package org.apache.hadoop.shaded.org.apache.zookeeper.server;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.apache.hadoop.shaded.org.apache.zookeeper.KeeperException;
import org.apache.hadoop.shaded.org.apache.zookeeper.Quotas;
import org.apache.hadoop.shaded.org.apache.zookeeper.ZooDefs;
import org.apache.hadoop.shaded.org.apache.zookeeper.cli.AclParser;
import org.apache.hadoop.shaded.org.apache.zookeeper.data.ACL;
import org.apache.hadoop.shaded.org.apache.zookeeper.data.Id;
import org.apache.hadoop.shaded.org.apache.zookeeper.server.auth.AuthenticationProvider;
import org.apache.hadoop.shaded.org.apache.zookeeper.server.auth.ProviderRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/shaded/org/apache/zookeeper/server/SystemReservedPathHelper.class */
public class SystemReservedPathHelper {
    private static final Logger LOGGER = LoggerFactory.getLogger(SystemReservedPathHelper.class);
    static final String ROOT_NODE_PERMISSION = "zookeeper.root.node.permission";

    public static void checkSystemReservedPath(String str, long j) throws KeeperException.SystemReservedPathException {
        if (str.equals(Quotas.procZookeeper) || str.startsWith(ZooDefs.ZOOKEEPER_NODE_SUBTREE)) {
            LOGGER.debug("Invalid path {} with connectionid 0x{}, reason: {}", new Object[]{str, Long.toHexString(j), "path is system reserved path"});
            throw new KeeperException.SystemReservedPathException(str);
        }
    }

    public static void checkSuperuser(List<Id> list) throws KeeperException.NoAuthException {
        if (ZooKeeperServer.skipACL) {
            return;
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Client credentials: {}", list);
        }
        String property = System.getProperty("zookeeper.superUser");
        for (Id id : list) {
            if (id.getScheme().equals("super") || id.getId().equals(property)) {
                return;
            }
        }
        throw new KeeperException.NoAuthException();
    }

    public static void checkSystemReservedPaths(List<String> list, Request request) throws KeeperException.SystemReservedPathException {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            checkSystemReservedPath(it.next(), request.sessionId);
        }
    }

    public static Long getRootNodeACL(ReferenceCountedACLCache referenceCountedACLCache) {
        String property = System.getProperty(ROOT_NODE_PERMISSION, "world:anyone:cdrwa");
        if ("world:anyone:cdrwa".equals(property)) {
            return -1L;
        }
        String trim = property.trim();
        ArrayList arrayList = new ArrayList();
        for (String str : trim.split(",")) {
            int indexOf = str.indexOf(58);
            int lastIndexOf = str.lastIndexOf(58);
            if (indexOf == -1 || lastIndexOf == -1 || indexOf == lastIndexOf) {
                LOGGER.warn(str + " does not have the form scheme:id:perm");
            } else {
                String substring = str.substring(0, indexOf);
                if ("".equals(substring)) {
                    LOGGER.warn(str + " does not have valid scheme");
                } else {
                    String substring2 = str.substring(indexOf + 1, lastIndexOf);
                    if ("".equals(substring2)) {
                        LOGGER.warn(str + " does not have valid id");
                    } else {
                        int permFromString = AclParser.getPermFromString(str.substring(lastIndexOf + 1));
                        if (permFromString == 0) {
                            LOGGER.warn(str + " does not have valid permissions");
                        } else {
                            ACL acl = new ACL();
                            acl.setId(new Id(substring, substring2));
                            acl.setPerms(permFromString);
                            arrayList.add(acl);
                        }
                    }
                }
            }
        }
        List<ACL> validateRootNodeACL = validateRootNodeACL("/", arrayList);
        if (validateRootNodeACL.size() != 0) {
            return referenceCountedACLCache.convertAcls(validateRootNodeACL);
        }
        LOGGER.error("Invalid configuration of root node ACL");
        throw new IllegalArgumentException("Invalid configuration of root node ACL");
    }

    private static List<ACL> validateRootNodeACL(String str, List<ACL> list) {
        AuthenticationProvider provider;
        List<ACL> removeDuplicates = PrepRequestProcessor.removeDuplicates(list);
        LinkedList linkedList = new LinkedList();
        if (removeDuplicates.size() == 0) {
            return linkedList;
        }
        for (ACL acl : removeDuplicates) {
            LOGGER.debug("Processing ACL of root node: " + acl);
            Id id = acl.getId();
            if (!(id.getScheme().equals("world") && id.getId().equals("anyone")) && ((provider = ProviderRegistry.getProvider(id.getScheme())) == null || !provider.isValid(id.getId()))) {
                LOGGER.warn("Missing AuthenticationProvider for " + id.getScheme());
            } else {
                linkedList.add(acl);
            }
        }
        return linkedList;
    }
}
