package co.cask.cdap.internal.app.runtime.artifact;

import co.cask.cdap.api.artifact.ArtifactInfo;
import co.cask.cdap.api.artifact.ArtifactRange;
import co.cask.cdap.api.artifact.ArtifactScope;
import co.cask.cdap.api.artifact.ArtifactSummary;
import co.cask.cdap.api.artifact.CloseableClassLoader;
import co.cask.cdap.api.plugin.PluginClass;
import co.cask.cdap.api.plugin.PluginSelector;
import co.cask.cdap.common.ArtifactNotFoundException;
import co.cask.cdap.internal.app.runtime.plugin.PluginNotExistsException;
import co.cask.cdap.proto.Id;
import co.cask.cdap.proto.artifact.ApplicationClassInfo;
import co.cask.cdap.proto.artifact.ApplicationClassSummary;
import co.cask.cdap.proto.artifact.ArtifactSortOrder;
import co.cask.cdap.proto.id.ArtifactId;
import co.cask.cdap.proto.id.EntityId;
import co.cask.cdap.proto.id.NamespaceId;
import co.cask.cdap.proto.security.Action;
import co.cask.cdap.security.authorization.AuthorizationUtil;
import co.cask.cdap.security.impersonation.EntityImpersonator;
import co.cask.cdap.security.spi.authentication.AuthenticationContext;
import co.cask.cdap.security.spi.authorization.AuthorizationEnforcer;
import com.google.common.base.Function;
import com.google.common.base.Predicate;
import com.google.inject.name.Named;
import java.io.File;
import java.io.IOException;
import java.util.Collections;
import java.util.EnumSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import javax.annotation.Nullable;
import javax.inject.Inject;
import org.apache.twill.filesystem.Location;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/cask/cdap/internal/app/runtime/artifact/AuthorizationArtifactRepository.class */
public class AuthorizationArtifactRepository implements ArtifactRepository {
    private static final Logger LOG = LoggerFactory.getLogger(AuthorizationArtifactRepository.class);
    private final ArtifactRepository delegate;
    private final AuthorizationEnforcer authorizationEnforcer;
    private final AuthenticationContext authenticationContext;

    @Inject
    public AuthorizationArtifactRepository(@Named("noAuthArtifactRepo") ArtifactRepository artifactRepository, AuthorizationEnforcer authorizationEnforcer, AuthenticationContext authenticationContext) {
        this.delegate = artifactRepository;
        this.authorizationEnforcer = authorizationEnforcer;
        this.authenticationContext = authenticationContext;
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public CloseableClassLoader createArtifactClassLoader(Location location, EntityImpersonator entityImpersonator) throws IOException {
        return this.delegate.createArtifactClassLoader(location, entityImpersonator);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public void clear(NamespaceId namespaceId) throws Exception {
        for (ArtifactSummary artifactSummary : this.delegate.getArtifactSummaries(namespaceId, false)) {
            this.authorizationEnforcer.enforce(namespaceId.artifact(artifactSummary.getName(), artifactSummary.getVersion()), this.authenticationContext.getPrincipal(), Action.ADMIN);
        }
        this.delegate.clear(namespaceId);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public List<ArtifactSummary> getArtifactSummaries(NamespaceId namespaceId, boolean z) throws Exception {
        return filterAuthorizedArtifacts(this.delegate.getArtifactSummaries(namespaceId, z), namespaceId);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public List<ArtifactSummary> getArtifactSummaries(NamespaceId namespaceId, String str, int i, ArtifactSortOrder artifactSortOrder) throws Exception {
        return filterAuthorizedArtifacts(this.delegate.getArtifactSummaries(namespaceId, str, i, artifactSortOrder), namespaceId);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public List<ArtifactSummary> getArtifactSummaries(ArtifactRange artifactRange, int i, ArtifactSortOrder artifactSortOrder) throws Exception {
        return filterAuthorizedArtifacts(this.delegate.getArtifactSummaries(artifactRange, i, artifactSortOrder), new NamespaceId(artifactRange.getNamespace()));
