package alluxio.master.file;

import alluxio.AlluxioURI;
import alluxio.exception.AccessControlException;
import alluxio.exception.ExceptionMessage;
import alluxio.exception.InvalidPathException;
import alluxio.master.file.meta.MountTable;
import alluxio.security.authorization.FileSystemAction;
import alluxio.security.authorization.FileSystemPermission;
import alluxio.util.io.PathUtils;
import alluxio.wire.FileInfo;
import com.google.common.base.Preconditions;
import java.util.List;
import javax.annotation.concurrent.NotThreadSafe;

@NotThreadSafe
/* loaded from: input_file:alluxio/master/file/PermissionChecker.class */
public final class PermissionChecker {
    private static boolean sPermissionCheckEnabled;
    private static String sFileSystemOwner;
    private static String sFileSystemSuperGroup;

    public static synchronized void initializeFileSystem(boolean z, String str, String str2) {
        sPermissionCheckEnabled = z;
        sFileSystemOwner = str;
        sFileSystemSuperGroup = str2;
    }

    public static void checkParentPermission(String str, List<String> list, FileSystemAction fileSystemAction, AlluxioURI alluxioURI, List<FileInfo> list2) throws AccessControlException, InvalidPathException {
        if (PathUtils.isRoot(alluxioURI.getPath())) {
            return;
        }
        if (PathUtils.getPathComponents(alluxioURI.getPath()).length == list2.size()) {
            list2.remove(list2.size() - 1);
        }
        checkByFileInfoList(str, list, fileSystemAction, alluxioURI.getPath(), list2, false);
    }

    public static void checkPermission(String str, List<String> list, FileSystemAction fileSystemAction, AlluxioURI alluxioURI, List<FileInfo> list2) throws AccessControlException, InvalidPathException {
        String[] pathComponents = PathUtils.getPathComponents(alluxioURI.getPath());
        for (int size = list2.size(); size < pathComponents.length; size++) {
            list2.add(null);
        }
        checkByFileInfoList(str, list, fileSystemAction, alluxioURI.getPath(), list2, false);
    }

    public static void checkOwner(String str, List<String> list, AlluxioURI alluxioURI, List<FileInfo> list2) throws AccessControlException, InvalidPathException {
        String[] pathComponents = PathUtils.getPathComponents(alluxioURI.getPath());
        for (int size = list2.size(); size < pathComponents.length; size++) {
            list2.add(null);
        }
        checkByFileInfoList(str, list, null, alluxioURI.getPath(), list2, true);
    }

    public static void checkSuperuser(String str, List<String> list) throws AccessControlException {
        if (!sFileSystemOwner.equals(str) && !list.contains(sFileSystemSuperGroup)) {
            throw new AccessControlException(ExceptionMessage.PERMISSION_DENIED.getMessage(new Object[]{str + " is not a super user or in super group"}));
        }
    }

    private static void checkByFileInfoList(String str, List<String> list, FileSystemAction fileSystemAction, String str2, List<FileInfo> list2, boolean z) throws AccessControlException {
        int size = list2.size();
        Preconditions.checkArgument(size > 0, "The passed-in file info list can not be empty when checking permission");
        if (!sPermissionCheckEnabled || sFileSystemOwner.equals(str) || list.contains(sFileSystemSuperGroup)) {
            return;
        }
        for (int i = 0; i < size - 1; i++) {
            check(str, list, list2.get(i), FileSystemAction.EXECUTE, str2);
        }
        if (!z) {
            check(str, list, list2.get(list2.size() - 1), fileSystemAction, str2);
            return;
        }
        FileInfo fileInfo = list2.get(list2.size() - 1);
        if (fileInfo != null && !str.equals(fileInfo.getUserName())) {
            throw new AccessControlException(ExceptionMessage.PERMISSION_DENIED.getMessage(new Object[]{"user=" + str + " is not the owner of path=" + str2}));
        }
    }

    private static void check(String str, List<String> list, FileInfo fileInfo, FileSystemAction fileSystemAction, String str2) throws AccessControlException {
        if (fileInfo == null) {
            return;
        }
        short permission = (short) fileInfo.getPermission();
        if (str.equals(fileInfo.getUserName()) && FileSystemPermission.createUserAction(permission).imply(fileSystemAction)) {
            return;
        }
        if ((!list.contains(fileInfo.getGroupName()) || !FileSystemPermission.createGroupAction(permission).imply(fileSystemAction)) && !FileSystemPermission.createOtherAction(permission).imply(fileSystemAction)) {
            throw new AccessControlException(ExceptionMessage.PERMISSION_DENIED.getMessage(new Object[]{toExceptionMessage(str, fileSystemAction, str2, fileInfo)}));
        }
    }

    private static String toExceptionMessage(String str, FileSystemAction fileSystemAction, String str2, FileInfo fileInfo) {
        return "user=" + str + ", access=" + fileSystemAction + ", path=" + str2 + ": failed at " + (fileInfo.getName().equals("") ? MountTable.ROOT : fileInfo.getName());
    }
}
