package org.apache.hadoop.hbase.security.access;

import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.ListMultimap;
import com.google.common.collect.Lists;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentSkipListMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.KeyValue;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher;
import org.apache.zookeeper.KeeperException;

/* loaded from: input_file:org/apache/hadoop/hbase/security/access/TableAuthManager.class */
public class TableAuthManager {
    private static TableAuthManager instance;
    private volatile PermissionCache<Permission> globalCache;
    private ConcurrentSkipListMap<byte[], PermissionCache<TablePermission>> tableCache = new ConcurrentSkipListMap<>(Bytes.BYTES_COMPARATOR);
    private Configuration conf;
    private ZKPermissionWatcher zkperms;
    private static Log LOG = LogFactory.getLog(TableAuthManager.class);
    static Map<ZooKeeperWatcher, TableAuthManager> managerMap = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/hbase/security/access/TableAuthManager$PermissionCache.class */
    public static class PermissionCache<T extends Permission> {
        private ListMultimap<String, T> userCache;
        private ListMultimap<String, T> groupCache;

        private PermissionCache() {
            this.userCache = ArrayListMultimap.create();
            this.groupCache = ArrayListMultimap.create();
        }

        public List<T> getUser(String str) {
            return this.userCache.get(str);
        }

        public void putUser(String str, T t) {
            this.userCache.put(str, t);
        }

        public List<T> replaceUser(String str, Iterable<? extends T> iterable) {
            return this.userCache.replaceValues(str, iterable);
        }

        public List<T> getGroup(String str) {
            return this.groupCache.get(str);
        }

        public void putGroup(String str, T t) {
            this.groupCache.put(str, t);
        }

        public List<T> replaceGroup(String str, Iterable<? extends T> iterable) {
            return this.groupCache.replaceValues(str, iterable);
        }

        public ListMultimap<String, T> getAllPermissions() {
            ArrayListMultimap create = ArrayListMultimap.create();
            create.putAll(this.userCache);
            for (String str : this.groupCache.keySet()) {
                create.putAll(AccessControlLists.GROUP_PREFIX + str, this.groupCache.get(str));
            }
            return create;
        }
    }

    private TableAuthManager(ZooKeeperWatcher zooKeeperWatcher, Configuration configuration) throws IOException {
        this.conf = configuration;
        this.globalCache = initGlobal(configuration);
        this.zkperms = new ZKPermissionWatcher(zooKeeperWatcher, this, configuration);
        try {
            this.zkperms.start();
        } catch (KeeperException e) {
            LOG.error("ZooKeeper initialization failed", e);
        }
    }

    private PermissionCache<Permission> initGlobal(Configuration configuration) throws IOException {
        User current = User.getCurrent();
        if (current == null) {
            throw new IOException("Unable to obtain the current user, authorization checks for internal operations will not work correctly!");
        }
        PermissionCache<Permission> permissionCache = new PermissionCache<>();
        List<String> asList = Lists.asList(current.getShortName(), configuration.getStrings(AccessControlLists.SUPERUSER_CONF_KEY, new String[0]));
        if (asList != null) {
            for (String str : asList) {
                if (AccessControlLists.isGroupPrincipal(str)) {
                    permissionCache.putGroup(AccessControlLists.getGroupName(str), new Permission(Permission.Action.values()));
                } else {
                    permissionCache.putUser(str, new Permission(Permission.Action.values()));
                }
            }
        }
        return permissionCache;
    }

    public ZKPermissionWatcher getZKPermissionWatcher() {
        return this.zkperms;
    }

    public void refreshCacheFromWritable(byte[] bArr, byte[] bArr2) throws IOException {
        if (bArr2 == null || bArr2.length <= 0) {
            LOG.debug("Skipping permission cache refresh because writable data is empty");
            return;
        }
        ListMultimap<String, TablePermission> readPermissions = AccessControlLists.readPermissions(new DataInputStream(new ByteArrayInputStream(bArr2)), this.conf);
        if (readPermissions != null) {
            if (Bytes.equals(bArr, AccessControlLists.ACL_GLOBAL_NAME)) {
                updateGlobalCache(readPermissions);
            } else {
                updateTableCache(bArr, readPermissions);
            }
        }
    }

