package io.confluent.controlcenter.rest;

import com.google.inject.Inject;
import io.confluent.controlcenter.rest.ControlCenterRestModule;
import io.confluent.controlcenter.rest.jackson.JsonStandard;
import java.security.Principal;
import java.util.Collection;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.CacheControl;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Produces({"application/json"})
@Path("/3.0/auth")
/* loaded from: input_file:io/confluent/controlcenter/rest/AuthResource.class */
public class AuthResource {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AuthResource.class);
    private final Collection<String> readOnlyRoles;

    @JsonStandard
    /* loaded from: input_file:io/confluent/controlcenter/rest/AuthResource$PrincipalInfo.class */
    public static class PrincipalInfo {
        public final String user;
        public final boolean readOnly;

        PrincipalInfo(String str, boolean z) {
            this.user = str;
            this.readOnly = z;
        }
    }

    @Inject
    public AuthResource(@ControlCenterRestModule.RestrictedRoles Collection<String> collection) {
        this.readOnlyRoles = collection;
    }

    @GET
    @Path("/principal")
    public Response principal(@Context SecurityContext securityContext) {
        Principal userPrincipal = securityContext.getUserPrincipal();
        boolean z = false;
        for (String str : this.readOnlyRoles) {
            boolean isUserInRole = securityContext.isUserInRole(str);
            log.debug("checking if user={} in role={} val={}", userPrincipal, str, Boolean.valueOf(isUserInRole));
            z |= isUserInRole;
        }
        CacheControl cacheControl = new CacheControl();
        cacheControl.setNoCache(true);
        cacheControl.setNoStore(true);
        cacheControl.setMustRevalidate(true);
        return Response.ok(new PrincipalInfo(userPrincipal == null ? null : userPrincipal.getName(), z)).cacheControl(cacheControl).build();
    }
}
