package org.apache.hadoop.security.authorize;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.configuration2.tree.DefaultExpressionEngineSymbols;
import org.apache.hadoop.HadoopIllegalArgumentException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.ipc.CallerContext;
import org.apache.hadoop.metrics2.sink.ganglia.AbstractGangliaSink;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.UserGroupMapping;
import org.apache.hadoop.util.StringUtils;
import org.apache.solr.client.solrj.request.UpdateRequest;

/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.5.401-eep-930.jar:org/apache/hadoop/security/authorize/UsersACLsManager.class */
public class UsersACLsManager {
    private Map<String, UserGroupMapping> usersAclMapping = new HashMap();
    private Map<String, UserGroupMapping> groupAclMapping = new HashMap();
    private Map<String, UserGroupMapping> invertedUsersAclMapping = new HashMap();
    private Map<String, UserGroupMapping> invertedGroupAclMapping = new HashMap();

    /* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.5.401-eep-930.jar:org/apache/hadoop/security/authorize/UsersACLsManager$ACE.class */
    public enum ACE {
        READ_FILE(UpdateRequest.REPFACT),
        WRITE_FILE("wf"),
        EXECUTE_FILE("ef"),
        READ_DIR("rd"),
        LOOKUP_DIR("ld"),
        ADD_CHILD("ac"),
        DELETE_CHILD("dc");

        private final String name;

        ACE(String str) {
            this.name = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.name;
        }
    }

    public UsersACLsManager(Configuration configuration) {
        String trim = configuration.get(CommonConfigurationKeys.HADOOP_USERS_ACL, "").trim();
        if (trim.isEmpty()) {
            return;
        }
        parseMapping(trim);
    }

    private void parseMapping(String str) {
        Iterator<String> it = StringUtils.getStringCollection(str, CommonConfigurationKeys.NFS_EXPORTS_ALLOWED_HOSTS_SEPARATOR).iterator();
        while (it.hasNext()) {
            String[] strings = StringUtils.getStrings(it.next().trim(), AbstractGangliaSink.EQUAL);
            if (strings == null || strings.length != 2) {
                throw new HadoopIllegalArgumentException("Configuration yarn.users.acl.mapping is invalid");
            }
            Map<UserGroupMapping.EntityType, List<String>> parseUserGroupLists = parseUserGroupLists(strings[0]);
            Map<UserGroupMapping.EntityType, List<String>> parseUserGroupLists2 = parseUserGroupLists(strings[1]);
            for (String str2 : parseUserGroupLists.get(UserGroupMapping.EntityType.USER)) {
                this.usersAclMapping.put(str2, new UserGroupMapping(UserGroupMapping.EntityType.USER, str2, parseUserGroupLists2.get(UserGroupMapping.EntityType.USER), parseUserGroupLists2.get(UserGroupMapping.EntityType.GROUP)));
            }
            for (String str3 : parseUserGroupLists.get(UserGroupMapping.EntityType.GROUP)) {
                this.groupAclMapping.put(str3, new UserGroupMapping(UserGroupMapping.EntityType.GROUP, str3, parseUserGroupLists2.get(UserGroupMapping.EntityType.USER), parseUserGroupLists2.get(UserGroupMapping.EntityType.GROUP)));
            }
        }
        invertAclMappring(this.usersAclMapping);
        invertAclMappring(this.groupAclMapping);
    }

