package org.apache.accumulo.server.security;

import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.accumulo.core.client.TableNotFoundException;
import org.apache.accumulo.core.client.impl.Credentials;
import org.apache.accumulo.core.client.impl.Tables;
import org.apache.accumulo.core.client.impl.Translator;
import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
import org.apache.accumulo.core.data.Range;
import org.apache.accumulo.core.data.thrift.IterInfo;
import org.apache.accumulo.core.data.thrift.TColumn;
import org.apache.accumulo.core.data.thrift.TKeyExtent;
import org.apache.accumulo.core.data.thrift.TRange;
import org.apache.accumulo.core.master.thrift.FateOperation;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.security.thrift.TCredentials;
import org.apache.accumulo.core.util.ByteBufferUtil;
import org.apache.accumulo.server.AccumuloServerContext;
import org.apache.accumulo.server.rpc.TServerUtils;
import org.apache.accumulo.server.security.handler.Authenticator;
import org.apache.accumulo.server.security.handler.Authorizor;
import org.apache.accumulo.server.security.handler.PermissionHandler;
import org.apache.hadoop.io.Text;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/apache/accumulo/server/security/AuditedSecurityOperation.class */
public class AuditedSecurityOperation extends SecurityOperation {
    public static final String AUDITLOG = "Audit";
    public static final Logger audit = Logger.getLogger(AUDITLOG);
    public static final String CAN_SCAN_AUDIT_TEMPLATE = "action: scan; targetTable: %s; authorizations: %s; range: %s; columns: %s; iterators: %s; iteratorOptions: %s;";
    private static final int MAX_ELEMENTS_TO_LOG = 10;
    public static final String CAN_SCAN_BATCH_AUDIT_TEMPLATE = "action: scan; targetTable: %s; authorizations: %s; range: %s; columns: %s; iterators: %s; iteratorOptions: %s;";
    public static final String CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE = "action: changeAuthorizations; targetUser: %s; authorizations: %s";
    public static final String CHANGE_PASSWORD_AUDIT_TEMPLATE = "action: changePassword; targetUser: %s;";
    public static final String CREATE_USER_AUDIT_TEMPLATE = "action: createUser; targetUser: %s; Authorizations: %s;";
    public static final String CAN_CREATE_TABLE_AUDIT_TEMPLATE = "action: createTable; targetTable: %s;";
    public static final String CAN_DELETE_TABLE_AUDIT_TEMPLATE = "action: deleteTable; targetTable: %s;";
    public static final String CAN_RENAME_TABLE_AUDIT_TEMPLATE = "action: renameTable; targetTable: %s; newTableName: %s;";
    public static final String CAN_SPLIT_TABLE_AUDIT_TEMPLATE = "action: splitTable; targetTable: %s; targetNamespace: %s;";
    public static final String CAN_PERFORM_SYSTEM_ACTION_AUDIT_TEMPLATE = "action: performSystemAction; principal: %s;";
    public static final String CAN_FLUSH_TABLE_AUDIT_TEMPLATE = "action: flushTable; targetTable: %s; targetNamespace: %s;";
    public static final String CAN_ALTER_TABLE_AUDIT_TEMPLATE = "action: alterTable; targetTable: %s; targetNamespace: %s;";
    public static final String CAN_CLONE_TABLE_AUDIT_TEMPLATE = "action: cloneTable; targetTable: %s; newTableName: %s";
    public static final String CAN_DELETE_RANGE_AUDIT_TEMPLATE = "action: deleteData; targetTable: %s; startRange: %s; endRange: %s;";
    public static final String CAN_BULK_IMPORT_AUDIT_TEMPLATE = "action: bulkImport; targetTable: %s; dataDir: %s; failDir: %s;";
    public static final String CAN_COMPACT_TABLE_AUDIT_TEMPLATE = "action: compactTable; targetTable: %s; targetNamespace: %s;";
    public static final String CAN_CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE = "action: changeAuthorizations; targetUser: %s;";
    public static final String CAN_CHANGE_PASSWORD_AUDIT_TEMPLATE = "action: changePassword; targetUser: %s;";
    public static final String CAN_CREATE_USER_AUDIT_TEMPLATE = "action: createUser; targetUser: %s;";
    public static final String CAN_DROP_USER_AUDIT_TEMPLATE = "action: dropUser; targetUser: %s;";
    public static final String CAN_GRANT_SYSTEM_AUDIT_TEMPLATE = "action: grantSystem; targetUser: %s; targetPermission: %s;";
    public static final String CAN_GRANT_TABLE_AUDIT_TEMPLATE = "action: grantTable; targetUser: %s; targetTable: %s; targetNamespace: %s;";
    public static final String CAN_REVOKE_SYSTEM_AUDIT_TEMPLATE = "action: revokeSystem; targetUser: %s;, targetPermission: %s;";
    public static final String CAN_REVOKE_TABLE_AUDIT_TEMPLATE = "action: revokeTable; targetUser: %s; targetTable %s; targetNamespace: %s;";
    public static final String CAN_IMPORT_AUDIT_TEMPLATE = "action: import; targetTable: %s; dataDir: %s;";
    public static final String CAN_EXPORT_AUDIT_TEMPLATE = "action: export; targetTable: %s; dataDir: %s;";
    public static final String DROP_USER_AUDIT_TEMPLATE = "action: dropUser; targetUser: %s;";
    public static final String GRANT_SYSTEM_PERMISSION_AUDIT_TEMPLATE = "action: grantSystemPermission; permission: %s; targetUser: %s;";
    public static final String GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE = "action: grantTablePermission; permission: %s; targetTable: %s; targetUser: %s;";
    public static final String REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE = "action: revokeSystemPermission; permission: %s; targetUser: %s;";
    public static final String REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE = "action: revokeTablePermission; permission: %s; targetTable: %s; targetUser: %s;";
    public static final String HAS_SYSTEM_PERMISSION_AUDIT_TEMPLATE = "action: hasSystemPermission; permission: %s; targetUser: %s;";
    public static final String CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE = "action: %s; targetTable: %s;";
    public static final String CAN_MERGE_TABLE_AUDIT_TEMPLATE = "action: mergeTable; targetTable: %s; targetNamespace: %s;";
    public static final String AUTHENICATE_AUDIT_TEMPLATE = "action: authenticate;";
    public static final String DELEGATION_TOKEN_AUDIT_TEMPLATE = "requested delegation token";

