package org.apache.hadoop.security.authorize;

import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
import java.util.Collection;
import java.util.HashSet;
import java.util.LinkedList;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.Writable;
import org.apache.hadoop.io.WritableFactories;
import org.apache.hadoop.io.WritableFactory;
import org.apache.hadoop.security.Groups;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.StringUtils;

@InterfaceAudience.Public
@InterfaceStability.Evolving
/* loaded from: input_file:WEB-INF/lib/hadoop-common-2.7.0-mapr-1607.jar:org/apache/hadoop/security/authorize/AccessControlList.class */
public class AccessControlList implements Writable {
    public static final String WILDCARD_ACL_VALUE = "*";
    private static final int INITIAL_CAPACITY = 256;
    private Collection<String> users;
    private Collection<String> groups;
    private boolean allAllowed;
    private Groups groupsMapping = Groups.getUserToGroupsMappingService(new Configuration());

    public AccessControlList() {
    }

    public AccessControlList(String str) {
        buildACL(str.split(" ", 2));
    }

    public AccessControlList(String str, String str2) {
        buildACL(new String[]{str, str2});
    }

    private void buildACL(String[] strArr) {
        this.users = new HashSet();
        this.groups = new HashSet();
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i < length) {
                String str = strArr[i];
                if (str != null && isWildCardACLValue(str)) {
                    this.allAllowed = true;
                    break;
                }
                i++;
            } else {
                break;
            }
        }
        if (this.allAllowed) {
            return;
        }
        if (strArr.length >= 1 && strArr[0] != null) {
            this.users = StringUtils.getTrimmedStringCollection(strArr[0]);
        }
        if (strArr.length != 2 || strArr[1] == null) {
            return;
        }
        this.groups = StringUtils.getTrimmedStringCollection(strArr[1]);
        this.groupsMapping.cacheGroupsAdd(new LinkedList(this.groups));
    }

    private boolean isWildCardACLValue(String str) {
        return str.contains("*") && str.trim().equals("*");
    }

    public boolean isAllAllowed() {
        return this.allAllowed;
    }

    public void addUser(String str) {
        if (isWildCardACLValue(str)) {
            throw new IllegalArgumentException("User " + str + " can not be added");
        }
        if (isAllAllowed()) {
            return;
        }
        this.users.add(str);
    }

    public void addGroup(String str) {
        if (isWildCardACLValue(str)) {
            throw new IllegalArgumentException("Group " + str + " can not be added");
        }
        if (isAllAllowed()) {
            return;
        }
        LinkedList linkedList = new LinkedList();
        linkedList.add(str);
        this.groupsMapping.cacheGroupsAdd(linkedList);
        this.groups.add(str);
    }

    public void removeUser(String str) {
        if (isWildCardACLValue(str)) {
            throw new IllegalArgumentException("User " + str + " can not be removed");
        }
        if (isAllAllowed()) {
            return;
        }
        this.users.remove(str);
    }

    public void removeGroup(String str) {
        if (isWildCardACLValue(str)) {
            throw new IllegalArgumentException("Group " + str + " can not be removed");
        }
        if (isAllAllowed()) {
            return;
        }
        this.groups.remove(str);
    }

    public Collection<String> getUsers() {
        return this.users;
    }

    public Collection<String> getGroups() {
        return this.groups;
    }

    public final boolean isUserInList(UserGroupInformation userGroupInformation) {
        if (this.allAllowed || this.users.contains(userGroupInformation.getShortUserName())) {
            return true;
        }
        for (String str : userGroupInformation.getGroupNames()) {
            if (this.groups.contains(str)) {
                return true;
            }
        }
        return false;
    }

    public boolean isUserAllowed(UserGroupInformation userGroupInformation) {
        return isUserInList(userGroupInformation);
    }

    public String toString() {
        String str;
        if (this.allAllowed) {
            str = "All users are allowed";
        } else if (this.users.isEmpty() && this.groups.isEmpty()) {
            str = "No users are allowed";
        } else {
            String str2 = null;
            String str3 = null;
            if (!this.users.isEmpty()) {
                str2 = this.users.toString();
            }
            if (!this.groups.isEmpty()) {
                str3 = this.groups.toString();
            }
            str = (this.users.isEmpty() || this.groups.isEmpty()) ? !this.users.isEmpty() ? "Users " + str2 + " are allowed" : "Members of the groups " + str3 + " are allowed" : "Users " + str2 + " and members of the groups " + str3 + " are allowed";
        }
        return str;
    }

    public String getAclString() {
        StringBuilder sb = new StringBuilder(256);
        if (this.allAllowed) {
            sb.append('*');
        } else {
            sb.append(getUsersString());
            sb.append(" ");
            sb.append(getGroupsString());
        }
        return sb.toString();
    }

    @Override // org.apache.hadoop.io.Writable
    public void write(DataOutput dataOutput) throws IOException {
        Text.writeString(dataOutput, getAclString());
    }

    @Override // org.apache.hadoop.io.Writable
    public void readFields(DataInput dataInput) throws IOException {
        buildACL(Text.readString(dataInput).split(" ", 2));
    }

    private String getUsersString() {
        return getString(this.users);
    }

    private String getGroupsString() {
        return getString(this.groups);
    }

    private String getString(Collection<String> collection) {
        StringBuilder sb = new StringBuilder(256);
        boolean z = true;
        for (String str : collection) {
            if (z) {
                z = false;
            } else {
                sb.append(StringUtils.COMMA_STR);
            }
            sb.append(str);
        }
        return sb.toString();
    }

    static {
        WritableFactories.setFactory(AccessControlList.class, new WritableFactory() { // from class: org.apache.hadoop.security.authorize.AccessControlList.1
            @Override // org.apache.hadoop.io.WritableFactory
            public Writable newInstance() {
                return new AccessControlList();
            }
        });
    }
}
