package org.apache.hudi.org.apache.hadoop.hbase.security.access;

import java.io.ByteArrayInputStream;
import java.io.DataInput;
import java.io.DataInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.TreeSet;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.Writable;
import org.apache.hadoop.io.WritableFactories;
import org.apache.hadoop.io.WritableUtils;
import org.apache.hudi.org.apache.commons.lang3.StringUtils;
import org.apache.hudi.org.apache.hadoop.hbase.AuthUtil;
import org.apache.hudi.org.apache.hadoop.hbase.Cell;
import org.apache.hudi.org.apache.hadoop.hbase.CellBuilderFactory;
import org.apache.hudi.org.apache.hadoop.hbase.CellBuilderType;
import org.apache.hudi.org.apache.hadoop.hbase.CellUtil;
import org.apache.hudi.org.apache.hadoop.hbase.CompareOperator;
import org.apache.hudi.org.apache.hadoop.hbase.NamespaceDescriptor;
import org.apache.hudi.org.apache.hadoop.hbase.PrivateCellUtil;
import org.apache.hudi.org.apache.hadoop.hbase.TableName;
import org.apache.hudi.org.apache.hadoop.hbase.Tag;
import org.apache.hudi.org.apache.hadoop.hbase.client.Connection;
import org.apache.hudi.org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hudi.org.apache.hadoop.hbase.client.Delete;
import org.apache.hudi.org.apache.hadoop.hbase.client.Get;
import org.apache.hudi.org.apache.hadoop.hbase.client.Put;
import org.apache.hudi.org.apache.hadoop.hbase.client.Result;
import org.apache.hudi.org.apache.hadoop.hbase.client.ResultScanner;
import org.apache.hudi.org.apache.hadoop.hbase.client.Scan;
import org.apache.hudi.org.apache.hadoop.hbase.client.Table;
import org.apache.hudi.org.apache.hadoop.hbase.client.TableDescriptor;
import org.apache.hudi.org.apache.hadoop.hbase.exceptions.DeserializationException;
import org.apache.hudi.org.apache.hadoop.hbase.filter.Filter;
import org.apache.hudi.org.apache.hadoop.hbase.filter.QualifierFilter;
import org.apache.hudi.org.apache.hadoop.hbase.filter.RegexStringComparator;
import org.apache.hudi.org.apache.hadoop.hbase.protobuf.ProtobufUtil;
import org.apache.hudi.org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos;
import org.apache.hudi.org.apache.hadoop.hbase.regionserver.Region;
import org.apache.hudi.org.apache.hadoop.hbase.regionserver.RegionScanner;
import org.apache.hudi.org.apache.hadoop.hbase.security.User;
import org.apache.hudi.org.apache.hadoop.hbase.security.access.Permission;
import org.apache.hudi.org.apache.hadoop.hbase.util.Bytes;
import org.apache.hudi.org.apache.hadoop.hbase.util.Pair;
import org.apache.hudi.org.apache.hbase.thirdparty.com.google.common.collect.ArrayListMultimap;
import org.apache.hudi.org.apache.hbase.thirdparty.com.google.common.collect.ListMultimap;
import org.apache.hudi.org.apache.hbase.thirdparty.com.google.common.collect.Lists;
import org.apache.yetus.audience.InterfaceAudience;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hudi/org/apache/hadoop/hbase/security/access/PermissionStorage.class */
public final class PermissionStorage {
    public static final TableName ACL_TABLE_NAME;
    public static final byte[] ACL_GLOBAL_NAME;
    public static final String ACL_LIST_FAMILY_STR = "l";
    public static final byte[] ACL_LIST_FAMILY;
    public static final byte ACL_TAG_TYPE = 1;
    public static final char NAMESPACE_PREFIX = '@';
    public static final char ACL_KEY_DELIMITER = ',';
    private static final Logger LOG;
    private static final int LIST_CODE = 61;
    private static final int WRITABLE_CODE = 14;
    private static final int WRITABLE_NOT_ENCODED = 0;
    static final /* synthetic */ boolean $assertionsDisabled;

