package co.cask.cdap.data2.transaction.stream;

import co.cask.cdap.api.data.stream.StreamSpecification;
import co.cask.cdap.data2.metadata.lineage.AccessType;
import co.cask.cdap.proto.StreamProperties;
import co.cask.cdap.proto.ViewSpecification;
import co.cask.cdap.proto.id.EntityId;
import co.cask.cdap.proto.id.KerberosPrincipalId;
import co.cask.cdap.proto.id.NamespaceId;
import co.cask.cdap.proto.id.ProgramRunId;
import co.cask.cdap.proto.id.StreamId;
import co.cask.cdap.proto.id.StreamViewId;
import co.cask.cdap.proto.security.Action;
import co.cask.cdap.proto.security.Principal;
import co.cask.cdap.security.authorization.AuthorizationUtil;
import co.cask.cdap.security.impersonation.OwnerAdmin;
import co.cask.cdap.security.impersonation.SecurityUtil;
import co.cask.cdap.security.spi.authentication.AuthenticationContext;
import co.cask.cdap.security.spi.authorization.AuthorizationEnforcer;
import com.google.common.base.Function;
import com.google.common.base.Predicate;
import com.google.inject.name.Named;
import java.io.IOException;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.annotation.Nullable;
import javax.inject.Inject;

/* loaded from: input_file:co/cask/cdap/data2/transaction/stream/AuthorizationStreamAdmin.class */
public class AuthorizationStreamAdmin implements StreamAdmin {
    private final StreamAdmin delegate;
    private final AuthenticationContext authenticationContext;
    private final AuthorizationEnforcer authorizationEnforcer;
    private final OwnerAdmin ownerAdmin;

    @Inject
    public AuthorizationStreamAdmin(@Named("noAuthStreamAdmin") StreamAdmin streamAdmin, AuthenticationContext authenticationContext, AuthorizationEnforcer authorizationEnforcer, OwnerAdmin ownerAdmin) {
        this.delegate = streamAdmin;
        this.authenticationContext = authenticationContext;
        this.authorizationEnforcer = authorizationEnforcer;
        this.ownerAdmin = ownerAdmin;
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public void dropAllInNamespace(NamespaceId namespaceId) throws Exception {
        Iterator<StreamSpecification> it = this.delegate.listStreams(namespaceId).iterator();
        while (it.hasNext()) {
            ensureAccess(namespaceId.stream(it.next().getName()), Action.ADMIN);
        }
        this.delegate.dropAllInNamespace(namespaceId);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public void configureInstances(StreamId streamId, long j, int i) throws Exception {
        this.delegate.configureInstances(streamId, j, i);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public void configureGroups(StreamId streamId, Map<Long, Integer> map) throws Exception {
        this.delegate.configureGroups(streamId, map);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public void upgrade() throws Exception {
        this.delegate.upgrade();
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public List<StreamSpecification> listStreams(final NamespaceId namespaceId) throws Exception {
        return AuthorizationUtil.isVisible(this.delegate.listStreams(namespaceId), this.authorizationEnforcer, this.authenticationContext.getPrincipal(), new Function<StreamSpecification, EntityId>() { // from class: co.cask.cdap.data2.transaction.stream.AuthorizationStreamAdmin.1
            public EntityId apply(StreamSpecification streamSpecification) {
                return namespaceId.stream(streamSpecification.getName());
            }
        }, (Predicate) null);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public StreamConfig getConfig(StreamId streamId) throws IOException {
        return this.delegate.getConfig(streamId);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public StreamProperties getProperties(StreamId streamId) throws Exception {
        AuthorizationUtil.ensureOnePrivilege(streamId, EnumSet.allOf(Action.class), this.authorizationEnforcer, this.authenticationContext.getPrincipal());
        return this.delegate.getProperties(streamId);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public void updateConfig(StreamId streamId, StreamProperties streamProperties) throws Exception {
        ensureAccess(streamId, Action.ADMIN);
        this.delegate.updateConfig(streamId, streamProperties);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public boolean exists(StreamId streamId) throws Exception {
        AuthorizationUtil.ensureAccess(streamId, this.authorizationEnforcer, this.authenticationContext.getPrincipal());
        return this.delegate.exists(streamId);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    @Nullable
    public StreamConfig create(StreamId streamId) throws Exception {
        return create(streamId, new Properties());
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    @Nullable
    public StreamConfig create(StreamId streamId, @Nullable Properties properties) throws Exception {
        KerberosPrincipalId effectiveOwner = SecurityUtil.getEffectiveOwner(this.ownerAdmin, streamId.getNamespaceId(), (properties == null || !properties.containsKey("principal")) ? null : properties.getProperty("principal"));
        Principal principal = this.authenticationContext.getPrincipal();
        if (effectiveOwner != null) {
            this.authorizationEnforcer.enforce(effectiveOwner, principal, Action.ADMIN);
        }
        ensureAccess(streamId, Action.ADMIN);
        return this.delegate.create(streamId, properties);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public void truncate(StreamId streamId) throws Exception {
        ensureAccess(streamId, Action.ADMIN);
        this.delegate.truncate(streamId);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public void drop(StreamId streamId) throws Exception {
        ensureAccess(streamId, Action.ADMIN);
        this.delegate.drop(streamId);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public boolean createOrUpdateView(StreamViewId streamViewId, ViewSpecification viewSpecification) throws Exception {
        AuthorizationUtil.ensureAccess(streamViewId.getParent(), this.authorizationEnforcer, this.authenticationContext.getPrincipal());
        return this.delegate.createOrUpdateView(streamViewId, viewSpecification);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public void deleteView(StreamViewId streamViewId) throws Exception {
        AuthorizationUtil.ensureAccess(streamViewId.getParent(), this.authorizationEnforcer, this.authenticationContext.getPrincipal());
        this.delegate.deleteView(streamViewId);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public List<StreamViewId> listViews(StreamId streamId) throws Exception {
        AuthorizationUtil.ensureAccess(streamId, this.authorizationEnforcer, this.authenticationContext.getPrincipal());
        return this.delegate.listViews(streamId);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public ViewSpecification getView(StreamViewId streamViewId) throws Exception {
        AuthorizationUtil.ensureAccess(streamViewId.getParent(), this.authorizationEnforcer, this.authenticationContext.getPrincipal());
        return this.delegate.getView(streamViewId);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public boolean viewExists(StreamViewId streamViewId) throws Exception {
        AuthorizationUtil.ensureAccess(streamViewId.getParent(), this.authorizationEnforcer, this.authenticationContext.getPrincipal());
        return this.delegate.viewExists(streamViewId);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public void register(Iterable<? extends EntityId> iterable, StreamId streamId) {
        this.delegate.register(iterable, streamId);
    }

    @Override // co.cask.cdap.data2.transaction.stream.StreamAdmin
    public void addAccess(ProgramRunId programRunId, StreamId streamId, AccessType accessType) {
        this.delegate.addAccess(programRunId, streamId, accessType);
    }

    private <T extends EntityId> void ensureAccess(T t, Action action) throws Exception {
        this.authorizationEnforcer.enforce(t, this.authenticationContext.getPrincipal(), action);
    }
}
