package org.apache.hadoop.hbase.hindex.server.master;

import java.io.IOException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.hbase.DoNotRetryIOException;
import org.apache.hadoop.hbase.MetaTableAccessor;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.TableNotEnabledException;
import org.apache.hadoop.hbase.TableNotFoundException;
import org.apache.hadoop.hbase.client.ClusterConnection;
import org.apache.hadoop.hbase.security.AccessDeniedException;
import org.apache.hadoop.hbase.security.Superusers;
import org.apache.hadoop.hbase.security.access.AccessControlClient;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.hadoop.hbase.security.access.UserPermission;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.security.UserGroupInformation;

/* loaded from: input_file:org/apache/hadoop/hbase/hindex/server/master/HIndexCRUDUtils.class */
public final class HIndexCRUDUtils {
    private static final Log LOG = LogFactory.getLog(HIndexCRUDUtils.class);

    private HIndexCRUDUtils() {
    }

    public static void validateTableName(ClusterConnection clusterConnection, TableName tableName, String str) throws IOException, TableNotFoundException, TableNotEnabledException {
        if (!MetaTableAccessor.tableExists(clusterConnection, tableName)) {
            LOG.error("Table " + tableName.getNameAsString() + " does not exist. ");
            throw new DoNotRetryIOException(new TableNotFoundException(tableName));
        }
        if (tableName.isSystemTable()) {
            String str2 = "Cannot perfrom any index operation on system table " + tableName.getNameAsString() + ". " + str;
            LOG.error(str2);
            throw new DoNotRetryIOException(new IllegalArgumentException(str2));
        }
    }

    public static void validateUserHasPermission(ClusterConnection clusterConnection, TableName tableName, UserGroupInformation userGroupInformation) throws AccessDeniedException {
        try {
            if (hasIndexMetaTableModifyPermissions(clusterConnection, userGroupInformation, tableName)) {
                return;
            }
            String str = "User " + userGroupInformation.getShortUserName() + " does not have Admin or Create permissions on the table " + tableName + ". ";
            LOG.error(str);
            throw new AccessDeniedException(str);
        } catch (AccessDeniedException e) {
            throw e;
        } catch (Throwable th) {
            String str2 = "Failed to get table " + tableName + " user " + userGroupInformation.getShortUserName() + " permissions. ";
            LOG.error(str2);
            throw new IllegalStateException(str2, th);
        }
    }

    public static boolean hasIndexMetaTableModifyPermissions(ClusterConnection clusterConnection, UserGroupInformation userGroupInformation, TableName tableName) throws Throwable {
        if (!AccessControlClient.isAuthorizationEnabled(clusterConnection)) {
            return true;
        }
        String shortUserName = userGroupInformation.getShortUserName();
        if (Superusers.isSuperUser(shortUserName) || hasTablePermissions(clusterConnection, shortUserName, tableName, Permission.Action.ADMIN) || hasTablePermissions(clusterConnection, shortUserName, tableName, Permission.Action.CREATE)) {
            return true;
        }
        String[] groupNames = userGroupInformation.getGroupNames();
        if (groupNames != null) {
            for (String str : groupNames) {
                if (hasTablePermissions(clusterConnection, "@" + str, tableName, Permission.Action.ADMIN) || hasTablePermissions(clusterConnection, "@" + str, tableName, Permission.Action.CREATE)) {
                    return true;
                }
            }
        }
        for (UserPermission userPermission : AccessControlClient.getUserPermissions(clusterConnection, "@" + tableName.getNamespaceAsString())) {
            if (checkPermissions(shortUserName, userPermission) || checkPermissions("@" + shortUserName, userPermission)) {
                return true;
            }
        }
        for (UserPermission userPermission2 : AccessControlClient.getUserPermissions(clusterConnection, (String) null)) {
            if (checkPermissions(shortUserName, userPermission2) || checkPermissions("@" + shortUserName, userPermission2)) {
                return true;
            }
        }
        return false;
    }

    private static boolean checkPermissions(String str, UserPermission userPermission) {
        if (!Bytes.toString(userPermission.getUser()).equals(str)) {
            return false;
        }
        for (Permission.Action action : userPermission.getActions()) {
            if (action.equals(Permission.Action.ADMIN) || action.equals(Permission.Action.CREATE)) {
                return true;
            }
        }
        return false;
    }

    private static boolean hasTablePermissions(ClusterConnection clusterConnection, String str, TableName tableName, Permission.Action action) throws Throwable {
        return AccessControlClient.hasPermission(clusterConnection, tableName.getNameAsString(), "", "", str, new Permission.Action[]{action});
    }
}
