package io.confluent.kafka.schemaregistry.security.authorizer;

import io.confluent.kafka.schemaregistry.client.rest.entities.Schema;
import io.confluent.kafka.schemaregistry.client.rest.entities.SchemaString;
import io.confluent.kafka.schemaregistry.exceptions.SchemaRegistryException;
import io.confluent.kafka.schemaregistry.rest.SchemaRegistryConfig;
import io.confluent.kafka.schemaregistry.storage.SchemaRegistry;

/* loaded from: input_file:io/confluent/kafka/schemaregistry/security/authorizer/AbstractSchemaRegistryAuthorizer.class */
public abstract class AbstractSchemaRegistryAuthorizer implements SchemaRegistryAuthorizer {
    private SchemaRegistry schemaRegistry;

    @Override // io.confluent.kafka.schemaregistry.security.authorizer.SchemaRegistryAuthorizer
    public void configure(SchemaRegistryConfig schemaRegistryConfig, SchemaRegistry schemaRegistry) throws AuthorizerException {
        this.schemaRegistry = schemaRegistry;
    }

    @Override // io.confluent.kafka.schemaregistry.security.authorizer.SchemaRegistryAuthorizer
    public final boolean authorize(AuthorizeRequest authorizeRequest) throws AuthorizerException {
        SchemaRegistryResourceOperation schemaRegistryResourceOperation = authorizeRequest.getSchemaRegistryResourceOperation();
        String name = authorizeRequest.getUser().getName();
        String subject = authorizeRequest.getSubject();
        if (SchemaRegistryResourceOperation.SCHEMA_READ.equals(schemaRegistryResourceOperation)) {
            return authorizeSchemaIdLookup(name, schemaRegistryResourceOperation, authorizeRequest);
        }
        if (SchemaRegistryResourceOperation.SUBJECT_RESOURCE_OPERATIONS.contains(schemaRegistryResourceOperation)) {
            return authorizeSubjectOperation(name, subject, schemaRegistryResourceOperation, authorizeRequest);
        }
        if (SchemaRegistryResourceOperation.GLOBAL_RESOURCE_OPERATIONS.contains(schemaRegistryResourceOperation)) {
            return authorizeGlobalOperation(name, schemaRegistryResourceOperation, authorizeRequest);
        }
        return false;
    }

    @Override // io.confluent.kafka.schemaregistry.security.authorizer.SchemaRegistryAuthorizer
    public void shutdown() {
    }

    public abstract boolean authorizeGlobalOperation(String str, SchemaRegistryResourceOperation schemaRegistryResourceOperation, AuthorizeRequest authorizeRequest);

    public abstract boolean authorizeSubjectOperation(String str, String str2, SchemaRegistryResourceOperation schemaRegistryResourceOperation, AuthorizeRequest authorizeRequest);

    public final boolean authorizeSchemaIdLookup(String str, SchemaRegistryResourceOperation schemaRegistryResourceOperation, AuthorizeRequest authorizeRequest) throws AuthorizerException {
        boolean z = false;
        try {
            SchemaString schemaString = this.schemaRegistry.get(Integer.parseInt((String) authorizeRequest.getContainerRequestContext().getUriInfo().getPathParameters().getFirst("id")));
            if (schemaString != null) {
                for (String str2 : this.schemaRegistry.listSubjects()) {
                    if (this.schemaRegistry.lookUpSchemaUnderSubject(str2, new Schema(str2, 0, 0, schemaString.getSchemaString()), true) != null) {
                        z = authorizeSubjectOperation(str, getAuthorizationSubject(str2), SchemaRegistryResourceOperation.SUBJECT_READ, authorizeRequest);
                        if (z) {
                            break;
                        }
                    }
                }
            }
            return z;
        } catch (SchemaRegistryException e) {
            throw new AuthorizerException("Couldn't lookup schema ids ", e);
        }
    }

    public String getAuthorizationSubject(String str) {
        return str;
    }
}
