package org.apache.hudi.org.apache.hadoop.hbase.security.visibility;

import com.google.protobuf.ByteString;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.util.ReflectionUtils;
import org.apache.hudi.org.apache.hadoop.hbase.ArrayBackedTag;
import org.apache.hudi.org.apache.hadoop.hbase.Cell;
import org.apache.hudi.org.apache.hadoop.hbase.PrivateCellUtil;
import org.apache.hudi.org.apache.hadoop.hbase.Tag;
import org.apache.hudi.org.apache.hadoop.hbase.client.ColumnFamilyDescriptor;
import org.apache.hudi.org.apache.hadoop.hbase.exceptions.DeserializationException;
import org.apache.hudi.org.apache.hadoop.hbase.filter.Filter;
import org.apache.hudi.org.apache.hadoop.hbase.io.util.StreamUtils;
import org.apache.hudi.org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hudi.org.apache.hadoop.hbase.protobuf.ProtobufUtil;
import org.apache.hudi.org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos;
import org.apache.hudi.org.apache.hadoop.hbase.regionserver.Region;
import org.apache.hudi.org.apache.hadoop.hbase.security.AccessDeniedException;
import org.apache.hudi.org.apache.hadoop.hbase.security.User;
import org.apache.hudi.org.apache.hadoop.hbase.security.visibility.expression.ExpressionNode;
import org.apache.hudi.org.apache.hadoop.hbase.security.visibility.expression.LeafExpressionNode;
import org.apache.hudi.org.apache.hadoop.hbase.security.visibility.expression.NonLeafExpressionNode;
import org.apache.hudi.org.apache.hadoop.hbase.security.visibility.expression.Operator;
import org.apache.hudi.org.apache.hadoop.hbase.util.Bytes;
import org.apache.hudi.org.apache.hadoop.hbase.util.SimpleMutableByteRange;
import org.apache.yetus.audience.InterfaceAudience;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hudi/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.class */
public class VisibilityUtils {
    public static final String VISIBILITY_LABEL_GENERATOR_CLASS = "hbase.regionserver.scan.visibility.label.generator.class";
    public static final String SYSTEM_LABEL = "system";
    private static final String COMMA = ",";
    private static final Logger LOG = LoggerFactory.getLogger(VisibilityUtils.class);
    public static final Tag SORTED_ORDINAL_SERIALIZATION_FORMAT_TAG = new ArrayBackedTag((byte) 4, VisibilityConstants.SORTED_ORDINAL_SERIALIZATION_FORMAT_TAG_VAL);
    private static final ExpressionParser EXP_PARSER = new ExpressionParser();
    private static final ExpressionExpander EXP_EXPANDER = new ExpressionExpander();

    public static byte[] getDataToWriteToZooKeeper(Map<String, Integer> map) {
        VisibilityLabelsProtos.VisibilityLabelsRequest.Builder newBuilder = VisibilityLabelsProtos.VisibilityLabelsRequest.newBuilder();
        for (Map.Entry<String, Integer> entry : map.entrySet()) {
            VisibilityLabelsProtos.VisibilityLabel.Builder newBuilder2 = VisibilityLabelsProtos.VisibilityLabel.newBuilder();
            newBuilder2.setLabel(ByteString.copyFrom(Bytes.toBytes(entry.getKey())));
            newBuilder2.setOrdinal(entry.getValue().intValue());
            newBuilder.addVisLabel(newBuilder2.m10477build());
        }
        return ProtobufUtil.prependPBMagic(newBuilder.m10508build().toByteArray());
    }

    public static byte[] getUserAuthsDataToWriteToZooKeeper(Map<String, List<Integer>> map) {
        VisibilityLabelsProtos.MultiUserAuthorizations.Builder newBuilder = VisibilityLabelsProtos.MultiUserAuthorizations.newBuilder();
        for (Map.Entry<String, List<Integer>> entry : map.entrySet()) {
            VisibilityLabelsProtos.UserAuthorizations.Builder newBuilder2 = VisibilityLabelsProtos.UserAuthorizations.newBuilder();
            newBuilder2.setUser(ByteString.copyFrom(Bytes.toBytes(entry.getKey())));
            Iterator<Integer> it = entry.getValue().iterator();
            while (it.hasNext()) {
                newBuilder2.addAuth(it.next().intValue());
            }
            newBuilder.addUserAuths(newBuilder2.m10446build());
        }
        return ProtobufUtil.prependPBMagic(newBuilder.m10384build().toByteArray());
    }