    public AuditedSecurityOperation(AccumuloServerContext accumuloServerContext, Authorizor authorizor, Authenticator authenticator, PermissionHandler permissionHandler) {
        super(accumuloServerContext, authorizor, authenticator, permissionHandler);
    }

    public static synchronized SecurityOperation getInstance(AccumuloServerContext accumuloServerContext) {
        return getInstance(accumuloServerContext, false);
    }

    public static synchronized SecurityOperation getInstance(AccumuloServerContext accumuloServerContext, boolean z) {
        if (instance == null) {
            String instanceID = accumuloServerContext.getInstance().getInstanceID();
            instance = new AuditedSecurityOperation(accumuloServerContext, getAuthorizor(instanceID, z), getAuthenticator(instanceID, z), getPermHandler(instanceID, z));
        }
        return instance;
    }

    private String getTableName(String str) {
        try {
            return Tables.getTableName(this.context.getInstance(), str);
        } catch (TableNotFoundException e) {
            return "Unknown Table with ID " + str;
        }
    }

    public static StringBuilder getAuthString(List<ByteBuffer> list) {
        StringBuilder sb = new StringBuilder();
        Iterator<ByteBuffer> it = list.iterator();
        while (it.hasNext()) {
            sb.append(ByteBufferUtil.toString(it.next())).append(",");
        }
        return sb;
    }

    private boolean shouldAudit(TCredentials tCredentials, String str) {
        return (audit.isInfoEnabled() || audit.isEnabledFor(Level.WARN)) && !str.equals("!0") && shouldAudit(tCredentials);
    }

    private boolean shouldAudit(TCredentials tCredentials) {
        return !this.context.getCredentials().getToken().getClass().getName().equals(tCredentials.getTokenClassName());
    }

    private void audit(TCredentials tCredentials, ThriftSecurityException thriftSecurityException, String str, Object... objArr) {
        audit.warn("operation: failed; user: " + tCredentials.getPrincipal() + "; " + String.format(str, objArr) + "; exception: " + thriftSecurityException.toString());
    }

