package org.apache.hadoop.hbase.security.access;

import com.google.protobuf.Message;
import com.google.protobuf.Service;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.hbase.CompoundConfiguration;
import org.apache.hadoop.hbase.CoprocessorEnvironment;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.NamespaceDescriptor;
import org.apache.hadoop.hbase.Server;
import org.apache.hadoop.hbase.ServerName;
import org.apache.hadoop.hbase.client.Append;
import org.apache.hadoop.hbase.client.Delete;
import org.apache.hadoop.hbase.client.Durability;
import org.apache.hadoop.hbase.client.Increment;
import org.apache.hadoop.hbase.client.Mutation;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.coprocessor.BaseMasterAndRegionObserver;
import org.apache.hadoop.hbase.coprocessor.BulkLoadObserver;
import org.apache.hadoop.hbase.coprocessor.EndpointObserver;
import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;
import org.apache.hadoop.hbase.coprocessor.ObserverContext;
import org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment;
import org.apache.hadoop.hbase.filter.ByteArrayComparable;
import org.apache.hadoop.hbase.filter.CompareFilter;
import org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos;
import org.apache.hadoop.hbase.protobuf.generated.SecureBulkLoadProtos;
import org.apache.hadoop.hbase.regionserver.HRegionServer;
import org.apache.hadoop.hbase.regionserver.MiniBatchOperationInProgress;
import org.apache.hadoop.hbase.regionserver.wal.WALEdit;
import org.apache.hadoop.hbase.security.AccessDeniedException;
import org.apache.hadoop.hbase.security.Superusers;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.UserProvider;
import org.apache.hadoop.hbase.util.Pair;
import org.apache.hadoop.hbase.zookeeper.MasterAddressTracker;

/* loaded from: input_file:org/apache/hadoop/hbase/security/access/ReadOnlyClusterEnabler.class */
public class ReadOnlyClusterEnabler extends BaseMasterAndRegionObserver implements EndpointObserver, BulkLoadObserver {
    public static final Log LOG = LogFactory.getLog(ReadOnlyClusterEnabler.class);
    private UserProvider userProvider;
    private Server server;
    private HRegionServer regionServer;
    private MasterAddressTracker masterAddressTracker = null;

    @Override // org.apache.hadoop.hbase.coprocessor.BaseMasterAndRegionObserver, org.apache.hadoop.hbase.coprocessor.BaseRegionObserver
    public void start(CoprocessorEnvironment coprocessorEnvironment) throws IOException {
        CompoundConfiguration compoundConfiguration = new CompoundConfiguration();
        compoundConfiguration.add(coprocessorEnvironment.getConfiguration());
        if (coprocessorEnvironment instanceof MasterCoprocessorEnvironment) {
            this.server = ((MasterCoprocessorEnvironment) coprocessorEnvironment).getMasterServices();
        } else if (coprocessorEnvironment instanceof RegionCoprocessorEnvironment) {
            RegionCoprocessorEnvironment regionCoprocessorEnvironment = (RegionCoprocessorEnvironment) coprocessorEnvironment;
            compoundConfiguration.addStringMap(regionCoprocessorEnvironment.getRegion().getTableDesc().getConfiguration());
            this.server = regionCoprocessorEnvironment.getRegionServerServices();
        }
        if (this.server instanceof HRegionServer) {
            this.regionServer = (HRegionServer) this.server;
            this.masterAddressTracker = this.regionServer.getMasterAddressTracker();
        }
        this.userProvider = UserProvider.instantiate(coprocessorEnvironment.getConfiguration());
    }

    private void checkRequestValid() throws AccessDeniedException {
        if (RpcServer.isInRpcCallContext()) {
            if (this.regionServer.isClusterStateActive()) {
                LOG.trace("Cluster state is Active allowing all operation.");
                return;
            }
            try {
                User activeUser = getActiveUser();
                if (!Superusers.isSuperUser(activeUser)) {
                    throw new AccessDeniedException("User " + activeUser + " not a hbase super user in Standby cluster, operation is not allowed.");
                }
                if (isRemoteAddressCheckValid()) {
                    return;
                }
                LOG.error("Request came from restricted host or ip address operation not allowed");
                throw new AccessDeniedException("Standby cluster does not support operation for given remote client.");
            } catch (IOException e) {
                LOG.warn("Error while checking user is hbase super user or not.", e);
                throw new AccessDeniedException("Not a hbase super user in Standby cluster, operation is not allowed.");
            }
        }
    }

