package io.pravega.controller.server.rpc.auth;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import io.pravega.auth.AuthException;
import io.pravega.auth.AuthHandler;
import io.pravega.auth.AuthenticationException;
import io.pravega.auth.AuthorizationException;
import java.security.Principal;
import java.util.List;
import javax.ws.rs.core.Response;

/* loaded from: input_file:io/pravega/controller/server/rpc/auth/RESTAuthHelper.class */
public class RESTAuthHelper {
    private final AuthHandlerManager pravegaAuthManager;

    public RESTAuthHelper(AuthHandlerManager authHandlerManager) {
        this.pravegaAuthManager = authHandlerManager;
    }

    public boolean isAuthorized(List<String> list, String str, Principal principal, AuthHandler.Permissions permissions) throws AuthException {
        if (isAuthEnabled()) {
            return this.pravegaAuthManager.authorize(str, principal, parseCredentials(list), permissions);
        }
        return true;
    }

    public void authorize(List<String> list, String str, Principal principal, AuthHandler.Permissions permissions) throws AuthException {
        if (!isAuthorized(list, str, principal, permissions)) {
            throw new AuthorizationException(String.format("Failed to authorize for resource [%s]", str), Response.Status.FORBIDDEN.getStatusCode());
        }
    }

    public Principal authenticate(List<String> list) throws AuthException {
        if (!isAuthEnabled()) {
            return null;
        }
        return this.pravegaAuthManager.authenticate(parseCredentials(list));
    }

    public void authenticateAuthorize(List<String> list, String str, AuthHandler.Permissions permissions) throws AuthException {
        if (isAuthEnabled() && !this.pravegaAuthManager.authenticateAndAuthorize(str, parseCredentials(list), permissions)) {
            throw new AuthorizationException(String.format("Failed to authorize for resource [%s]", str), Response.Status.FORBIDDEN.getStatusCode());
        }
    }

    private String parseCredentials(List<String> list) throws AuthenticationException {
        if (list == null || list.isEmpty()) {
            throw new AuthenticationException("Missing authorization header.");
        }
        String str = list.get(0);
        Preconditions.checkNotNull(str, "Missing credentials.");
        return str;
    }

    @VisibleForTesting
    boolean isAuthEnabled() {
        return this.pravegaAuthManager != null;
    }
}