    private void audit(TCredentials tCredentials, String str, Object... objArr) {
        if (shouldAudit(tCredentials)) {
            audit.info("operation: success; user: " + tCredentials.getPrincipal() + ": " + String.format(str, objArr));
        }
    }

    private void audit(TCredentials tCredentials, boolean z, String str, Object... objArr) {
        if (shouldAudit(tCredentials)) {
            audit.info("operation: " + (z ? "permitted" : "denied") + "; user: " + tCredentials.getPrincipal() + "; client: " + TServerUtils.clientAddress.get() + "; " + String.format(str, objArr));
        }
    }

    private static List<String> truncate(Collection<?> collection) {
        ArrayList arrayList = new ArrayList();
        int i = 0;
        Iterator<?> it = collection.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            int i2 = i;
            i++;
            if (i2 > MAX_ELEMENTS_TO_LOG) {
                arrayList.add(" and " + (collection.size() - MAX_ELEMENTS_TO_LOG) + " more ");
                break;
            }
            arrayList.add(next.toString());
        }
        return arrayList;
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canScan(TCredentials tCredentials, String str, String str2, TRange tRange, List<TColumn> list, List<IterInfo> list2, Map<String, Map<String, String>> map, List<ByteBuffer> list3) throws ThriftSecurityException {
        if (!shouldAudit(tCredentials, str)) {
            return super.canScan(tCredentials, str, str2);
        }
        Range range = new Range(tRange);
        List<String> truncate = truncate(Translator.translate(list, new Translator.TColumnTranslator()));
        String tableName = getTableName(str);
        try {
            boolean canScan = super.canScan(tCredentials, str, str2);
            audit(tCredentials, canScan, "action: scan; targetTable: %s; authorizations: %s; range: %s; columns: %s; iterators: %s; iteratorOptions: %s;", tableName, getAuthString(list3), range, truncate, list2, map);
            return canScan;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "action: scan; targetTable: %s; authorizations: %s; range: %s; columns: %s; iterators: %s; iteratorOptions: %s;", getAuthString(list3), str, range, truncate, list2, map);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canScan(TCredentials tCredentials, String str, String str2, Map<TKeyExtent, List<TRange>> map, List<TColumn> list, List<IterInfo> list2, Map<String, Map<String, String>> map2, List<ByteBuffer> list3) throws ThriftSecurityException {
        if (!shouldAudit(tCredentials, str)) {
            return super.canScan(tCredentials, str, str2);
        }
        Map translate = Translator.translate(map, new Translator.TKeyExtentTranslator(), new Translator.ListTranslator(new Translator.TRangeTranslator()));
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : translate.entrySet()) {
            hashMap.put(entry.getKey(), truncate((Collection) entry.getValue()));
        }
        Object translate2 = Translator.translate(list, new Translator.TColumnTranslator());
        String tableName = getTableName(str);
        try {
            boolean canScan = super.canScan(tCredentials, str, str2);
            audit(tCredentials, canScan, "action: scan; targetTable: %s; authorizations: %s; range: %s; columns: %s; iterators: %s; iteratorOptions: %s;", tableName, getAuthString(list3), hashMap, translate2, list2, map2);
            return canScan;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "action: scan; targetTable: %s; authorizations: %s; range: %s; columns: %s; iterators: %s; iteratorOptions: %s;", getAuthString(list3), str, hashMap, translate2, list2, map2);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void changeAuthorizations(TCredentials tCredentials, String str, Authorizations authorizations) throws ThriftSecurityException {
        try {
            super.changeAuthorizations(tCredentials, str, authorizations);
            audit(tCredentials, CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE, str, authorizations);
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE, str, authorizations);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void changePassword(TCredentials tCredentials, Credentials credentials) throws ThriftSecurityException {
        try {
            super.changePassword(tCredentials, credentials);
            audit(tCredentials, "action: changePassword; targetUser: %s;", credentials.getPrincipal());
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "action: changePassword; targetUser: %s;", credentials.getPrincipal());
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void createUser(TCredentials tCredentials, Credentials credentials, Authorizations authorizations) throws ThriftSecurityException {
        try {
            super.createUser(tCredentials, credentials, authorizations);
            audit(tCredentials, CREATE_USER_AUDIT_TEMPLATE, credentials.getPrincipal(), authorizations);
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, CREATE_USER_AUDIT_TEMPLATE, credentials.getPrincipal(), authorizations);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canCreateTable(TCredentials tCredentials, String str, String str2) throws ThriftSecurityException {
