package com.hortonworks.registries.schemaregistry.authorizer.agent;

import com.google.common.annotations.VisibleForTesting;
import com.hortonworks.registries.schemaregistry.AggregatedSchemaBranch;
import com.hortonworks.registries.schemaregistry.AggregatedSchemaMetadataInfo;
import com.hortonworks.registries.schemaregistry.ISchemaRegistry;
import com.hortonworks.registries.schemaregistry.SchemaBranch;
import com.hortonworks.registries.schemaregistry.SchemaIdVersion;
import com.hortonworks.registries.schemaregistry.SchemaMetadata;
import com.hortonworks.registries.schemaregistry.SchemaMetadataInfo;
import com.hortonworks.registries.schemaregistry.SchemaVersionInfo;
import com.hortonworks.registries.schemaregistry.SchemaVersionKey;
import com.hortonworks.registries.schemaregistry.authorizer.AuthorizerFactory;
import com.hortonworks.registries.schemaregistry.authorizer.core.Authorizer;
import com.hortonworks.registries.schemaregistry.authorizer.exception.AuthorizationException;
import com.hortonworks.registries.schemaregistry.errors.SchemaNotFoundException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Comparator;
import java.util.Iterator;
import java.util.Map;
import javax.ws.rs.NotSupportedException;

/* loaded from: input_file:com/hortonworks/registries/schemaregistry/authorizer/agent/DefaultAuthorizationAgent.class */
public class DefaultAuthorizationAgent implements AuthorizationAgent {
    private Authorizer authorizer;

    /* loaded from: input_file:com/hortonworks/registries/schemaregistry/authorizer/agent/DefaultAuthorizationAgent$AlreadyConfiguredException.class */
    public static class AlreadyConfiguredException extends RuntimeException {
        public AlreadyConfiguredException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/hortonworks/registries/schemaregistry/authorizer/agent/DefaultAuthorizationAgent$EntityFilterFunction.class */
    public interface EntityFilterFunction<T> {
        T filter(T t) throws AuthorizationException, SchemaNotFoundException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/hortonworks/registries/schemaregistry/authorizer/agent/DefaultAuthorizationAgent$EntityToAuthorizerResourceMapFunc.class */
    public interface EntityToAuthorizerResourceMapFunc<T> {
        Authorizer.Resource map(T t) throws SchemaNotFoundException;
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public void configure(Map<String, Object> map) {
        synchronized (DefaultAuthorizationAgent.class) {
            if (this.authorizer != null) {
                throw new AlreadyConfiguredException("DefaultAuthorizationAgent is already configured");
            }
            this.authorizer = AuthorizerFactory.getAuthorizer(map);
        }
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public Collection<AggregatedSchemaMetadataInfo> authorizeGetAggregatedSchemaList(Authorizer.UserAndGroups userAndGroups, Collection<AggregatedSchemaMetadataInfo> collection) throws SchemaNotFoundException {
        return removeUnauthorizedAndNullEntities(collection, aggregatedSchemaMetadataInfo -> {
            return authorizeGetAggregatedSchemaInfo(userAndGroups, aggregatedSchemaMetadataInfo);
        });
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public AggregatedSchemaMetadataInfo authorizeGetAggregatedSchemaInfo(Authorizer.UserAndGroups userAndGroups, AggregatedSchemaMetadataInfo aggregatedSchemaMetadataInfo) throws AuthorizationException, SchemaNotFoundException {
        SchemaMetadata schemaMetadata = aggregatedSchemaMetadataInfo.getSchemaMetadata();
        authorizeSchemaMetadata(userAndGroups, schemaMetadata, Authorizer.AccessType.READ);
        Collection removeUnauthorizedAndNullEntities = removeUnauthorizedAndNullEntities(aggregatedSchemaMetadataInfo.getSchemaBranches(), aggregatedSchemaBranch -> {
            return authorizeGetAggregatedBranch(schemaMetadata, userAndGroups, aggregatedSchemaBranch);
        });
        Collection serDesInfos = aggregatedSchemaMetadataInfo.getSerDesInfos();
        if (serDesInfos != null && !serDesInfos.isEmpty() && !this.authorizer.authorize(new Authorizer.SerdeResource(), Authorizer.AccessType.READ, userAndGroups)) {
            serDesInfos = new ArrayList();
        }
        return new AggregatedSchemaMetadataInfo(schemaMetadata, aggregatedSchemaMetadataInfo.getId(), aggregatedSchemaMetadataInfo.getTimestamp(), removeUnauthorizedAndNullEntities, serDesInfos);
    }