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public ArtifactDetail getArtifact(Id.Artifact artifact) throws Exception {
        ArtifactId entityId = artifact.toEntityId();
        if (!NamespaceId.SYSTEM.equals(entityId.getParent())) {
            AuthorizationUtil.ensureOnePrivilege(entityId, EnumSet.allOf(Action.class), this.authorizationEnforcer, this.authenticationContext.getPrincipal());
        }
        return this.delegate.getArtifact(artifact);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public List<ArtifactDetail> getArtifactDetails(ArtifactRange artifactRange, int i, ArtifactSortOrder artifactSortOrder) throws Exception {
        List<ArtifactDetail> artifactDetails = this.delegate.getArtifactDetails(artifactRange, i, artifactSortOrder);
        if (NamespaceId.SYSTEM.getNamespace().equals(artifactRange.getNamespace())) {
            return artifactDetails;
        }
        final NamespaceId namespaceId = new NamespaceId(artifactRange.getNamespace());
        return AuthorizationUtil.isVisible(artifactDetails, this.authorizationEnforcer, this.authenticationContext.getPrincipal(), new Function<ArtifactDetail, EntityId>() { // from class: co.cask.cdap.internal.app.runtime.artifact.AuthorizationArtifactRepository.1
            public EntityId apply(ArtifactDetail artifactDetail) {
                co.cask.cdap.api.artifact.ArtifactId artifactId = artifactDetail.getDescriptor().getArtifactId();
                return namespaceId.artifact(artifactId.getName(), artifactId.getVersion().getVersion());
            }
        }, (Predicate) null);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public List<ApplicationClassSummary> getApplicationClasses(NamespaceId namespaceId, boolean z) throws IOException {
        return this.delegate.getApplicationClasses(namespaceId, z);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public List<ApplicationClassInfo> getApplicationClasses(NamespaceId namespaceId, String str) throws IOException {
        return this.delegate.getApplicationClasses(namespaceId, str);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public SortedMap<ArtifactDescriptor, Set<PluginClass>> getPlugins(NamespaceId namespaceId, Id.Artifact artifact) throws IOException, ArtifactNotFoundException {
        return this.delegate.getPlugins(namespaceId, artifact);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public SortedMap<ArtifactDescriptor, Set<PluginClass>> getPlugins(NamespaceId namespaceId, Id.Artifact artifact, String str) throws IOException, ArtifactNotFoundException {
        return this.delegate.getPlugins(namespaceId, artifact, str);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public SortedMap<ArtifactDescriptor, PluginClass> getPlugins(NamespaceId namespaceId, Id.Artifact artifact, String str, String str2, Predicate<ArtifactId> predicate, int i, ArtifactSortOrder artifactSortOrder) throws IOException, PluginNotExistsException, ArtifactNotFoundException {
        return this.delegate.getPlugins(namespaceId, artifact, str, str2, predicate, i, artifactSortOrder);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public Map.Entry<ArtifactDescriptor, PluginClass> findPlugin(NamespaceId namespaceId, ArtifactRange artifactRange, String str, String str2, PluginSelector pluginSelector) throws ArtifactNotFoundException, IOException, PluginNotExistsException {
        return this.delegate.findPlugin(namespaceId, artifactRange, str, str2, pluginSelector);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public ArtifactDetail addArtifact(Id.Artifact artifact, File file) throws Exception {
        return addArtifact(artifact, file, null, null);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public ArtifactDetail addArtifact(Id.Artifact artifact, File file, @Nullable Set<ArtifactRange> set, @Nullable Set<PluginClass> set2) throws Exception {
        return addArtifact(artifact, file, set, set2, Collections.emptyMap());
