package org.apache.accumulo.server.security;

import java.util.Set;
import org.apache.accumulo.core.Constants;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.TableNotFoundException;
import org.apache.accumulo.core.client.admin.SecurityOperationsImpl;
import org.apache.accumulo.core.client.impl.thrift.SecurityErrorCode;
import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.CredentialHelper;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.security.thrift.TCredentials;
import org.apache.accumulo.server.client.HdfsZooInstance;
import org.apache.accumulo.server.conf.ServerConfiguration;
import org.apache.accumulo.server.master.Master;
import org.apache.accumulo.server.security.handler.Authenticator;
import org.apache.accumulo.server.security.handler.Authorizor;
import org.apache.accumulo.server.security.handler.PermissionHandler;
import org.apache.accumulo.server.security.handler.ZKAuthenticator;
import org.apache.accumulo.server.security.handler.ZKAuthorizor;
import org.apache.accumulo.server.security.handler.ZKPermHandler;
import org.apache.accumulo.server.zookeeper.ZooCache;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/apache/accumulo/server/security/SecurityOperation.class */
public class SecurityOperation {
    protected Authorizor authorizor;
    protected Authenticator authenticator;
    protected PermissionHandler permHandle;
    private final ZooCache zooCache;
    private final String ZKUserPath;
    protected static SecurityOperation instance;
    private static final Logger log = Logger.getLogger(SecurityOperationsImpl.class);
    private static String rootUserName = null;

    public static synchronized SecurityOperation getInstance() {
        return getInstance(HdfsZooInstance.getInstance().getInstanceID(), false);
    }

    public static synchronized SecurityOperation getInstance(String str, boolean z) {
        if (instance == null) {
            instance = new SecurityOperation(getAuthorizor(str, z), getAuthenticator(str, z), getPermHandler(str, z), str);
        }
        return instance;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Authorizor getAuthorizor(String str, boolean z) {
        Authorizor authorizor = (Authorizor) Master.createInstanceFromPropertyName(ServerConfiguration.getSiteConfiguration(), Property.INSTANCE_SECURITY_AUTHORIZOR, Authorizor.class, ZKAuthorizor.getInstance());
        authorizor.initialize(str, z);
        return authorizor;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Authenticator getAuthenticator(String str, boolean z) {
        Authenticator authenticator = (Authenticator) Master.createInstanceFromPropertyName(ServerConfiguration.getSiteConfiguration(), Property.INSTANCE_SECURITY_AUTHENTICATOR, Authenticator.class, ZKAuthenticator.getInstance());
        authenticator.initialize(str, z);
        return authenticator;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PermissionHandler getPermHandler(String str, boolean z) {
        PermissionHandler permissionHandler = (PermissionHandler) Master.createInstanceFromPropertyName(ServerConfiguration.getSiteConfiguration(), Property.INSTANCE_SECURITY_PERMISSION_HANDLER, PermissionHandler.class, ZKPermHandler.getInstance());
        permissionHandler.initialize(str, z);
        return permissionHandler;
    }

    public SecurityOperation(String str) {
        this.ZKUserPath = "/accumulo/" + str + "/users";
        this.zooCache = new ZooCache();
    }

    public SecurityOperation(Authorizor authorizor, Authenticator authenticator, PermissionHandler permissionHandler, String str) {
        this(str);
        this.authorizor = authorizor;
        this.authenticator = authenticator;
        this.permHandle = permissionHandler;
        if (!this.authorizor.validSecurityHandlers(this.authenticator, permissionHandler) || !this.authenticator.validSecurityHandlers(this.authorizor, permissionHandler) || !this.permHandle.validSecurityHandlers(authenticator, authorizor)) {
            throw new RuntimeException(this.authorizor + ", " + this.authenticator + ", and " + permissionHandler + " do not play nice with eachother. Please choose authentication and authorization mechanisms that are compatible with one another.");
        }
    }

