package org.apache.hadoop.yarn.security;

import java.io.IOException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AccessControlList;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.exceptions.YarnRuntimeException;

@InterfaceAudience.Private
/* loaded from: input_file:WEB-INF/lib/hadoop-yarn-common-2.6.0.jar:org/apache/hadoop/yarn/security/AdminACLsManager.class */
public class AdminACLsManager {
    static Log LOG = LogFactory.getLog(AdminACLsManager.class);
    private final UserGroupInformation owner;
    private final AccessControlList adminAcl;
    private final boolean aclsEnabled;

    public AdminACLsManager(Configuration configuration) {
        this.adminAcl = new AccessControlList(configuration.get(YarnConfiguration.YARN_ADMIN_ACL, "*"));
        try {
            this.owner = UserGroupInformation.getCurrentUser();
            this.adminAcl.addUser(this.owner.getShortUserName());
            this.aclsEnabled = configuration.getBoolean(YarnConfiguration.YARN_ACL_ENABLE, false);
        } catch (IOException e) {
            LOG.warn("Could not add current user to admin:" + e);
            throw new YarnRuntimeException(e);
        }
    }

    public UserGroupInformation getOwner() {
        return this.owner;
    }

    public boolean areACLsEnabled() {
        return this.aclsEnabled;
    }

    public AccessControlList getAdminAcl() {
        return this.adminAcl;
    }

    public boolean isAdmin(UserGroupInformation userGroupInformation) {
        return this.adminAcl.isUserAllowed(userGroupInformation);
    }

    public boolean checkAccess(UserGroupInformation userGroupInformation) {
        if (areACLsEnabled()) {
            return isAdmin(userGroupInformation);
        }
        return true;
    }
}