    private AggregatedSchemaBranch authorizeGetAggregatedBranch(SchemaMetadata schemaMetadata, Authorizer.UserAndGroups userAndGroups, AggregatedSchemaBranch aggregatedSchemaBranch) throws AuthorizationException {
        String schemaGroup = schemaMetadata.getSchemaGroup();
        String name = schemaMetadata.getName();
        String name2 = aggregatedSchemaBranch.getSchemaBranch().getName();
        authorize(new Authorizer.SchemaBranchResource(schemaGroup, name, name2), Authorizer.AccessType.READ, userAndGroups);
        authorize(new Authorizer.SchemaVersionResource(schemaGroup, name, name2), Authorizer.AccessType.READ, userAndGroups);
        return aggregatedSchemaBranch;
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public Collection<SchemaMetadataInfo> authorizeFindSchemas(Authorizer.UserAndGroups userAndGroups, Collection<SchemaMetadataInfo> collection) throws SchemaNotFoundException {
        return authorizeGetEntities(userAndGroups, collection, schemaMetadataInfo -> {
            SchemaMetadata schemaMetadata = schemaMetadataInfo.getSchemaMetadata();
            return new Authorizer.SchemaMetadataResource(schemaMetadata.getSchemaGroup(), schemaMetadata.getName());
        });
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public Collection<SchemaVersionKey> authorizeFindSchemasByFields(Authorizer.UserAndGroups userAndGroups, ISchemaRegistry iSchemaRegistry, Collection<SchemaVersionKey> collection) throws SchemaNotFoundException {
        return authorizeGetEntities(userAndGroups, collection, schemaVersionKey -> {
            String schemaName = schemaVersionKey.getSchemaName();
            return new Authorizer.SchemaVersionResource(iSchemaRegistry.getSchemaMetadataInfo(schemaName).getSchemaMetadata().getSchemaGroup(), schemaName, getPrimaryBranch(iSchemaRegistry.getSchemaBranchesForVersion(iSchemaRegistry.getSchemaVersionInfo(schemaVersionKey).getId())));
        });
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public void authorizeDeleteSchemaMetadata(Authorizer.UserAndGroups userAndGroups, ISchemaRegistry iSchemaRegistry, String str) throws AuthorizationException, SchemaNotFoundException {
        SchemaMetadataInfo schemaMetadataInfo = iSchemaRegistry.getSchemaMetadataInfo(str);
        if (schemaMetadataInfo == null) {
            throw new SchemaNotFoundException("No SchemaMetadata exists with key: " + str);
        }
        authorize(new Authorizer.SchemaMetadataResource(schemaMetadataInfo.getSchemaMetadata().getSchemaGroup(), str), Authorizer.AccessType.DELETE, userAndGroups);
        Collection schemaBranches = iSchemaRegistry.getSchemaBranches(str);
        if (schemaBranches != null) {
            Iterator it = schemaBranches.iterator();
            while (it.hasNext()) {
                authorizeDeleteSchemaBranch(userAndGroups, iSchemaRegistry.getSchemaBranch(((SchemaBranch) it.next()).getId()), schemaMetadataInfo);
            }
        }
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public void authorizeSchemaMetadata(Authorizer.UserAndGroups userAndGroups, ISchemaRegistry iSchemaRegistry, String str, Authorizer.AccessType accessType) throws AuthorizationException, SchemaNotFoundException {
        SchemaMetadataInfo schemaMetadataInfo = iSchemaRegistry.getSchemaMetadataInfo(str);
        if (schemaMetadataInfo == null) {
            throw new SchemaNotFoundException("No SchemaMetadata exists with key: " + str);
        }
        authorizeSchemaMetadata(userAndGroups, schemaMetadataInfo, accessType);
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public void authorizeSchemaMetadata(Authorizer.UserAndGroups userAndGroups, SchemaMetadataInfo schemaMetadataInfo, Authorizer.AccessType accessType) throws AuthorizationException {
        authorizeSchemaMetadata(userAndGroups, schemaMetadataInfo.getSchemaMetadata(), accessType);
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public void authorizeSchemaMetadata(Authorizer.UserAndGroups userAndGroups, SchemaMetadata schemaMetadata, Authorizer.AccessType accessType) throws AuthorizationException {
        authorize(new Authorizer.SchemaMetadataResource(schemaMetadata.getSchemaGroup(), schemaMetadata.getName()), accessType, userAndGroups);
        if (accessType == Authorizer.AccessType.DELETE) {
            throw new NotSupportedException("AccessType.DELETE is not supported for authorizeSchemaMetadata method");
        }
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public void authorizeCreateSchemaBranch(Authorizer.UserAndGroups userAndGroups, ISchemaRegistry iSchemaRegistry, String str, Long l, String str2) throws AuthorizationException, SchemaNotFoundException {
        SchemaMetadata schemaMetadata = iSchemaRegistry.getSchemaMetadataInfo(str).getSchemaMetadata();
        String schemaGroup = schemaMetadata.getSchemaGroup();
        String name = schemaMetadata.getName();
        authorize(new Authorizer.SchemaBranchResource(schemaGroup, name, str2), Authorizer.AccessType.CREATE, userAndGroups);
        Collection<SchemaBranch> schemaBranchesForVersion = iSchemaRegistry.getSchemaBranchesForVersion(l);
        if (schemaBranchesForVersion.isEmpty()) {
            throw new SchemaNotFoundException("Schema version with id : " + l + " not found");
        }
        authorize(new Authorizer.SchemaVersionResource(schemaGroup, name, getPrimaryBranch(schemaBranchesForVersion)), Authorizer.AccessType.READ, userAndGroups);
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public void authorizeDeleteSchemaBranch(Authorizer.UserAndGroups userAndGroups, ISchemaRegistry iSchemaRegistry, Long l) throws AuthorizationException {
        SchemaBranch schemaBranch = iSchemaRegistry.getSchemaBranch(l);
        authorizeDeleteSchemaBranch(userAndGroups, schemaBranch, iSchemaRegistry.getSchemaMetadataInfo(schemaBranch.getSchemaMetadataName()));
    }