    public void initializeSecurity(TCredentials tCredentials, String str, byte[] bArr) throws AccumuloSecurityException, ThriftSecurityException {
        authenticate(tCredentials);
        if (!tCredentials.getPrincipal().equals(SecurityConstants.SYSTEM_PRINCIPAL)) {
            throw new AccumuloSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        this.authenticator.initializeSecurity(tCredentials, str, bArr);
        this.authorizor.initializeSecurity(tCredentials, str);
        this.permHandle.initializeSecurity(tCredentials, str);
        try {
            this.permHandle.grantTablePermission(str, "!0", TablePermission.ALTER_TABLE);
        } catch (TableNotFoundException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public synchronized String getRootUsername() {
        if (rootUserName == null) {
            rootUserName = new String(this.zooCache.get(this.ZKUserPath));
        }
        return rootUserName;
    }

    private void authenticate(TCredentials tCredentials) throws ThriftSecurityException {
        if (!tCredentials.getInstanceId().equals(HdfsZooInstance.getInstance().getInstanceID())) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.INVALID_INSTANCEID);
        }
        if (SecurityConstants.getSystemCredentials().equals(tCredentials)) {
            return;
        }
        if (tCredentials.getPrincipal().equals(SecurityConstants.SYSTEM_PRINCIPAL)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.BAD_CREDENTIALS);
        }
        try {
            if (this.authenticator.authenticateUser(tCredentials.getPrincipal(), reassembleToken(tCredentials))) {
            } else {
                throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.BAD_CREDENTIALS);
            }
        } catch (AccumuloSecurityException e) {
            log.debug(e);
            throw e.asThriftException();
        }
    }

    public boolean canAskAboutUser(TCredentials tCredentials, String str) throws ThriftSecurityException {
        if (canPerformSystemActions(tCredentials) || tCredentials.getPrincipal().equals(str)) {
            return true;
        }
        throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
    }

    public boolean authenticateUser(TCredentials tCredentials, TCredentials tCredentials2) throws ThriftSecurityException {
        canAskAboutUser(tCredentials, tCredentials2.getPrincipal());
        if (tCredentials.equals(tCredentials2)) {
            return true;
        }
        try {
            return this.authenticator.authenticateUser(tCredentials2.getPrincipal(), reassembleToken(tCredentials2));
        } catch (AccumuloSecurityException e) {
            throw e.asThriftException();
        }
    }

    private AuthenticationToken reassembleToken(TCredentials tCredentials) throws AccumuloSecurityException {
        if (this.authenticator.validTokenClass(tCredentials.getTokenClassName())) {
            return CredentialHelper.extractToken(tCredentials);
        }
        throw new AccumuloSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.INVALID_TOKEN);
    }

    public Authorizations getUserAuthorizations(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        targetUserExists(str);
        if (!tCredentials.getPrincipal().equals(str) && !hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.SYSTEM, false)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        if (str.equals(SecurityConstants.SYSTEM_PRINCIPAL)) {
            return Constants.NO_AUTHS;
        }
        try {
            return this.authorizor.getCachedUserAuthorizations(str);
        } catch (AccumuloSecurityException e) {
            throw e.asThriftException();
        }
    }

    public Authorizations getUserAuthorizations(TCredentials tCredentials) throws ThriftSecurityException {
        return getUserAuthorizations(tCredentials, tCredentials.getPrincipal());
    }

    private boolean hasSystemPermission(String str, SystemPermission systemPermission, boolean z) throws ThriftSecurityException {
        if (str.equals(getRootUsername()) || str.equals(SecurityConstants.SYSTEM_PRINCIPAL)) {
            return true;
        }
        targetUserExists(str);
        try {
            return z ? this.permHandle.hasCachedSystemPermission(str, systemPermission) : this.permHandle.hasSystemPermission(str, systemPermission);
        } catch (AccumuloSecurityException e) {
            throw e.asThriftException();
        }
    }

    private boolean hasTablePermission(String str, String str2, TablePermission tablePermission, boolean z) throws ThriftSecurityException {
        if (str.equals(SecurityConstants.SYSTEM_PRINCIPAL)) {
            return true;
        }
        targetUserExists(str);
        if (str2.equals("!0") && tablePermission.equals(TablePermission.READ)) {
            return true;
        }
        try {
            return z ? this.permHandle.hasCachedTablePermission(str, str2, tablePermission) : this.permHandle.hasTablePermission(str, str2, tablePermission);
        } catch (AccumuloSecurityException e) {
            throw e.asThriftException();
        } catch (TableNotFoundException e2) {
            throw new ThriftSecurityException(str, SecurityErrorCode.TABLE_DOESNT_EXIST);
        }
    }

