package org.apache.hadoop.hive.shims;

import java.io.IOException;
import java.security.AccessControlException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.login.LoginException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.permission.AclEntry;
import org.apache.hadoop.fs.permission.AclEntryType;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.security.UserGroupInformation;

/* loaded from: input_file:org/apache/hadoop/hive/shims/DefaultFileAccess23.class */
public class DefaultFileAccess23 {
    private static Log LOG = LogFactory.getLog(DefaultFileAccess23.class);
    private static List<String> emptyGroups = new ArrayList(0);

    public static void checkFileAccess(FileSystem fileSystem, FileStatus fileStatus, FsAction fsAction) throws IOException, AccessControlException, LoginException {
        UserGroupInformation ugi = Utils.getUGI();
        checkFileAccess(fileSystem, fileStatus, fsAction, ugi.getShortUserName(), Arrays.asList(ugi.getGroupNames()));
    }

    public static void checkFileAccess(FileSystem fileSystem, FileStatus fileStatus, FsAction fsAction, String str, List<String> list) throws IOException, AccessControlException {
        if (list == null) {
            list = emptyGroups;
        }
        String superGroupName = getSuperGroupName(fileSystem.getConf());
        if (userBelongsToSuperGroup(superGroupName, list)) {
            LOG.info("User \"" + str + "\" belongs to super-group \"" + superGroupName + "\". Permission granted for action: " + fsAction + ".");
            return;
        }
        FsPermission permission = fileStatus.getPermission();
        String group = fileStatus.getGroup();
        List<AclEntry> entries = fileSystem.getAclStatus(fileStatus.getPath()).getEntries();
        if (str.equals(fileStatus.getOwner())) {
            if (permission.getUserAction().implies(fsAction)) {
                return;
            }
        } else if (list.contains(group)) {
            if (permission.getGroupAction().implies(fsAction)) {
                return;
            }
        } else if (permission.getOtherAction().implies(fsAction)) {
            return;
        }
        boolean z = false;
        Iterator<AclEntry> it = entries.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            AclEntry next = it.next();
            if (!str.equals(next.getName()) || !next.getType().equals(AclEntryType.USER) || !next.getPermission().implies(fsAction)) {
                Iterator<String> it2 = list.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    if (it2.next().equals(next.getName()) && next.getType().equals(AclEntryType.GROUP) && next.getPermission().implies(fsAction)) {
                        z = true;
                        break;
                    }
                }
                if (next.getType().equals(AclEntryType.OTHER) && next.getPermission().implies(fsAction)) {
                    z = true;
                    break;
                }
            } else {
                z = true;
                break;
            }
        }
        if (!z) {
            throw new AccessControlException("action " + fsAction + " not permitted on path " + fileStatus.getPath() + " for user " + str);
        }
    }

    private static String getSuperGroupName(Configuration configuration) {
        return configuration.get("dfs.permissions.supergroup", "");
    }

    private static boolean userBelongsToSuperGroup(String str, List<String> list) {
        return list.contains(str);
    }
}
