1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.hadoop.hbase.security.visibility;
19
20 import java.io.IOException;
21 import java.util.BitSet;
22 import java.util.Iterator;
23
24 import org.apache.hadoop.classification.InterfaceAudience;
25 import org.apache.hadoop.hbase.Cell;
26 import org.apache.hadoop.hbase.CellUtil;
27 import org.apache.hadoop.hbase.Tag;
28 import org.apache.hadoop.hbase.filter.FilterBase;
29 import org.apache.hadoop.hbase.io.util.StreamUtils;
30 import org.apache.hadoop.hbase.util.Pair;
31
32
33
34
35
36 @InterfaceAudience.Private
37 class VisibilityLabelFilter extends FilterBase {
38
39 private BitSet authLabels;
40
41 public VisibilityLabelFilter(BitSet authLabels) {
42 this.authLabels = authLabels;
43 }
44
45 @Override
46 public ReturnCode filterKeyValue(Cell cell) throws IOException {
47 Iterator<Tag> tagsItr = CellUtil.tagsIterator(cell.getTagsArray(), cell.getTagsOffset(),
48 cell.getTagsLength());
49 boolean visibilityTagPresent = false;
50 while (tagsItr.hasNext()) {
51 boolean includeKV = true;
52 Tag tag = tagsItr.next();
53 if (tag.getType() == VisibilityUtils.VISIBILITY_TAG_TYPE) {
54 visibilityTagPresent = true;
55 int offset = tag.getTagOffset();
56 int endOffset = offset + tag.getTagLength();
57 while (offset < endOffset) {
58 Pair<Integer, Integer> result = StreamUtils.readRawVarint32(tag.getBuffer(), offset);
59 int currLabelOrdinal = result.getFirst();
60 if (currLabelOrdinal < 0) {
61
62
63 int temp = -currLabelOrdinal;
64 if (this.authLabels.get(temp)) {
65 includeKV = false;
66 break;
67 }
68 } else {
69 if (!this.authLabels.get(currLabelOrdinal)) {
70 includeKV = false;
71 break;
72 }
73 }
74 offset += result.getSecond();
75 }
76 if (includeKV) {
77
78
79 return ReturnCode.INCLUDE;
80 }
81 }
82 }
83 return visibilityTagPresent ? ReturnCode.SKIP : ReturnCode.INCLUDE;
84 }
85 }