package io.inverno.mod.security.accesscontrol;

import io.inverno.mod.configuration.ConfigurationKey;
import io.inverno.mod.configuration.ConfigurationSource;
import io.inverno.mod.security.accesscontrol.PermissionBasedAccessController;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* loaded from: input_file:io/inverno/mod/security/accesscontrol/ConfigurationSourcePermissionBasedAccessController.class */
public class ConfigurationSourcePermissionBasedAccessController implements PermissionBasedAccessController {
    public static final String DEFAULT_ROLE_PREFIX = "ROLE_";
    private final ConfigurationSource<?, ?, ?> configurationSource;
    private final String username;
    private final Set<String> roles;
    private final String rolePrefix;

    public ConfigurationSourcePermissionBasedAccessController(ConfigurationSource<?, ?, ?> configurationSource, String str) {
        this(configurationSource, str, null, DEFAULT_ROLE_PREFIX);
    }

    public ConfigurationSourcePermissionBasedAccessController(ConfigurationSource<?, ?, ?> configurationSource, String str, Set<String> set) {
        this(configurationSource, str, set, DEFAULT_ROLE_PREFIX);
    }

    public ConfigurationSourcePermissionBasedAccessController(ConfigurationSource<?, ?, ?> configurationSource, String str, Set<String> set, String str2) {
        Objects.requireNonNull(configurationSource);
        Objects.requireNonNull(str);
        this.configurationSource = configurationSource;
        this.username = str;
        this.rolePrefix = str2 != null ? str2 : DEFAULT_ROLE_PREFIX;
        this.roles = set != null ? (Set) set.stream().map(str3 -> {
            return this.rolePrefix + str3;
        }).collect(Collectors.toSet()) : Set.of();
    }

    public final String getRolePrefix() {
        return this.rolePrefix;
    }

    private boolean hasPermission(String str, Set<String> set) {
        return set != null && (set.contains(str) || set.contains("*")) && !set.contains("!" + str);
    }

    private boolean hasAnyPermission(Set<String> set, Set<String> set2) {
        return set.stream().anyMatch(str -> {
            return hasPermission(str, (Set<String>) set2);
        });
    }

    private boolean hasAllPermissions(Set<String> set, Set<String> set2) {
        return set.stream().allMatch(str -> {
            return hasPermission(str, (Set<String>) set2);
        });
    }

    private Mono<Set<String>> resolvePermissions(String str, List<ConfigurationKey.Parameter> list) {
        return this.configurationSource.get(new String[]{str}).withParameters((List) list.stream().map(parameter -> {
            return ConfigurationKey.Parameter.of(parameter.getKey(), parameter.getValue());
        }).collect(Collectors.toList())).execute().single().mapNotNull(configurationQueryResult -> {
            return (Set) configurationQueryResult.getResult().flatMap(configurationProperty -> {
                return configurationProperty.asSetOf(String.class);
            }).orElse(null);
        });
    }

    @Override // io.inverno.mod.security.accesscontrol.PermissionBasedAccessController
    public Mono<Boolean> hasPermission(String str, List<PermissionBasedAccessController.Parameter> list) {
        List<ConfigurationKey.Parameter> list2 = (List) list.stream().map(parameter -> {
            return ConfigurationKey.Parameter.of(parameter.getKey(), parameter.getValue());
        }).collect(Collectors.toList());
        return resolvePermissions(this.username, list2).map(set -> {
            return Boolean.valueOf(hasPermission(str, (Set<String>) set));
        }).switchIfEmpty(Flux.fromIterable(this.roles).concatMap(str2 -> {
            return resolvePermissions(str2, list2);
        }).map(set2 -> {
            return Boolean.valueOf(hasPermission(str, (Set<String>) set2));
        }).filter(bool -> {
            return bool.booleanValue();
        }).next()).switchIfEmpty(Mono.just(false));
    }

    @Override // io.inverno.mod.security.accesscontrol.PermissionBasedAccessController
    public Mono<Boolean> hasAnyPermission(Set<String> set, List<PermissionBasedAccessController.Parameter> list) {
        List<ConfigurationKey.Parameter> list2 = (List) list.stream().map(parameter -> {
            return ConfigurationKey.Parameter.of(parameter.getKey(), parameter.getValue());
        }).collect(Collectors.toList());
        return resolvePermissions(this.username, list2).map(set2 -> {
            return Boolean.valueOf(hasAnyPermission((Set<String>) set, (Set<String>) set2));
        }).switchIfEmpty(Flux.fromIterable(this.roles).concatMap(str -> {
            return resolvePermissions(str, list2);
        }).map(set3 -> {
            return Boolean.valueOf(hasAnyPermission((Set<String>) set, (Set<String>) set3));
        }).filter(bool -> {
            return bool.booleanValue();
        }).next()).switchIfEmpty(Mono.just(false));
    }

    @Override // io.inverno.mod.security.accesscontrol.PermissionBasedAccessController
    public Mono<Boolean> hasAllPermissions(Set<String> set, List<PermissionBasedAccessController.Parameter> list) {
        List<ConfigurationKey.Parameter> list2 = (List) list.stream().map(parameter -> {
            return ConfigurationKey.Parameter.of(parameter.getKey(), parameter.getValue());
        }).collect(Collectors.toList());
        return resolvePermissions(this.username, list2).map(set2 -> {
            return Boolean.valueOf(hasAllPermissions((Set<String>) set, (Set<String>) set2));
        }).switchIfEmpty(Flux.fromIterable(this.roles).concatMap(str -> {
            return resolvePermissions(str, list2);
        }).map(set3 -> {
            return Boolean.valueOf(hasAllPermissions((Set<String>) set, (Set<String>) set3));
        }).filter(bool -> {
            return bool.booleanValue();
        }).next()).switchIfEmpty(Mono.just(false));
    }
}
