package gr.cite.commons.web.authz.service;

import gr.cite.commons.web.authz.policy.AuthorizationPolicyBuilder;
import gr.cite.commons.web.authz.policy.AuthorizationRequirementMapper;
import gr.cite.commons.web.authz.policy.AuthorizationResource;
import gr.cite.commons.web.authz.policy.PermissionAuthorizationRequirement;
import gr.cite.commons.web.authz.policy.resolver.AuthorizationPolicyResolver;
import gr.cite.commons.web.authz.policy.resolver.AuthorizationResult;
import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver;
import gr.cite.tools.exception.MyForbiddenException;
import java.security.Principal;
import java.util.Iterator;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service("authorizationService")
/* loaded from: input_file:gr/cite/commons/web/authz/service/AuthorizationServiceImpl.class */
public class AuthorizationServiceImpl implements AuthorizationService {
    private final CurrentPrincipalResolver principalResolver;
    private final AuthorizationPolicyResolver authorizationPolicyResolver;
    private final AuthorizationRequirementMapper authorizationRequirementMapper;

    @Autowired
    public AuthorizationServiceImpl(CurrentPrincipalResolver currentPrincipalResolver, AuthorizationPolicyResolver authorizationPolicyResolver, AuthorizationRequirementMapper authorizationRequirementMapper) {
        this.principalResolver = currentPrincipalResolver;
        this.authorizationPolicyResolver = authorizationPolicyResolver;
        this.authorizationRequirementMapper = authorizationRequirementMapper;
    }

    @Override // gr.cite.commons.web.authz.service.AuthorizationService
    public final Boolean authorize(String... strArr) {
        return authorize(false, false, strArr);
    }

    @Override // gr.cite.commons.web.authz.service.AuthorizationService
    public final Boolean authorizeForce(String... strArr) {
        return authorize(false, true, strArr);
    }

    @Override // gr.cite.commons.web.authz.service.AuthorizationService
    public Boolean authorize(List<? extends AuthorizationResource> list, String... strArr) {
        return authorize(list, false, strArr);
    }

    @Override // gr.cite.commons.web.authz.service.AuthorizationService
    public Boolean authorizeForce(List<? extends AuthorizationResource> list, String... strArr) {
        return authorizeForce(list, false, strArr);
    }

    @Override // gr.cite.commons.web.authz.service.AuthorizationService
    public Boolean authorize(List<? extends AuthorizationResource> list, boolean z, String... strArr) {
        return (list == null || list.isEmpty()) ? authorize(strArr) : z ? authorizeOnlyResources(false, false, strArr, list) : authorizeWithResources(false, false, strArr, list);
    }

    @Override // gr.cite.commons.web.authz.service.AuthorizationService
    public Boolean authorizeForce(List<? extends AuthorizationResource> list, boolean z, String... strArr) {
        return (list == null || list.isEmpty()) ? authorizeForce(strArr) : z ? authorizeOnlyResources(false, true, strArr, list) : authorizeWithResources(false, true, strArr, list);
    }

    @Override // gr.cite.commons.web.authz.service.AuthorizationService
    public Boolean authorizeAtLeastOneForce(List<? extends AuthorizationResource> list) {
        if (authorizeAtLeastOne(list).booleanValue()) {
            return true;
        }
        throw new MyForbiddenException("Access is denied");
    }

    @Override // gr.cite.commons.web.authz.service.AuthorizationService
    public Boolean authorizeAtLeastOne(List<? extends AuthorizationResource> list) {
        boolean z = true;
        if (list != null && !list.isEmpty()) {
            Iterator<? extends AuthorizationResource> it = list.iterator();
            while (it.hasNext()) {
                z = authorize(List.of(it.next())).booleanValue();
                if (z) {
                    break;
                }
            }
        }
        return Boolean.valueOf(z);
    }

    @Override // gr.cite.commons.web.authz.service.AuthorizationService
    public Boolean authorizeAtLeastOneForce(List<? extends AuthorizationResource> list, String... strArr) {
        return authorizeAtLeastOneForce(list, false, strArr);
    }

    @Override // gr.cite.commons.web.authz.service.AuthorizationService
    public Boolean authorizeAtLeastOneForce(List<? extends AuthorizationResource> list, boolean z, String... strArr) {
        if (authorizeAtLeastOne(list, z, strArr).booleanValue()) {
            return true;
        }
        throw new MyForbiddenException("Access is denied");
    }

    @Override // gr.cite.commons.web.authz.service.AuthorizationService
    public Boolean authorizeAtLeastOne(List<? extends AuthorizationResource> list, String... strArr) {
        return authorizeAtLeastOne(list, false, strArr);
    }

