package io.confluent.rbacapi.resources.base;

import io.confluent.rbacapi.authorizer.SecurityMetadataAuthorizer;
import io.confluent.security.auth.client.rest.entities.AclFilter;
import io.confluent.security.auth.client.rest.entities.CreateAclRequest;
import io.confluent.security.auth.client.rest.entities.CreateAclsRequest;
import io.confluent.security.auth.client.rest.entities.CreateAclsResult;
import io.confluent.security.auth.client.rest.entities.DeleteAclsRequest;
import io.confluent.security.auth.client.rest.entities.DeleteAclsResult;
import io.confluent.security.auth.metadata.AuthCache;
import io.confluent.security.auth.metadata.AuthStore;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.Scope;
import java.util.Collection;
import java.util.HashMap;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.ws.rs.core.SecurityContext;
import org.apache.kafka.common.acl.AclBinding;
import org.apache.kafka.common.acl.AclBindingFilter;

/* loaded from: input_file:io/confluent/rbacapi/resources/base/AclResource.class */
public class AclResource {
    private final AuthStore authStore;
    private final AuthCache authCache;
    private final SecurityMetadataAuthorizer metadataAuthorizer;
    private final long backendTimeoutNanos;

    public AclResource(AuthStore authStore, SecurityMetadataAuthorizer securityMetadataAuthorizer, long j) {
        this.authStore = authStore;
        this.authCache = authStore.authCache();
        this.metadataAuthorizer = securityMetadataAuthorizer;
        this.backendTimeoutNanos = j;
    }

    public void createAcl(SecurityContext securityContext, CreateAclRequest createAclRequest) throws InterruptedException, ExecutionException, TimeoutException {
        createAcl(securityContext, createAclRequest.scope, createAclRequest.aclBinding);
    }

    private void createAcl(SecurityContext securityContext, Scope scope, AclBinding aclBinding) throws InterruptedException, ExecutionException, TimeoutException {
        this.metadataAuthorizer.authorizeAclAccess(securityContext, scope, ResourcePattern.from(aclBinding.pattern()), SecurityMetadataAuthorizer.ALTER, SecurityMetadataAuthorizer.ALTER_ACCESS);
        this.authStore.writer().createAcls(scope, aclBinding).toCompletableFuture().get(this.backendTimeoutNanos, TimeUnit.NANOSECONDS);
    }

    public CreateAclsResult createAcls(SecurityContext securityContext, CreateAclsRequest createAclsRequest) {
        HashMap hashMap = new HashMap();
        for (AclBinding aclBinding : createAclsRequest.aclBindings) {
            try {
                createAcl(securityContext, createAclsRequest.scope, aclBinding);
                hashMap.put(aclBinding, CreateAclsResult.SUCCESS);
            } catch (TimeoutException e) {
                hashMap.put(aclBinding, CreateAclsResult.failure("MDS Server timeout occurred"));
            } catch (Exception e2) {
                hashMap.put(aclBinding, CreateAclsResult.failure(e2.getMessage()));
            }
        }
        return new CreateAclsResult(hashMap);
    }

    public Collection<AclBinding> deleteAcls(SecurityContext securityContext, AclFilter aclFilter) throws InterruptedException, ExecutionException, TimeoutException {
        return deleteAcl(securityContext, aclFilter.scope, aclFilter.aclBindingFilter);
    }

    public DeleteAclsResult deleteAcls(SecurityContext securityContext, DeleteAclsRequest deleteAclsRequest) {
        HashMap hashMap = new HashMap();
        for (AclBindingFilter aclBindingFilter : deleteAclsRequest.aclBindingFilters) {
            try {
                hashMap.put(aclBindingFilter, DeleteAclsResult.success(deleteAcl(securityContext, deleteAclsRequest.scope, aclBindingFilter)));
            } catch (TimeoutException e) {
                hashMap.put(aclBindingFilter, DeleteAclsResult.failure("MDS Server timeout occurred"));
            } catch (Exception e2) {
                hashMap.put(aclBindingFilter, DeleteAclsResult.failure(e2.getMessage()));
            }
        }
        return new DeleteAclsResult(hashMap);
    }

    private Collection<AclBinding> deleteAcl(SecurityContext securityContext, Scope scope, AclBindingFilter aclBindingFilter) throws InterruptedException, ExecutionException, TimeoutException {
        return this.authStore.writer().deleteAcls(scope, aclBindingFilter, resourcePattern -> {
            return this.metadataAuthorizer.aclAccess(securityContext, scope, resourcePattern, SecurityMetadataAuthorizer.ALTER, SecurityMetadataAuthorizer.ALTER_ACCESS);
        }).toCompletableFuture().get(this.backendTimeoutNanos, TimeUnit.NANOSECONDS);
    }

    public Collection<AclBinding> describeAcls(SecurityContext securityContext, AclFilter aclFilter) {
        return this.authCache.aclBindings(aclFilter.scope, aclFilter.aclBindingFilter, resourcePattern -> {
            return this.metadataAuthorizer.aclAccess(securityContext, aclFilter.scope, resourcePattern, SecurityMetadataAuthorizer.DESCRIBE, SecurityMetadataAuthorizer.DESCRIBE_ACCESS);
        });
    }
}