    private PermissionStorage() {
    }

    public static void addUserPermission(Configuration configuration, UserPermission userPermission, Table table, boolean z) throws IOException {
        Permission permission = userPermission.getPermission();
        Permission.Action[] actions = permission.getActions();
        byte[] userPermissionRowKey = userPermissionRowKey(permission);
        Put put = new Put(userPermissionRowKey);
        byte[] userPermissionKey = userPermissionKey(userPermission);
        if (actions == null || actions.length == 0) {
            String str = "No actions associated with user '" + userPermission.getUser() + "'";
            LOG.warn(str);
            throw new IOException(str);
        }
        TreeSet treeSet = new TreeSet();
        if (z) {
            UserPermission userPermission2 = null;
            Iterator<UserPermission> it = getUserPermissions(configuration, userPermissionRowKey, null, null, null, false).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                UserPermission next = it.next();
                if (userPermission.equalsExceptActions(next)) {
                    userPermission2 = next;
                    break;
                }
            }
            if (userPermission2 != null && userPermission2.getPermission().getActions() != null) {
                treeSet.addAll(Arrays.asList(userPermission2.getPermission().getActions()));
            }
        }
        treeSet.addAll(Arrays.asList(actions));
        byte[] bArr = new byte[treeSet.size()];
        int i = 0;
        Iterator it2 = treeSet.iterator();
        while (it2.hasNext()) {
            int i2 = i;
            i++;
            bArr[i2] = ((Permission.Action) it2.next()).code();
        }
        put.add(CellBuilderFactory.create(CellBuilderType.SHALLOW_COPY).setRow(put.getRow()).setFamily(ACL_LIST_FAMILY).setQualifier(userPermissionKey).setTimestamp(put.getTimestamp()).setType(Cell.Type.Put).setValue(bArr).build());
        if (LOG.isDebugEnabled()) {
            LOG.debug("Writing permission with rowKey " + Bytes.toString(userPermissionRowKey) + " " + Bytes.toString(userPermissionKey) + ": " + Bytes.toStringBinary(bArr));
        }
        try {
            table.put(put);
            table.close();
        } catch (Throwable th) {
            table.close();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addUserPermission(Configuration configuration, UserPermission userPermission, Table table) throws IOException {
        addUserPermission(configuration, userPermission, table, false);
    }

    public static void removeUserPermission(Configuration configuration, UserPermission userPermission, Table table) throws IOException {
        if (null == userPermission.getPermission().getActions() || userPermission.getPermission().getActions().length == 0) {
            removePermissionRecord(configuration, userPermission, table);
        } else {
            List<UserPermission> userPermissions = getUserPermissions(configuration, userPermissionRowKey(userPermission.getPermission()), null, null, null, false);
            ArrayList arrayList = new ArrayList();
            List asList = Arrays.asList(userPermission.getPermission().getActions());
            Iterator<UserPermission> it = userPermissions.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                UserPermission next = it.next();
                if (next.getUser().equals(userPermission.getUser())) {
                    for (Permission.Action action : next.getPermission().getActions()) {
                        if (!asList.contains(action)) {
                            arrayList.add(action);
                        }
                    }
                    if (arrayList.isEmpty()) {
                        removePermissionRecord(configuration, userPermission, table);
                    } else {
                        next.getPermission().setActions((Permission.Action[]) arrayList.toArray(new Permission.Action[arrayList.size()]));
                        addUserPermission(configuration, next, table);
                    }
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Removed permission " + userPermission.toString());
        }
    }

