package io.confluent.rbacapi.resources;

import io.confluent.rbacapi.authorizer.SecurityMetadataAuthorizer;
import io.confluent.rbacapi.entities.AuthorizeRequest;
import io.confluent.rbacapi.validation.ValidationUtil;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.Authorizer;
import java.util.List;
import javax.ws.rs.Consumes;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.SecurityContext;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.utils.SecurityUtils;

@Produces({"application/json"})
@Path("/1.0/")
/* loaded from: input_file:io/confluent/rbacapi/resources/AuthorizeResource.class */
public class AuthorizeResource {
    private final Authorizer authorizer;
    private final SecurityMetadataAuthorizer metadataAuthorizer;

    public AuthorizeResource(Authorizer authorizer, SecurityMetadataAuthorizer securityMetadataAuthorizer) {
        this.authorizer = authorizer;
        this.metadataAuthorizer = securityMetadataAuthorizer;
    }

    @Path("authorize")
    @PUT
    @Consumes({"application/json"})
    public List<AuthorizeResult> authorize(@Context SecurityContext securityContext, AuthorizeRequest authorizeRequest) {
        KafkaPrincipal parseKafkaPrincipal = SecurityUtils.parseKafkaPrincipal(authorizeRequest.userPrincipal);
        this.metadataAuthorizer.authorizeAuthorizeRequest(securityContext, parseKafkaPrincipal, authorizeRequest.actions);
        ValidationUtil.verifyScope(authorizeRequest);
        ValidationUtil.verifyOperation(authorizeRequest);
        ValidationUtil.verifyResourceType(authorizeRequest);
        return this.authorizer.authorize(parseKafkaPrincipal, authorizeRequest.host, authorizeRequest.actions);
    }
}
