package org.apache.hadoop.hbase.security.access;

import java.io.IOException;
import java.util.Collection;
import java.util.Iterator;
import java.util.Optional;
import java.util.regex.Matcher;
import org.apache.commons.io.FilenameUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.RegionInfo;
import org.apache.hadoop.hbase.client.TableDescriptor;
import org.apache.hadoop.hbase.coprocessor.MasterCoprocessor;
import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;
import org.apache.hadoop.hbase.coprocessor.MasterObserver;
import org.apache.hadoop.hbase.coprocessor.ObserverContext;
import org.apache.hadoop.hbase.mob.MobConstants;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.yetus.audience.InterfaceAudience;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.LimitedPrivate({"Configuration"})
/* loaded from: input_file:org/apache/hadoop/hbase/security/access/CoprocessorWhitelistMasterObserver.class */
public class CoprocessorWhitelistMasterObserver implements MasterCoprocessor, MasterObserver {
    public static final String CP_COPROCESSOR_WHITELIST_PATHS_KEY = "hbase.coprocessor.region.whitelist.paths";
    private static final Logger LOG = LoggerFactory.getLogger(CoprocessorWhitelistMasterObserver.class);

    @Override // org.apache.hadoop.hbase.coprocessor.MasterCoprocessor
    public Optional<MasterObserver> getMasterObserver() {
        return Optional.of(this);
    }

    @Override // org.apache.hadoop.hbase.coprocessor.MasterObserver
    public void preModifyTable(ObserverContext<MasterCoprocessorEnvironment> observerContext, TableName tableName, TableDescriptor tableDescriptor) throws IOException {
        verifyCoprocessors(observerContext, tableDescriptor);
    }

    @Override // org.apache.hadoop.hbase.coprocessor.MasterObserver
    public void preCreateTable(ObserverContext<MasterCoprocessorEnvironment> observerContext, TableDescriptor tableDescriptor, RegionInfo[] regionInfoArr) throws IOException {
        verifyCoprocessors(observerContext, tableDescriptor);
    }

    private static boolean validatePath(Path path, Path path2, Configuration configuration) throws IOException {
        if (path2.toString().equals("*")) {
            return true;
        }
        if (!path2.isAbsoluteAndSchemeAuthorityNull()) {
            String scheme = path2.toUri().getScheme();
            String scheme2 = path.toUri().getScheme();
            String host = path2.toUri().getHost();
            String host2 = path.toUri().getHost();
            String lowerCase = scheme != null ? scheme.toString().toLowerCase() : MobConstants.EMPTY_STRING;
            String lowerCase2 = host != null ? host.toString().toLowerCase() : MobConstants.EMPTY_STRING;
            String lowerCase3 = scheme2 != null ? scheme2.toString().toLowerCase() : MobConstants.EMPTY_STRING;
            String lowerCase4 = host2 != null ? host2.toString().toLowerCase() : MobConstants.EMPTY_STRING;
            if (!lowerCase.equals(lowerCase3) || !lowerCase2.equals(lowerCase4)) {
                return false;
            }
        }
        return path2.isRoot() || FilenameUtils.wildcardMatch(Path.getPathWithoutSchemeAndAuthority(path).toString(), Path.getPathWithoutSchemeAndAuthority(path2).toString());
    }

    private void verifyCoprocessors(ObserverContext<MasterCoprocessorEnvironment> observerContext, TableDescriptor tableDescriptor) throws IOException {
        Matcher matcher;
        Configuration configuration = observerContext.getEnvironment().getConfiguration();
        Collection stringCollection = configuration.getStringCollection(CP_COPROCESSOR_WHITELIST_PATHS_KEY);
        Collection coprocessors = tableDescriptor.getCoprocessors();
        for (int i = 0; i < coprocessors.size(); i++) {
            String bytes = Bytes.toString(tableDescriptor.getValue(Bytes.toBytes("coprocessor$" + (i + 1))));
            if (bytes != null && (matcher = HConstants.CP_HTD_ATTR_VALUE_PATTERN.matcher(bytes)) != null && matcher.matches()) {
                String trim = matcher.group(1).trim();
                if (trim.equals(MobConstants.EMPTY_STRING)) {
                    return;
                }
                Path path = new Path(trim);
                String trim2 = matcher.group(2).trim();
                boolean z = false;
                Iterator it = stringCollection.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String str = (String) it.next();
                    try {
                        z = validatePath(path, new Path(str), configuration);
                    } catch (IOException e) {
                        LOG.warn(String.format("Failed to validate white list path %s for coprocessor path %s", str, trim));
                    }
                    if (z) {
                        LOG.debug(String.format("Coprocessor %s found in directory %s", trim2, str));
                        break;
                    }
                }
                if (!z) {
                    throw new IOException(String.format("Loading %s DENIED in %s", trim2, CP_COPROCESSOR_WHITELIST_PATHS_KEY));
                }
            }
        }
    }
}