    private boolean validateRemoteAddressAgainstAllRSAndActiveMaster() {
        InetAddress remoteAddress = getRemoteAddress();
        if (remoteAddress == null) {
            LOG.warn("Remote client address to be validated is null");
            return false;
        }
        boolean z = false;
        String hostName = remoteAddress.getHostName();
        if (LOG.isTraceEnabled()) {
            LOG.trace("Client hostName to check in standby cluster state=" + hostName + " against current set of allowed region servers=" + this.regionServer.getOnlineServers());
        }
        if (StringUtils.isNotBlank(hostName)) {
            z = this.regionServer.isTrustedRequestOrigin(hostName);
        }
        if (!z) {
            String hostAddress = remoteAddress.getHostAddress();
            if (StringUtils.isNotBlank(hostAddress)) {
                z = this.regionServer.isTrustedRequestOrigin(hostAddress);
            }
        }
        if (!z) {
            if (this.masterAddressTracker == null) {
                LOG.warn("Master address tracker not available for validation");
                return false;
            }
            ServerName masterAddress = this.masterAddressTracker.getMasterAddress();
            if (masterAddress == null) {
                LOG.warn("Master ServerName is null, cannot validate against master");
                return false;
            }
            String hostname = masterAddress.getHostname();
            if (StringUtils.isBlank(hostname)) {
                LOG.warn("Master address is null or empty, cannot validate against master");
                return false;
            }
            LOG.debug("Validating client host " + hostName + " against master address " + hostname);
            z = hostname.equals(hostName);
            if (!z) {
                try {
                    InetAddress byName = InetAddress.getByName(hostname);
                    String hostAddress2 = remoteAddress.getHostAddress();
                    LOG.debug("Validating client IP address " + hostAddress2 + " against master address " + byName);
                    if (StringUtils.isNotBlank(hostAddress2)) {
                        z = hostAddress2.equals(byName);
                    }
                } catch (UnknownHostException e) {
                    LOG.warn("Could not get IP address for master hostName " + hostname);
                    return false;
                }
            }
        }
        return z;
    }

    private boolean isRemoteAddressCheckValid() {
        boolean z = false;
        if (!this.regionServer.useWhilteListingIPValidatorForReplication()) {
            return validateRemoteAddressAgainstAllRSAndActiveMaster();
        }
        InetAddress remoteAddress = getRemoteAddress();
        if (remoteAddress != null) {
            String hostAddress = remoteAddress.getHostAddress();
            if (StringUtils.isNotBlank(hostAddress)) {
                z = this.regionServer.getIPValidatorForReplication().isValidIp(hostAddress);
            } else {
                LOG.warn("Could not resolve RemoteAdress to IP for ip validation.");
            }
        } else {
            LOG.warn("User request's RemoteAddress is null for ip validator.");
        }
        return z;
    }

    private InetAddress getRemoteAddress() {
        InetAddress remoteAddress = RpcServer.getRemoteAddress();
        if (remoteAddress == null) {
            remoteAddress = RpcServer.getRemoteIp();
        }
        LOG.trace("Request came from " + remoteAddress);
        return remoteAddress;
    }

    private User getActiveUser() throws IOException {
        User requestUser = RpcServer.getRequestUser();
        if (requestUser == null) {
            requestUser = this.userProvider.getCurrent();
        }
        return requestUser;
    }

    @Override // org.apache.hadoop.hbase.coprocessor.BaseMasterAndRegionObserver, org.apache.hadoop.hbase.coprocessor.MasterObserver
    public void preDeleteNamespace(ObserverContext<MasterCoprocessorEnvironment> observerContext, String str) throws IOException {
        checkRequestValid();
    }

    @Override // org.apache.hadoop.hbase.coprocessor.BaseMasterAndRegionObserver, org.apache.hadoop.hbase.coprocessor.MasterObserver
    public void preModifyNamespace(ObserverContext<MasterCoprocessorEnvironment> observerContext, NamespaceDescriptor namespaceDescriptor) throws IOException {
        checkRequestValid();
    }

    @Override // org.apache.hadoop.hbase.coprocessor.BaseMasterAndRegionObserver, org.apache.hadoop.hbase.coprocessor.MasterObserver
    public void preCloneSnapshot(ObserverContext<MasterCoprocessorEnvironment> observerContext, HBaseProtos.SnapshotDescription snapshotDescription, HTableDescriptor hTableDescriptor) throws IOException {
        checkRequestValid();
    }

    @Override // org.apache.hadoop.hbase.coprocessor.BaseMasterAndRegionObserver, org.apache.hadoop.hbase.coprocessor.MasterObserver
    public void preRestoreSnapshot(ObserverContext<MasterCoprocessorEnvironment> observerContext, HBaseProtos.SnapshotDescription snapshotDescription, HTableDescriptor hTableDescriptor) throws IOException {
        checkRequestValid();
    }