    private void authorizeDeleteSchemaBranch(Authorizer.UserAndGroups userAndGroups, SchemaBranch schemaBranch, SchemaMetadataInfo schemaMetadataInfo) throws AuthorizationException {
        SchemaMetadata schemaMetadata = schemaMetadataInfo.getSchemaMetadata();
        String schemaGroup = schemaMetadata.getSchemaGroup();
        String name = schemaMetadata.getName();
        String name2 = schemaBranch.getName();
        authorize(new Authorizer.SchemaBranchResource(schemaGroup, name, name2), Authorizer.AccessType.DELETE, userAndGroups);
        authorize(new Authorizer.SchemaVersionResource(schemaGroup, name, name2), Authorizer.AccessType.DELETE, userAndGroups);
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public Collection<SchemaBranch> authorizeGetAllBranches(Authorizer.UserAndGroups userAndGroups, ISchemaRegistry iSchemaRegistry, String str, Collection<SchemaBranch> collection) throws SchemaNotFoundException {
        SchemaMetadataInfo schemaMetadataInfo = iSchemaRegistry.getSchemaMetadataInfo(str);
        if (schemaMetadataInfo == null) {
            throw new SchemaNotFoundException("No SchemaMetadata exists with key: " + str);
        }
        String schemaGroup = schemaMetadataInfo.getSchemaMetadata().getSchemaGroup();
        return authorizeGetEntities(userAndGroups, collection, schemaBranch -> {
            return new Authorizer.SchemaBranchResource(schemaGroup, str, schemaBranch.getName());
        });
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public void authorizeSchemaVersion(Authorizer.UserAndGroups userAndGroups, ISchemaRegistry iSchemaRegistry, SchemaIdVersion schemaIdVersion, Authorizer.AccessType accessType) throws AuthorizationException, SchemaNotFoundException {
        authorizeSchemaVersion(userAndGroups, iSchemaRegistry, iSchemaRegistry.getSchemaVersionInfo(schemaIdVersion), accessType);
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public void authorizeSchemaVersion(Authorizer.UserAndGroups userAndGroups, ISchemaRegistry iSchemaRegistry, Long l, Authorizer.AccessType accessType) throws AuthorizationException, SchemaNotFoundException {
        authorizeSchemaVersion(userAndGroups, iSchemaRegistry, iSchemaRegistry.getSchemaVersionInfo(new SchemaIdVersion(l)), accessType);
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public void authorizeSchemaVersion(Authorizer.UserAndGroups userAndGroups, ISchemaRegistry iSchemaRegistry, SchemaVersionKey schemaVersionKey, Authorizer.AccessType accessType) throws AuthorizationException, SchemaNotFoundException {
        authorizeSchemaVersion(userAndGroups, iSchemaRegistry, iSchemaRegistry.getSchemaVersionInfo(schemaVersionKey), accessType);
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public void authorizeSchemaVersion(Authorizer.UserAndGroups userAndGroups, ISchemaRegistry iSchemaRegistry, SchemaVersionInfo schemaVersionInfo, Authorizer.AccessType accessType) throws AuthorizationException {
        authorizeSchemaVersion(userAndGroups, iSchemaRegistry.getSchemaMetadataInfo(schemaVersionInfo.getSchemaMetadataId()), getPrimaryBranch(iSchemaRegistry.getSchemaBranchesForVersion(schemaVersionInfo.getId())), accessType);
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public void authorizeSchemaVersion(Authorizer.UserAndGroups userAndGroups, ISchemaRegistry iSchemaRegistry, String str, String str2, Authorizer.AccessType accessType) throws AuthorizationException, SchemaNotFoundException {
        SchemaMetadataInfo schemaMetadataInfo = iSchemaRegistry.getSchemaMetadataInfo(str);
        if (schemaMetadataInfo == null) {
            throw new SchemaNotFoundException("No SchemaMetadata exists with key: " + str);
        }
        authorizeSchemaVersion(userAndGroups, schemaMetadataInfo, str2, accessType);
    }

