package io.confluent.kafka.schemaregistry.security.authorizer;

import io.confluent.kafka.schemaregistry.client.rest.entities.Schema;
import io.confluent.kafka.schemaregistry.client.rest.entities.SchemaString;
import io.confluent.kafka.schemaregistry.exceptions.SchemaRegistryException;
import io.confluent.kafka.schemaregistry.rest.SchemaRegistryConfig;
import io.confluent.kafka.schemaregistry.storage.SchemaRegistry;
import java.security.Principal;
import java.util.List;
import java.util.stream.Collectors;
import javax.ws.rs.core.UriInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/kafka/schemaregistry/security/authorizer/AbstractSchemaRegistryAuthorizer.class */
public abstract class AbstractSchemaRegistryAuthorizer implements SchemaRegistryAuthorizer {
    private static final Logger log = LoggerFactory.getLogger(AbstractSchemaRegistryAuthorizer.class);
    private SchemaRegistry schemaRegistry;

    @Override // io.confluent.kafka.schemaregistry.security.authorizer.SchemaRegistryAuthorizer
    public void configure(SchemaRegistryConfig schemaRegistryConfig, SchemaRegistry schemaRegistry) throws AuthorizerException {
        this.schemaRegistry = schemaRegistry;
    }

    @Override // io.confluent.kafka.schemaregistry.security.authorizer.SchemaRegistryAuthorizer
    public final boolean authorize(AuthorizeRequest authorizeRequest) throws AuthorizerException {
        SchemaRegistryResourceOperation schemaRegistryResourceOperation = authorizeRequest.getSchemaRegistryResourceOperation();
        Principal user = authorizeRequest.getUser();
        String name = user.getName();
        String subject = authorizeRequest.getSubject();
        if (!SchemaRegistryResourceOperation.SCHEMA_READ.equals(schemaRegistryResourceOperation)) {
            if (SchemaRegistryResourceOperation.SUBJECT_RESOURCE_OPERATIONS.contains(schemaRegistryResourceOperation)) {
                return authorizeSubjectOperation(name, subject, schemaRegistryResourceOperation, authorizeRequest);
            }
            if (SchemaRegistryResourceOperation.GLOBAL_RESOURCE_OPERATIONS.contains(schemaRegistryResourceOperation)) {
                return authorizeGlobalOperation(name, schemaRegistryResourceOperation, authorizeRequest);
            }
            return false;
        }
        boolean authorizeSchemaIdLookup = authorizeSchemaIdLookup(user, schemaRegistryResourceOperation, authorizeRequest);
        Logger logger = log;
        Object[] objArr = new Object[3];
        objArr[0] = authorizeSchemaIdLookup ? "SUCCESSFUL" : "FAILED";
        objArr[1] = name != null ? name : "N/A";
        objArr[2] = subject != null ? subject : "N/A";
        logger.debug("Authorization of schema ID lookup {} for user {} and subject {}", objArr);
        return authorizeSchemaIdLookup;
    }

    @Override // io.confluent.kafka.schemaregistry.security.authorizer.SchemaRegistryAuthorizer
    public void shutdown() {
    }

    public abstract boolean authorizeGlobalOperation(String str, SchemaRegistryResourceOperation schemaRegistryResourceOperation, AuthorizeRequest authorizeRequest);

    public abstract boolean authorizeSubjectOperation(String str, String str2, SchemaRegistryResourceOperation schemaRegistryResourceOperation, AuthorizeRequest authorizeRequest);

    public final boolean authorizeSchemaIdLookup(Principal principal, SchemaRegistryResourceOperation schemaRegistryResourceOperation, AuthorizeRequest authorizeRequest) throws AuthorizerException {
        UriInfo uriInfo = authorizeRequest.getContainerRequestContext().getUriInfo();
        if ("schemas/types".equals(uriInfo.getPath())) {
            return true;
        }
        try {
            SchemaString schemaString = this.schemaRegistry.get(Integer.parseInt((String) uriInfo.getPathParameters().getFirst("id")));
            if (schemaString != null) {
                return bulkAuthorize(principal, (List) this.schemaRegistry.listSubjects().stream().filter(str -> {
                    Schema schema = new Schema(str, 0, 0, schemaString.getSchemaType(), schemaString.getReferences(), schemaString.getSchemaString());
                    try {
                        return this.schemaRegistry.lookUpSchemaUnderSubject(str, schema, true) != null;
                    } catch (SchemaRegistryException e) {
                        log.warn("Failed to lookup up schema {} under subject {}", schema, str);
                        return false;
                    }
                }).map(str2 -> {
                    return subjectReadRequest(str2, authorizeRequest);
                }).collect(Collectors.toList())).stream().anyMatch(bool -> {
                    return bool.booleanValue();
                });
            }
            return false;
        } catch (SchemaRegistryException e) {
            throw new AuthorizerException("Couldn't lookup schema ids ", e);
        }
    }

    public String getAuthorizationSubject(String str) {
        return str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AuthorizeRequest subjectReadRequest(String str, AuthorizeRequest authorizeRequest) {
        return new AuthorizeRequest(authorizeRequest.getUser(), str, SchemaRegistryResourceOperation.SUBJECT_READ, authorizeRequest.getContainerRequestContext(), authorizeRequest.getHttpServletRequest());
    }
}