    private static void removePermissionRecord(Configuration configuration, UserPermission userPermission, Table table) throws IOException {
        Delete delete = new Delete(userPermissionRowKey(userPermission.getPermission()));
        delete.addColumns(ACL_LIST_FAMILY, userPermissionKey(userPermission));
        try {
            table.delete(delete);
            table.close();
        } catch (Throwable th) {
            table.close();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void removeTablePermissions(Configuration configuration, TableName tableName, Table table) throws IOException {
        Delete delete = new Delete(tableName.getName());
        delete.addFamily(ACL_LIST_FAMILY);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Removing permissions of removed table " + tableName);
        }
        try {
            table.delete(delete);
            table.close();
        } catch (Throwable th) {
            table.close();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void removeNamespacePermissions(Configuration configuration, String str, Table table) throws IOException {
        Delete delete = new Delete(Bytes.toBytes(toNamespaceEntry(str)));
        delete.addFamily(ACL_LIST_FAMILY);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Removing permissions of removed namespace " + str);
        }
        try {
            table.delete(delete);
            table.close();
        } catch (Throwable th) {
            table.close();
            throw th;
        }
    }

    private static void removeTablePermissions(TableName tableName, byte[] bArr, Table table, boolean z) throws IOException {
        Scan scan = new Scan();
        scan.addFamily(ACL_LIST_FAMILY);
        String bytes = Bytes.toString(bArr);
        scan.setFilter((Filter) new QualifierFilter(CompareOperator.EQUAL, new RegexStringComparator(String.format("(%s%s%s)|(%s%s)$", ',', bytes, ',', ',', bytes))));
        TreeSet treeSet = new TreeSet(Bytes.BYTES_COMPARATOR);
        ResultScanner resultScanner = null;
        try {
            resultScanner = table.getScanner(scan);
            Iterator<Result> it = resultScanner.iterator();
            while (it.hasNext()) {
                Iterator<byte[]> it2 = it.next().getFamilyMap(ACL_LIST_FAMILY).navigableKeySet().iterator();
                while (it2.hasNext()) {
                    treeSet.add(it2.next());
                }
            }
            if (treeSet.size() > 0) {
                Delete delete = new Delete(tableName.getName());
                Iterator it3 = treeSet.iterator();
                while (it3.hasNext()) {
                    delete.addColumns(ACL_LIST_FAMILY, (byte[]) it3.next());
                }
                table.delete(delete);
            }
            if (resultScanner != null) {
                resultScanner.close();
            }
            if (z) {
                table.close();
            }
        } catch (Throwable th) {
            if (resultScanner != null) {
                resultScanner.close();
            }
            if (z) {
                table.close();
            }
            throw th;
        }
    }

    static void removeTablePermissions(Configuration configuration, TableName tableName, byte[] bArr, Table table) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Removing permissions of removed column " + Bytes.toString(bArr) + " from table " + tableName);
        }
        removeTablePermissions(tableName, bArr, table, true);
    }

    static byte[] userPermissionRowKey(Permission permission) {
        return permission instanceof TablePermission ? ((TablePermission) permission).getTableName().getName() : permission instanceof NamespacePermission ? Bytes.toBytes(toNamespaceEntry(((NamespacePermission) permission).getNamespace())) : ACL_GLOBAL_NAME;
    }

