package co.cask.cdap.security.authorization;

import co.cask.cdap.api.data.DatasetInstantiationException;
import co.cask.cdap.api.dataset.DatasetDefinition;
import co.cask.cdap.api.dataset.DatasetProperties;
import co.cask.cdap.api.dataset.table.Table;
import co.cask.cdap.api.metrics.MetricsContext;
import co.cask.cdap.data.dataset.SystemDatasetInstantiator;
import co.cask.cdap.data2.datafabric.dataset.DatasetsUtil;
import co.cask.cdap.data2.dataset2.DatasetFramework;
import co.cask.cdap.data2.dataset2.DatasetManagementException;
import co.cask.cdap.data2.dataset2.MultiThreadDatasetCache;
import co.cask.cdap.proto.id.EntityId;
import co.cask.cdap.proto.id.NamespaceId;
import co.cask.cdap.proto.security.Action;
import co.cask.tephra.TransactionAware;
import co.cask.tephra.TransactionExecutor;
import co.cask.tephra.TransactionExecutorFactory;
import co.cask.tephra.TransactionSystemClient;
import com.google.common.base.Supplier;
import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableList;
import com.google.inject.Inject;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:co/cask/cdap/security/authorization/DatasetAuthorizationPlugin.class */
public class DatasetAuthorizationPlugin implements AuthorizationPlugin {
    private final Supplier<ACLDataset> acls;
    private final Supplier<TransactionExecutor> aclsTx;
    private final MultiThreadDatasetCache dsCache;

    @Inject
    public DatasetAuthorizationPlugin(final DatasetFramework datasetFramework, final TransactionExecutorFactory transactionExecutorFactory, TransactionSystemClient transactionSystemClient) {
        this.dsCache = new MultiThreadDatasetCache(new SystemDatasetInstantiator(datasetFramework, (ClassLoader) null, (Iterable) null), transactionSystemClient, new NamespaceId(ACLDataset.ID.getNamespace().getId()), (Map) null, (MetricsContext) null, (Map) null);
        this.acls = new Supplier<ACLDataset>() { // from class: co.cask.cdap.security.authorization.DatasetAuthorizationPlugin.1
            /* renamed from: get, reason: merged with bridge method [inline-methods] */
            public ACLDataset m1get() {
                Table orCreateDataset;
                try {
                    orCreateDataset = (Table) DatasetAuthorizationPlugin.this.dsCache.getDataset(ACLDataset.ID.getId());
                } catch (DatasetInstantiationException e) {
                    try {
                        orCreateDataset = DatasetsUtil.getOrCreateDataset(datasetFramework, ACLDataset.ID, "table", DatasetProperties.EMPTY, DatasetDefinition.NO_ARGUMENTS, (ClassLoader) null);
                    } catch (DatasetManagementException | IOException e2) {
                        throw Throwables.propagate(e2);
                    }
                }
                return new ACLDataset(orCreateDataset);
            }
        };
        this.aclsTx = new Supplier<TransactionExecutor>() { // from class: co.cask.cdap.security.authorization.DatasetAuthorizationPlugin.2
            /* renamed from: get, reason: merged with bridge method [inline-methods] */
            public TransactionExecutor m2get() {
                return transactionExecutorFactory.createExecutor(ImmutableList.of((TransactionAware) DatasetAuthorizationPlugin.this.acls.get()));
            }
        };
    }

    public boolean authorized(final EntityId entityId, final String str, final Set<Action> set) {
        return ((Boolean) ((TransactionExecutor) this.aclsTx.get()).executeUnchecked(new TransactionExecutor.Function<ACLDataset, Boolean>() { // from class: co.cask.cdap.security.authorization.DatasetAuthorizationPlugin.3
            public Boolean apply(ACLDataset aCLDataset) throws Exception {
                HashSet hashSet = new HashSet(set);
                Iterator it = entityId.getHierarchy().iterator();
                while (it.hasNext()) {
                    Set<Action> search = aCLDataset.search((EntityId) it.next(), str);
                    if (search.contains(Action.ALL)) {
                        return true;
                    }
                    hashSet.removeAll(search);
                    if (hashSet.isEmpty()) {
                        return true;
                    }
                }
                return Boolean.valueOf(hashSet.isEmpty());
            }
        }, this.acls.get())).booleanValue();
    }

    public void grant(final EntityId entityId, final String str, final Set<Action> set) {
        ((TransactionExecutor) this.aclsTx.get()).executeUnchecked(new TransactionExecutor.Procedure<ACLDataset>() { // from class: co.cask.cdap.security.authorization.DatasetAuthorizationPlugin.4
            public void apply(ACLDataset aCLDataset) throws Exception {
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    aCLDataset.add(entityId, str, (Action) it.next());
                }
            }
        }, this.acls.get());
    }

    public void grant(final EntityId entityId, final String str) {
        ((TransactionExecutor) this.aclsTx.get()).executeUnchecked(new TransactionExecutor.Procedure<ACLDataset>() { // from class: co.cask.cdap.security.authorization.DatasetAuthorizationPlugin.5
            public void apply(ACLDataset aCLDataset) throws Exception {
                aCLDataset.add(entityId, str, Action.ALL);
            }
        }, this.acls.get());
    }

    public void revoke(final EntityId entityId, final String str, final Set<Action> set) {
        ((TransactionExecutor) this.aclsTx.get()).executeUnchecked(new TransactionExecutor.Procedure<ACLDataset>() { // from class: co.cask.cdap.security.authorization.DatasetAuthorizationPlugin.6
            public void apply(ACLDataset aCLDataset) throws Exception {
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    aCLDataset.remove(entityId, str, (Action) it.next());
                }
            }
        }, this.acls.get());
    }

    public void revoke(final EntityId entityId, final String str) {
        ((TransactionExecutor) this.aclsTx.get()).executeUnchecked(new TransactionExecutor.Procedure<ACLDataset>() { // from class: co.cask.cdap.security.authorization.DatasetAuthorizationPlugin.7
            public void apply(ACLDataset aCLDataset) throws Exception {
                aCLDataset.remove(entityId, str);
            }
        }, this.acls.get());
    }

    public void revoke(final EntityId entityId) {
        ((TransactionExecutor) this.aclsTx.get()).executeUnchecked(new TransactionExecutor.Procedure<ACLDataset>() { // from class: co.cask.cdap.security.authorization.DatasetAuthorizationPlugin.8
            public void apply(ACLDataset aCLDataset) throws Exception {
                aCLDataset.remove(entityId);
            }
        }, this.acls.get());
    }
}
