package alluxio.security.authentication;

import alluxio.Configuration;
import alluxio.PropertyKey;
import alluxio.exception.ExceptionMessage;
import alluxio.util.CommonUtils;
import com.google.common.base.Splitter;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import javax.annotation.concurrent.ThreadSafe;
import javax.security.sasl.AuthenticationException;

@ThreadSafe
/* loaded from: input_file:alluxio/security/authentication/ImpersonationAuthenticator.class */
public final class ImpersonationAuthenticator {
    private static final Splitter SPLITTER = Splitter.on(',').trimResults().omitEmptyStrings();
    private static final String WILDCARD = "*";
    private final Map<String, Set<String>> mImpersonationGroups = new HashMap();
    private final Map<String, Set<String>> mImpersonationUsers = new HashMap();

    public ImpersonationAuthenticator() {
        String group;
        String group2;
        for (PropertyKey propertyKey : Configuration.keySet()) {
            String orDefault = Configuration.getOrDefault(propertyKey, null);
            Matcher match = PropertyKey.Template.MASTER_IMPERSONATION_GROUPS_OPTION.match(propertyKey.getName());
            if (match.matches() && (group2 = match.group(1)) != null) {
                this.mImpersonationGroups.put(group2, Sets.newHashSet(SPLITTER.split(orDefault)));
            }
            Matcher match2 = PropertyKey.Template.MASTER_IMPERSONATION_USERS_OPTION.match(propertyKey.getName());
            if (match2.matches() && (group = match2.group(1)) != null) {
                this.mImpersonationUsers.put(group, Sets.newHashSet(SPLITTER.split(orDefault)));
            }
        }
    }

    public void authenticate(String str, String str2) throws AuthenticationException {
        if (str2 == null || str.equals(str2)) {
            return;
        }
        Set<String> set = this.mImpersonationUsers.get(str);
        Set<String> set2 = this.mImpersonationGroups.get(str);
        if (set == null && set2 == null) {
            throw new AuthenticationException(ExceptionMessage.IMPERSONATION_NOT_CONFIGURED.getMessage(str, str2));
        }
        if (set == null || !(set.contains("*") || set.contains(str2))) {
            if (set2 != null) {
                if (set2.contains("*")) {
                    return;
                }
                try {
                    Iterator<String> it = CommonUtils.getGroups(str2).iterator();
                    while (it.hasNext()) {
                        if (set2.contains(it.next())) {
                            return;
                        }
                    }
                } catch (IOException e) {
                    throw new AuthenticationException(ExceptionMessage.IMPERSONATION_GROUPS_FAILED.getMessage(str2, str), e);
                }
            }
            throw new AuthenticationException(ExceptionMessage.IMPERSONATION_DENIED.getMessage(str, str2));
        }
    }
}