    private boolean canAskAboutOtherUsers(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        return tCredentials.getPrincipal().equals(str) || hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.SYSTEM, false) || hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.CREATE_USER, false) || hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.ALTER_USER, false) || hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.DROP_USER, false);
    }

    private void targetUserExists(String str) throws ThriftSecurityException {
        if (str.equals(SecurityConstants.SYSTEM_PRINCIPAL) || str.equals(getRootUsername())) {
            return;
        }
        try {
            if (this.authenticator.userExists(str)) {
            } else {
                throw new ThriftSecurityException(str, SecurityErrorCode.USER_DOESNT_EXIST);
            }
        } catch (AccumuloSecurityException e) {
            throw e.asThriftException();
        }
    }

    public boolean canScan(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasTablePermission(tCredentials.getPrincipal(), str, TablePermission.READ, true);
    }

    public boolean canWrite(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasTablePermission(tCredentials.getPrincipal(), str, TablePermission.WRITE, true);
    }

    public boolean canSplitTablet(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.ALTER_TABLE, false) || hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.SYSTEM, false) || hasTablePermission(tCredentials.getPrincipal(), str, TablePermission.ALTER_TABLE, false);
    }

    public boolean canPerformSystemActions(TCredentials tCredentials) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.SYSTEM, false);
    }

    public boolean canFlush(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasTablePermission(tCredentials.getPrincipal(), str, TablePermission.WRITE, false) || hasTablePermission(tCredentials.getPrincipal(), str, TablePermission.ALTER_TABLE, false);
    }

    public boolean canAlterTable(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasTablePermission(tCredentials.getPrincipal(), str, TablePermission.ALTER_TABLE, false) || hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.ALTER_TABLE, false);
    }

    public boolean canCreateTable(TCredentials tCredentials) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.CREATE_TABLE, false);
    }

    public boolean canRenameTable(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.ALTER_TABLE, false) || hasTablePermission(tCredentials.getPrincipal(), str, TablePermission.ALTER_TABLE, false);
    }

    public boolean canCloneTable(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.CREATE_TABLE, false) && hasTablePermission(tCredentials.getPrincipal(), str, TablePermission.READ, false);
    }

    public boolean canDeleteTable(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.DROP_TABLE, false) || hasTablePermission(tCredentials.getPrincipal(), str, TablePermission.DROP_TABLE, false);
    }

    public boolean canOnlineOfflineTable(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.SYSTEM, false) || hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.ALTER_TABLE, false) || hasTablePermission(tCredentials.getPrincipal(), str, TablePermission.ALTER_TABLE, false);
    }

    public boolean canMerge(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.SYSTEM, false) || hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.ALTER_TABLE, false) || hasTablePermission(tCredentials.getPrincipal(), str, TablePermission.ALTER_TABLE, false);
    }

    public boolean canDeleteRange(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.SYSTEM, false) || hasTablePermission(tCredentials.getPrincipal(), str, TablePermission.WRITE, false);
    }

    public boolean canBulkImport(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasTablePermission(tCredentials.getPrincipal(), str, TablePermission.BULK_IMPORT, false);
    }

    public boolean canCompact(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.ALTER_TABLE, false) || hasTablePermission(tCredentials.getPrincipal(), str, TablePermission.ALTER_TABLE, false) || hasTablePermission(tCredentials.getPrincipal(), str, TablePermission.WRITE, false);
    }

    public boolean canChangeAuthorizations(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        if (str.equals(SecurityConstants.SYSTEM_PRINCIPAL)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.ALTER_USER, false);
    }

    public boolean canChangePassword(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        if (str.equals(SecurityConstants.SYSTEM_PRINCIPAL)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        return tCredentials.getPrincipal().equals(str) || hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.ALTER_USER, false);
    }