    public static List<VisibilityLabelsProtos.VisibilityLabel> readLabelsFromZKData(byte[] bArr) throws DeserializationException {
        if (!ProtobufUtil.isPBMagicPrefix(bArr)) {
            return null;
        }
        int lengthOfPBMagic = ProtobufUtil.lengthOfPBMagic();
        try {
            VisibilityLabelsProtos.VisibilityLabelsRequest.Builder newBuilder = VisibilityLabelsProtos.VisibilityLabelsRequest.newBuilder();
            ProtobufUtil.mergeFrom(newBuilder, bArr, lengthOfPBMagic, bArr.length - lengthOfPBMagic);
            return newBuilder.getVisLabelList();
        } catch (IOException e) {
            throw new DeserializationException(e);
        }
    }

    public static VisibilityLabelsProtos.MultiUserAuthorizations readUserAuthsFromZKData(byte[] bArr) throws DeserializationException {
        if (!ProtobufUtil.isPBMagicPrefix(bArr)) {
            return null;
        }
        int lengthOfPBMagic = ProtobufUtil.lengthOfPBMagic();
        try {
            VisibilityLabelsProtos.MultiUserAuthorizations.Builder newBuilder = VisibilityLabelsProtos.MultiUserAuthorizations.newBuilder();
            ProtobufUtil.mergeFrom(newBuilder, bArr, lengthOfPBMagic, bArr.length - lengthOfPBMagic);
            return newBuilder.m10384build();
        } catch (IOException e) {
            throw new DeserializationException(e);
        }
    }

    public static List<ScanLabelGenerator> getScanLabelGenerators(Configuration configuration) {
        String str = configuration.get(VISIBILITY_LABEL_GENERATOR_CLASS);
        ArrayList arrayList = new ArrayList();
        if (StringUtils.isNotEmpty(str)) {
            for (String str2 : str.split(",")) {
                try {
                    arrayList.add(ReflectionUtils.newInstance(configuration.getClassByName(str2.trim()), configuration));
                } catch (ClassNotFoundException e) {
                    throw new IllegalArgumentException("Unable to find " + str2, e);
                }
            }
        }
        if (arrayList.isEmpty()) {
            arrayList.add(ReflectionUtils.newInstance(FeedUserAuthScanLabelGenerator.class, configuration));
            arrayList.add(ReflectionUtils.newInstance(DefinedSetFilterScanLabelGenerator.class, configuration));
        }
        return arrayList;
    }

    public static Byte extractVisibilityTags(Cell cell, List<Tag> list) {
        Byte b = null;
        Iterator<Tag> tagsIterator = PrivateCellUtil.tagsIterator(cell);
        while (tagsIterator.hasNext()) {
            Tag next = tagsIterator.next();
            if (next.getType() == 4) {
                b = Byte.valueOf(Tag.getValueAsByte(next));
            } else if (next.getType() == 2) {
                list.add(next);
            }
        }
        return b;
    }

    public static Byte extractAndPartitionTags(Cell cell, List<Tag> list, List<Tag> list2) {
        Byte b = null;
        Iterator<Tag> tagsIterator = PrivateCellUtil.tagsIterator(cell);
        while (tagsIterator.hasNext()) {
            Tag next = tagsIterator.next();
            if (next.getType() == 4) {
                b = Byte.valueOf(Tag.getValueAsByte(next));
            } else if (next.getType() == 2) {
                list.add(next);
            } else {
                list2.add(next);
            }
        }
        return b;
    }

    public static boolean isVisibilityTagsPresent(Cell cell) {
        Iterator<Tag> tagsIterator = PrivateCellUtil.tagsIterator(cell);
        while (tagsIterator.hasNext()) {
            if (tagsIterator.next().getType() == 2) {
                return true;
            }
        }
        return false;
    }

    public static Filter createVisibilityLabelFilter(Region region, Authorizations authorizations) throws IOException {
        HashMap hashMap = new HashMap();
        for (ColumnFamilyDescriptor columnFamilyDescriptor : region.getTableDescriptor().getColumnFamilies()) {
            hashMap.put(new SimpleMutableByteRange(columnFamilyDescriptor.getName()), Integer.valueOf(columnFamilyDescriptor.getMaxVersions()));
        }
        return new VisibilityLabelFilter(VisibilityLabelServiceManager.getInstance().getVisibilityLabelService().getVisibilityExpEvaluator(authorizations), hashMap);
    }

