package io.corbel.resources.rem.service;

import com.google.gson.Gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonSyntaxException;
import io.corbel.lib.token.TokenInfo;
import io.corbel.resources.rem.Rem;
import io.corbel.resources.rem.acl.AclPermission;
import io.corbel.resources.rem.acl.exception.AclFieldNotPresentException;
import io.corbel.resources.rem.model.ManagedCollection;
import io.corbel.resources.rem.request.CollectionParameters;
import io.corbel.resources.rem.request.RelationParameters;
import io.corbel.resources.rem.request.RequestParameters;
import io.corbel.resources.rem.request.ResourceId;
import io.corbel.resources.rem.request.ResourceParameters;
import io.corbel.resources.rem.request.builder.RequestParametersBuilder;
import java.net.URI;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.stream.Stream;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.tuple.Pair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;

/* loaded from: input_file:io/corbel/resources/rem/service/DefaultAclResourcesService.class */
public class DefaultAclResourcesService implements AclResourcesService {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultAclResourcesService.class);
    public static final String REGISTRY_DOMAIN = "_silkroad";
    public static final String _ACL = "_acl";
    public static final String ALL = "ALL";
    public static final String USER = "user";
    public static final String GROUP = "group";
    public static final char SEPARATOR = ':';
    public static final String USER_PREFIX = "user:";
    public static final String GROUP_PREFIX = "group:";
    public static final String PERMISSION = "permission";
    public static final String PROPERTIES = "properties";
    public static final char JOIN_CHAR = ':';
    public static final String RESMI_GET = "ResmiGetRem";
    public static final String RESMI_PUT = "ResmiPutRem";
    private RemService remService;
    private Rem resmiGetRem;
    private Rem resmiPutRem;
    private final Gson gson;
    private final String adminsCollection;
    private List<Pair<Rem, HttpMethod>> remsAndMethods = Collections.emptyList();

    public DefaultAclResourcesService(Gson gson, String str) {
        this.gson = gson;
        this.adminsCollection = str;
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public void setRemsAndMethods(List<Pair<Rem, HttpMethod>> list) {
        this.remsAndMethods = list;
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public Response saveResource(Rem rem, RequestParameters<CollectionParameters> requestParameters, String str, URI uri, Object obj, List<Rem> list) {
        return rem.collection(str, requestParameters, uri, Optional.of(obj), Optional.ofNullable(list));
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public Response getResource(Rem rem, String str, ResourceId resourceId, RequestParameters<ResourceParameters> requestParameters, List<Rem> list) {
        return rem.resource(str, resourceId, requestParameters, (Optional) null, Optional.ofNullable(list));
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public Response getCollection(Rem rem, String str, RequestParameters<CollectionParameters> requestParameters, List<Rem> list) {
        return rem.collection(str, requestParameters, (URI) null, (Optional) null, Optional.ofNullable(list));
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public Response getRelation(Rem rem, String str, ResourceId resourceId, String str2, RequestParameters<RelationParameters> requestParameters, List<Rem> list) {
        return rem.relation(str, resourceId, str2, requestParameters, (Optional) null, Optional.ofNullable(list));
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public Response updateResource(Rem rem, String str, ResourceId resourceId, RequestParameters<ResourceParameters> requestParameters, Object obj, List<Rem> list) {
        return rem.resource(str, resourceId, requestParameters, Optional.of(obj), Optional.ofNullable(list));
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public Response putRelation(Rem rem, String str, ResourceId resourceId, String str2, RequestParameters<RelationParameters> requestParameters, Object obj, List<Rem> list) {
        return rem.relation(str, resourceId, str2, requestParameters, Optional.of(obj), Optional.ofNullable(list));
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public Response deleteResource(Rem rem, String str, ResourceId resourceId, RequestParameters<ResourceParameters> requestParameters, List<Rem> list) {
        return rem.resource(str, resourceId, requestParameters, (Optional) null, Optional.ofNullable(list));
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public Response deleteRelation(Rem rem, String str, ResourceId resourceId, String str2, RequestParameters<RelationParameters> requestParameters, List<Rem> list) {
        return rem.relation(str, resourceId, str2, requestParameters, (Optional) null, Optional.ofNullable(list));
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public boolean isAuthorized(String str, TokenInfo tokenInfo, String str2, ResourceId resourceId, AclPermission aclPermission) throws AclFieldNotPresentException {
        return isAuthorized(str, tokenInfo.getDomainId(), Optional.ofNullable(tokenInfo.getUserId()), tokenInfo.getGroups(), str2, resourceId, aclPermission);
    }

