package com.google.cloud.hadoop.repackaged.gcs.io.grpc.alts;

import com.google.cloud.hadoop.repackaged.gcs.io.grpc.ServerCall;
import com.google.cloud.hadoop.repackaged.gcs.io.grpc.Status;
import com.google.cloud.hadoop.repackaged.gcs.io.grpc.alts.internal.AltsAuthContext;
import com.google.cloud.hadoop.repackaged.gcs.io.grpc.alts.internal.AltsProtocolNegotiator;
import java.util.Collection;

/* loaded from: input_file:com/google/cloud/hadoop/repackaged/gcs/io/grpc/alts/AuthorizationUtil.class */
public final class AuthorizationUtil {
    private AuthorizationUtil() {
    }

    public static Status clientAuthorizationCheck(ServerCall<?, ?> serverCall, Collection<String> collection) {
        AltsAuthContext altsAuthContext = (AltsAuthContext) serverCall.getAttributes().get(AltsProtocolNegotiator.AUTH_CONTEXT_KEY);
        return altsAuthContext == null ? Status.PERMISSION_DENIED.withDescription("Peer ALTS AuthContext not found") : collection.contains(altsAuthContext.getPeerServiceAccount()) ? Status.OK : Status.PERMISSION_DENIED.withDescription("Client " + altsAuthContext.getPeerServiceAccount() + " is not authorized");
    }
}
