package org.apache.hadoop.hdfs.server.namenode;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.Stack;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:libarx-3.7.1.jar:org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.class */
public class FSPermissionChecker {
    static final Log LOG = LogFactory.getLog(UserGroupInformation.class);
    private final UserGroupInformation ugi;
    private final String user;
    private final Set<String> groups;
    private final boolean isSuper;

    /* JADX INFO: Access modifiers changed from: package-private */
    public FSPermissionChecker(String str, String str2) throws AccessControlException {
        try {
            this.ugi = UserGroupInformation.getCurrentUser();
            this.groups = Collections.unmodifiableSet(new HashSet(Arrays.asList(this.ugi.getGroupNames())));
            this.user = this.ugi.getShortUserName();
            this.isSuper = this.user.equals(str) || this.groups.contains(str2);
        } catch (IOException e) {
            throw new AccessControlException(e);
        }
    }

    public boolean containsGroup(String str) {
        return this.groups.contains(str);
    }

    public String getUser() {
        return this.user;
    }

    public boolean isSuperUser() {
        return this.isSuper;
    }

    public void checkSuperuserPrivilege() throws AccessControlException {
        if (!this.isSuper) {
            throw new AccessControlException("Access denied for user " + this.user + ". Superuser privilege is required");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkPermission(String str, INodeDirectory iNodeDirectory, boolean z, FsAction fsAction, FsAction fsAction2, FsAction fsAction3, FsAction fsAction4) throws AccessControlException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("ACCESS CHECK: " + this + ", doCheckOwner=" + z + ", ancestorAccess=" + fsAction + ", parentAccess=" + fsAction2 + ", access=" + fsAction3 + ", subAccess=" + fsAction4);
        }
        synchronized (iNodeDirectory) {
            INode[] existingPathINodes = iNodeDirectory.getExistingPathINodes(str);
            int length = existingPathINodes.length - 2;
            while (length >= 0 && existingPathINodes[length] == null) {
                length--;
            }
            checkTraverse(existingPathINodes, length);
            if (fsAction != null && existingPathINodes.length > 1) {
                check(existingPathINodes, length, fsAction);
            }
            if (fsAction2 != null && existingPathINodes.length > 1) {
                check(existingPathINodes, existingPathINodes.length - 2, fsAction2);
            }
            if (fsAction3 != null) {
                check(existingPathINodes[existingPathINodes.length - 1], fsAction3);
            }
            if (fsAction4 != null) {
                checkSubAccess(existingPathINodes[existingPathINodes.length - 1], fsAction4);
            }
            if (z) {
                checkOwner(existingPathINodes[existingPathINodes.length - 1]);
            }
        }
    }

    private void checkOwner(INode iNode) throws AccessControlException {
        if (iNode == null || !this.user.equals(iNode.getUserName())) {
            throw new AccessControlException("Permission denied");
        }
    }

    private void checkTraverse(INode[] iNodeArr, int i) throws AccessControlException {
        for (int i2 = 0; i2 <= i; i2++) {
            check(iNodeArr[i2], FsAction.EXECUTE);
        }
    }

    private void checkSubAccess(INode iNode, FsAction fsAction) throws AccessControlException {
        if (iNode == null || !iNode.isDirectory()) {
            return;
        }
        Stack stack = new Stack();
        stack.push((INodeDirectory) iNode);
        while (!stack.isEmpty()) {
            INodeDirectory iNodeDirectory = (INodeDirectory) stack.pop();
            check(iNodeDirectory, fsAction);
            for (INode iNode2 : iNodeDirectory.getChildren()) {
                if (iNode2.isDirectory()) {
                    stack.push((INodeDirectory) iNode2);
                }
            }
        }
    }

    private void check(INode[] iNodeArr, int i, FsAction fsAction) throws AccessControlException {
        check(i >= 0 ? iNodeArr[i] : null, fsAction);
    }

    private void check(INode iNode, FsAction fsAction) throws AccessControlException {
        if (iNode == null) {
            return;
        }
        FsPermission fsPermission = iNode.getFsPermission();
        if (this.user.equals(iNode.getUserName())) {
            if (fsPermission.getUserAction().implies(fsAction)) {
                return;
            }
        } else if (this.groups.contains(iNode.getGroupName())) {
            if (fsPermission.getGroupAction().implies(fsAction)) {
                return;
            }
        } else if (fsPermission.getOtherAction().implies(fsAction)) {
            return;
        }
        throw new AccessControlException("Permission denied: user=" + this.user + ", access=" + fsAction + ", inode=" + iNode);
    }
}