    public static User getActiveUser() throws IOException {
        Optional<User> requestUser = RpcServer.getRequestUser();
        User current = requestUser.isPresent() ? requestUser.get() : User.getCurrent();
        if (LOG.isTraceEnabled()) {
            LOG.trace("Current active user name is " + current.getShortName());
        }
        return current;
    }

    public static List<Tag> createVisibilityExpTags(String str, boolean z, boolean z2, Set<Integer> set, VisibilityLabelOrdinalProvider visibilityLabelOrdinalProvider) throws IOException {
        try {
            ExpressionNode expand = EXP_EXPANDER.expand(EXP_PARSER.parse(str));
            ArrayList arrayList = new ArrayList();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            ArrayList arrayList2 = new ArrayList();
            if (z) {
                arrayList.add(SORTED_ORDINAL_SERIALIZATION_FORMAT_TAG);
            }
            if (expand.isSingleNode()) {
                getLabelOrdinals(expand, arrayList2, set, z2, visibilityLabelOrdinalProvider);
                writeLabelOrdinalsToStream(arrayList2, dataOutputStream);
                arrayList.add(new ArrayBackedTag((byte) 2, byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } else {
                NonLeafExpressionNode nonLeafExpressionNode = (NonLeafExpressionNode) expand;
                if (nonLeafExpressionNode.getOperator() == Operator.OR) {
                    Iterator<ExpressionNode> it = nonLeafExpressionNode.getChildExps().iterator();
                    while (it.hasNext()) {
                        getLabelOrdinals(it.next(), arrayList2, set, z2, visibilityLabelOrdinalProvider);
                        writeLabelOrdinalsToStream(arrayList2, dataOutputStream);
                        arrayList.add(new ArrayBackedTag((byte) 2, byteArrayOutputStream.toByteArray()));
                        byteArrayOutputStream.reset();
                        arrayList2.clear();
                    }
                } else {
                    getLabelOrdinals(nonLeafExpressionNode, arrayList2, set, z2, visibilityLabelOrdinalProvider);
                    writeLabelOrdinalsToStream(arrayList2, dataOutputStream);
                    arrayList.add(new ArrayBackedTag((byte) 2, byteArrayOutputStream.toByteArray()));
                    byteArrayOutputStream.reset();
                }
            }
            return arrayList;
        } catch (ParseException e) {
            throw new IOException(e);
        }
    }

    private static void getLabelOrdinals(ExpressionNode expressionNode, List<Integer> list, Set<Integer> set, boolean z, VisibilityLabelOrdinalProvider visibilityLabelOrdinalProvider) throws IOException, InvalidLabelException {
        String identifier;
        int i;
        if (!expressionNode.isSingleNode()) {
            Iterator<ExpressionNode> it = ((NonLeafExpressionNode) expressionNode).getChildExps().iterator();
            while (it.hasNext()) {
                getLabelOrdinals(it.next(), list, set, z, visibilityLabelOrdinalProvider);
            }
            return;
        }
        if (expressionNode instanceof LeafExpressionNode) {
            identifier = ((LeafExpressionNode) expressionNode).getIdentifier();
            if (LOG.isTraceEnabled()) {
                LOG.trace("The identifier is " + identifier);
            }
            i = visibilityLabelOrdinalProvider.getLabelOrdinal(identifier);
            checkAuths(set, i, identifier, z);
        } else {
            identifier = ((LeafExpressionNode) ((NonLeafExpressionNode) expressionNode).getChildExps().get(0)).getIdentifier();
            int labelOrdinal = visibilityLabelOrdinalProvider.getLabelOrdinal(identifier);
            checkAuths(set, labelOrdinal, identifier, z);
            i = (-1) * labelOrdinal;
        }
        if (i == 0) {
            throw new InvalidLabelException("Invalid visibility label " + identifier);
        }
        list.add(Integer.valueOf(i));
    }

    private static void writeLabelOrdinalsToStream(List<Integer> list, DataOutputStream dataOutputStream) throws IOException {
        Collections.sort(list);
        Iterator<Integer> it = list.iterator();
        while (it.hasNext()) {
            StreamUtils.writeRawVInt32(dataOutputStream, it.next().intValue());
        }
    }

    private static void checkAuths(Set<Integer> set, int i, String str, boolean z) throws IOException {
        if (z) {
            if (set == null || !set.contains(Integer.valueOf(i))) {
                throw new AccessDeniedException("Visibility label " + str + " not authorized for the user " + getActiveUser().getShortName());
            }
        }
    }
}