    private void invertAclMappring(Map<String, UserGroupMapping> map) {
        for (Map.Entry<String, UserGroupMapping> entry : map.entrySet()) {
            for (String str : entry.getValue().getUserList()) {
                if (this.invertedUsersAclMapping.get(str) == null) {
                    UserGroupMapping userGroupMapping = new UserGroupMapping(UserGroupMapping.EntityType.USER, str);
                    if (entry.getValue().getType().equals(UserGroupMapping.EntityType.USER)) {
                        userGroupMapping.addToUserList(entry.getKey());
                    } else if (entry.getValue().getType().equals(UserGroupMapping.EntityType.GROUP)) {
                        userGroupMapping.addToGroupList(entry.getKey());
                    }
                    this.invertedUsersAclMapping.put(str, userGroupMapping);
                } else if (entry.getValue().getType().equals(UserGroupMapping.EntityType.USER)) {
                    this.invertedUsersAclMapping.get(str).addToUserList(entry.getKey());
                } else if (entry.getValue().getType().equals(UserGroupMapping.EntityType.GROUP)) {
                    this.invertedUsersAclMapping.get(str).addToGroupList(entry.getKey());
                }
            }
            for (String str2 : entry.getValue().getGroupList()) {
                if (this.invertedGroupAclMapping.get(str2) == null) {
                    UserGroupMapping userGroupMapping2 = new UserGroupMapping(UserGroupMapping.EntityType.GROUP, str2);
                    if (entry.getValue().getType().equals(UserGroupMapping.EntityType.USER)) {
                        userGroupMapping2.addToUserList(entry.getKey());
                    } else if (entry.getValue().getType().equals(UserGroupMapping.EntityType.GROUP)) {
                        userGroupMapping2.addToGroupList(entry.getKey());
                    }
                    this.invertedGroupAclMapping.put(str2, userGroupMapping2);
                } else if (entry.getValue().getType().equals(UserGroupMapping.EntityType.USER)) {
                    this.invertedGroupAclMapping.get(str2).addToUserList(entry.getKey());
                } else if (entry.getValue().getType().equals(UserGroupMapping.EntityType.GROUP)) {
                    this.invertedGroupAclMapping.get(str2).addToGroupList(entry.getKey());
                }
            }
        }
    }

    private static Map<UserGroupMapping.EntityType, List<String>> parseUserGroupLists(String str) {
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (String str2 : StringUtils.getStringCollection(str.trim(), ",")) {
            String[] strings = StringUtils.getStrings(str2.trim(), CallerContext.Builder.KEY_VALUE_SEPARATOR);
            if (strings == null) {
                throw new HadoopIllegalArgumentException("User/group entity is invalid: " + str2.trim());
            }
            if (strings.length != 2 || (!strings[0].equals(UserGroupMapping.EntityType.USER.toString()) && !strings[0].equals(UserGroupMapping.EntityType.GROUP.toString()))) {
                throw new HadoopIllegalArgumentException("User/group entity is invalid: " + strings[0]);
            }
            if (strings[0].equals(UserGroupMapping.EntityType.USER.toString())) {
                arrayList.add(strings[1]);
            }
            if (strings[0].equals(UserGroupMapping.EntityType.GROUP.toString())) {
                arrayList2.add(strings[1]);
            }
        }
        hashMap.put(UserGroupMapping.EntityType.USER, arrayList);
        hashMap.put(UserGroupMapping.EntityType.GROUP, arrayList2);
        return hashMap;
    }

    public boolean isUsersACLEnable() {
        return (this.usersAclMapping.isEmpty() && this.groupAclMapping.isEmpty()) ? false : true;
    }

    public boolean checkUserAccess(String str, String str2) {
        return checkUserAccess(UserGroupInformation.createRemoteUser(str), str2);
    }