        try {
            boolean canCreateTable = super.canCreateTable(tCredentials, str, str2);
            audit(tCredentials, canCreateTable, CAN_CREATE_TABLE_AUDIT_TEMPLATE, str);
            return canCreateTable;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, CAN_CREATE_TABLE_AUDIT_TEMPLATE, str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canDeleteTable(TCredentials tCredentials, String str, String str2) throws ThriftSecurityException {
        String tableName = getTableName(str);
        try {
            boolean canDeleteTable = super.canDeleteTable(tCredentials, str, str2);
            audit(tCredentials, canDeleteTable, CAN_DELETE_TABLE_AUDIT_TEMPLATE, tableName, str);
            return canDeleteTable;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, CAN_DELETE_TABLE_AUDIT_TEMPLATE, tableName, str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canRenameTable(TCredentials tCredentials, String str, String str2, String str3, String str4) throws ThriftSecurityException {
        try {
            boolean canRenameTable = super.canRenameTable(tCredentials, str, str2, str3, str4);
            audit(tCredentials, canRenameTable, CAN_RENAME_TABLE_AUDIT_TEMPLATE, str2, str3);
            return canRenameTable;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, CAN_RENAME_TABLE_AUDIT_TEMPLATE, str2, str3);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canSplitTablet(TCredentials tCredentials, String str, String str2) throws ThriftSecurityException {
        try {
            boolean canSplitTablet = super.canSplitTablet(tCredentials, str, str2);
            audit(tCredentials, canSplitTablet, CAN_SPLIT_TABLE_AUDIT_TEMPLATE, str, str2);
            return canSplitTablet;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "split tablet on table %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canPerformSystemActions(TCredentials tCredentials) throws ThriftSecurityException {
        try {
            boolean canPerformSystemActions = super.canPerformSystemActions(tCredentials);
            audit(tCredentials, canPerformSystemActions, CAN_PERFORM_SYSTEM_ACTION_AUDIT_TEMPLATE, tCredentials.getPrincipal());
            return canPerformSystemActions;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "system action denied", new Object[0]);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canFlush(TCredentials tCredentials, String str, String str2) throws ThriftSecurityException {
        try {
            boolean canFlush = super.canFlush(tCredentials, str, str2);
            audit(tCredentials, canFlush, CAN_FLUSH_TABLE_AUDIT_TEMPLATE, str, str2);
            return canFlush;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "flush on tableId %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canAlterTable(TCredentials tCredentials, String str, String str2) throws ThriftSecurityException {
        try {
            boolean canAlterTable = super.canAlterTable(tCredentials, str, str2);
            audit(tCredentials, canAlterTable, CAN_ALTER_TABLE_AUDIT_TEMPLATE, str, str2);
            return canAlterTable;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "alter table on tableId %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canCloneTable(TCredentials tCredentials, String str, String str2, String str3, String str4) throws ThriftSecurityException {
        String tableName = getTableName(str);
        try {
            boolean canCloneTable = super.canCloneTable(tCredentials, str, str2, str3, str4);
            audit(tCredentials, canCloneTable, CAN_CLONE_TABLE_AUDIT_TEMPLATE, tableName, str2);
            return canCloneTable;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, CAN_CLONE_TABLE_AUDIT_TEMPLATE, tableName, str2);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canDeleteRange(TCredentials tCredentials, String str, String str2, Text text, Text text2, String str3) throws ThriftSecurityException {
        try {
            boolean canDeleteRange = super.canDeleteRange(tCredentials, str, str2, text, text2, str3);
            audit(tCredentials, canDeleteRange, CAN_DELETE_RANGE_AUDIT_TEMPLATE, str2, text.toString(), text2.toString());
            return canDeleteRange;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, CAN_DELETE_RANGE_AUDIT_TEMPLATE, str2, text.toString(), text2.toString());
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canBulkImport(TCredentials tCredentials, String str, String str2, String str3, String str4, String str5) throws ThriftSecurityException {
        try {
            boolean canBulkImport = super.canBulkImport(tCredentials, str, str5);
            audit(tCredentials, canBulkImport, CAN_BULK_IMPORT_AUDIT_TEMPLATE, str2, str3, str4);
            return canBulkImport;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, CAN_BULK_IMPORT_AUDIT_TEMPLATE, str2, str3, str4);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canCompact(TCredentials tCredentials, String str, String str2) throws ThriftSecurityException {
        try {
            boolean canCompact = super.canCompact(tCredentials, str, str2);
