package co.cask.cdap.security.authorization;

import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.proto.id.EntityId;
import co.cask.cdap.proto.security.Action;
import co.cask.cdap.proto.security.Principal;
import co.cask.cdap.security.spi.authorization.AuthorizationEnforcer;
import co.cask.cdap.security.spi.authorization.UnauthorizedException;
import java.util.EnumSet;
import java.util.Set;

/* loaded from: input_file:co/cask/cdap/security/authorization/AbstractAuthorizationEnforcer.class */
public abstract class AbstractAuthorizationEnforcer implements AuthorizationEnforcer {
    private final boolean securityAuthorizationEnabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractAuthorizationEnforcer(CConfiguration cConfiguration) {
        this.securityAuthorizationEnabled = AuthorizationUtil.isSecurityAuthorizationEnabled(cConfiguration);
    }

    public void enforce(EntityId entityId, Principal principal, Set<Action> set) throws Exception {
        if (isSecurityAuthorizationEnabled()) {
            EnumSet noneOf = EnumSet.noneOf(Action.class);
            UnauthorizedException unauthorizedException = new UnauthorizedException(principal, entityId);
            for (Action action : set) {
                try {
                    enforce(entityId, principal, action);
                } catch (UnauthorizedException e) {
                    noneOf.add(action);
                    unauthorizedException.addSuppressed(e);
                }
            }
            if (!noneOf.isEmpty()) {
                throw new UnauthorizedException(principal, noneOf, entityId, unauthorizedException);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isSecurityAuthorizationEnabled() {
        return this.securityAuthorizationEnabled;
    }
}
