package org.apache.hadoop.crypto.key.kms.server;

import com.cloudera.keytrustee.TrusteeKeyProviderConfiguration;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AccessControlList;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/crypto/key/kms/server/TrusteeACLs.class */
public class TrusteeACLs implements Runnable {
    private static final Logger LOG = LoggerFactory.getLogger(TrusteeACLs.class);
    private static final String ALLOW_NONE = "";
    public static final String ACL_DEFAULT = "";
    public static final int RELOADER_SLEEP_MILLIS = 1000;
    private volatile Map<Type, AccessControlList> acls;
    private ScheduledExecutorService executorService;
    private long lastReload;

    /* loaded from: input_file:org/apache/hadoop/crypto/key/kms/server/TrusteeACLs$Type.class */
    public enum Type {
        UNDELETE,
        PURGE,
        MIGRATE;

        public String getConfigKey() {
            return "keytrustee.kms.acl." + toString();
        }
    }

    TrusteeACLs(Configuration configuration) {
        setACLs(configuration == null ? loadACLs() : configuration);
    }

    public TrusteeACLs() {
        this(null);
    }

    private void setACLs(Configuration configuration) {
        HashMap hashMap = new HashMap();
        for (Type type : Type.values()) {
            String str = configuration.get(type.getConfigKey(), "");
            hashMap.put(type, new AccessControlList(str));
            LOG.info("'{}' ACL '{}'", type, str);
        }
        this.acls = hashMap;
    }

    @Override // java.lang.Runnable
    public void run() {
        try {
            if (KMSConfiguration.isACLsFileNewer(this.lastReload)) {
                setACLs(loadACLs());
            }
        } catch (Exception e) {
            LOG.warn("Could not reload ACLs file: " + e.toString(), e);
        }
    }

    public synchronized void startReloader() {
        if (this.executorService == null) {
            this.executorService = Executors.newScheduledThreadPool(1);
            this.executorService.scheduleAtFixedRate(this, 1000L, 1000L, TimeUnit.MILLISECONDS);
        }
    }

    public synchronized void stopReloader() {
        if (this.executorService != null) {
            this.executorService.shutdownNow();
            this.executorService = null;
        }
    }

    private Configuration loadACLs() {
        LOG.debug("Loading ACLs file");
        this.lastReload = System.currentTimeMillis();
        Configuration aCLsConf = TrusteeKeyProviderConfiguration.getACLsConf();
        aCLsConf.get(Type.UNDELETE.getConfigKey());
        return aCLsConf;
    }

    public boolean hasAccess(Type type, UserGroupInformation userGroupInformation) {
        return this.acls.get(type).isUserAllowed(userGroupInformation);
    }
}