    @Override // org.apache.hadoop.hbase.coprocessor.BaseRegionObserver, org.apache.hadoop.hbase.coprocessor.RegionObserver
    public void prePut(ObserverContext<RegionCoprocessorEnvironment> observerContext, Put put, WALEdit wALEdit, Durability durability) throws IOException {
        checkRequestValid();
    }

    @Override // org.apache.hadoop.hbase.coprocessor.BaseRegionObserver, org.apache.hadoop.hbase.coprocessor.RegionObserver
    public void preDelete(ObserverContext<RegionCoprocessorEnvironment> observerContext, Delete delete, WALEdit wALEdit, Durability durability) throws IOException {
        checkRequestValid();
    }

    @Override // org.apache.hadoop.hbase.coprocessor.BaseRegionObserver, org.apache.hadoop.hbase.coprocessor.RegionObserver
    public void preBatchMutate(ObserverContext<RegionCoprocessorEnvironment> observerContext, MiniBatchOperationInProgress<Mutation> miniBatchOperationInProgress) throws IOException {
        checkRequestValid();
    }

    @Override // org.apache.hadoop.hbase.coprocessor.BaseRegionObserver, org.apache.hadoop.hbase.coprocessor.RegionObserver
    public boolean preCheckAndPut(ObserverContext<RegionCoprocessorEnvironment> observerContext, byte[] bArr, byte[] bArr2, byte[] bArr3, CompareFilter.CompareOp compareOp, ByteArrayComparable byteArrayComparable, Put put, boolean z) throws IOException {
        checkRequestValid();
        return z;
    }

    @Override // org.apache.hadoop.hbase.coprocessor.BaseRegionObserver, org.apache.hadoop.hbase.coprocessor.RegionObserver
    public boolean preCheckAndDelete(ObserverContext<RegionCoprocessorEnvironment> observerContext, byte[] bArr, byte[] bArr2, byte[] bArr3, CompareFilter.CompareOp compareOp, ByteArrayComparable byteArrayComparable, Delete delete, boolean z) throws IOException {
        checkRequestValid();
        return z;
    }

    @Override // org.apache.hadoop.hbase.coprocessor.BaseRegionObserver, org.apache.hadoop.hbase.coprocessor.RegionObserver
    public Result preAppend(ObserverContext<RegionCoprocessorEnvironment> observerContext, Append append) throws IOException {
        checkRequestValid();
        return null;
    }

    @Override // org.apache.hadoop.hbase.coprocessor.BaseRegionObserver, org.apache.hadoop.hbase.coprocessor.RegionObserver
    public long preIncrementColumnValue(ObserverContext<RegionCoprocessorEnvironment> observerContext, byte[] bArr, byte[] bArr2, byte[] bArr3, long j, boolean z) throws IOException {
        checkRequestValid();
        return j;
    }

    @Override // org.apache.hadoop.hbase.coprocessor.BaseRegionObserver, org.apache.hadoop.hbase.coprocessor.RegionObserver
    public Result preIncrement(ObserverContext<RegionCoprocessorEnvironment> observerContext, Increment increment) throws IOException {
        checkRequestValid();
        return null;
    }

    @Override // org.apache.hadoop.hbase.coprocessor.BaseRegionObserver, org.apache.hadoop.hbase.coprocessor.RegionObserver
    public void preBulkLoadHFile(ObserverContext<RegionCoprocessorEnvironment> observerContext, List<Pair<byte[], String>> list) throws IOException {
        checkRequestValid();
    }

    @Override // org.apache.hadoop.hbase.coprocessor.BulkLoadObserver
    public void prePrepareBulkLoad(ObserverContext<RegionCoprocessorEnvironment> observerContext, SecureBulkLoadProtos.PrepareBulkLoadRequest prepareBulkLoadRequest) throws IOException {
        checkRequestValid();
    }

    @Override // org.apache.hadoop.hbase.coprocessor.BulkLoadObserver
    public void preCleanupBulkLoad(ObserverContext<RegionCoprocessorEnvironment> observerContext, SecureBulkLoadProtos.CleanupBulkLoadRequest cleanupBulkLoadRequest) throws IOException {
    }

    @Override // org.apache.hadoop.hbase.coprocessor.EndpointObserver
    public Message preEndpointInvocation(ObserverContext<RegionCoprocessorEnvironment> observerContext, Service service, String str, Message message) throws IOException {
        return message;
    }

    @Override // org.apache.hadoop.hbase.coprocessor.EndpointObserver
    public void postEndpointInvocation(ObserverContext<RegionCoprocessorEnvironment> observerContext, Service service, String str, Message message, Message.Builder builder) throws IOException {
    }
}