    private void authorizeSchemaVersion(Authorizer.UserAndGroups userAndGroups, SchemaMetadataInfo schemaMetadataInfo, String str, Authorizer.AccessType accessType) throws AuthorizationException {
        SchemaMetadata schemaMetadata = schemaMetadataInfo.getSchemaMetadata();
        authorize(new Authorizer.SchemaVersionResource(schemaMetadata.getSchemaGroup(), schemaMetadata.getName(), str), accessType, userAndGroups);
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public void authorizeGetSerializers(Authorizer.UserAndGroups userAndGroups, SchemaMetadataInfo schemaMetadataInfo) throws AuthorizationException {
        authorizeSchemaMetadata(userAndGroups, schemaMetadataInfo.getSchemaMetadata(), Authorizer.AccessType.READ);
        authorizeSerDes(userAndGroups, Authorizer.AccessType.READ);
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public void authorizeSerDes(Authorizer.UserAndGroups userAndGroups, Authorizer.AccessType accessType) throws AuthorizationException {
        authorize(new Authorizer.SerdeResource(), accessType, userAndGroups);
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public void authorizeMapSchemaWithSerDes(Authorizer.UserAndGroups userAndGroups, ISchemaRegistry iSchemaRegistry, String str) throws AuthorizationException, SchemaNotFoundException {
        SchemaMetadataInfo schemaMetadataInfo = iSchemaRegistry.getSchemaMetadataInfo(str);
        if (schemaMetadataInfo == null) {
            throw new SchemaNotFoundException("No SchemaMetadata exists with key: " + str);
        }
        authorizeSerDes(userAndGroups, Authorizer.AccessType.READ);
        authorizeSchemaMetadata(userAndGroups, schemaMetadataInfo.getSchemaMetadata(), Authorizer.AccessType.UPDATE);
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public void authorizeMergeSchemaVersion(Authorizer.UserAndGroups userAndGroups, ISchemaRegistry iSchemaRegistry, Long l) throws AuthorizationException, SchemaNotFoundException {
        SchemaMetadata schemaMetadata = iSchemaRegistry.getSchemaMetadataInfo(iSchemaRegistry.getSchemaVersionInfo(new SchemaIdVersion(l)).getSchemaMetadataId()).getSchemaMetadata();
        String schemaGroup = schemaMetadata.getSchemaGroup();
        String name = schemaMetadata.getName();
        authorize(new Authorizer.SchemaVersionResource(schemaGroup, name, getPrimaryBranch(iSchemaRegistry.getSchemaBranchesForVersion(l))), Authorizer.AccessType.READ, userAndGroups);
        authorize(new Authorizer.SchemaVersionResource(schemaGroup, name, "MASTER"), Authorizer.AccessType.CREATE, userAndGroups);
    }