    private void updateGlobalCache(ListMultimap<String, TablePermission> listMultimap) {
        try {
            PermissionCache<Permission> initGlobal = initGlobal(this.conf);
            for (Map.Entry entry : listMultimap.entries()) {
                if (AccessControlLists.isGroupPrincipal((String) entry.getKey())) {
                    initGlobal.putGroup(AccessControlLists.getGroupName((String) entry.getKey()), new Permission(((TablePermission) entry.getValue()).getActions()));
                } else {
                    initGlobal.putUser((String) entry.getKey(), new Permission(((TablePermission) entry.getValue()).getActions()));
                }
            }
            this.globalCache = initGlobal;
        } catch (IOException e) {
            LOG.error("Error occured while updating the global cache", e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void updateTableCache(byte[] bArr, ListMultimap<String, TablePermission> listMultimap) {
        PermissionCache permissionCache = new PermissionCache();
        for (Map.Entry entry : listMultimap.entries()) {
            if (AccessControlLists.isGroupPrincipal((String) entry.getKey())) {
                permissionCache.putGroup(AccessControlLists.getGroupName((String) entry.getKey()), (Permission) entry.getValue());
            } else {
                permissionCache.putUser((String) entry.getKey(), (Permission) entry.getValue());
            }
        }
        this.tableCache.put(bArr, permissionCache);
    }

    private PermissionCache<TablePermission> getTablePermissions(byte[] bArr) {
        if (!this.tableCache.containsKey(bArr)) {
            this.tableCache.putIfAbsent(bArr, new PermissionCache<>());
        }
        return this.tableCache.get(bArr);
    }

    private boolean authorize(List<Permission> list, Permission.Action action) {
        if (list == null) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug("No permissions found");
            return false;
        }
        Iterator<Permission> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().implies(action)) {
                return true;
            }
        }
        return false;
    }

    public boolean authorize(User user, Permission.Action action) {
        if (user == null) {
            return false;
        }
        if (authorize(this.globalCache.getUser(user.getShortName()), action)) {
            return true;
        }
        String[] groupNames = user.getGroupNames();
        if (groupNames == null) {
            return false;
        }
        for (String str : groupNames) {
            if (authorize(this.globalCache.getGroup(str), action)) {
                return true;
            }
        }
        return false;
    }

    private boolean authorize(List<TablePermission> list, byte[] bArr, byte[] bArr2, Permission.Action action) {
        return authorize(list, bArr, bArr2, (byte[]) null, action);
    }

    private boolean authorize(List<TablePermission> list, byte[] bArr, byte[] bArr2, byte[] bArr3, Permission.Action action) {
        if (list == null) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug("No permissions found for table=" + Bytes.toStringBinary(bArr));
            return false;
        }
        Iterator<TablePermission> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().implies(bArr, bArr2, bArr3, action)) {
                return true;
            }
        }
        return false;
    }

    public boolean authorize(User user, byte[] bArr, KeyValue keyValue, Permission.Action action) {
        PermissionCache<TablePermission> permissionCache = this.tableCache.get(bArr);
        if (permissionCache == null) {
            return false;
        }
        if (authorize(permissionCache.getUser(user.getShortName()), bArr, keyValue, action)) {
            return true;
        }
        String[] groupNames = user.getGroupNames();
        if (groupNames == null) {
            return false;
        }
        for (String str : groupNames) {
            if (authorize(permissionCache.getGroup(str), bArr, keyValue, action)) {
                return true;
            }
        }
        return false;
    }

    private boolean authorize(List<TablePermission> list, byte[] bArr, KeyValue keyValue, Permission.Action action) {
        if (list == null) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug("No permissions for authorize() check, table=" + Bytes.toStringBinary(bArr));
            return false;
        }
        Iterator<TablePermission> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().implies(bArr, keyValue, action)) {
                return true;
            }
        }
        return false;
    }

    public boolean authorizeUser(String str, Permission.Action action) {
        return authorize(this.globalCache.getUser(str), action);
    }

    public boolean authorizeUser(String str, byte[] bArr, byte[] bArr2, Permission.Action action) {
        return authorizeUser(str, bArr, bArr2, null, action);
    }

    public boolean authorizeUser(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, Permission.Action action) {
        if (authorizeUser(str, action)) {
            return true;
        }
        return authorize(getTablePermissions(bArr).getUser(str), bArr, bArr2, bArr3, action);
    }

    public boolean authorizeGroup(String str, Permission.Action action) {
        return authorize(this.globalCache.getGroup(str), action);
    }