    private boolean isAuthorized(String str, String str2, Optional<String> optional, Collection<String> collection, String str3, ResourceId resourceId, AclPermission aclPermission) throws AclFieldNotPresentException {
        return getResourceIfIsAuthorized(str, str2, optional, collection, str3, resourceId, aclPermission).isPresent();
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public boolean isManagedBy(String str, TokenInfo tokenInfo, String str2) {
        return isManagedBy(str, Optional.ofNullable(tokenInfo.getUserId()), tokenInfo.getGroups(), str2);
    }

    private boolean isManagedBy(String str, Optional<String> optional, Collection<String> collection, String str2) {
        if (!optional.isPresent() && collection.isEmpty()) {
            return false;
        }
        if (getManagers(str, str2).filter(managedCollection -> {
            return verifyPresence(optional, collection, managedCollection);
        }).isPresent()) {
            return true;
        }
        return getManagers(str).filter(managedCollection2 -> {
            return verifyPresence(optional, collection, managedCollection2);
        }).isPresent();
    }

    private Optional<ManagedCollection> getManagers(String str, String str2) {
        return getManagers(str + ':' + str2);
    }

    private Optional<ManagedCollection> getManagers(String str) {
        try {
            return getResource(REGISTRY_DOMAIN, this.adminsCollection, new ResourceId(str)).flatMap((v1) -> {
                return objectToManagedCollection(v1);
            });
        } catch (WebApplicationException e) {
            if (e.getResponse().getStatus() == Response.Status.NOT_FOUND.getStatusCode()) {
                return Optional.empty();
            }
            throw e;
        }
    }

    private Optional<ManagedCollection> objectToManagedCollection(Object obj) {
        try {
            return Optional.of(this.gson.fromJson((JsonElement) obj, ManagedCollection.class));
        } catch (ClassCastException | JsonSyntaxException e) {
            return Optional.empty();
        }
    }

    private boolean verifyPresence(Optional<String> optional, Collection<String> collection, ManagedCollection managedCollection) {
        if (!((Boolean) optional.map(str -> {
            return Boolean.valueOf(managedCollection.getUsers().contains(str));
        }).orElse(false)).booleanValue()) {
            Stream<String> stream = managedCollection.getGroups().stream();
            collection.getClass();
            if (!stream.anyMatch((v1) -> {
                return r1.contains(v1);
            })) {
                return false;
            }
        }
        return true;
    }

    private Optional<JsonObject> getResource(String str, String str2, ResourceId resourceId) {
        Response resource = getResmiGetRem().resource(str2, resourceId, new RequestParametersBuilder(str).build(), Optional.empty());
        if (resource.getStatus() != Response.Status.OK.getStatusCode()) {
            throw new WebApplicationException(resource);
        }
        try {
            return Optional.of((JsonObject) resource.getEntity());
        } catch (ClassCastException e) {
            return Optional.empty();
        }
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public Optional<JsonObject> getResourceIfIsAuthorized(String str, TokenInfo tokenInfo, String str2, ResourceId resourceId, AclPermission aclPermission) throws AclFieldNotPresentException {
        return getResourceIfIsAuthorized(str, tokenInfo.getDomainId(), Optional.ofNullable(tokenInfo.getUserId()), tokenInfo.getGroups(), str2, resourceId, aclPermission);
    }

    private Optional<JsonObject> getResourceIfIsAuthorized(String str, String str2, Optional<String> optional, Collection<String> collection, String str3, ResourceId resourceId, AclPermission aclPermission) throws AclFieldNotPresentException {
        Optional<JsonObject> resource = getResource(str, str3, resourceId);
        if (isManagedBy(str2, optional, collection, str3)) {
            return resource;
        }
        Optional<U> map = resource.map(jsonObject -> {
            return jsonObject.get(_ACL);
        });
        if (map.isPresent()) {
            return map.filter((v0) -> {
                return v0.isJsonObject();
            }).map((v0) -> {
                return v0.getAsJsonObject();
            }).filter(jsonObject2 -> {
                return checkAclEntry(jsonObject2, ALL, aclPermission) || optional.filter(str4 -> {
                    return checkAclEntry(jsonObject2, USER_PREFIX + str4, aclPermission);
                }).isPresent() || checkAclEntry(jsonObject2, GROUP_PREFIX, collection, aclPermission);
            }).flatMap(jsonObject3 -> {
                return resource;
            });
        }
        throw new AclFieldNotPresentException();
    }