    @Override // com.hortonworks.registries.schemaregistry.authorizer.agent.AuthorizationAgent
    public Collection<SchemaVersionInfo> authorizeGetAllVersions(Authorizer.UserAndGroups userAndGroups, ISchemaRegistry iSchemaRegistry, Collection<SchemaVersionInfo> collection) throws SchemaNotFoundException {
        return authorizeGetEntities(userAndGroups, collection, schemaVersionInfo -> {
            SchemaMetadata schemaMetadata = iSchemaRegistry.getSchemaMetadataInfo(schemaVersionInfo.getSchemaMetadataId()).getSchemaMetadata();
            return new Authorizer.SchemaVersionResource(schemaMetadata.getSchemaGroup(), schemaMetadata.getName(), getPrimaryBranch(iSchemaRegistry.getSchemaBranchesForVersion(schemaVersionInfo.getId())));
        });
    }

    private <T> Collection<T> authorizeGetEntities(Authorizer.UserAndGroups userAndGroups, Collection<T> collection, EntityToAuthorizerResourceMapFunc<T> entityToAuthorizerResourceMapFunc) throws SchemaNotFoundException {
        return removeUnauthorizedAndNullEntities(collection, obj -> {
            if (this.authorizer.authorize(entityToAuthorizerResourceMapFunc.map(obj), Authorizer.AccessType.READ, userAndGroups)) {
                return obj;
            }
            return null;
        });
    }

    private <T> Collection<T> removeUnauthorizedAndNullEntities(Collection<T> collection, EntityFilterFunction<T> entityFilterFunction) throws SchemaNotFoundException {
        if (collection == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator<T> it = collection.iterator();
        while (it.hasNext()) {
            try {
                T filter = entityFilterFunction.filter(it.next());
                if (filter != null) {
                    arrayList.add(filter);
                }
            } catch (AuthorizationException e) {
            }
        }
        return arrayList;
    }

    private void authorize(Authorizer.Resource resource, Authorizer.AccessType accessType, Authorizer.UserAndGroups userAndGroups) throws AuthorizationException {
        raiseAuthorizationExceptionIfNeeded(this.authorizer.authorize(resource, accessType, userAndGroups), userAndGroups.getUser(), accessType, resource);
    }

    private String getPrimaryBranch(Collection<SchemaBranch> collection) {
        return collection.stream().min(Comparator.comparing((v0) -> {
            return v0.getId();
        })).get().getName();
    }

    private void raiseAuthorizationExceptionIfNeeded(boolean z, String str, Authorizer.AccessType accessType, Authorizer.Resource resource) throws AuthorizationException {
        if (!z) {
            throw new AuthorizationException(String.format("User '%s' does not have [%s] permission on %s", str, accessType.getName(), resource));
        }
    }

    @VisibleForTesting
    Authorizer getAuthorizer() {
        return this.authorizer;
    }
}