            audit(tCredentials, canCompact, CAN_COMPACT_TABLE_AUDIT_TEMPLATE, str, str2);
            return canCompact;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "compact on tableId %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canChangeAuthorizations(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canChangeAuthorizations = super.canChangeAuthorizations(tCredentials, str);
            audit(tCredentials, canChangeAuthorizations, CAN_CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE, str);
            return canChangeAuthorizations;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "change authorizations on user %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canChangePassword(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canChangePassword = super.canChangePassword(tCredentials, str);
            audit(tCredentials, canChangePassword, "action: changePassword; targetUser: %s;", str);
            return canChangePassword;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "change password on user %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canCreateUser(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canCreateUser = super.canCreateUser(tCredentials, str);
            audit(tCredentials, canCreateUser, CAN_CREATE_USER_AUDIT_TEMPLATE, str);
            return canCreateUser;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "create user on user %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canDropUser(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            boolean canDropUser = super.canDropUser(tCredentials, str);
            audit(tCredentials, canDropUser, "action: dropUser; targetUser: %s;", str);
            return canDropUser;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "drop user on user %s denied", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canGrantSystem(TCredentials tCredentials, String str, SystemPermission systemPermission) throws ThriftSecurityException {
        try {
            boolean canGrantSystem = super.canGrantSystem(tCredentials, str, systemPermission);
            audit(tCredentials, canGrantSystem, CAN_GRANT_SYSTEM_AUDIT_TEMPLATE, str, systemPermission);
            return canGrantSystem;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "grant system permission %s for user %s denied", systemPermission, str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canGrantTable(TCredentials tCredentials, String str, String str2, String str3) throws ThriftSecurityException {
        try {
            boolean canGrantTable = super.canGrantTable(tCredentials, str, str2, str3);
            audit(tCredentials, canGrantTable, CAN_GRANT_TABLE_AUDIT_TEMPLATE, str, str2, str3);
            return canGrantTable;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "grant table on table %s for user %s denied", str2, str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canRevokeSystem(TCredentials tCredentials, String str, SystemPermission systemPermission) throws ThriftSecurityException {
        try {
            boolean canRevokeSystem = super.canRevokeSystem(tCredentials, str, systemPermission);
            audit(tCredentials, canRevokeSystem, CAN_REVOKE_SYSTEM_AUDIT_TEMPLATE, str, systemPermission);
            return canRevokeSystem;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "revoke system permission %s for user %s denied", systemPermission, str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canRevokeTable(TCredentials tCredentials, String str, String str2, String str3) throws ThriftSecurityException {
        try {
            boolean canRevokeTable = super.canRevokeTable(tCredentials, str, str2, str3);
            audit(tCredentials, canRevokeTable, CAN_REVOKE_TABLE_AUDIT_TEMPLATE, str, str2, str3);
            return canRevokeTable;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "revoke table on table %s for user %s denied", str2, str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canImport(TCredentials tCredentials, String str, String str2, String str3) throws ThriftSecurityException {
        try {
            boolean canImport = super.canImport(tCredentials, str, str2, str3);
            audit(tCredentials, canImport, CAN_IMPORT_AUDIT_TEMPLATE, str, str2);
            return canImport;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, CAN_IMPORT_AUDIT_TEMPLATE, str, str2);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canExport(TCredentials tCredentials, String str, String str2, String str3, String str4) throws ThriftSecurityException {
        try {
            boolean canExport = super.canExport(tCredentials, str, str2, str3, str4);
            audit(tCredentials, canExport, CAN_EXPORT_AUDIT_TEMPLATE, str2, str3);
            return canExport;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, CAN_EXPORT_AUDIT_TEMPLATE, str2, str3);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void dropUser(TCredentials tCredentials, String str) throws ThriftSecurityException {
        try {
            super.dropUser(tCredentials, str);
            audit(tCredentials, "action: dropUser; targetUser: %s;", str);
