package org.apache.falcon.security;

import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import org.apache.commons.lang3.StringUtils;
import org.apache.falcon.FalconException;
import org.apache.falcon.entity.v0.Entity;
import org.apache.falcon.util.ReflectionUtils;
import org.apache.falcon.util.StartupProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;

/* loaded from: input_file:WEB-INF/lib/falcon-common-0.8.jar:org/apache/falcon/security/SecurityUtil.class */
public final class SecurityUtil {
    private static final String CONFIG_PREFIX = "falcon.authentication.";
    public static final String AUTHENTICATION_TYPE = "falcon.authentication.type";
    public static final String NN_PRINCIPAL = "dfs.namenode.kerberos.principal";
    public static final String HIVE_METASTORE_KERBEROS_PRINCIPAL = "hive.metastore.kerberos.principal";
    public static final String METASTORE_USE_THRIFT_SASL = "hive.metastore.sasl.enabled";
    public static final String METASTORE_PRINCIPAL = "hcat.metastore.principal";
    private static final Logger LOG = LoggerFactory.getLogger(SecurityUtil.class);

    private SecurityUtil() {
    }

    public static String getAuthenticationType() {
        return StartupProperties.get().getProperty(AUTHENTICATION_TYPE, BeanDefinitionParserDelegate.DEPENDENCY_CHECK_SIMPLE_ATTRIBUTE_VALUE);
    }

    public static boolean isSecurityEnabled() {
        boolean z;
        String property = StartupProperties.get().getProperty(AUTHENTICATION_TYPE, BeanDefinitionParserDelegate.DEPENDENCY_CHECK_SIMPLE_ATTRIBUTE_VALUE);
        if (property == null || BeanDefinitionParserDelegate.DEPENDENCY_CHECK_SIMPLE_ATTRIBUTE_VALUE.equals(property)) {
            z = false;
        } else {
            if (!"kerberos".equals(property)) {
                throw new IllegalArgumentException("Invalid attribute value for falcon.authentication.type of " + property);
            }
            z = true;
        }
        return z;
    }

    public static String getLocalHostName() throws UnknownHostException {
        return InetAddress.getLocalHost().getCanonicalHostName();
    }

    public static boolean isAuthorizationEnabled() {
        return Boolean.valueOf(StartupProperties.get().getProperty("falcon.security.authorization.enabled", "false")).booleanValue();
    }

    public static AuthorizationProvider getAuthorizationProvider() throws FalconException {
        return (AuthorizationProvider) ReflectionUtils.getInstanceByClassName(StartupProperties.get().getProperty("falcon.security.authorization.provider", "org.apache.falcon.security.DefaultAuthorizationProvider"));
    }

    public static void tryProxy(Entity entity, String str) throws IOException, FalconException {
        if (entity == null || entity.getACL() == null || !isAuthorizationEnabled()) {
            return;
        }
        String owner = entity.getACL().getOwner();
        String group = entity.getACL().getGroup();
        if (StringUtils.isNotEmpty(str)) {
            if (str.equalsIgnoreCase(owner)) {
                return;
            }
            LOG.warn("doAs user {} not same as acl owner {}. Ignoring acl owner.", str, owner);
            throw new FalconException("doAs user and ACL owner mismatch. doAs user " + str + " should be same as ACL owner " + owner);
        }
        if (getAuthorizationProvider().shouldProxy(CurrentUser.getAuthenticatedUGI(), owner, group)) {
            CurrentUser.proxy(owner, group);
        }
    }
}