    public boolean checkUserAccess(UserGroupInformation userGroupInformation, String str) {
        if (!this.usersAclMapping.isEmpty() && this.usersAclMapping.get(userGroupInformation.getShortUserName()) != null && !this.usersAclMapping.get(userGroupInformation.getShortUserName()).getUserList().isEmpty() && this.usersAclMapping.get(userGroupInformation.getShortUserName()).getUserList().contains(str)) {
            return true;
        }
        List<String> groups = UserGroupInformation.createRemoteUser(str).getGroups();
        if (!this.usersAclMapping.isEmpty() && this.usersAclMapping.get(userGroupInformation.getShortUserName()) != null && !this.usersAclMapping.get(userGroupInformation.getShortUserName()).getGroupList().isEmpty()) {
            Iterator<String> it = groups.iterator();
            while (it.hasNext()) {
                if (this.usersAclMapping.get(userGroupInformation.getShortUserName()).getGroupList().contains(it.next())) {
                    return true;
                }
            }
        }
        if (this.groupAclMapping.isEmpty()) {
            return false;
        }
        List<String> groups2 = userGroupInformation.getGroups();
        for (String str2 : groups2) {
            if (this.groupAclMapping.get(str2) != null && this.groupAclMapping.get(str2).getUserList().contains(str)) {
                return true;
            }
        }
        for (String str3 : groups2) {
            if (this.groupAclMapping.get(str3) != null) {
                Iterator<String> it2 = groups.iterator();
                while (it2.hasNext()) {
                    if (this.groupAclMapping.get(str3).getGroupList().contains(it2.next())) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    public String buildACEStrForUser(String str) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (this.invertedUsersAclMapping.get(str) != null) {
            if (this.invertedUsersAclMapping.get(str).getUserList() != null) {
                arrayList.addAll(this.invertedUsersAclMapping.get(str).getUserList());
            }
            if (this.invertedUsersAclMapping.get(str).getGroupList() != null) {
                arrayList2.addAll(this.invertedUsersAclMapping.get(str).getGroupList());
            }
        }
        for (String str2 : UserGroupInformation.createRemoteUser(str).getGroups()) {
            if (this.invertedGroupAclMapping.get(str2) != null) {
                if (this.invertedGroupAclMapping.get(str2).getUserList() != null) {
                    arrayList.addAll(this.invertedGroupAclMapping.get(str2).getUserList());
                }
                if (this.invertedGroupAclMapping.get(str2).getGroupList() != null) {
                    arrayList2.addAll(this.invertedGroupAclMapping.get(str2).getGroupList());
                }
            }
        }
        if (arrayList.isEmpty() && arrayList2.isEmpty()) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        sb.append(ACE.READ_FILE);
        sb.append(":(");
        if (arrayList != null) {
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                sb.append("u:").append((String) it.next()).append("|");
            }
        }
        if (arrayList2 != null) {
            Iterator it2 = arrayList2.iterator();
            while (it2.hasNext()) {
                sb.append("g:").append((String) it2.next()).append("|");
            }
        }
        sb.append("u:").append(str).append(DefaultExpressionEngineSymbols.DEFAULT_INDEX_END);
        sb.append(",").append(ACE.WRITE_FILE);
        sb.append(":(u:").append(str).append(DefaultExpressionEngineSymbols.DEFAULT_INDEX_END);
        sb.append(",").append(ACE.EXECUTE_FILE);
        sb.append(":(u:").append(str).append(DefaultExpressionEngineSymbols.DEFAULT_INDEX_END);
        sb.append(",").append(ACE.READ_DIR);
        sb.append(":(");
        if (arrayList != null) {
            Iterator it3 = arrayList.iterator();
            while (it3.hasNext()) {
                sb.append("u:").append((String) it3.next()).append("|");
            }
        }
        if (arrayList2 != null) {
            Iterator it4 = arrayList2.iterator();
            while (it4.hasNext()) {
                sb.append("g:").append((String) it4.next()).append("|");
            }
        }
        sb.append("u:").append(str).append(DefaultExpressionEngineSymbols.DEFAULT_INDEX_END);
        sb.append(",").append(ACE.LOOKUP_DIR);
        sb.append(":(");
        if (arrayList != null) {
            Iterator it5 = arrayList.iterator();
            while (it5.hasNext()) {
                sb.append("u:").append((String) it5.next()).append("|");
            }
        }
        if (arrayList2 != null) {
            Iterator it6 = arrayList2.iterator();
            while (it6.hasNext()) {
                sb.append("g:").append((String) it6.next()).append("|");
            }
        }
        sb.append("u:").append(str).append(DefaultExpressionEngineSymbols.DEFAULT_INDEX_END);
        sb.append(",").append(ACE.ADD_CHILD);
        sb.append(":(u:").append(str).append(DefaultExpressionEngineSymbols.DEFAULT_INDEX_END);
        sb.append(",").append(ACE.DELETE_CHILD);
        sb.append(":(u:").append(str).append(DefaultExpressionEngineSymbols.DEFAULT_INDEX_END);
        return sb.toString();
    }
}