    static byte[] userPermissionKey(UserPermission userPermission) {
        byte[] bytes = Bytes.toBytes(userPermission.getUser());
        byte[] bArr = null;
        byte[] bArr2 = null;
        if (userPermission.getPermission().getAccessScope() == Permission.Scope.TABLE) {
            TablePermission tablePermission = (TablePermission) userPermission.getPermission();
            bArr2 = tablePermission.getFamily();
            bArr = tablePermission.getQualifier();
        }
        if (bArr2 != null && bArr2.length > 0) {
            bytes = Bytes.add(bytes, Bytes.add(new byte[]{44}, bArr2));
            if (bArr != null && bArr.length > 0) {
                bytes = Bytes.add(bytes, Bytes.add(new byte[]{44}, bArr));
            }
        }
        return bytes;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isAclRegion(Region region) {
        return ACL_TABLE_NAME.equals(region.getTableDescriptor().getTableName());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isAclTable(TableDescriptor tableDescriptor) {
        return ACL_TABLE_NAME.equals(tableDescriptor.getTableName());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Map<byte[], ListMultimap<String, UserPermission>> loadAll(Region region) throws IOException {
        boolean next;
        if (!isAclRegion(region)) {
            throw new IOException("Can only load permissions from " + ACL_TABLE_NAME);
        }
        TreeMap treeMap = new TreeMap((Comparator) Bytes.BYTES_RAWCOMPARATOR);
        Scan scan = new Scan();
        scan.addFamily(ACL_LIST_FAMILY);
        RegionScanner regionScanner = null;
        try {
            regionScanner = region.getScanner(scan);
            do {
                ArrayList arrayList = new ArrayList();
                next = regionScanner.next(arrayList);
                ArrayListMultimap create = ArrayListMultimap.create();
                byte[] bArr = null;
                for (Cell cell : arrayList) {
                    if (bArr == null) {
                        bArr = CellUtil.cloneRow(cell);
                    }
                    Pair<String, Permission> parsePermissionRecord = parsePermissionRecord(bArr, cell, null, null, false, null);
                    if (parsePermissionRecord != null) {
                        String first = parsePermissionRecord.getFirst();
                        create.put(first, new UserPermission(first, parsePermissionRecord.getSecond()));
                    }
                }
                if (bArr != null) {
                    treeMap.put(bArr, create);
                }
            } while (next);
            if (regionScanner != null) {
                regionScanner.close();
            }
            return treeMap;
        } catch (Throwable th) {
            if (regionScanner != null) {
                regionScanner.close();
            }
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    static Map<byte[], ListMultimap<String, UserPermission>> loadAll(Configuration configuration) throws IOException {
        TreeMap treeMap = new TreeMap((Comparator) Bytes.BYTES_RAWCOMPARATOR);
        Scan scan = new Scan();
        scan.addFamily(ACL_LIST_FAMILY);
        Connection createConnection = ConnectionFactory.createConnection(configuration);
        try {
            Table table = createConnection.getTable(ACL_TABLE_NAME);
            try {
                ResultScanner scanner = table.getScanner(scan);
                try {
                    for (Result result : scanner) {
                        treeMap.put(result.getRow(), parsePermissions(result.getRow(), result, null, null, null, false));
                    }
                    if (scanner != null) {
                        scanner.close();
                    }
                    if (table != null) {
                        table.close();
                    }
                    if (createConnection != null) {
                        createConnection.close();
                    }
                    return treeMap;
                } catch (Throwable th) {
                    if (scanner != null) {
                        scanner.close();
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th2) {
            if (createConnection != null) {
                try {
                    createConnection.close();
                } catch (Throwable th3) {
                    th2.addSuppressed(th3);
                }
            }
            throw th2;
        }
    }

    public static ListMultimap<String, UserPermission> getTablePermissions(Configuration configuration, TableName tableName) throws IOException {
        return getPermissions(configuration, tableName != null ? tableName.getName() : null, null, null, null, null, false);
    }

    public static ListMultimap<String, UserPermission> getNamespacePermissions(Configuration configuration, String str) throws IOException {
        return getPermissions(configuration, Bytes.toBytes(toNamespaceEntry(str)), null, null, null, null, false);
    }

    public static ListMultimap<String, UserPermission> getGlobalPermissions(Configuration configuration) throws IOException {
        return getPermissions(configuration, null, null, null, null, null, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public static ListMultimap<String, UserPermission> getPermissions(Configuration configuration, byte[] bArr, Table table, byte[] bArr2, byte[] bArr3, String str, boolean z) throws IOException {
        Result result;
        if (bArr == null) {
            bArr = ACL_GLOBAL_NAME;
        }
        ListMultimap create = ArrayListMultimap.create();
        Get get = new Get(bArr);
        get.addFamily(ACL_LIST_FAMILY);
        if (table == null) {
            Connection createConnection = ConnectionFactory.createConnection(configuration);
            try {
                Table table2 = createConnection.getTable(ACL_TABLE_NAME);
                try {
                    result = table2.get(get);
                    if (table2 != null) {
                        table2.close();
                    }
                    if (createConnection != null) {
                        createConnection.close();
                    }
                } finally {
                }
            } catch (Throwable th) {
                if (createConnection != null) {
                    try {
                        createConnection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } else {
            result = table.get(get);
        }
        if (result.isEmpty()) {
            LOG.info("No permissions found in " + ACL_TABLE_NAME + " for acl entry " + Bytes.toString(bArr));
        } else {
            create = parsePermissions(bArr, result, bArr2, bArr3, str, z);
        }
        return create;
    }

