package io.ballerina.messaging.broker.core.rest;

import io.ballerina.messaging.broker.auth.AuthException;
import io.ballerina.messaging.broker.auth.AuthNotFoundException;
import io.ballerina.messaging.broker.auth.AuthServerException;
import io.ballerina.messaging.broker.auth.authorization.AuthorizationHandler;
import io.ballerina.messaging.broker.auth.authorization.Authorizer;
import io.ballerina.messaging.broker.auth.authorization.enums.ResourceAction;
import io.ballerina.messaging.broker.auth.authorization.enums.ResourceAuthScope;
import io.ballerina.messaging.broker.auth.authorization.enums.ResourceType;
import io.ballerina.messaging.broker.core.rest.model.ResponseMessage;
import io.ballerina.messaging.broker.core.rest.model.UserGroupList;
import java.util.Arrays;
import java.util.List;
import javax.security.auth.Subject;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.InternalServerErrorException;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;

/* loaded from: input_file:io/ballerina/messaging/broker/core/rest/AuthGrantApiDelegate.class */
public class AuthGrantApiDelegate {
    private final Authorizer authorizer;
    private final AuthorizationHandler authorizationHandler;

    public AuthGrantApiDelegate(Authorizer authorizer) {
        this.authorizer = authorizer;
        this.authorizationHandler = new AuthorizationHandler(authorizer);
    }

    public Response changeOwner(ResourceType resourceType, String str, String str2, Subject subject) {
        try {
            this.authorizationHandler.handle(ResourceAuthScope.RESOURCE_GRANT_PERMISSION, resourceType, str, ResourceAction.GRANT_PERMISSION, subject);
            if (this.authorizer.changeResourceOwner(resourceType.toString(), str, str2)) {
                return Response.noContent().build();
            }
            throw new BadRequestException("Invalid input. Resource type: " + resourceType.toString() + ", Resource name: " + str + ", Owner: " + str2);
        } catch (AuthException e) {
            throw new NotAuthorizedException(e.getMessage(), e, new Object[0]);
        } catch (AuthNotFoundException e2) {
            throw new NotFoundException(e2.getMessage(), e2);
        } catch (AuthServerException e3) {
            throw new InternalServerErrorException(e3.getMessage(), e3);
        }
    }

    public Response addUserGroupsToAction(ResourceType resourceType, String str, String str2, UserGroupList userGroupList, Subject subject) {
        try {
            this.authorizationHandler.handle(ResourceAuthScope.RESOURCE_GRANT_PERMISSION, resourceType, str, ResourceAction.GRANT_PERMISSION, subject);
            List<String> userGroups = userGroupList.getUserGroups();
            if (this.authorizer.addGroupsToResource(resourceType.toString(), str, str2, userGroups)) {
                return Response.ok(new ResponseMessage().message("User groups successfully added.")).build();
            }
            throw new BadRequestException("Invalid input. Resource type: " + resourceType.toString() + ", Resource name: " + str + ", Action name: " + str2 + ", User groups: " + Arrays.toString(userGroups.toArray()));
        } catch (AuthException e) {
            throw new ForbiddenException(e.getMessage(), e);
        } catch (AuthNotFoundException e2) {
            throw new NotFoundException(e2.getMessage(), e2);
        } catch (AuthServerException e3) {
            throw new InternalServerErrorException(e3.getMessage(), e3);
        }
    }

    public Response removeUserGroup(ResourceType resourceType, String str, String str2, String str3, Subject subject) {
        try {
            this.authorizationHandler.handle(ResourceAuthScope.RESOURCE_GRANT_PERMISSION, resourceType, str, ResourceAction.GRANT_PERMISSION, subject);
            if (this.authorizer.removeGroupFromResource(resourceType.toString(), str, str2, str3)) {
                return Response.ok().entity(new ResponseMessage().message("User group successfully removed.")).build();
            }
            throw new BadRequestException("Invalid input. Resource type: " + resourceType.toString() + ", Resource name: " + str + ", Action name: " + str2 + ", Group name: " + str3);
        } catch (AuthException e) {
            throw new ForbiddenException(e.getMessage(), e);
        } catch (AuthNotFoundException e2) {
            throw new NotFoundException(e2.getMessage(), e2);
        } catch (AuthServerException e3) {
            throw new InternalServerErrorException(e3.getMessage(), e3);
        }
    }
}
