriftSecurityException {
        try {
            boolean canImport = super.canImport(tCredentials, str, str2);
            if (canImport) {
                audit(tCredentials, "import table %s from directory %s allowed", str, str2);
            } else {
                audit(tCredentials, "import table %s from directory %s denied", str, str2);
            }
            return canImport;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "import table %s from directory %s denied", str, str2);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void initializeSecurity(TCredentials tCredentials, String str, byte[] bArr) throws AccumuloSecurityException, ThriftSecurityException {
        super.initializeSecurity(tCredentials, str, bArr);
        log.info("Initialized root user with username: " + str + " at the request of user " + tCredentials.getPrincipal());
    }
}