    @Override // gr.cite.commons.web.authz.service.AuthorizationService
    public Boolean authorizeAtLeastOne(List<? extends AuthorizationResource> list, boolean z, String... strArr) {
        boolean booleanValue = z ? false : authorize(strArr).booleanValue();
        if (!booleanValue && list != null && !list.isEmpty()) {
            Iterator<? extends AuthorizationResource> it = list.iterator();
            while (it.hasNext()) {
                booleanValue = authorizeOnlyResources(false, false, strArr, List.of(it.next())).booleanValue();
                if (booleanValue) {
                    break;
                }
            }
        }
        return Boolean.valueOf(booleanValue);
    }

    @Override // gr.cite.commons.web.authz.service.AuthorizationService
    public Boolean authorize(List<? extends AuthorizationResource> list) {
        Principal currentPrincipal = this.principalResolver.currentPrincipal();
        AuthorizationResult failure = AuthorizationResult.failure();
        for (AuthorizationResource authorizationResource : list) {
            failure = this.authorizationPolicyResolver.authorize(currentPrincipal, authorizationResource, new AuthorizationPolicyBuilder().withRequirements(this.authorizationRequirementMapper.map(authorizationResource, false, null)).build());
            if (!failure.hasSucceeded()) {
                break;
            }
        }
        return Boolean.valueOf(failure.hasSucceeded());
    }

    @Override // gr.cite.commons.web.authz.service.AuthorizationService
    public Boolean authorizeForce(List<? extends AuthorizationResource> list) {
        Principal currentPrincipal = this.principalResolver.currentPrincipal();
        AuthorizationResult failure = AuthorizationResult.failure();
        for (AuthorizationResource authorizationResource : list) {
            failure = this.authorizationPolicyResolver.authorize(currentPrincipal, authorizationResource, new AuthorizationPolicyBuilder().withRequirements(this.authorizationRequirementMapper.map(authorizationResource, false, null)).build());
            if (!failure.hasSucceeded()) {
                break;
            }
        }
        if (failure.hasSucceeded()) {
            return Boolean.valueOf(failure.hasSucceeded());
        }
        throw new MyForbiddenException("Access is denied");
    }

    private Boolean authorize(boolean z, boolean z2, String[] strArr) {
        AuthorizationResult authorize = this.authorizationPolicyResolver.authorize(this.principalResolver.currentPrincipal(), new AuthorizationPolicyBuilder().withRequirements(new PermissionAuthorizationRequirement(List.of((Object[]) strArr), z)).build());
        if (authorize.hasSucceeded() || !z2) {
            return Boolean.valueOf(authorize.hasSucceeded());
        }
        throw new MyForbiddenException("Access is denied");
    }

    private Boolean authorizeWithResources(boolean z, boolean z2, String[] strArr, List<? extends AuthorizationResource> list) {
        Principal currentPrincipal = this.principalResolver.currentPrincipal();
        AuthorizationResult authorize = this.authorizationPolicyResolver.authorize(currentPrincipal, new AuthorizationPolicyBuilder().withRequirements(new PermissionAuthorizationRequirement(List.of((Object[]) strArr), z)).build());
        if (authorize.hasSucceeded() && list != null) {
            for (AuthorizationResource authorizationResource : list) {
                authorize = this.authorizationPolicyResolver.authorize(currentPrincipal, authorizationResource, new AuthorizationPolicyBuilder().withRequirements(this.authorizationRequirementMapper.map(authorizationResource, z, strArr)).build());
                if (!authorize.hasSucceeded()) {
                    break;
                }
            }
        }
        if (authorize.hasSucceeded() || !z2) {
            return Boolean.valueOf(authorize.hasSucceeded());
        }
        throw new MyForbiddenException("Access is denied");
    }

    private Boolean authorizeOnlyResources(boolean z, boolean z2, String[] strArr, List<? extends AuthorizationResource> list) {
        Principal currentPrincipal = this.principalResolver.currentPrincipal();
        AuthorizationResult success = AuthorizationResult.success();
        if (list != null) {
            for (AuthorizationResource authorizationResource : list) {
                success = this.authorizationPolicyResolver.authorize(currentPrincipal, authorizationResource, new AuthorizationPolicyBuilder().withRequirements(this.authorizationRequirementMapper.map(authorizationResource, z, strArr)).build());
                if (!success.hasSucceeded()) {
                    break;
                }
            }
        }
        if (success.hasSucceeded() || !z2) {
            return Boolean.valueOf(success.hasSucceeded());
        }
        throw new MyForbiddenException("Access is denied");
    }
}