    public static List<UserPermission> getUserTablePermissions(Configuration configuration, TableName tableName, byte[] bArr, byte[] bArr2, String str, boolean z) throws IOException {
        return getUserPermissions(configuration, tableName == null ? null : tableName.getName(), bArr, bArr2, str, z);
    }

    public static List<UserPermission> getUserNamespacePermissions(Configuration configuration, String str, String str2, boolean z) throws IOException {
        return getUserPermissions(configuration, Bytes.toBytes(toNamespaceEntry(str)), null, null, str2, z);
    }

    public static List<UserPermission> getUserPermissions(Configuration configuration, byte[] bArr, byte[] bArr2, byte[] bArr3, String str, boolean z) throws IOException {
        ListMultimap<String, UserPermission> permissions = getPermissions(configuration, bArr, null, bArr2, bArr3, str, z);
        ArrayList arrayList = new ArrayList();
        Iterator<Map.Entry<String, UserPermission>> it = permissions.entries().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getValue());
        }
        return arrayList;
    }

    private static ListMultimap<String, UserPermission> parsePermissions(byte[] bArr, Result result, byte[] bArr2, byte[] bArr3, String str, boolean z) {
        ArrayListMultimap create = ArrayListMultimap.create();
        if (result != null && result.size() > 0) {
            for (Cell cell : result.rawCells()) {
                Pair<String, Permission> parsePermissionRecord = parsePermissionRecord(bArr, cell, bArr2, bArr3, z, str);
                if (parsePermissionRecord != null) {
                    String first = parsePermissionRecord.getFirst();
                    create.put(first, new UserPermission(first, parsePermissionRecord.getSecond()));
                }
            }
        }
        return create;
    }

    private static Pair<String, Permission> parsePermissionRecord(byte[] bArr, Cell cell, byte[] bArr2, byte[] bArr3, boolean z, String str) {
        if (!Bytes.equals(CellUtil.cloneFamily(cell), ACL_LIST_FAMILY)) {
            return null;
        }
        byte[] cloneQualifier = CellUtil.cloneQualifier(cell);
        byte[] cloneValue = CellUtil.cloneValue(cell);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Read acl: entry[" + Bytes.toStringBinary(bArr) + "], kv [" + Bytes.toStringBinary(cloneQualifier) + ": " + Bytes.toStringBinary(cloneValue) + "]");
        }
        String bytes = Bytes.toString(cloneQualifier);
        List<String> list = null;
        if (z && bytes.charAt(0) == '@' && !StringUtils.isEmpty(str) && str.charAt(0) != '@') {
            list = AccessChecker.getUserGroups(str);
        }
        if (isNamespaceEntry(bArr)) {
            if (!z || validateFilterUser(bytes, str, list)) {
                return new Pair<>(bytes, Permission.newBuilder(Bytes.toString(fromNamespaceEntry(bArr))).withActionCodes(cloneValue).build());
            }
            return null;
        }
        if (isGlobalEntry(bArr)) {
            if (!z || validateFilterUser(bytes, str, list)) {
                return new Pair<>(bytes, Permission.newBuilder().withActionCodes(cloneValue).build());
            }
            return null;
        }
        int indexOf = bytes.indexOf(44);
        byte[] bArr4 = null;
        byte[] bArr5 = null;
        if (indexOf > 0 && indexOf < bytes.length() - 1) {
            String substring = bytes.substring(indexOf + 1);
            bytes = bytes.substring(0, indexOf);
            int indexOf2 = substring.indexOf(44);
            if (indexOf2 <= 0 || indexOf2 >= substring.length() - 1) {
                bArr4 = Bytes.toBytes(substring);
            } else {
                bArr4 = Bytes.toBytes(substring.substring(0, indexOf2));
                bArr5 = Bytes.toBytes(substring.substring(indexOf2 + 1));
            }
        }
        if (!z || ((str == null || validateFilterUser(bytes, str, list)) && validateCFAndCQ(bArr4, bArr2, bArr5, bArr3))) {
            return new Pair<>(bytes, Permission.newBuilder(TableName.valueOf(bArr)).withFamily(bArr4).withQualifier(bArr5).withActionCodes(cloneValue).build());
        }
        return null;
    }

