package org.apache.hadoop.hdfs.server.namenode;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.fs.UnresolvedLinkException;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.6.0-cdh5.12.1.jar:org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.class */
public class FSPermissionChecker {
    static final Log LOG = LogFactory.getLog(UserGroupInformation.class);
    private final UserGroupInformation ugi;
    private final String user;
    private final Set<String> groups;
    private final boolean isSuper;

    private String toAccessControlString(INode iNode, int i, FsAction fsAction, FsPermission fsPermission) {
        return "Permission denied: user=" + this.user + ", access=" + fsAction + ", inode=\"" + iNode.getFullPathName() + "\":" + iNode.getUserName(i) + ':' + iNode.getGroupName(i) + ':' + (iNode.isDirectory() ? 'd' : '-') + fsPermission;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public FSPermissionChecker(String str, String str2, UserGroupInformation userGroupInformation) {
        this.ugi = userGroupInformation;
        this.groups = Collections.unmodifiableSet(new HashSet(Arrays.asList(this.ugi.getGroupNames())));
        this.user = this.ugi.getShortUserName();
        this.isSuper = this.user.equals(str) || this.groups.contains(str2);
    }

    public boolean containsGroup(String str) {
        return this.groups.contains(str);
    }

    public String getUser() {
        return this.user;
    }

    public boolean isSuperUser() {
        return this.isSuper;
    }

    public void checkSuperuserPrivilege() throws AccessControlException {
        if (!this.isSuper) {
            throw new AccessControlException("Access denied for user " + this.user + ". Superuser privilege is required");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkPermission(String str, FSDirectory fSDirectory, boolean z, FsAction fsAction, FsAction fsAction2, FsAction fsAction3, FsAction fsAction4, boolean z2, boolean z3) throws AccessControlException, UnresolvedLinkException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("ACCESS CHECK: " + this + ", doCheckOwner=" + z + ", ancestorAccess=" + fsAction + ", parentAccess=" + fsAction2 + ", access=" + fsAction3 + ", subAccess=" + fsAction4 + ", ignoreEmptyDir=" + z2 + ", resolveLink=" + z3);
        }
        INodesInPath iNodesInPath = fSDirectory.getINodesInPath(str, z3);
        AuthorizationProvider.get().checkPermission(this.user, this.groups, iNodesInPath.getINodes(), iNodesInPath.getPathSnapshotId(), z, fsAction, fsAction2, fsAction3, fsAction4, z2);
    }

    public void checkPermission(CachePool cachePool, FsAction fsAction) throws AccessControlException {
        FsPermission mode = cachePool.getMode();
        if (isSuperUser()) {
            return;
        }
        if (this.user.equals(cachePool.getOwnerName()) && mode.getUserAction().implies(fsAction)) {
            return;
        }
        if ((!this.groups.contains(cachePool.getGroupName()) || !mode.getGroupAction().implies(fsAction)) && !mode.getOtherAction().implies(fsAction)) {
            throw new AccessControlException("Permission denied while accessing pool " + cachePool.getPoolName() + ": user " + this.user + " does not have " + fsAction.toString() + " permissions.");
        }
    }
}
