package org.apache.hadoop.hdfs.server.federation.router;

import java.io.IOException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.server.federation.store.records.MountTable;
import org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker;
import org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider;
import org.apache.hadoop.hdfs.server.namenode.NameNode;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;

/* loaded from: input_file:org/apache/hadoop/hdfs/server/federation/router/RouterPermissionChecker.class */
public class RouterPermissionChecker extends FSPermissionChecker {
    static final Log LOG = LogFactory.getLog(RouterPermissionChecker.class);
    public static final short MOUNT_TABLE_PERMISSION_DEFAULT = 493;
    private final String superUser;
    private final String superGroup;

    public RouterPermissionChecker(String str, String str2, UserGroupInformation userGroupInformation) {
        super(str, str2, userGroupInformation, (INodeAttributeProvider) null);
        this.superUser = str;
        this.superGroup = str2;
    }

    public RouterPermissionChecker(String str, String str2) throws IOException {
        super(str, str2, UserGroupInformation.getCurrentUser(), (INodeAttributeProvider) null);
        this.superUser = str;
        this.superGroup = str2;
    }

    public void checkPermission(MountTable mountTable, FsAction fsAction) throws AccessControlException {
        if (isSuperUser()) {
            return;
        }
        FsPermission mode = mountTable.getMode();
        if (getUser().equals(mountTable.getOwnerName()) && mode.getUserAction().implies(fsAction)) {
            return;
        }
        if (isMemberOfGroup(mountTable.getGroupName()) && mode.getGroupAction().implies(fsAction)) {
            return;
        }
        if (getUser().equals(mountTable.getOwnerName()) || isMemberOfGroup(mountTable.getGroupName()) || !mode.getOtherAction().implies(fsAction)) {
            throw new AccessControlException("Permission denied while accessing mount table " + mountTable.getSourcePath() + ": user " + getUser() + " does not have " + fsAction.toString() + " permissions.");
        }
    }

    public void checkSuperuserPrivilege() throws AccessControlException {
        UserGroupInformation userGroupInformation = null;
        try {
            userGroupInformation = NameNode.getRemoteUser();
        } catch (IOException e) {
        }
        if (userGroupInformation == null) {
            LOG.error("Cannot get the remote user name");
            throw new AccessControlException("Cannot get the remote user name");
        }
        if (!userGroupInformation.getUserName().equals(this.superUser) && !userGroupInformation.getGroupsSet().contains(this.superGroup)) {
            throw new AccessControlException(userGroupInformation.getUserName() + " is not a super user");
        }
    }
}
