package org.apache.hadoop.yarn.server.resourcemanager.security;

import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.shaded.com.google.common.annotations.VisibleForTesting;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.api.records.QueueACL;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.security.AccessRequest;
import org.apache.hadoop.yarn.security.YarnAuthorizationProvider;
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.SchedulerUtils;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.CSQueue;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.CapacityScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler;

/* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/QueueACLsManager.class */
public class QueueACLsManager {
    private static final Log LOG = LogFactory.getLog(QueueACLsManager.class);
    private ResourceScheduler scheduler;
    private boolean isACLsEnable;
    private YarnAuthorizationProvider authorizer;

    @VisibleForTesting
    public QueueACLsManager() {
        this(null, new Configuration());
    }

    public QueueACLsManager(ResourceScheduler resourceScheduler, Configuration configuration) {
        this.scheduler = resourceScheduler;
        this.isACLsEnable = configuration.getBoolean(YarnConfiguration.YARN_ACL_ENABLE, false);
        this.authorizer = YarnAuthorizationProvider.getInstance(configuration);
    }

    public boolean checkAccess(UserGroupInformation userGroupInformation, QueueACL queueACL, RMApp rMApp, String str, List<String> list) {
        if (!this.isACLsEnable) {
            return true;
        }
        if (!(this.scheduler instanceof CapacityScheduler)) {
            return this.scheduler.checkAccess(userGroupInformation, queueACL, rMApp.getQueue());
        }
        CSQueue queue = ((CapacityScheduler) this.scheduler).getQueue(rMApp.getQueue());
        if (queue != null) {
            return this.authorizer.checkPermission(new AccessRequest(queue.getPrivilegedEntity(), userGroupInformation, SchedulerUtils.toAccessType(queueACL), rMApp.getApplicationId().toString(), rMApp.getName(), str, list));
        }
        LOG.error("Queue " + rMApp.getQueue() + " does not exist for " + rMApp.getApplicationId());
        return true;
    }

    public boolean checkAccess(UserGroupInformation userGroupInformation, QueueACL queueACL, RMApp rMApp, String str, List<String> list, String str2) {
        if (!this.isACLsEnable) {
            return true;
        }
        if (this.scheduler instanceof CapacityScheduler) {
            CSQueue queue = ((CapacityScheduler) this.scheduler).getQueue(str2);
            if (queue != null) {
                return this.authorizer.checkPermission(new AccessRequest(queue.getPrivilegedEntity(), userGroupInformation, SchedulerUtils.toAccessType(queueACL), rMApp.getApplicationId().toString(), rMApp.getName(), str, list));
            }
            LOG.warn("Target queue " + str2 + " does not exist while trying to move " + rMApp.getApplicationId());
            return false;
        }
        if ((this.scheduler instanceof FairScheduler) && ((FairScheduler) this.scheduler).getQueueManager().getQueue(str2) == null) {
            LOG.warn("Target queue " + str2 + " does not exist while trying to move " + rMApp.getApplicationId());
            return false;
        }
        return this.scheduler.checkAccess(userGroupInformation, queueACL, str2);
    }
}
