package org.apache.impala.util;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.AclEntry;
import org.apache.hadoop.fs.permission.AclEntryScope;
import org.apache.hadoop.fs.permission.AclEntryType;
import org.apache.hadoop.fs.permission.AclStatus;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.protocol.AclException;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/impala/util/FsPermissionChecker.class */
public class FsPermissionChecker {
    private static final FsPermissionChecker instance_;
    protected final String user_;
    private final Set<String> groups_ = new HashSet();
    private final String supergroup_;
    private static List<AclEntryType> ACL_TYPE_PRIORITY;
    private static final Logger LOG = LoggerFactory.getLogger(FsPermissionChecker.class);
    private static final Configuration CONF = new Configuration();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.impala.util.FsPermissionChecker$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/impala/util/FsPermissionChecker$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$fs$permission$AclEntryType = new int[AclEntryType.values().length];

        static {
            try {
                $SwitchMap$org$apache$hadoop$fs$permission$AclEntryType[AclEntryType.USER.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$hadoop$fs$permission$AclEntryType[AclEntryType.GROUP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$hadoop$fs$permission$AclEntryType[AclEntryType.OTHER.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$hadoop$fs$permission$AclEntryType[AclEntryType.MASK.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    /* loaded from: input_file:org/apache/impala/util/FsPermissionChecker$Permissions.class */
    public class Permissions {
        private final FileStatus fileStatus_;
        private final FsPermission permissions_;
        private final AclStatus aclStatus_;
        private Map<AclEntryType, List<AclEntry>> entriesByTypes_ = Maps.newHashMap();
        private AclEntry mask_;

        protected Permissions(FileStatus fileStatus, AclStatus aclStatus) {
            Preconditions.checkNotNull(fileStatus);
            this.fileStatus_ = fileStatus;
            this.permissions_ = fileStatus.getPermission();
            this.aclStatus_ = aclStatus;
            if (this.aclStatus_ == null) {
                return;
            }
            Iterator it = FsPermissionChecker.ACL_TYPE_PRIORITY.iterator();
            while (it.hasNext()) {
                this.entriesByTypes_.put((AclEntryType) it.next(), Lists.newArrayList());
            }
            for (AclEntry aclEntry : getAclFromPermAndEntries(this.permissions_, this.aclStatus_.getEntries())) {
                if (aclEntry.getType() == AclEntryType.MASK && aclEntry.getScope() != AclEntryScope.DEFAULT) {
                    this.mask_ = aclEntry;
                } else if (isApplicableAcl(aclEntry)) {
                    this.entriesByTypes_.get(aclEntry.getType()).add(aclEntry);
                }
            }
        }

        private boolean shouldApplyMask(AclEntry aclEntry) {
            if (this.mask_ == null) {
                return false;
            }
            switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$fs$permission$AclEntryType[aclEntry.getType().ordinal()]) {
                case 1:
                    return aclEntry.getName() != null;
                case 2:
                    return true;
                default:
                    return false;
            }
        }

        private boolean isApplicableAcl(AclEntry aclEntry) {
            if (aclEntry.getScope() == AclEntryScope.DEFAULT) {
                return false;
            }
            switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$fs$permission$AclEntryType[aclEntry.getType().ordinal()]) {
                case 1:
                    return FsPermissionChecker.this.user_.equals(aclEntry.getName() == null ? this.aclStatus_.getOwner() : aclEntry.getName());
                case 2:
                    return FsPermissionChecker.this.groups_.contains(aclEntry.getName() == null ? this.aclStatus_.getGroup() : aclEntry.getName());
                case 3:
                    return true;
                case 4:
                    return false;
                default:
                    FsPermissionChecker.LOG.warn("Unknown Acl type: " + aclEntry.getType());
                    return false;
            }
        }

        private Boolean checkAcls(FsAction fsAction) {
            if (this.aclStatus_ == null) {
                return null;
            }
            boolean z = false;
            for (AclEntryType aclEntryType : FsPermissionChecker.ACL_TYPE_PRIORITY) {
                for (AclEntry aclEntry : this.entriesByTypes_.get(aclEntryType)) {
                    if (aclEntryType == AclEntryType.OTHER) {
                        return Boolean.valueOf(z ? false : aclEntry.getPermission().implies(fsAction));
                    }
                    if (!aclEntry.getPermission().implies(fsAction) || (shouldApplyMask(aclEntry) && !this.mask_.getPermission().implies(fsAction))) {
                        if (aclEntryType == AclEntryType.USER) {
                            return false;
                        }
                        z = true;
                    }
                    return true;
                }
            }
            return false;
        }