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "action: dropUser; targetUser: %s;", str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void grantSystemPermission(TCredentials tCredentials, String str, SystemPermission systemPermission) throws ThriftSecurityException {
        try {
            super.grantSystemPermission(tCredentials, str, systemPermission);
            audit(tCredentials, GRANT_SYSTEM_PERMISSION_AUDIT_TEMPLATE, systemPermission, str);
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, GRANT_SYSTEM_PERMISSION_AUDIT_TEMPLATE, systemPermission, str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void grantTablePermission(TCredentials tCredentials, String str, String str2, TablePermission tablePermission, String str3) throws ThriftSecurityException {
        String tableName = getTableName(str2);
        try {
            super.grantTablePermission(tCredentials, str, str2, tablePermission, str3);
            audit(tCredentials, GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE, tablePermission, tableName, str);
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE, tablePermission, tableName, str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void revokeSystemPermission(TCredentials tCredentials, String str, SystemPermission systemPermission) throws ThriftSecurityException {
        try {
            super.revokeSystemPermission(tCredentials, str, systemPermission);
            audit(tCredentials, REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE, systemPermission, str);
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE, systemPermission, str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void revokeTablePermission(TCredentials tCredentials, String str, String str2, TablePermission tablePermission, String str3) throws ThriftSecurityException {
        String tableName = getTableName(str2);
        try {
            super.revokeTablePermission(tCredentials, str, str2, tablePermission, str3);
            audit(tCredentials, REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE, tablePermission, tableName, str);
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE, tablePermission, tableName, str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean hasSystemPermission(TCredentials tCredentials, String str, SystemPermission systemPermission) throws ThriftSecurityException {
        try {
            boolean hasSystemPermission = super.hasSystemPermission(tCredentials, str, systemPermission);
            audit(tCredentials, hasSystemPermission, HAS_SYSTEM_PERMISSION_AUDIT_TEMPLATE, systemPermission, str);
            return hasSystemPermission;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "checking permission %s on %s denied", systemPermission, str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canOnlineOfflineTable(TCredentials tCredentials, String str, FateOperation fateOperation, String str2) throws ThriftSecurityException {
        String tableName = getTableName(str);
        Object obj = null;
        if (fateOperation == FateOperation.TABLE_ONLINE) {
            obj = "onlineTable";
        }
        if (fateOperation == FateOperation.TABLE_OFFLINE) {
            obj = "offlineTable";
        }
        try {
            boolean canOnlineOfflineTable = super.canOnlineOfflineTable(tCredentials, str, fateOperation, str2);
            audit(tCredentials, canOnlineOfflineTable, CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE, obj, tableName, str);
            return canOnlineOfflineTable;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE, obj, tableName, str);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canMerge(TCredentials tCredentials, String str, String str2) throws ThriftSecurityException {
        try {
            boolean canMerge = super.canMerge(tCredentials, str, str2);
            audit(tCredentials, canMerge, CAN_MERGE_TABLE_AUDIT_TEMPLATE, str, str2);
            return canMerge;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, e, "merge table on tableId %s denied", str);
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.accumulo.server.security.SecurityOperation
    public void authenticate(TCredentials tCredentials) throws ThriftSecurityException {
        try {
            super.authenticate(tCredentials);
            audit(tCredentials, true, AUTHENICATE_AUDIT_TEMPLATE, new Object[0]);
        } catch (ThriftSecurityException e) {
            audit(tCredentials, false, AUTHENICATE_AUDIT_TEMPLATE, new Object[0]);
            throw e;
        }
    }

    @Override // org.apache.accumulo.server.security.SecurityOperation
    public boolean canObtainDelegationToken(TCredentials tCredentials) throws ThriftSecurityException {
        try {
            boolean canObtainDelegationToken = super.canObtainDelegationToken(tCredentials);
            audit(tCredentials, canObtainDelegationToken, DELEGATION_TOKEN_AUDIT_TEMPLATE, new Object[0]);
            return canObtainDelegationToken;
        } catch (ThriftSecurityException e) {
            audit(tCredentials, false, DELEGATION_TOKEN_AUDIT_TEMPLATE, new Object[0]);
            throw e;
        }
    }
}