    private static boolean validateFilterUser(String str, String str2, List<String> list) {
        return list == null ? str2.equals(str) : list.contains(str.substring(1));
    }

    private static boolean validateCFAndCQ(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        boolean z = true;
        if (bArr2 != null) {
            if (!Bytes.equals(bArr2, bArr)) {
                z = false;
            } else if (bArr4 != null && !Bytes.equals(bArr4, bArr3)) {
                z = false;
            }
        }
        return z;
    }

    public static byte[] writePermissionsAsBytes(ListMultimap<String, UserPermission> listMultimap, Configuration configuration) {
        return ProtobufUtil.prependPBMagic(AccessControlUtil.toUserTablePermissions(listMultimap).toByteArray());
    }

    private static List<Permission> readWritableUserPermission(DataInput dataInput, Configuration configuration) throws IOException, ClassNotFoundException {
        if (!$assertionsDisabled && WritableUtils.readVInt(dataInput) != 61) {
            throw new AssertionError();
        }
        int readInt = dataInput.readInt();
        ArrayList arrayList = new ArrayList(readInt);
        for (int i = 0; i < readInt; i++) {
            if (!$assertionsDisabled && WritableUtils.readVInt(dataInput) != 14) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && WritableUtils.readVInt(dataInput) != 0) {
                throw new AssertionError();
            }
            Permission newInstance = WritableFactories.newInstance(configuration.getClassByName(Text.readString(dataInput)).asSubclass(Writable.class), configuration);
            newInstance.readFields(dataInput);
            arrayList.add(newInstance);
        }
        return arrayList;
    }

    public static ListMultimap<String, UserPermission> readUserPermission(byte[] bArr, Configuration configuration) throws DeserializationException {
        if (ProtobufUtil.isPBMagicPrefix(bArr)) {
            int lengthOfPBMagic = ProtobufUtil.lengthOfPBMagic();
            try {
                AccessControlProtos.UsersAndPermissions.Builder newBuilder = AccessControlProtos.UsersAndPermissions.newBuilder();
                ProtobufUtil.mergeFrom(newBuilder, bArr, lengthOfPBMagic, bArr.length - lengthOfPBMagic);
                return AccessControlUtil.toUserPermission(newBuilder.build());
            } catch (IOException e) {
                throw new DeserializationException(e);
            }
        }
        ArrayListMultimap create = ArrayListMultimap.create();
        try {
            DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
            int readInt = dataInputStream.readInt();
            for (int i = 0; i < readInt; i++) {
                String readString = Text.readString(dataInputStream);
                Iterator<Permission> it = readWritableUserPermission(dataInputStream, configuration).iterator();
                while (it.hasNext()) {
                    create.put(readString, new UserPermission(readString, it.next()));
                }
            }
            return create;
        } catch (IOException | ClassNotFoundException e2) {
            throw new DeserializationException(e2);
        }
    }

    public static ListMultimap<String, Permission> readPermissions(byte[] bArr, Configuration configuration) throws DeserializationException {
        if (ProtobufUtil.isPBMagicPrefix(bArr)) {
            int lengthOfPBMagic = ProtobufUtil.lengthOfPBMagic();
            try {
                AccessControlProtos.UsersAndPermissions.Builder newBuilder = AccessControlProtos.UsersAndPermissions.newBuilder();
                ProtobufUtil.mergeFrom(newBuilder, bArr, lengthOfPBMagic, bArr.length - lengthOfPBMagic);
                return AccessControlUtil.toPermission(newBuilder.build());
            } catch (IOException e) {
                throw new DeserializationException(e);
            }
        }
        ArrayListMultimap create = ArrayListMultimap.create();
        try {
            DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
            int readInt = dataInputStream.readInt();
            for (int i = 0; i < readInt; i++) {
                create.putAll(Text.readString(dataInputStream), readWritableUserPermission(dataInputStream, configuration));
            }
            return create;
        } catch (IOException | ClassNotFoundException e2) {
            throw new DeserializationException(e2);
        }
    }