        public boolean checkPermissions(FsAction fsAction) {
            if (FsPermissionChecker.this.isSuperUser()) {
                return true;
            }
            Boolean checkAcls = checkAcls(fsAction);
            return checkAcls != null ? checkAcls.booleanValue() : FsPermissionChecker.this.user_.equals(this.fileStatus_.getOwner()) ? this.permissions_.getUserAction().implies(fsAction) : FsPermissionChecker.this.groups_.contains(this.fileStatus_.getGroup()) ? this.permissions_.getGroupAction().implies(fsAction) : this.permissions_.getOtherAction().implies(fsAction);
        }

        public boolean canRead() {
            return checkPermissions(FsAction.READ);
        }

        public boolean canWrite() {
            return checkPermissions(FsAction.WRITE);
        }

        public boolean canReadAndWrite() {
            return canRead() && canWrite();
        }

        private List<AclEntry> getAclFromPermAndEntries(FsPermission fsPermission, List<AclEntry> list) {
            ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(list.size() + 3);
            newArrayListWithCapacity.add(new AclEntry.Builder().setScope(AclEntryScope.ACCESS).setType(AclEntryType.USER).setPermission(fsPermission.getUserAction()).build());
            boolean z = false;
            for (AclEntry aclEntry : list) {
                if (aclEntry.getScope() == AclEntryScope.DEFAULT) {
                    break;
                }
                z = true;
                newArrayListWithCapacity.add(aclEntry);
            }
            newArrayListWithCapacity.add(new AclEntry.Builder().setScope(AclEntryScope.ACCESS).setType(z ? AclEntryType.MASK : AclEntryType.GROUP).setPermission(fsPermission.getGroupAction()).build());
            newArrayListWithCapacity.add(new AclEntry.Builder().setScope(AclEntryScope.ACCESS).setType(AclEntryType.OTHER).setPermission(fsPermission.getOtherAction()).build());
            return newArrayListWithCapacity;
        }
    }

    private FsPermissionChecker() throws IOException {
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        this.groups_.addAll(Arrays.asList(currentUser.getGroupNames()));
        this.supergroup_ = CONF.get("dfs.permissions.superusergroup", "supergroup");
        this.user_ = currentUser.getShortUserName();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isSuperUser() {
        return this.groups_.contains(this.supergroup_);
    }

    public Permissions getPermissions(FileSystem fileSystem, Path path) throws IOException {
        Preconditions.checkNotNull(fileSystem);
        Preconditions.checkNotNull(path);
        return getPermissions(fileSystem, fileSystem.getFileStatus(path));
    }

    public Permissions getPermissions(FileSystem fileSystem, FileStatus fileStatus) throws IOException {
        AclStatus aclStatus = null;
        if (fileStatus.getPermission().getAclBit()) {
            try {
                aclStatus = fileSystem.getAclStatus(fileStatus.getPath());
            } catch (UnsupportedOperationException e) {
                if (LOG.isTraceEnabled()) {
                    LOG.trace("No ACLs retrieved, unsupported", e);
                }
            } catch (AclException e2) {
                if (LOG.isTraceEnabled()) {
                    LOG.trace("No ACLs retrieved, skipping ACLs check (HDFS will enforce ACLs)", e2);
                }
            }
        }
        return new Permissions(fileStatus, aclStatus);
    }

    public boolean checkAccess(Path path, FileSystem fileSystem, FsAction fsAction, boolean z) throws IOException {
        if (!z) {
            return getPermissions(fileSystem, path).checkPermissions(fsAction);
        }
        try {
            fileSystem.access(path, fsAction);
            return true;
        } catch (AccessControlException e) {
            LOG.warn(e.getMessage());
            return false;
        }
    }

    public static FsPermissionChecker getInstance() {
        return instance_;
    }

    static {
        try {
            instance_ = new FsPermissionChecker();
            ACL_TYPE_PRIORITY = ImmutableList.of(AclEntryType.USER, AclEntryType.GROUP, AclEntryType.OTHER);
        } catch (IOException e) {
            throw new RuntimeException("Error initializing FsPermissionChecker: " + e.getMessage(), e);
        }
    }
}
