package co.cask.cdap.gateway.handlers.meta;

import co.cask.cdap.common.internal.remote.MethodArgument;
import co.cask.cdap.proto.id.EntityId;
import co.cask.cdap.proto.security.Action;
import co.cask.cdap.proto.security.Principal;
import co.cask.cdap.security.authorization.AuthorizerInstantiator;
import co.cask.cdap.security.spi.authorization.Authorizer;
import co.cask.cdap.security.spi.authorization.PrivilegesFetcher;
import co.cask.http.HttpResponder;
import com.google.inject.TypeLiteral;
import com.google.inject.name.Named;
import java.lang.reflect.Type;
import java.util.Iterator;
import java.util.Set;
import javax.inject.Inject;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import org.jboss.netty.handler.codec.http.HttpRequest;
import org.jboss.netty.handler.codec.http.HttpResponseStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/v1/execute")
/* loaded from: input_file:co/cask/cdap/gateway/handlers/meta/RemotePrivilegesHandler.class */
public class RemotePrivilegesHandler extends AbstractRemoteSystemOpsHandler {
    private static final Logger LOG = LoggerFactory.getLogger(RemotePrivilegesHandler.class);
    private static final Type SET_OF_ACTIONS = new TypeLiteral<Set<Action>>() { // from class: co.cask.cdap.gateway.handlers.meta.RemotePrivilegesHandler.1
    }.getType();
    private final Authorizer authorizer;
    private final PrivilegesFetcher privilegesFetcher;

    @Inject
    RemotePrivilegesHandler(AuthorizerInstantiator authorizerInstantiator, @Named("privileges-fetcher-proxy-cache") PrivilegesFetcher privilegesFetcher) {
        this.authorizer = authorizerInstantiator.get();
        this.privilegesFetcher = privilegesFetcher;
    }

    @POST
    @Path("/listPrivileges")
    public void listPrivileges(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
        Principal principal = (Principal) deserializeNext(parseArguments(httpRequest));
        LOG.trace("Listing privileges for principal {}", principal);
        Set listPrivileges = this.privilegesFetcher.listPrivileges(principal);
        LOG.debug("Returning privileges for principal {} as {} via {}", new Object[]{principal, listPrivileges, this.authorizer});
        httpResponder.sendJson(HttpResponseStatus.OK, listPrivileges);
    }

    @POST
    @Path("/grant")
    public void grant(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
        Iterator<MethodArgument> parseArguments = parseArguments(httpRequest);
        EntityId entityId = (EntityId) deserializeNext(parseArguments);
        Principal principal = (Principal) deserializeNext(parseArguments);
        Set set = (Set) deserializeNext(parseArguments, SET_OF_ACTIONS);
        LOG.trace("Granting {} on {} to {}", new Object[]{set, entityId, principal});
        this.authorizer.grant(entityId, principal, set);
        LOG.debug("Granted {} on {} to {} successfully", new Object[]{set, entityId, principal});
        httpResponder.sendStatus(HttpResponseStatus.OK);
    }

    @POST
    @Path("/revoke")
    public void revoke(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
        Iterator<MethodArgument> parseArguments = parseArguments(httpRequest);
        EntityId entityId = (EntityId) deserializeNext(parseArguments);
        Principal principal = (Principal) deserializeNext(parseArguments);
        Set set = (Set) deserializeNext(parseArguments, SET_OF_ACTIONS);
        LOG.trace("Revoking {} on {} to {}", new Object[]{set, entityId, principal});
        this.authorizer.revoke(entityId, principal, set);
        LOG.debug("Revoked {} on {} to {} successfully", new Object[]{set, entityId, principal});
        httpResponder.sendStatus(HttpResponseStatus.OK);
    }

    @POST
    @Path("/revokeAll")
    public void revokeAll(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
        EntityId entityId = (EntityId) deserializeNext(parseArguments(httpRequest));
        LOG.trace("Revoking all actions on {}", entityId);
        this.authorizer.revoke(entityId);
        LOG.debug("Revoked all actions on {} successfully", entityId);
        httpResponder.sendStatus(HttpResponseStatus.OK);
    }
}
