package io.pravega.controller.server.rpc.auth;

import com.google.common.annotations.VisibleForTesting;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.pravega.auth.AuthHandler;
import io.pravega.auth.AuthorizationException;
import java.beans.ConstructorProperties;
import java.util.HashMap;

/* loaded from: input_file:io/pravega/controller/server/rpc/auth/AuthHelper.class */
public class AuthHelper {
    private final boolean isAuthEnabled;
    private final String tokenSigningKey;

    @VisibleForTesting
    public static AuthHelper getDisabledAuthHelper() {
        return new AuthHelper(false, "");
    }

    public String checkAuthorization(String str, AuthHandler.Permissions permissions) {
        if (!this.isAuthEnabled) {
            return "";
        }
        PravegaInterceptor pravegaInterceptor = (PravegaInterceptor) PravegaInterceptor.INTERCEPTOR_OBJECT.get();
        if ((pravegaInterceptor == null ? AuthHandler.Permissions.NONE : pravegaInterceptor.authorize(str)).ordinal() < permissions.ordinal()) {
            throw new RuntimeException((Throwable) new AuthorizationException("Access not allowed"));
        }
        return "";
    }

    public String checkAuthorizationAndCreateToken(String str, AuthHandler.Permissions permissions) {
        if (!this.isAuthEnabled) {
            return "";
        }
        checkAuthorization(str, permissions);
        return createDelegationToken(str, permissions, this.tokenSigningKey);
    }

    private String createDelegationToken(String str, AuthHandler.Permissions permissions, String str2) {
        if (!this.isAuthEnabled) {
            return "";
        }
        HashMap hashMap = new HashMap();
        hashMap.put(str, String.valueOf(permissions));
        return Jwts.builder().setSubject("segmentstoreresource").setAudience("segmentstore").setClaims(hashMap).signWith(SignatureAlgorithm.HS512, str2.getBytes()).compact();
    }

    public String retrieveMasterToken() {
        return this.isAuthEnabled ? PravegaInterceptor.retrieveMasterToken(this.tokenSigningKey) : "";
    }

    @SuppressFBWarnings(justification = "generated code")
    @ConstructorProperties({"isAuthEnabled", "tokenSigningKey"})
    public AuthHelper(boolean z, String str) {
        this.isAuthEnabled = z;
        this.tokenSigningKey = str;
    }
}
