package com.hortonworks.smm.kafka.services.security;

import com.hortonworks.registries.auth.util.AuthToken;
import java.security.Principal;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.ws.rs.core.SecurityContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/hortonworks/smm/kafka/services/security/SecurityUtil.class */
public final class SecurityUtil {
    private static final Logger LOG = LoggerFactory.getLogger(SecurityUtil.class);
    private static final String ANONYMOUS_USER = "ANONYMOUS_USER";

    private SecurityUtil() {
    }

    public static boolean authorizeTopicDescribe(SMMAuthorizer sMMAuthorizer, SecurityContext securityContext, String str) {
        return authorize(sMMAuthorizer, securityContext.getUserPrincipal(), ResourceType.TOPIC, str, Permission.DESCRIBE);
    }

    public static boolean authorizeTopicRead(SMMAuthorizer sMMAuthorizer, SecurityContext securityContext, String str) {
        return authorize(sMMAuthorizer, securityContext.getUserPrincipal(), ResourceType.TOPIC, str, Permission.READ);
    }

    public static boolean authorizeGroupDescribe(SMMAuthorizer sMMAuthorizer, SecurityContext securityContext, String str) {
        return authorize(sMMAuthorizer, securityContext.getUserPrincipal(), ResourceType.GROUP, str, Permission.DESCRIBE);
    }

    public static boolean authorizeGroupRead(SMMAuthorizer sMMAuthorizer, SecurityContext securityContext, String str) {
        return authorize(sMMAuthorizer, securityContext.getUserPrincipal(), ResourceType.GROUP, str, Permission.READ);
    }

    public static boolean authorizeCreateTopics(SMMAuthorizer sMMAuthorizer, SecurityContext securityContext, List<String> list) {
        return authorize(sMMAuthorizer, securityContext, ResourceType.CLUSTER, "kafka-cluster", Permission.CREATE) || bulkAuthorize(sMMAuthorizer, securityContext, ResourceType.TOPIC, list, Permission.CREATE);
    }

    public static boolean authorizeDeleteTopics(SMMAuthorizer sMMAuthorizer, SecurityContext securityContext, List<String> list) {
        return bulkAuthorize(sMMAuthorizer, securityContext, ResourceType.TOPIC, list, Permission.DELETE);
    }

    public static boolean authorizeAlterTopics(SMMAuthorizer sMMAuthorizer, SecurityContext securityContext, List<String> list) {
        return bulkAuthorize(sMMAuthorizer, securityContext, ResourceType.TOPIC, list, Permission.ALTER);
    }

    private static boolean bulkAuthorize(SMMAuthorizer sMMAuthorizer, SecurityContext securityContext, ResourceType resourceType, List<String> list, Permission permission) {
        Principal userPrincipal = securityContext.getUserPrincipal();
        boolean z = true;
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            z &= authorize(sMMAuthorizer, userPrincipal, resourceType, it.next(), permission);
        }
        return z;
    }

    public static boolean authorize(SMMAuthorizer sMMAuthorizer, SecurityContext securityContext, ResourceType resourceType, String str, Permission permission) {
        return authorize(sMMAuthorizer, securityContext.getUserPrincipal(), resourceType, str, permission);
    }

    public static <T> Collection<T> filterGroups(SMMAuthorizer sMMAuthorizer, SecurityContext securityContext, Collection<T> collection, Function<T, String> function) {
        return filter(sMMAuthorizer, securityContext, ResourceType.GROUP, collection, function, Permission.DESCRIBE);
    }

    public static <T> Collection<T> filterTopics(SMMAuthorizer sMMAuthorizer, SecurityContext securityContext, Collection<T> collection, Function<T, String> function) {
        return filter(sMMAuthorizer, securityContext, ResourceType.TOPIC, collection, function, Permission.DESCRIBE);
    }

    public static <T> Collection<T> filter(SMMAuthorizer sMMAuthorizer, SecurityContext securityContext, ResourceType resourceType, Collection<T> collection, Function<T, String> function, Permission permission) {
        Principal userPrincipal = securityContext.getUserPrincipal();
        return (Collection) collection.stream().filter(obj -> {
            return authorize(sMMAuthorizer, userPrincipal, resourceType, (String) function.apply(obj), permission);
        }).collect(Collectors.toList());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean authorize(SMMAuthorizer sMMAuthorizer, Principal principal, ResourceType resourceType, String str, Permission permission) {
        return sMMAuthorizer.authorize(getAuthenticationContext(principal), resourceType, str, permission);
    }

    private static String getUserName(Principal principal) {
        String str = null;
        if (principal instanceof AuthToken) {
            str = ((AuthToken) principal).getUserName();
        } else if (principal.getName() != null) {
            str = principal.getName().split("[/@]")[0];
        }
        return str;
    }

    public static String getUserName(AuthenticationContext authenticationContext) {
        if (authenticationContext.getPrincipal() == null) {
            return null;
        }
        return getUserName(authenticationContext.getPrincipal());
    }

    public static String getUserNameOrDefaultAnonymous(Principal principal) {
        String userName = principal == null ? null : getUserName(principal);
        return userName == null ? ANONYMOUS_USER : userName;
    }

    private static AuthenticationContext getAuthenticationContext(Principal principal) {
        AuthenticationContext authenticationContext = new AuthenticationContext();
        authenticationContext.setPrincipal(principal);
        return authenticationContext;
    }

    public static boolean authorizeConnectorDescribe(SMMAuthorizer sMMAuthorizer, SecurityContext securityContext, String str) {
        return true;
    }

    public static boolean authorizeConnectWorkersDescribe(SMMAuthorizer sMMAuthorizer, SecurityContext securityContext) {
        return true;
    }
}
