package com.facebook.presto.hive.$internal.org.apache.hadoop.security.authorize;

import com.facebook.presto.hive.$internal.org.apache.commons.logging.Log;
import com.facebook.presto.hive.$internal.org.apache.commons.logging.LogFactory;
import com.facebook.presto.hive.$internal.org.apache.hadoop.security.UserGroupInformation;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;

/* loaded from: input_file:com/facebook/presto/hive/$internal/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.class */
public class ServiceAuthorizationManager {
    public static final String SERVICE_AUTHORIZATION_CONFIG = "hadoop.security.authorization";
    private static final Log LOG = LogFactory.getLog(ServiceAuthorizationManager.class);
    private static Map<Class<?>, Permission> protocolToPermissionMap = Collections.synchronizedMap(new HashMap());

    public static void authorize(Subject subject, Class<?> cls) throws AuthorizationException {
        Permission permission = protocolToPermissionMap.get(cls);
        if (permission == null) {
            permission = new ConnectionPermission(cls);
            protocolToPermissionMap.put(cls, permission);
        }
        checkPermission(subject, permission);
    }

    private static void checkPermission(Subject subject, final Permission... permissionArr) throws AuthorizationException {
        try {
            Subject.doAs(subject, new PrivilegedExceptionAction<Void>() { // from class: com.facebook.presto.hive.$internal.org.apache.hadoop.security.authorize.ServiceAuthorizationManager.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    try {
                        for (Permission permission : permissionArr) {
                            AccessController.checkPermission(permission);
                        }
                        return null;
                    } catch (AccessControlException e) {
                        ServiceAuthorizationManager.LOG.info("Authorization failed for " + UserGroupInformation.getCurrentUGI(), e);
                        throw new AuthorizationException(e);
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            throw new AuthorizationException(e.getException());
        }
    }
}