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public ArtifactDetail addArtifact(Id.Artifact artifact, File file, @Nullable Set<ArtifactRange> set, @Nullable Set<PluginClass> set2, Map<String, String> map) throws Exception {
        this.authorizationEnforcer.enforce(artifact.toEntityId(), this.authenticationContext.getPrincipal(), Action.ADMIN);
        return this.delegate.addArtifact(artifact, file, set, set2, map);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public void writeArtifactProperties(Id.Artifact artifact, Map<String, String> map) throws Exception {
        this.authorizationEnforcer.enforce(artifact.toEntityId(), this.authenticationContext.getPrincipal(), Action.ADMIN);
        this.delegate.writeArtifactProperties(artifact, map);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public void writeArtifactProperty(Id.Artifact artifact, String str, String str2) throws Exception {
        this.authorizationEnforcer.enforce(artifact.toEntityId(), this.authenticationContext.getPrincipal(), Action.ADMIN);
        this.delegate.writeArtifactProperty(artifact, str, str2);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public void deleteArtifactProperty(Id.Artifact artifact, String str) throws Exception {
        this.authorizationEnforcer.enforce(artifact.toEntityId(), this.authenticationContext.getPrincipal(), Action.ADMIN);
        this.delegate.deleteArtifactProperty(artifact, str);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public void deleteArtifactProperties(Id.Artifact artifact) throws Exception {
        this.authorizationEnforcer.enforce(artifact.toEntityId(), this.authenticationContext.getPrincipal(), Action.ADMIN);
        this.delegate.deleteArtifactProperties(artifact);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public void addSystemArtifacts() throws Exception {
        this.authorizationEnforcer.enforce(NamespaceId.SYSTEM, this.authenticationContext.getPrincipal(), Action.ADMIN);
        this.delegate.addSystemArtifacts();
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public void deleteArtifact(Id.Artifact artifact) throws Exception {
        this.authorizationEnforcer.enforce(artifact.toEntityId(), this.authenticationContext.getPrincipal(), Action.ADMIN);
        this.delegate.deleteArtifact(artifact);
    }

    @Override // co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository
    public List<ArtifactInfo> getArtifactsInfo(final NamespaceId namespaceId) throws Exception {
        return AuthorizationUtil.isVisible(this.delegate.getArtifactsInfo(namespaceId), this.authorizationEnforcer, this.authenticationContext.getPrincipal(), new Function<ArtifactInfo, EntityId>() { // from class: co.cask.cdap.internal.app.runtime.artifact.AuthorizationArtifactRepository.2
            public EntityId apply(ArtifactInfo artifactInfo) {
                return namespaceId.artifact(artifactInfo.getName(), artifactInfo.getVersion());
            }
        }, new Predicate<ArtifactInfo>() { // from class: co.cask.cdap.internal.app.runtime.artifact.AuthorizationArtifactRepository.3
            public boolean apply(ArtifactInfo artifactInfo) {
                return ArtifactScope.SYSTEM.equals(artifactInfo.getScope());
            }
        });
    }

    private List<ArtifactSummary> filterAuthorizedArtifacts(List<ArtifactSummary> list, final NamespaceId namespaceId) throws Exception {
        return AuthorizationUtil.isVisible(list, this.authorizationEnforcer, this.authenticationContext.getPrincipal(), new Function<ArtifactSummary, EntityId>() { // from class: co.cask.cdap.internal.app.runtime.artifact.AuthorizationArtifactRepository.4
            public EntityId apply(ArtifactSummary artifactSummary) {
                return namespaceId.artifact(artifactSummary.getName(), artifactSummary.getVersion());
            }
        }, new Predicate<ArtifactSummary>() { // from class: co.cask.cdap.internal.app.runtime.artifact.AuthorizationArtifactRepository.5
            public boolean apply(ArtifactSummary artifactSummary) {
                return ArtifactScope.SYSTEM.equals(artifactSummary.getScope());
            }
        });
    }
}
