package org.apache.hadoop.security.authorize;

import java.net.InetAddress;
import java.util.Collection;
import java.util.Iterator;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hadoop/security/authorize/ProxyUsers.class */
public class ProxyUsers {
    public static String getProxySuperuserGroupConfKey(String str) {
        return "hadoop.proxyuser." + str + ".users";
    }

    public static String getProxySuperuserIpConfKey(String str) {
        return "hadoop.proxyuser." + str + ".ip-addresses";
    }

    public static void authorize(UserGroupInformation userGroupInformation, String str, Configuration configuration) throws AuthorizationException {
        if (userGroupInformation.getRealUser() == null) {
            return;
        }
        boolean z = false;
        UserGroupInformation realUser = userGroupInformation.getRealUser();
        Collection<String> stringCollection = configuration.getStringCollection(getProxySuperuserGroupConfKey(realUser.getShortUserName()));
        if (!stringCollection.isEmpty()) {
            String[] groupNames = userGroupInformation.getGroupNames();
            int length = groupNames.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (stringCollection.contains(groupNames[i])) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        if (!z) {
            throw new AuthorizationException("User: " + realUser.getUserName() + " is not allowed to impersonate " + userGroupInformation.getUserName());
        }
        Collection<String> stringCollection2 = configuration.getStringCollection(getProxySuperuserIpConfKey(realUser.getShortUserName()));
        if (!stringCollection2.isEmpty()) {
            Iterator<String> it = stringCollection2.iterator();
            while (it.hasNext()) {
                if (InetAddress.getByName(it.next()).getHostAddress().equals(str)) {
                    return;
                }
            }
        }
        throw new AuthorizationException("Unauthorized connection for super-user: " + realUser.getUserName() + " from IP " + str);
    }
}