    public boolean canCreateUser(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        if (str.equals(SecurityConstants.SYSTEM_PRINCIPAL)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.CREATE_USER, false);
    }

    public boolean canDropUser(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        if (str.equals(getRootUsername()) || str.equals(SecurityConstants.SYSTEM_PRINCIPAL)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.DROP_USER, false);
    }

    public boolean canGrantSystem(TCredentials tCredentials, String str, SystemPermission systemPermission) throws ThriftSecurityException {
        authenticate(tCredentials);
        if (str.equals(SecurityConstants.SYSTEM_PRINCIPAL)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        if (systemPermission.equals(SystemPermission.GRANT)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.GRANT_INVALID);
        }
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.GRANT, false);
    }

    public boolean canGrantTable(TCredentials tCredentials, String str, String str2) throws ThriftSecurityException {
        authenticate(tCredentials);
        if (str.equals(SecurityConstants.SYSTEM_PRINCIPAL)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.ALTER_TABLE, false) || hasTablePermission(tCredentials.getPrincipal(), str2, TablePermission.GRANT, false);
    }

    public boolean canRevokeSystem(TCredentials tCredentials, String str, SystemPermission systemPermission) throws ThriftSecurityException {
        authenticate(tCredentials);
        if (str.equals(getRootUsername()) || str.equals(SecurityConstants.SYSTEM_PRINCIPAL)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        if (systemPermission.equals(SystemPermission.GRANT)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.GRANT_INVALID);
        }
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.GRANT, false);
    }

    public boolean canRevokeTable(TCredentials tCredentials, String str, String str2) throws ThriftSecurityException {
        authenticate(tCredentials);
        if (str.equals(SecurityConstants.SYSTEM_PRINCIPAL)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.ALTER_TABLE, false) || hasTablePermission(tCredentials.getPrincipal(), str2, TablePermission.GRANT, false);
    }

    public void changeAuthorizations(TCredentials tCredentials, String str, Authorizations authorizations) throws ThriftSecurityException {
        if (!canChangeAuthorizations(tCredentials, str)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        targetUserExists(str);
        try {
            this.authorizor.changeAuthorizations(str, authorizations);
            log.info("Changed authorizations for user " + str + " at the request of user " + tCredentials.getPrincipal());
        } catch (AccumuloSecurityException e) {
            throw e.asThriftException();
        }
    }

    public void changePassword(TCredentials tCredentials, TCredentials tCredentials2) throws ThriftSecurityException {
        if (!canChangePassword(tCredentials, tCredentials2.getPrincipal())) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        try {
            this.authenticator.changePassword(tCredentials2.getPrincipal(), reassembleToken(tCredentials2));
            log.info("Changed password for user " + tCredentials2.getPrincipal() + " at the request of user " + tCredentials.getPrincipal());
        } catch (AccumuloSecurityException e) {
            throw e.asThriftException();
        }
    }

    public void createUser(TCredentials tCredentials, TCredentials tCredentials2, Authorizations authorizations) throws ThriftSecurityException {
        if (!canCreateUser(tCredentials, tCredentials2.getPrincipal())) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        try {
            this.authenticator.createUser(tCredentials2.getPrincipal(), reassembleToken(tCredentials2));
            this.authorizor.initUser(tCredentials2.getPrincipal());
            this.permHandle.initUser(tCredentials2.getPrincipal());
            log.info("Created user " + tCredentials2.getPrincipal() + " at the request of user " + tCredentials.getPrincipal());
            if (canChangeAuthorizations(tCredentials, tCredentials2.getPrincipal())) {
                this.authorizor.changeAuthorizations(tCredentials2.getPrincipal(), authorizations);
            }
        } catch (AccumuloSecurityException e) {
            throw e.asThriftException();
        }
    }

    public void dropUser(TCredentials tCredentials, String str) throws ThriftSecurityException {
        if (!canDropUser(tCredentials, str)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        try {
            this.authorizor.dropUser(str);
            this.authenticator.dropUser(str);
            this.permHandle.cleanUser(str);
            log.info("Deleted user " + str + " at the request of user " + tCredentials.getPrincipal());
        } catch (AccumuloSecurityException e) {
            throw e.asThriftException();
        }
    }

