package com.facebook.presto.hive.$internal.org.apache.hadoop.security.authorize;

import com.facebook.presto.hive.$internal.org.apache.commons.logging.Log;
import com.facebook.presto.hive.$internal.org.apache.commons.logging.LogFactory;
import com.facebook.presto.hive.$internal.org.apache.hadoop.conf.Configurable;
import com.facebook.presto.hive.$internal.org.apache.hadoop.conf.Configuration;
import com.facebook.presto.hive.$internal.org.apache.hadoop.security.Group;
import com.facebook.presto.hive.$internal.org.apache.hadoop.security.SecurityUtil;
import com.facebook.presto.hive.$internal.org.apache.hadoop.security.User;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/facebook/presto/hive/$internal/org/apache/hadoop/security/authorize/ConfiguredPolicy.class */
public class ConfiguredPolicy extends Policy implements Configurable {
    public static final String HADOOP_POLICY_FILE = "hadoop-policy.xml";
    private static final Log LOG = LogFactory.getLog(ConfiguredPolicy.class);
    private Configuration conf;
    private PolicyProvider policyProvider;
    private volatile Map<Principal, Set<Permission>> permissions;
    private volatile Set<Permission> allowedPermissions;

    public ConfiguredPolicy(Configuration configuration, PolicyProvider policyProvider) {
        this.conf = configuration;
        this.policyProvider = policyProvider;
        refresh();
    }

    @Override // com.facebook.presto.hive.$internal.org.apache.hadoop.conf.Configurable
    public Configuration getConf() {
        return this.conf;
    }

    @Override // com.facebook.presto.hive.$internal.org.apache.hadoop.conf.Configurable
    public void setConf(Configuration configuration) {
        this.conf = configuration;
        refresh();
    }

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        if (protectionDomain.getPrincipals().length == 0) {
            return true;
        }
        return super.implies(protectionDomain, permission);
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        PermissionCollection permissions = super.getPermissions(protectionDomain);
        for (Principal principal : protectionDomain.getPrincipals()) {
            Set<Permission> set = this.permissions.get(principal);
            if (set != null) {
                Iterator<Permission> it = set.iterator();
                while (it.hasNext()) {
                    permissions.add(it.next());
                }
            }
            Iterator<Permission> it2 = this.allowedPermissions.iterator();
            while (it2.hasNext()) {
                permissions.add(it2.next());
            }
        }
        return permissions;
    }

    @Override // java.security.Policy
    public void refresh() {
        String property = System.getProperty("hadoop.policy.file", HADOOP_POLICY_FILE);
        Configuration configuration = new Configuration(this.conf);
        configuration.addResource(property);
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        Service[] services = this.policyProvider.getServices();
        if (services != null) {
            for (Service service : services) {
                SecurityUtil.AccessControlList accessControlList = new SecurityUtil.AccessControlList(configuration.get(service.getServiceKey(), "*"));
                if (accessControlList.allAllowed()) {
                    hashSet.add(service.getPermission());
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Policy - " + service.getPermission() + " * ");
                    }
                } else {
                    Iterator<String> it = accessControlList.getUsers().iterator();
                    while (it.hasNext()) {
                        addPermission(hashMap, new User(it.next()), service.getPermission());
                    }
                    Iterator<String> it2 = accessControlList.getGroups().iterator();
                    while (it2.hasNext()) {
                        addPermission(hashMap, new Group(it2.next()), service.getPermission());
                    }
                }
            }
        }
        this.allowedPermissions = hashSet;
        this.permissions = hashMap;
    }

    private void addPermission(Map<Principal, Set<Permission>> map, Principal principal, Permission permission) {
        Set<Permission> set = map.get(principal);
        if (set == null) {
            set = new HashSet();
            map.put(principal, set);
        }
        set.add(permission);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Policy - Adding  " + permission + " to " + principal);
        }
    }
}
