package org.apache.hadoop.yarn.security;

import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AccessControlList;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.security.PrivilegedEntity;

@InterfaceAudience.Private
@InterfaceStability.Unstable
/* loaded from: input_file:lib/hadoop-yarn-common-2.10.1.jar:org/apache/hadoop/yarn/security/ConfiguredYarnAuthorizer.class */
public class ConfiguredYarnAuthorizer extends YarnAuthorizationProvider {
    private final ConcurrentMap<PrivilegedEntity, Map<AccessType, AccessControlList>> allAcls = new ConcurrentHashMap();
    private volatile AccessControlList adminAcl = null;
    private final ReentrantReadWriteLock lock = new ReentrantReadWriteLock();
    private final ReentrantReadWriteLock.ReadLock readLock = this.lock.readLock();
    private final ReentrantReadWriteLock.WriteLock writeLock = this.lock.writeLock();

    @Override // org.apache.hadoop.yarn.security.YarnAuthorizationProvider
    public void init(Configuration configuration) {
        this.adminAcl = new AccessControlList(configuration.get(YarnConfiguration.YARN_ADMIN_ACL, "*"));
    }

    @Override // org.apache.hadoop.yarn.security.YarnAuthorizationProvider
    public void setPermission(List<Permission> list, UserGroupInformation userGroupInformation) {
        try {
            this.writeLock.lock();
            for (Permission permission : list) {
                this.allAcls.put(permission.getTarget(), permission.getAcls());
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    private boolean checkPermissionInternal(AccessType accessType, PrivilegedEntity privilegedEntity, UserGroupInformation userGroupInformation) {
        AccessControlList accessControlList;
        boolean z = false;
        Map<AccessType, AccessControlList> map = this.allAcls.get(privilegedEntity);
        if (map != null && (accessControlList = map.get(accessType)) != null) {
            z = accessControlList.isUserAllowed(userGroupInformation);
        }
        if (privilegedEntity.getType() != PrivilegedEntity.EntityType.QUEUE || z) {
            return z;
        }
        String name = privilegedEntity.getName();
        return !name.contains(".") ? z : checkPermissionInternal(accessType, new PrivilegedEntity(privilegedEntity.getType(), name.substring(0, name.lastIndexOf("."))), userGroupInformation);
    }

    @Override // org.apache.hadoop.yarn.security.YarnAuthorizationProvider
    public boolean checkPermission(AccessRequest accessRequest) {
        try {
            this.readLock.lock();
            boolean checkPermissionInternal = checkPermissionInternal(accessRequest.getAccessType(), accessRequest.getEntity(), accessRequest.getUser());
            this.readLock.unlock();
            return checkPermissionInternal;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // org.apache.hadoop.yarn.security.YarnAuthorizationProvider
    public void setAdmins(AccessControlList accessControlList, UserGroupInformation userGroupInformation) {
        this.adminAcl = accessControlList;
    }

    @Override // org.apache.hadoop.yarn.security.YarnAuthorizationProvider
    public boolean isAdmin(UserGroupInformation userGroupInformation) {
        return this.adminAcl.isUserAllowed(userGroupInformation);
    }

    public AccessControlList getAdminAcls() {
        return this.adminAcl;
    }
}
