package org.apache.hadoop.fs.azurebfs.oauth2;

import com.google.common.base.Preconditions;
import java.io.IOException;
import java.util.List;
import java.util.Locale;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.azurebfs.constants.AbfsHttpConstants;
import org.apache.hadoop.fs.azurebfs.constants.ConfigurationKeys;
import org.apache.hadoop.fs.permission.AclEntry;
import org.apache.hadoop.fs.permission.AclEntryType;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:classes/org/apache/hadoop/fs/azurebfs/oauth2/IdentityTransformer.class
 */
/* loaded from: input_file:hadoop-azure-2.10.1.jar:org/apache/hadoop/fs/azurebfs/oauth2/IdentityTransformer.class */
public class IdentityTransformer {
    private static final Logger LOG = LoggerFactory.getLogger(IdentityTransformer.class);
    private boolean isSecure;
    private String servicePrincipalId;
    private String serviceWhiteList;
    private String domainName;
    private boolean enableShortName;
    private boolean skipUserIdentityReplacement;
    private boolean skipSuperUserReplacement;
    private boolean domainIsSet;
    private static final String UUID_PATTERN = "^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$";

    public IdentityTransformer(Configuration configuration) throws IOException {
        Preconditions.checkNotNull(configuration, "configuration");
        UserGroupInformation.getCurrentUser();
        this.isSecure = UserGroupInformation.isSecurityEnabled();
        this.servicePrincipalId = configuration.get(ConfigurationKeys.FS_AZURE_OVERRIDE_OWNER_SP, "");
        this.serviceWhiteList = configuration.get(ConfigurationKeys.FS_AZURE_OVERRIDE_OWNER_SP_LIST, "");
        this.domainName = configuration.get(ConfigurationKeys.FS_AZURE_FILE_OWNER_DOMAINNAME, "");
        this.enableShortName = configuration.getBoolean(ConfigurationKeys.FS_AZURE_FILE_OWNER_ENABLE_SHORTNAME, false);
        this.skipUserIdentityReplacement = this.servicePrincipalId.isEmpty() && this.serviceWhiteList.isEmpty() && !this.enableShortName;
        this.skipSuperUserReplacement = configuration.getBoolean(ConfigurationKeys.FS_AZURE_SKIP_SUPER_USER_REPLACEMENT, false);
        if (this.enableShortName) {
            this.domainIsSet = !this.domainName.isEmpty();
        }
    }

    public String transformIdentityForGetRequest(String str, boolean z, String str2) {
        if (str == null) {
            str = str2;
        }
        return (this.skipSuperUserReplacement || !AbfsHttpConstants.SUPER_USER.equals(str)) ? this.skipUserIdentityReplacement ? str : (str.equals(this.servicePrincipalId) && isInSubstitutionList(str2)) ? str2 : (z && shouldUseShortUserName(str)) ? getShortName(str) : str : str2;
    }

    public String transformUserOrGroupForSetRequest(String str) {
        return (str == null || str.isEmpty() || this.skipUserIdentityReplacement) ? str : isInSubstitutionList(str) ? this.servicePrincipalId : shouldUseFullyQualifiedUserName(str) ? getFullyQualifiedName(str) : str;
    }

    public void transformAclEntriesForSetRequest(List<AclEntry> list) {
        if (this.skipUserIdentityReplacement) {
            return;
        }
        for (int i = 0; i < list.size(); i++) {
            AclEntry aclEntry = list.get(i);
            String name = aclEntry.getName();
            String str = name;
            if (name != null && !name.isEmpty() && !aclEntry.getType().equals(AclEntryType.OTHER) && !aclEntry.getType().equals(AclEntryType.MASK)) {
                if (isInSubstitutionList(name)) {
                    str = this.servicePrincipalId;
                } else if (aclEntry.getType().equals(AclEntryType.USER) && shouldUseFullyQualifiedUserName(name)) {
                    str = getFullyQualifiedName(name);
                }
                if (!str.equals(name)) {
                    AclEntry.Builder builder = new AclEntry.Builder();
                    builder.setType(aclEntry.getType());
                    builder.setName(str);
                    builder.setScope(aclEntry.getScope());
                    builder.setPermission(aclEntry.getPermission());
                    list.set(i, builder.build());
                }
            }
        }
    }

    public void transformAclEntriesForGetRequest(List<AclEntry> list, String str, String str2) {
        if (this.skipUserIdentityReplacement) {
            return;
        }
        for (int i = 0; i < list.size(); i++) {
            AclEntry aclEntry = list.get(i);
            String name = aclEntry.getName();
            String str3 = name;
            if (name != null && !name.isEmpty() && !aclEntry.getType().equals(AclEntryType.OTHER) && !aclEntry.getType().equals(AclEntryType.MASK)) {
                if (aclEntry.getType().equals(AclEntryType.USER)) {
                    str3 = transformIdentityForGetRequest(name, true, str);
                } else if (aclEntry.getType().equals(AclEntryType.GROUP)) {
                    str3 = transformIdentityForGetRequest(name, false, str2);
                }
                if (!str3.equals(name)) {
                    AclEntry.Builder builder = new AclEntry.Builder();
                    builder.setType(aclEntry.getType());
                    builder.setName(str3);
                    builder.setScope(aclEntry.getScope());
                    builder.setPermission(aclEntry.getPermission());
                    list.set(i, builder.build());
                }
            }
        }
    }

    private boolean isShortUserName(String str) {
        return (str == null || str.contains("@")) ? false : true;
    }

    private boolean shouldUseShortUserName(String str) {
        return this.enableShortName && !isShortUserName(str);
    }

    private String getShortName(String str) {
        if (str == null) {
            return null;
        }
        if (isShortUserName(str)) {
            return str;
        }
        String substring = str.substring(0, str.indexOf("@"));
        return this.isSecure ? substring.toLowerCase(Locale.ENGLISH) : substring;
    }

    private String getFullyQualifiedName(String str) {
        return (!this.domainIsSet || str == null || str.contains("@")) ? str : str + "@" + this.domainName;
    }

    private boolean shouldUseFullyQualifiedUserName(String str) {
        return this.domainIsSet && !AbfsHttpConstants.SUPER_USER.equals(str) && !isUuid(str) && this.enableShortName && isShortUserName(str);
    }

    private boolean isInSubstitutionList(String str) {
        return this.serviceWhiteList.contains(AbfsHttpConstants.STAR) || this.serviceWhiteList.contains(str);
    }

    private boolean isUuid(String str) {
        if (str == null) {
            return false;
        }
        return str.matches(UUID_PATTERN);
    }
}