    public void grantSystemPermission(TCredentials tCredentials, String str, SystemPermission systemPermission) throws ThriftSecurityException {
        if (!canGrantSystem(tCredentials, str, systemPermission)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        targetUserExists(str);
        try {
            this.permHandle.grantSystemPermission(str, systemPermission);
            log.info("Granted system permission " + systemPermission + " for user " + str + " at the request of user " + tCredentials.getPrincipal());
        } catch (AccumuloSecurityException e) {
            throw e.asThriftException();
        }
    }

    public void grantTablePermission(TCredentials tCredentials, String str, String str2, TablePermission tablePermission) throws ThriftSecurityException {
        if (!canGrantTable(tCredentials, str, str2)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        targetUserExists(str);
        try {
            this.permHandle.grantTablePermission(str, str2, tablePermission);
            log.info("Granted table permission " + tablePermission + " for user " + str + " on the table " + str2 + " at the request of user " + tCredentials.getPrincipal());
        } catch (TableNotFoundException e) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.TABLE_DOESNT_EXIST);
        } catch (AccumuloSecurityException e2) {
            throw e2.asThriftException();
        }
    }

    public void revokeSystemPermission(TCredentials tCredentials, String str, SystemPermission systemPermission) throws ThriftSecurityException {
        if (!canRevokeSystem(tCredentials, str, systemPermission)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        targetUserExists(str);
        try {
            this.permHandle.revokeSystemPermission(str, systemPermission);
            log.info("Revoked system permission " + systemPermission + " for user " + str + " at the request of user " + tCredentials.getPrincipal());
        } catch (AccumuloSecurityException e) {
            throw e.asThriftException();
        }
    }

    public void revokeTablePermission(TCredentials tCredentials, String str, String str2, TablePermission tablePermission) throws ThriftSecurityException {
        if (!canRevokeTable(tCredentials, str, str2)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        targetUserExists(str);
        try {
            this.permHandle.revokeTablePermission(str, str2, tablePermission);
            log.info("Revoked table permission " + tablePermission + " for user " + str + " on the table " + str2 + " at the request of user " + tCredentials.getPrincipal());
        } catch (TableNotFoundException e) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.TABLE_DOESNT_EXIST);
        } catch (AccumuloSecurityException e2) {
            throw e2.asThriftException();
        }
    }

    public boolean hasSystemPermission(TCredentials tCredentials, String str, SystemPermission systemPermission) throws ThriftSecurityException {
        if (canAskAboutOtherUsers(tCredentials, str)) {
            return hasSystemPermission(str, systemPermission, false);
        }
        throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
    }

    public boolean hasTablePermission(TCredentials tCredentials, String str, String str2, TablePermission tablePermission) throws ThriftSecurityException {
        if (canAskAboutOtherUsers(tCredentials, str)) {
            return hasTablePermission(str, str2, tablePermission, false);
        }
        throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
    }

    public Set<String> listUsers(TCredentials tCredentials) throws ThriftSecurityException {
        authenticate(tCredentials);
        try {
            return this.authenticator.listUsers();
        } catch (AccumuloSecurityException e) {
            throw e.asThriftException();
        }
    }

    public void deleteTable(TCredentials tCredentials, String str) throws ThriftSecurityException {
        if (!canDeleteTable(tCredentials, str)) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
        try {
            this.permHandle.cleanTablePermissions(str);
        } catch (TableNotFoundException e) {
            throw new ThriftSecurityException(tCredentials.getPrincipal(), SecurityErrorCode.TABLE_DOESNT_EXIST);
        } catch (AccumuloSecurityException e2) {
            e2.setUser(tCredentials.getPrincipal());
            throw e2.asThriftException();
        }
    }

    public boolean canExport(TCredentials tCredentials, String str) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasTablePermission(tCredentials.getPrincipal(), str, TablePermission.READ, false);
    }

    public boolean canImport(TCredentials tCredentials) throws ThriftSecurityException {
        authenticate(tCredentials);
        return hasSystemPermission(tCredentials.getPrincipal(), SystemPermission.CREATE_TABLE, false);
    }
}