    private boolean checkAclEntry(JsonObject jsonObject, String str, Collection<String> collection, AclPermission aclPermission) {
        return collection.stream().map(str2 -> {
            return str + str2;
        }).anyMatch(str3 -> {
            return checkAclEntry(jsonObject, str3, aclPermission);
        });
    }

    private boolean checkAclEntry(JsonObject jsonObject, String str, AclPermission aclPermission) {
        return Optional.ofNullable(jsonObject.get(str)).filter((v0) -> {
            return v0.isJsonObject();
        }).map((v0) -> {
            return v0.getAsJsonObject();
        }).map(jsonObject2 -> {
            return jsonObject2.get(PERMISSION);
        }).flatMap(jsonElement -> {
            try {
                return Optional.ofNullable(jsonElement.getAsString());
            } catch (RuntimeException e) {
                return Optional.empty();
            }
        }).filter(str2 -> {
            return AclPermission.valueOf(str2).canPerform(aclPermission);
        }).isPresent();
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public Response updateConfiguration(ResourceId resourceId, ManagedCollection managedCollection) {
        JsonObject asJsonObject = this.gson.toJsonTree(managedCollection).getAsJsonObject();
        return updateResource(getResmiPutRem(), this.adminsCollection, resourceId, new RequestParametersBuilder(REGISTRY_DOMAIN).build(), asJsonObject, Collections.emptyList());
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public void addAclConfiguration(String str) {
        if (this.remService.getRegisteredRemDescriptions().stream().anyMatch(remDescription -> {
            return remDescription.getUriPattern().equals(str) && remDescription.getRemName().startsWith("Acl");
        })) {
            return;
        }
        this.remsAndMethods.forEach(pair -> {
            this.remService.registerRem((Rem) pair.getLeft(), str, (HttpMethod) pair.getRight());
        });
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public void removeAclConfiguration(String str) {
        this.remsAndMethods.stream().map((v0) -> {
            return v0.getLeft();
        }).forEach(rem -> {
            this.remService.unregisterRem(rem.getClass(), str);
        });
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public void refreshRegistry() {
        Response collection = getCollection(getResmiGetRem(), this.adminsCollection, new RequestParametersBuilder(REGISTRY_DOMAIN).build(), Collections.emptyList());
        if (collection.getStatus() != Response.Status.OK.getStatusCode()) {
            LOG.error("Can't access {}", this.adminsCollection);
            return;
        }
        try {
            Iterator it = ((JsonArray) collection.getEntity()).iterator();
            while (it.hasNext()) {
                JsonElement jsonElement = (JsonElement) it.next();
                Optional filter = Optional.of(jsonElement).filter((v0) -> {
                    return v0.isJsonObject();
                }).map((v0) -> {
                    return v0.getAsJsonObject();
                }).filter(jsonObject -> {
                    return jsonObject.has("id");
                });
                if (filter.isPresent()) {
                    Optional map = filter.map(jsonObject2 -> {
                        return jsonObject2.get("id");
                    }).filter((v0) -> {
                        return v0.isJsonPrimitive();
                    }).map((v0) -> {
                        return v0.getAsJsonPrimitive();
                    }).filter((v0) -> {
                        return v0.isString();
                    }).map((v0) -> {
                        return v0.getAsString();
                    });
                    if (map.isPresent()) {
                        String str = (String) map.get();
                        addAclConfiguration(str.substring(str.indexOf(":") + 1));
                    } else {
                        LOG.error("Unrecognized id: {}", jsonElement.toString());
                    }
                } else {
                    LOG.error("Document in acl configuration collection has no id field: {}", jsonElement.toString());
                }
            }
        } catch (ClassCastException e) {
            LOG.error("Can't read " + this.adminsCollection + " properly", (Throwable) e);
        }
    }

    private Rem getResmiGetRem() {
        if (this.resmiGetRem == null) {
            this.resmiGetRem = this.remService.getRem(RESMI_GET);
        }
        return this.resmiGetRem;
    }

    private Rem getResmiPutRem() {
        if (this.resmiPutRem == null) {
            this.resmiPutRem = this.remService.getRem(RESMI_PUT);
        }
        return this.resmiPutRem;
    }

    @Override // io.corbel.resources.rem.service.AclResourcesService
    public void setRemService(RemService remService) {
        this.remService = remService;
    }
}
