package org.apache.hadoop.security.authorize;

import com.google.common.annotations.VisibleForTesting;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.StringUtils;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-hdfs-httpfs-2.4.0/share/hadoop/httpfs/tomcat/webapps/webhdfs/WEB-INF/lib/hadoop-common-2.4.0.jar:org/apache/hadoop/security/authorize/ProxyUsers.class
  input_file:webhdfs/WEB-INF/lib/hadoop-common-2.4.0.jar:org/apache/hadoop/security/authorize/ProxyUsers.class
 */
@InterfaceAudience.Private
/* loaded from: input_file:webhdfs.war:WEB-INF/lib/hadoop-common-2.4.0.jar:org/apache/hadoop/security/authorize/ProxyUsers.class */
public class ProxyUsers {
    private static final String CONF_HOSTS = ".hosts";
    public static final String CONF_GROUPS = ".groups";
    public static final String CONF_HADOOP_PROXYUSER = "hadoop.proxyuser.";
    public static final String CONF_HADOOP_PROXYUSER_RE = "hadoop\\.proxyuser\\.";
    private static boolean init = false;
    private static Map<String, Collection<String>> proxyGroups = new HashMap();
    private static Map<String, Collection<String>> proxyHosts = new HashMap();

    public static void refreshSuperUserGroupsConfiguration() {
        refreshSuperUserGroupsConfiguration(new Configuration());
    }

    public static synchronized void refreshSuperUserGroupsConfiguration(Configuration configuration) {
        proxyGroups.clear();
        proxyHosts.clear();
        for (Map.Entry<String, String> entry : configuration.getValByRegex("hadoop\\.proxyuser\\.[^.]*\\.groups").entrySet()) {
            proxyGroups.put(entry.getKey(), StringUtils.getStringCollection(entry.getValue()));
        }
        for (Map.Entry<String, String> entry2 : configuration.getValByRegex("hadoop\\.proxyuser\\.[^.]*\\.hosts").entrySet()) {
            proxyHosts.put(entry2.getKey(), StringUtils.getStringCollection(entry2.getValue()));
        }
        init = true;
    }

    public static String getProxySuperuserGroupConfKey(String str) {
        return CONF_HADOOP_PROXYUSER + str + CONF_GROUPS;
    }

    public static String getProxySuperuserIpConfKey(String str) {
        return CONF_HADOOP_PROXYUSER + str + CONF_HOSTS;
    }

    public static synchronized void authorize(UserGroupInformation userGroupInformation, String str, Configuration configuration) throws AuthorizationException {
        if (!init) {
            refreshSuperUserGroupsConfiguration();
        }
        if (userGroupInformation.getRealUser() == null) {
            return;
        }
        boolean z = false;
        boolean z2 = false;
        UserGroupInformation realUser = userGroupInformation.getRealUser();
        Collection<String> collection = proxyGroups.get(getProxySuperuserGroupConfKey(realUser.getShortUserName()));
        if (isWildcardList(collection)) {
            z = true;
        } else if (collection != null && !collection.isEmpty()) {
            String[] groupNames = userGroupInformation.getGroupNames();
            int length = groupNames.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (collection.contains(groupNames[i])) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        if (!z) {
            throw new AuthorizationException("User: " + realUser.getUserName() + " is not allowed to impersonate " + userGroupInformation.getUserName());
        }
        Collection<String> collection2 = proxyHosts.get(getProxySuperuserIpConfKey(realUser.getShortUserName()));
        if (isWildcardList(collection2)) {
            z2 = true;
        } else if (collection2 != null && !collection2.isEmpty()) {
            Iterator<String> it = collection2.iterator();
            while (it.hasNext()) {
                try {
                    if (InetAddress.getByName(it.next()).getHostAddress().equals(str)) {
                        z2 = true;
                    }
                } catch (UnknownHostException e) {
                }
            }
        }
        if (!z2) {
            throw new AuthorizationException("Unauthorized connection for super-user: " + realUser.getUserName() + " from IP " + str);
        }
    }

    private static boolean isWildcardList(Collection<String> collection) {
        return collection != null && collection.size() == 1 && collection.contains("*");
    }

    @VisibleForTesting
    public static Map<String, Collection<String>> getProxyGroups() {
        return proxyGroups;
    }

    @VisibleForTesting
    public static Map<String, Collection<String>> getProxyHosts() {
        return proxyHosts;
    }
}
