package org.apache.hadoop.hdfs.server.namenode;

import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.fs.XAttr;
import org.apache.hadoop.hdfs.XAttrHelper;
import org.apache.hadoop.hdfs.server.common.HdfsServerConstants;
import org.apache.hadoop.security.AccessControlException;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hadoop/hdfs/server/namenode/XAttrPermissionFilter.class */
public class XAttrPermissionFilter {
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void checkPermissionForApi(FSPermissionChecker fSPermissionChecker, XAttr xAttr, boolean z) throws AccessControlException {
        boolean isSuperUser = fSPermissionChecker.isSuperUser();
        if (xAttr.getNameSpace() != XAttr.NameSpace.USER) {
            if (xAttr.getNameSpace() == XAttr.NameSpace.TRUSTED && isSuperUser) {
                return;
            }
            if (xAttr.getNameSpace() == XAttr.NameSpace.RAW && z && isSuperUser) {
                return;
            }
            if (!XAttrHelper.getPrefixedName(xAttr).equals(HdfsServerConstants.SECURITY_XATTR_UNREADABLE_BY_SUPERUSER)) {
                throw new AccessControlException("User doesn't have permission for xattr: " + XAttrHelper.getPrefixedName(xAttr));
            }
            if (xAttr.getValue() != null) {
                throw new AccessControlException("Attempt to set a value for 'security.hdfs.unreadable.by.superuser'. Values are not allowed for this xattr.");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void checkPermissionForApi(FSPermissionChecker fSPermissionChecker, List<XAttr> list, boolean z) throws AccessControlException {
        Preconditions.checkArgument(list != null);
        if (list.isEmpty()) {
            return;
        }
        Iterator<XAttr> it = list.iterator();
        while (it.hasNext()) {
            checkPermissionForApi(fSPermissionChecker, it.next(), z);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<XAttr> filterXAttrsForApi(FSPermissionChecker fSPermissionChecker, List<XAttr> list, boolean z) {
        if (!$assertionsDisabled && list == null) {
            throw new AssertionError("xAttrs can not be null");
        }
        if (list.isEmpty()) {
            return list;
        }
        ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(list.size());
        boolean isSuperUser = fSPermissionChecker.isSuperUser();
        for (XAttr xAttr : list) {
            if (xAttr.getNameSpace() == XAttr.NameSpace.USER) {
                newArrayListWithCapacity.add(xAttr);
            } else if (xAttr.getNameSpace() == XAttr.NameSpace.TRUSTED && isSuperUser) {
                newArrayListWithCapacity.add(xAttr);
            } else if (xAttr.getNameSpace() == XAttr.NameSpace.RAW && isSuperUser && z) {
                newArrayListWithCapacity.add(xAttr);
            } else if (XAttrHelper.getPrefixedName(xAttr).equals(HdfsServerConstants.SECURITY_XATTR_UNREADABLE_BY_SUPERUSER)) {
                newArrayListWithCapacity.add(xAttr);
            }
        }
        return newArrayListWithCapacity;
    }

    static {
        $assertionsDisabled = !XAttrPermissionFilter.class.desiredAssertionStatus();
    }
}
