package co.cask.cdap.security.impersonation;

import co.cask.cdap.common.AlreadyExistsException;
import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.namespace.NamespaceQueryAdmin;
import co.cask.cdap.proto.NamespaceConfig;
import co.cask.cdap.proto.NamespaceMeta;
import co.cask.cdap.proto.element.EntityType;
import co.cask.cdap.proto.id.KerberosPrincipalId;
import co.cask.cdap.proto.id.NamespaceId;
import co.cask.cdap.proto.id.NamespacedEntityId;
import co.cask.cdap.proto.id.ProgramId;
import com.google.inject.Inject;
import java.io.IOException;
import javax.annotation.Nullable;

/* loaded from: input_file:co/cask/cdap/security/impersonation/DefaultOwnerAdmin.class */
public class DefaultOwnerAdmin implements OwnerAdmin {
    private final CConfiguration cConf;
    private final OwnerStore ownerStore;
    private final NamespaceQueryAdmin namespaceQueryAdmin;

    @Inject
    public DefaultOwnerAdmin(CConfiguration cConfiguration, OwnerStore ownerStore, NamespaceQueryAdmin namespaceQueryAdmin) {
        this.cConf = cConfiguration;
        this.ownerStore = ownerStore;
        this.namespaceQueryAdmin = namespaceQueryAdmin;
    }

    @Override // co.cask.cdap.security.impersonation.OwnerAdmin
    public void add(NamespacedEntityId namespacedEntityId, KerberosPrincipalId kerberosPrincipalId) throws IOException, AlreadyExistsException {
        this.ownerStore.add(namespacedEntityId, kerberosPrincipalId);
    }

    @Override // co.cask.cdap.security.impersonation.OwnerAdmin
    @Nullable
    public KerberosPrincipalId getOwner(NamespacedEntityId namespacedEntityId) throws IOException {
        return this.ownerStore.getOwner(namespacedEntityId);
    }

    @Override // co.cask.cdap.security.impersonation.OwnerAdmin
    @Nullable
    public String getOwnerPrincipal(NamespacedEntityId namespacedEntityId) throws IOException {
        KerberosPrincipalId owner = getOwner(namespacedEntityId);
        if (owner == null) {
            return null;
        }
        return owner.getPrincipal();
    }

    @Override // co.cask.cdap.security.impersonation.OwnerAdmin
    @Nullable
    public ImpersonationInfo getImpersonationInfo(NamespacedEntityId namespacedEntityId) throws IOException {
        KerberosPrincipalId owner;
        NamespacedEntityId effectiveEntity = getEffectiveEntity(namespacedEntityId);
        if (!effectiveEntity.getEntityType().equals(EntityType.NAMESPACE) && (owner = this.ownerStore.getOwner(effectiveEntity)) != null) {
            return new ImpersonationInfo(owner.getPrincipal(), SecurityUtil.getKeytabURIforPrincipal(owner.getPrincipal(), this.cConf));
        }
        NamespaceConfig namespaceConfig = getNamespaceConfig(effectiveEntity.getNamespaceId());
        if (namespaceConfig.getPrincipal() == null) {
            return null;
        }
        return new ImpersonationInfo(namespaceConfig.getPrincipal(), namespaceConfig.getKeytabURI());
    }

    @Override // co.cask.cdap.security.impersonation.OwnerAdmin
    @Nullable
    public String getImpersonationPrincipal(NamespacedEntityId namespacedEntityId) throws IOException {
        NamespacedEntityId effectiveEntity = getEffectiveEntity(namespacedEntityId);
        KerberosPrincipalId kerberosPrincipalId = null;
        if (!effectiveEntity.getEntityType().equals(EntityType.NAMESPACE)) {
            kerberosPrincipalId = this.ownerStore.getOwner(effectiveEntity);
        }
        return kerberosPrincipalId != null ? kerberosPrincipalId.getPrincipal() : getNamespaceConfig(effectiveEntity).getPrincipal();
    }

    private NamespacedEntityId getEffectiveEntity(NamespacedEntityId namespacedEntityId) {
        if (namespacedEntityId.getEntityType().equals(EntityType.PROGRAM)) {
            namespacedEntityId = ((ProgramId) namespacedEntityId).getParent();
        }
        return namespacedEntityId;
    }

    private NamespaceConfig getNamespaceConfig(NamespacedEntityId namespacedEntityId) throws IOException {
        try {
            return namespacedEntityId.getNamespaceId().equals(NamespaceId.SYSTEM) ? NamespaceMeta.SYSTEM.getConfig() : this.namespaceQueryAdmin.get(namespacedEntityId.getNamespaceId()).getConfig();
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new IOException(e2);
        }
    }

    @Override // co.cask.cdap.security.impersonation.OwnerAdmin
    public boolean exists(NamespacedEntityId namespacedEntityId) throws IOException {
        return this.ownerStore.exists(namespacedEntityId);
    }

    @Override // co.cask.cdap.security.impersonation.OwnerAdmin
    public void delete(NamespacedEntityId namespacedEntityId) throws IOException {
        this.ownerStore.delete(namespacedEntityId);
    }
}
