package org.apache.hadoop.hdds.server;

import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Set;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;

/* loaded from: input_file:org/apache/hadoop/hdds/server/OzoneAdmins.class */
public class OzoneAdmins {
    private volatile Set<String> adminUsernames;
    private final Set<String> adminGroups;

    public OzoneAdmins(Collection<String> collection) {
        this(collection, null);
    }

    public OzoneAdmins(Collection<String> collection, Collection<String> collection2) {
        setAdminUsernames(collection);
        this.adminGroups = collection2 != null ? Collections.unmodifiableSet(new LinkedHashSet(collection2)) : Collections.emptySet();
    }

    public static OzoneAdmins getOzoneAdmins(String str, OzoneConfiguration ozoneConfiguration) {
        return new OzoneAdmins(getOzoneAdminsFromConfig(ozoneConfiguration, str), getOzoneAdminsGroupsFromConfig(ozoneConfiguration));
    }

    public static OzoneAdmins getReadonlyAdmins(OzoneConfiguration ozoneConfiguration) {
        return new OzoneAdmins(getOzoneReadOnlyAdminsFromConfig(ozoneConfiguration), getOzoneReadOnlyAdminsGroupsFromConfig(ozoneConfiguration));
    }

    public void checkAdminUserPrivilege(UserGroupInformation userGroupInformation) throws AccessControlException {
        if (userGroupInformation != null && !isAdmin(userGroupInformation)) {
            throw new AccessControlException("Access denied for user " + userGroupInformation.getUserName() + ". Superuser privilege is required.");
        }
    }

    private boolean hasAdminGroup(Collection<String> collection) {
        return !Sets.intersection(this.adminGroups, new LinkedHashSet(collection)).isEmpty();
    }

    public boolean isAdmin(UserGroupInformation userGroupInformation) {
        return userGroupInformation != null && (this.adminUsernames.contains("*") || this.adminUsernames.contains(userGroupInformation.getShortUserName()) || hasAdminGroup(userGroupInformation.getGroups()));
    }

    public Collection<String> getAdminGroups() {
        return this.adminGroups;
    }

    public Set<String> getAdminUsernames() {
        return this.adminUsernames;
    }

    public void setAdminUsernames(Collection<String> collection) {
        this.adminUsernames = collection != null ? Collections.unmodifiableSet(new LinkedHashSet(collection)) : Collections.emptySet();
    }

    public static Collection<String> getOzoneAdminsFromConfig(OzoneConfiguration ozoneConfiguration, String str) {
        Collection<String> trimmedStringCollection = ozoneConfiguration.getTrimmedStringCollection("ozone.administrators");
        if (!trimmedStringCollection.contains(str)) {
            trimmedStringCollection.add(str);
        }
        return trimmedStringCollection;
    }

    public static Collection<String> getOzoneAdminsGroupsFromConfig(OzoneConfiguration ozoneConfiguration) {
        return ozoneConfiguration.getTrimmedStringCollection("ozone.administrators.groups");
    }

    public static Collection<String> getOzoneReadOnlyAdminsFromConfig(OzoneConfiguration ozoneConfiguration) {
        return ozoneConfiguration.getTrimmedStringCollection("ozone.readonly.administrators");
    }

    public static Collection<String> getOzoneReadOnlyAdminsGroupsFromConfig(OzoneConfiguration ozoneConfiguration) {
        return ozoneConfiguration.getTrimmedStringCollection("ozone.readonly.administrators.groups");
    }
}