    public boolean authorizeGroup(String str, byte[] bArr, byte[] bArr2, Permission.Action action) {
        if (authorizeGroup(str, action)) {
            return true;
        }
        return authorize(getTablePermissions(bArr).getGroup(str), bArr, bArr2, action);
    }

    public boolean authorize(User user, byte[] bArr, byte[] bArr2, byte[] bArr3, Permission.Action action) {
        if (authorizeUser(user.getShortName(), bArr, bArr2, bArr3, action)) {
            return true;
        }
        String[] groupNames = user.getGroupNames();
        if (groupNames == null) {
            return false;
        }
        for (String str : groupNames) {
            if (authorizeGroup(str, bArr, bArr2, action)) {
                return true;
            }
        }
        return false;
    }

    public boolean authorize(User user, byte[] bArr, byte[] bArr2, Permission.Action action) {
        return authorize(user, bArr, bArr2, (byte[]) null, action);
    }

    public boolean matchPermission(User user, byte[] bArr, byte[] bArr2, Permission.Action action) {
        PermissionCache<TablePermission> permissionCache = this.tableCache.get(bArr);
        if (permissionCache == null) {
            return false;
        }
        List<TablePermission> user2 = permissionCache.getUser(user.getShortName());
        if (user2 != null) {
            Iterator<TablePermission> it = user2.iterator();
            while (it.hasNext()) {
                if (it.next().matchesFamily(bArr, bArr2, action)) {
                    return true;
                }
            }
        }
        String[] groupNames = user.getGroupNames();
        if (groupNames == null) {
            return false;
        }
        for (String str : groupNames) {
            List<TablePermission> group = permissionCache.getGroup(str);
            if (group != null) {
                Iterator<TablePermission> it2 = group.iterator();
                while (it2.hasNext()) {
                    if (it2.next().matchesFamily(bArr, bArr2, action)) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    public boolean matchPermission(User user, byte[] bArr, byte[] bArr2, byte[] bArr3, Permission.Action action) {
        PermissionCache<TablePermission> permissionCache = this.tableCache.get(bArr);
        if (permissionCache == null) {
            return false;
        }
        List<TablePermission> user2 = permissionCache.getUser(user.getShortName());
        if (user2 != null) {
            Iterator<TablePermission> it = user2.iterator();
            while (it.hasNext()) {
                if (it.next().matchesFamilyQualifier(bArr, bArr2, bArr3, action)) {
                    return true;
                }
            }
        }
        String[] groupNames = user.getGroupNames();
        if (groupNames == null) {
            return false;
        }
        for (String str : groupNames) {
            List<TablePermission> group = permissionCache.getGroup(str);
            if (group != null) {
                Iterator<TablePermission> it2 = group.iterator();
                while (it2.hasNext()) {
                    if (it2.next().matchesFamilyQualifier(bArr, bArr2, bArr3, action)) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    public void remove(byte[] bArr) {
        this.tableCache.remove(bArr);
    }

    public void setUserPermissions(String str, byte[] bArr, List<TablePermission> list) {
        PermissionCache<TablePermission> tablePermissions = getTablePermissions(bArr);
        tablePermissions.replaceUser(str, list);
        writeToZooKeeper(bArr, tablePermissions);
    }

    public void setGroupPermissions(String str, byte[] bArr, List<TablePermission> list) {
        PermissionCache<TablePermission> tablePermissions = getTablePermissions(bArr);
        tablePermissions.replaceGroup(str, list);
        writeToZooKeeper(bArr, tablePermissions);
    }

    public void writeToZooKeeper(byte[] bArr, PermissionCache<TablePermission> permissionCache) {
        byte[] bArr2 = new byte[0];
        if (permissionCache != null) {
            bArr2 = AccessControlLists.writePermissionsAsBytes(permissionCache.getAllPermissions(), this.conf);
        }
        this.zkperms.writeToZookeeper(bArr, bArr2);
    }

    public static synchronized TableAuthManager get(ZooKeeperWatcher zooKeeperWatcher, Configuration configuration) throws IOException {
        instance = managerMap.get(zooKeeperWatcher);
        if (instance == null) {
            instance = new TableAuthManager(zooKeeperWatcher, configuration);
            managerMap.put(zooKeeperWatcher, instance);
        }
        return instance;
    }
}
