package co.cask.cdap.security.authorization;

import co.cask.cdap.common.runtime.RuntimeModule;
import co.cask.cdap.proto.security.Principal;
import co.cask.cdap.proto.security.Privilege;
import co.cask.cdap.security.spi.authorization.AuthorizationEnforcer;
import co.cask.cdap.security.spi.authorization.PrivilegesFetcher;
import com.google.inject.AbstractModule;
import com.google.inject.Inject;
import com.google.inject.Module;
import com.google.inject.Scopes;
import com.google.inject.name.Names;
import java.util.Set;

/* loaded from: input_file:co/cask/cdap/security/authorization/AuthorizationEnforcementModule.class */
public class AuthorizationEnforcementModule extends RuntimeModule {
    public static final String PRIVILEGES_FETCHER_PROXY_CACHE = "privileges-fetcher-proxy-cache";
    public static final String PRIVILEGES_FETCHER_PROXY = "privileges-fetcher-proxy";

    /* loaded from: input_file:co/cask/cdap/security/authorization/AuthorizationEnforcementModule$AuthorizerAsPrivilegesFetcher.class */
    private static class AuthorizerAsPrivilegesFetcher implements PrivilegesFetcher {
        private final AuthorizerInstantiator authorizerInstantiator;

        @Inject
        private AuthorizerAsPrivilegesFetcher(AuthorizerInstantiator authorizerInstantiator) {
            this.authorizerInstantiator = authorizerInstantiator;
        }

        public Set<Privilege> listPrivileges(Principal principal) throws Exception {
            return this.authorizerInstantiator.m17get().listPrivileges(principal);
        }
    }

    public Module getInMemoryModules() {
        return new AbstractModule() { // from class: co.cask.cdap.security.authorization.AuthorizationEnforcementModule.1
            protected void configure() {
                bind(AuthorizationEnforcementService.class).to(DefaultAuthorizationEnforcementService.class).in(Scopes.SINGLETON);
                bind(AuthorizationEnforcer.class).to(AuthorizationEnforcementService.class).in(Scopes.SINGLETON);
                bind(PrivilegesFetcherProxyService.class).to(DefaultPrivilegesFetcherProxyService.class).in(Scopes.SINGLETON);
                bind(PrivilegesFetcher.class).to(AuthorizerAsPrivilegesFetcher.class).in(Scopes.SINGLETON);
                bind(PrivilegesFetcher.class).annotatedWith(Names.named(AuthorizationEnforcementModule.PRIVILEGES_FETCHER_PROXY_CACHE)).to(PrivilegesFetcherProxyService.class);
                bind(PrivilegesFetcher.class).annotatedWith(Names.named(AuthorizationEnforcementModule.PRIVILEGES_FETCHER_PROXY)).to(AuthorizerAsPrivilegesFetcher.class);
            }
        };
    }

    public Module getStandaloneModules() {
        return new AbstractModule() { // from class: co.cask.cdap.security.authorization.AuthorizationEnforcementModule.2
            protected void configure() {
                bind(AuthorizationEnforcementService.class).to(DefaultAuthorizationEnforcementService.class).in(Scopes.SINGLETON);
                bind(AuthorizationEnforcer.class).to(AuthorizationEnforcementService.class).in(Scopes.SINGLETON);
                bind(PrivilegesFetcherProxyService.class).to(DefaultPrivilegesFetcherProxyService.class).in(Scopes.SINGLETON);
                bind(PrivilegesFetcher.class).to(AuthorizerAsPrivilegesFetcher.class).in(Scopes.SINGLETON);
                bind(PrivilegesFetcher.class).annotatedWith(Names.named(AuthorizationEnforcementModule.PRIVILEGES_FETCHER_PROXY_CACHE)).to(PrivilegesFetcherProxyService.class);
                bind(PrivilegesFetcher.class).annotatedWith(Names.named(AuthorizationEnforcementModule.PRIVILEGES_FETCHER_PROXY)).to(AuthorizerAsPrivilegesFetcher.class);
            }
        };
    }

    public Module getDistributedModules() {
        return new AbstractModule() { // from class: co.cask.cdap.security.authorization.AuthorizationEnforcementModule.3
            protected void configure() {
                bind(AuthorizationEnforcementService.class).to(DefaultAuthorizationEnforcementService.class).in(Scopes.SINGLETON);
                bind(AuthorizationEnforcer.class).to(AuthorizationEnforcementService.class).in(Scopes.SINGLETON);
                bind(PrivilegesFetcher.class).to(RemotePrivilegesFetcher.class);
            }
        };
    }

    public AbstractModule getMasterModule() {
        return new AbstractModule() { // from class: co.cask.cdap.security.authorization.AuthorizationEnforcementModule.4
            protected void configure() {
                bind(AuthorizationEnforcementService.class).to(DefaultAuthorizationEnforcementService.class).in(Scopes.SINGLETON);
                bind(AuthorizationEnforcer.class).to(AuthorizationEnforcementService.class).in(Scopes.SINGLETON);
                bind(PrivilegesFetcher.class).to(AuthorizerAsPrivilegesFetcher.class);
                bind(PrivilegesFetcherProxyService.class).to(DefaultPrivilegesFetcherProxyService.class).in(Scopes.SINGLETON);
                bind(PrivilegesFetcher.class).annotatedWith(Names.named(AuthorizationEnforcementModule.PRIVILEGES_FETCHER_PROXY_CACHE)).to(PrivilegesFetcherProxyService.class);
                bind(PrivilegesFetcher.class).annotatedWith(Names.named(AuthorizationEnforcementModule.PRIVILEGES_FETCHER_PROXY)).to(AuthorizerAsPrivilegesFetcher.class);
            }
        };
    }
}
