package org.apache.hadoop.security.authorize;

import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.ListIterator;
import java.util.Set;
import java.util.TreeSet;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.Writable;
import org.apache.hadoop.io.WritableFactories;
import org.apache.hadoop.io.WritableFactory;
import org.apache.hadoop.security.Groups;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.StringUtils;
import org.codehaus.jackson.util.MinimalPrettyPrinter;

/* JADX WARN: Classes with same name are omitted:
  input_file:classes/org/apache/hadoop/security/authorize/AccessControlList.class
  input_file:hadoop-common-0.23.5/share/hadoop/common/hadoop-common-0.23.5.jar:org/apache/hadoop/security/authorize/AccessControlList.class
 */
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
@InterfaceStability.Evolving
/* loaded from: input_file:hadoop-common-0.23.5.jar:org/apache/hadoop/security/authorize/AccessControlList.class */
public class AccessControlList implements Writable {
    public static final String WILDCARD_ACL_VALUE = "*";
    private static final int INITIAL_CAPACITY = 256;
    private Set<String> users;
    private Set<String> groups;
    private boolean allAllowed;
    private Groups groupsMapping = Groups.getUserToGroupsMappingService(new Configuration());

    public AccessControlList() {
    }

    public AccessControlList(String str) {
        buildACL(str);
    }

    private void buildACL(String str) {
        this.users = new TreeSet();
        this.groups = new TreeSet();
        if (isWildCardACLValue(str)) {
            this.allAllowed = true;
            return;
        }
        this.allAllowed = false;
        String[] split = str.split(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR, 2);
        if (split.length >= 1) {
            LinkedList linkedList = new LinkedList(Arrays.asList(split[0].split(StringUtils.COMMA_STR)));
            cleanupList(linkedList);
            addToSet(this.users, linkedList);
        }
        if (split.length == 2) {
            LinkedList linkedList2 = new LinkedList(Arrays.asList(split[1].split(StringUtils.COMMA_STR)));
            cleanupList(linkedList2);
            addToSet(this.groups, linkedList2);
            this.groupsMapping.cacheGroupsAdd(linkedList2);
        }
    }

    private boolean isWildCardACLValue(String str) {
        return str.contains("*") && str.trim().equals("*");
    }

    public boolean isAllAllowed() {
        return this.allAllowed;
    }

    public void addUser(String str) {
        if (isWildCardACLValue(str)) {
            throw new IllegalArgumentException("User " + str + " can not be added");
        }
        if (isAllAllowed()) {
            return;
        }
        this.users.add(str);
    }

    public void addGroup(String str) {
        if (isWildCardACLValue(str)) {
            throw new IllegalArgumentException("Group " + str + " can not be added");
        }
        if (isAllAllowed()) {
            return;
        }
        LinkedList linkedList = new LinkedList();
        linkedList.add(str);
        this.groupsMapping.cacheGroupsAdd(linkedList);
        this.groups.add(str);
    }

    public void removeUser(String str) {
        if (isWildCardACLValue(str)) {
            throw new IllegalArgumentException("User " + str + " can not be removed");
        }
        if (isAllAllowed()) {
            return;
        }
        this.users.remove(str);
    }

    public void removeGroup(String str) {
        if (isWildCardACLValue(str)) {
            throw new IllegalArgumentException("Group " + str + " can not be removed");
        }
        if (isAllAllowed()) {
            return;
        }
        this.groups.remove(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<String> getUsers() {
        return this.users;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<String> getGroups() {
        return this.groups;
    }

    public boolean isUserAllowed(UserGroupInformation userGroupInformation) {
        if (this.allAllowed || this.users.contains(userGroupInformation.getShortUserName())) {
            return true;
        }
        for (String str : userGroupInformation.getGroupNames()) {
            if (this.groups.contains(str)) {
                return true;
            }
        }
        return false;
    }

    private static final void cleanupList(List<String> list) {
        ListIterator<String> listIterator = list.listIterator();
        while (listIterator.hasNext()) {
            String next = listIterator.next();
            if (next.length() == 0) {
                listIterator.remove();
            } else {
                listIterator.set(next.trim());
            }
        }
    }

    private static final void addToSet(Set<String> set, List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            set.add(it.next());
        }
    }

    public String toString() {
        String str;
        if (this.allAllowed) {
            str = "All users are allowed";
        } else if (this.users.isEmpty() && this.groups.isEmpty()) {
            str = "No users are allowed";
        } else {
            String str2 = null;
            String str3 = null;
            if (!this.users.isEmpty()) {
                str2 = this.users.toString();
            }
            if (!this.groups.isEmpty()) {
                str3 = this.groups.toString();
            }
            str = (this.users.isEmpty() || this.groups.isEmpty()) ? !this.users.isEmpty() ? "Users " + str2 + " are allowed" : "Members of the groups " + str3 + " are allowed" : "Users " + str2 + " and members of the groups " + str3 + " are allowed";
        }
        return str;
    }

    public String getAclString() {
        StringBuilder sb = new StringBuilder(256);
        if (this.allAllowed) {
            sb.append('*');
        } else {
            sb.append(getUsersString());
            sb.append(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
            sb.append(getGroupsString());
        }
        return sb.toString();
    }

    @Override // org.apache.hadoop.io.Writable
    public void write(DataOutput dataOutput) throws IOException {
        Text.writeString(dataOutput, getAclString());
    }

    @Override // org.apache.hadoop.io.Writable
    public void readFields(DataInput dataInput) throws IOException {
        buildACL(Text.readString(dataInput));
    }

    private String getUsersString() {
        return getString(this.users);
    }

    private String getGroupsString() {
        return getString(this.groups);
    }

    private String getString(Set<String> set) {
        StringBuilder sb = new StringBuilder(256);
        boolean z = true;
        for (String str : set) {
            if (z) {
                z = false;
            } else {
                sb.append(StringUtils.COMMA_STR);
            }
            sb.append(str);
        }
        return sb.toString();
    }

    static {
        WritableFactories.setFactory(AccessControlList.class, new WritableFactory() { // from class: org.apache.hadoop.security.authorize.AccessControlList.1
            @Override // org.apache.hadoop.io.WritableFactory
            public Writable newInstance() {
                return new AccessControlList();
            }
        });
    }
}
