package edu.kit.datamanager.util;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import com.github.fge.jsonpatch.JsonPatch;
import com.github.fge.jsonpatch.JsonPatchException;
import edu.kit.datamanager.annotations.SecureUpdate;
import edu.kit.datamanager.entities.PERMISSION;
import edu.kit.datamanager.exceptions.CustomInternalServerError;
import edu.kit.datamanager.exceptions.PatchApplicationException;
import edu.kit.datamanager.exceptions.UpdateForbiddenException;
import java.lang.reflect.Field;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:edu/kit/datamanager/util/PatchUtil.class */
public class PatchUtil {
    private static final Logger LOGGER = LoggerFactory.getLogger(PatchUtil.class);

    private PatchUtil() {
    }

    public static <C> C applyPatch(C c, JsonPatch jsonPatch, Class<C> cls, Collection<? extends GrantedAuthority> collection) {
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.registerModule(new JavaTimeModule());
        try {
            C c2 = (C) objectMapper.treeToValue(jsonPatch.apply((JsonNode) objectMapper.convertValue(c, JsonNode.class)), cls);
            if (canUpdate(c, c2, collection)) {
                return c2;
            }
            LOGGER.warn("Patch not applicable.");
            throw new UpdateForbiddenException("Patch not applicable.");
        } catch (JsonPatchException | JsonProcessingException e) {
            LOGGER.error("Failed to apply patch '" + jsonPatch.toString() + " to resource " + c, e);
            throw new PatchApplicationException("Failed to apply patch to resource.");
        }
    }

    public static boolean canUpdate(Object obj, Object obj2, Collection<? extends GrantedAuthority> collection) {
        for (Field field : obj2.getClass().getDeclaredFields()) {
            SecureUpdate secureUpdate = (SecureUpdate) field.getAnnotation(SecureUpdate.class);
            if (secureUpdate != null) {
                try {
                    field.setAccessible(true);
                    Object obj3 = field.get(obj2);
                    Object obj4 = field.get(obj);
                    String[] value = secureUpdate.value();
                    if (Objects.equals(obj3, obj4)) {
                        continue;
                    } else {
                        boolean z = false;
                        for (String str : value) {
                            Iterator<? extends GrantedAuthority> it = collection.iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                GrantedAuthority next = it.next();
                                String authority = next.getAuthority();
                                if (!authority.toLowerCase().startsWith("role") || !str.toLowerCase().startsWith("role")) {
                                    if (!authority.toLowerCase().startsWith("permission") || !str.toLowerCase().startsWith("permission")) {
                                        if (next.getAuthority().equalsIgnoreCase(str)) {
                                            z = true;
                                            break;
                                        }
                                    } else {
                                        if (PERMISSION.fromValue(authority).atLeast(PERMISSION.fromValue(str))) {
                                            z = true;
                                            break;
                                        }
                                    }
                                } else {
                                    if (next.getAuthority().equalsIgnoreCase(str)) {
                                        z = true;
                                        break;
                                    }
                                }
                            }
                            if (z) {
                                break;
                            }
                        }
                        if (!z) {
                            LOGGER.warn("Updating of field " + field + " is allowed by " + Arrays.asList(value) + ", but caller only offered the following authorities: " + collection + ".");
                            return false;
                        }
                    }
                } catch (IllegalAccessException | IllegalArgumentException | SecurityException e) {
                    LOGGER.error("Failed to check update applicability.", e);
                    throw new CustomInternalServerError("Unable to check if update is applicable. Message: " + e.getMessage());
                }
            }
        }
        return true;
    }
}
