package org.apache.tajo.master.rule;

import java.util.Arrays;
import java.util.List;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.tajo.conf.TajoConf;
import org.apache.tajo.master.TajoMaster;
import org.apache.tajo.rule.EvaluationContext;
import org.apache.tajo.rule.EvaluationResult;
import org.apache.tajo.rule.SelfDiagnosisRule;
import org.apache.tajo.rule.SelfDiagnosisRuleDefinition;
import org.apache.tajo.rule.SelfDiagnosisRuleVisibility;

@SelfDiagnosisRuleVisibility.LimitedPrivate(acceptedCallers = {TajoMaster.class})
@SelfDiagnosisRuleDefinition(category = "master", name = "FileSystemRule")
/* loaded from: input_file:org/apache/tajo/master/rule/FileSystemRule.class */
public class FileSystemRule implements SelfDiagnosisRule {
    private void canAccessToPath(FileStatus fileStatus, FsAction fsAction) throws Exception {
        FsPermission permission = fileStatus.getPermission();
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        String shortUserName = currentUser.getShortUserName();
        List asList = Arrays.asList(currentUser.getGroupNames());
        if (shortUserName.equals(fileStatus.getOwner())) {
            if (permission.getUserAction().implies(fsAction)) {
                return;
            }
        } else if (asList.contains(fileStatus.getGroup())) {
            if (permission.getGroupAction().implies(fsAction)) {
                return;
            }
        } else if (permission.getOtherAction().implies(fsAction)) {
            return;
        }
        Object[] objArr = new Object[6];
        objArr[0] = shortUserName;
        objArr[1] = fileStatus.getPath();
        objArr[2] = fileStatus.getOwner();
        objArr[3] = fileStatus.getGroup();
        objArr[4] = fileStatus.isDirectory() ? "d" : "-";
        objArr[5] = permission;
        throw new AccessControlException(String.format("Permission denied: user=%s, path=\"%s\":%s:%s:%s%s", objArr));
    }

    private void checkAccessControlOnTajoPaths(TajoConf tajoConf) throws Exception {
        Path tajoRootDir = TajoConf.getTajoRootDir(tajoConf);
        FileSystem fileSystem = tajoRootDir.getFileSystem(tajoConf);
        canAccessToPath(fileSystem.getFileStatus(tajoRootDir), FsAction.READ_WRITE);
        canAccessToPath(fileSystem.getFileStatus(TajoConf.getSystemDir(tajoConf)), FsAction.READ_WRITE);
        canAccessToPath(fileSystem.getFileStatus(TajoConf.getSystemResourceDir(tajoConf)), FsAction.READ_WRITE);
        canAccessToPath(fileSystem.getFileStatus(TajoConf.getWarehouseDir(tajoConf)), FsAction.READ_WRITE);
        canAccessToPath(fileSystem.getFileStatus(TajoConf.getDefaultRootStagingDir(tajoConf)), FsAction.READ_WRITE);
    }

    public EvaluationResult evaluate(EvaluationContext evaluationContext) {
        EvaluationResult evaluationResult = new EvaluationResult();
        Object parameter = evaluationContext.getParameter(TajoConf.class.getName());
        if (parameter == null || !(parameter instanceof TajoConf)) {
            evaluationResult.setReturnCode(EvaluationResult.EvaluationResultCode.ERROR);
            evaluationResult.setMessage("Tajo Configuration is null or not a Configuration Type.");
        } else {
            try {
                checkAccessControlOnTajoPaths((TajoConf) parameter);
                evaluationResult.setReturnCode(EvaluationResult.EvaluationResultCode.OK);
            } catch (Exception e) {
                evaluationResult.setReturnCode(EvaluationResult.EvaluationResultCode.ERROR);
                evaluationResult.setMessage("Current User cannot access to this filesystem.");
                evaluationResult.setThrowable(e);
            }
        }
        return evaluationResult;
    }
}