    public static boolean isGlobalEntry(byte[] bArr) {
        return Bytes.equals(bArr, ACL_GLOBAL_NAME);
    }

    public static boolean isNamespaceEntry(String str) {
        return isNamespaceEntry(Bytes.toBytes(str));
    }

    public static boolean isNamespaceEntry(byte[] bArr) {
        return (bArr == null || bArr.length == 0 || bArr[0] != 64) ? false : true;
    }

    public static boolean isTableEntry(byte[] bArr) {
        return (isNamespaceEntry(bArr) || isGlobalEntry(bArr) || bArr == null) ? false : true;
    }

    public static String toNamespaceEntry(String str) {
        return '@' + str;
    }

    public static String fromNamespaceEntry(String str) {
        if (str.charAt(0) != '@') {
            throw new IllegalArgumentException("Argument is not a valid namespace entry");
        }
        return str.substring(1);
    }

    public static byte[] toNamespaceEntry(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length + 1];
        bArr2[0] = 64;
        System.arraycopy(bArr, 0, bArr2, 1, bArr.length);
        return bArr2;
    }

    public static byte[] fromNamespaceEntry(byte[] bArr) {
        if (bArr[0] != 64) {
            throw new IllegalArgumentException("Argument is not a valid namespace entry: " + Bytes.toString(bArr));
        }
        return Arrays.copyOfRange(bArr, 1, bArr.length);
    }

    public static List<Permission> getCellPermissionsForUser(User user, Cell cell) throws IOException {
        if (cell.getTagsLength() == 0) {
            return null;
        }
        ArrayList newArrayList = Lists.newArrayList();
        Iterator<Tag> tagsIterator = PrivateCellUtil.tagsIterator(cell);
        while (tagsIterator.hasNext()) {
            Tag next = tagsIterator.next();
            if (next.getType() == 1) {
                AccessControlProtos.UsersAndPermissions.Builder newBuilder = AccessControlProtos.UsersAndPermissions.newBuilder();
                if (next.hasArray()) {
                    ProtobufUtil.mergeFrom(newBuilder, next.getValueArray(), next.getValueOffset(), next.getValueLength());
                } else {
                    ProtobufUtil.mergeFrom(newBuilder, Tag.cloneValue(next));
                }
                ListMultimap<String, Permission> usersAndPermissions = AccessControlUtil.toUsersAndPermissions(newBuilder.build());
                List<Permission> list = usersAndPermissions.get((ListMultimap<String, Permission>) user.getShortName());
                if (list != null) {
                    newArrayList.addAll(list);
                }
                String[] groupNames = user.getGroupNames();
                if (groupNames != null) {
                    for (String str : groupNames) {
                        List<Permission> list2 = usersAndPermissions.get((ListMultimap<String, Permission>) AuthUtil.toGroupEntry(str));
                        if (newArrayList != null) {
                            newArrayList.addAll(list2);
                        }
                    }
                }
            }
        }
        return newArrayList;
    }

    static {
        $assertionsDisabled = !PermissionStorage.class.desiredAssertionStatus();
        ACL_TABLE_NAME = TableName.valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR, AccessControlConstants.OP_ATTRIBUTE_ACL);
        ACL_GLOBAL_NAME = ACL_TABLE_NAME.getName();
        ACL_LIST_FAMILY = Bytes.toBytes(ACL_LIST_FAMILY_STR);
        LOG = LoggerFactory.getLogger(PermissionStorage.class);
    }
}
