package co.cask.cdap.gateway.handlers.meta;

import co.cask.cdap.common.internal.remote.MethodArgument;
import co.cask.cdap.proto.codec.EntityIdTypeAdapter;
import co.cask.cdap.proto.id.EntityId;
import co.cask.cdap.proto.security.Action;
import co.cask.cdap.proto.security.AuthorizationPrivilege;
import co.cask.cdap.proto.security.Principal;
import co.cask.cdap.security.spi.authorization.AuthorizationEnforcer;
import co.cask.cdap.security.spi.authorization.PrivilegesManager;
import co.cask.http.HttpResponder;
import com.google.common.base.Charsets;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.inject.TypeLiteral;
import java.lang.reflect.Type;
import java.util.Iterator;
import java.util.Set;
import javax.inject.Inject;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import org.jboss.netty.handler.codec.http.HttpRequest;
import org.jboss.netty.handler.codec.http.HttpResponseStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/v1/execute")
/* loaded from: input_file:co/cask/cdap/gateway/handlers/meta/RemotePrivilegesHandler.class */
public class RemotePrivilegesHandler extends AbstractRemoteSystemOpsHandler {
    private static final Logger LOG = LoggerFactory.getLogger(RemotePrivilegesHandler.class);
    private static final Type SET_OF_ACTIONS = new TypeLiteral<Set<Action>>() { // from class: co.cask.cdap.gateway.handlers.meta.RemotePrivilegesHandler.1
    }.getType();
    private static final Gson GSON = new GsonBuilder().registerTypeAdapter(EntityId.class, new EntityIdTypeAdapter()).create();
    private final PrivilegesManager privilegesManager;
    private final AuthorizationEnforcer authorizationEnforcer;

    @Inject
    RemotePrivilegesHandler(PrivilegesManager privilegesManager, AuthorizationEnforcer authorizationEnforcer) {
        this.privilegesManager = privilegesManager;
        this.authorizationEnforcer = authorizationEnforcer;
    }

    @POST
    @Path("/enforce")
    public void enforce(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
        AuthorizationPrivilege authorizationPrivilege = (AuthorizationPrivilege) GSON.fromJson(httpRequest.getContent().toString(Charsets.UTF_8), AuthorizationPrivilege.class);
        LOG.debug("Enforcing for {}", authorizationPrivilege);
        this.authorizationEnforcer.enforce(authorizationPrivilege.getEntity(), authorizationPrivilege.getPrincipal(), authorizationPrivilege.getAction());
        httpResponder.sendStatus(HttpResponseStatus.OK);
    }

    @POST
    @Path("/listPrivileges")
    public void listPrivileges(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
        Principal principal = (Principal) deserializeNext(parseArguments(httpRequest));
        LOG.trace("Listing privileges for principal {}", principal);
        Set listPrivileges = this.privilegesManager.listPrivileges(principal);
        LOG.debug("Returning privileges for principal {} as {}", principal, listPrivileges);
        httpResponder.sendJson(HttpResponseStatus.OK, listPrivileges);
    }

    @POST
    @Path("/grant")
    public void grant(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
        Iterator<MethodArgument> parseArguments = parseArguments(httpRequest);
        EntityId entityId = (EntityId) deserializeNext(parseArguments);
        Principal principal = (Principal) deserializeNext(parseArguments);
        Set set = (Set) deserializeNext(parseArguments, SET_OF_ACTIONS);
        LOG.trace("Granting {} on {} to {}", new Object[]{set, entityId, principal});
        this.privilegesManager.grant(entityId, principal, set);
        LOG.info("Granted {} on {} to {} successfully", new Object[]{set, entityId, principal});
        httpResponder.sendStatus(HttpResponseStatus.OK);
    }

    @POST
    @Path("/revoke")
    public void revoke(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
        Iterator<MethodArgument> parseArguments = parseArguments(httpRequest);
        EntityId entityId = (EntityId) deserializeNext(parseArguments);
        Principal principal = (Principal) deserializeNext(parseArguments);
        Set set = (Set) deserializeNext(parseArguments, SET_OF_ACTIONS);
        LOG.trace("Revoking {} on {} from {}", new Object[]{set, entityId, principal});
        this.privilegesManager.revoke(entityId, principal, set);
        LOG.info("Revoked {} on {} from {} successfully", new Object[]{set, entityId, principal});
        httpResponder.sendStatus(HttpResponseStatus.OK);
    }

    @POST
    @Path("/revokeAll")
    public void revokeAll(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
        EntityId entityId = (EntityId) deserializeNext(parseArguments(httpRequest));
        LOG.trace("Revoking all actions on {}", entityId);
        this.privilegesManager.revoke(entityId);
        LOG.info("Revoked all actions on {} successfully", entityId);
        httpResponder.sendStatus(HttpResponseStatus.OK);
    }
}
