package io.mapsmessaging.security.access.permission;

import io.mapsmessaging.security.SubjectHelper;
import io.mapsmessaging.security.access.AccessControlList;
import io.mapsmessaging.security.access.AccessControlListParser;
import io.mapsmessaging.security.access.AccessControlMapping;
import io.mapsmessaging.security.access.AclEntry;
import io.mapsmessaging.security.access.mapping.GroupIdMap;
import io.mapsmessaging.security.identity.principals.GroupIdPrincipal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import javax.security.auth.Subject;

/* loaded from: input_file:io/mapsmessaging/security/access/permission/PermissionAccessControlList.class */
public class PermissionAccessControlList implements AccessControlList {
    private final List<AclEntry> aclEntries;

    public PermissionAccessControlList() {
        this.aclEntries = new ArrayList();
    }

    public PermissionAccessControlList(List<AclEntry> list) {
        this.aclEntries = new ArrayList(list);
    }

    @Override // io.mapsmessaging.security.access.AccessControlList
    public String getName() {
        return "permission";
    }

    @Override // io.mapsmessaging.security.access.AccessControlList
    public AccessControlList create(AccessControlMapping accessControlMapping, List<String> list) {
        return new PermissionAccessControlList(new AccessControlListParser().createList(accessControlMapping, list));
    }

    @Override // io.mapsmessaging.security.access.AccessControlList
    public long getSubjectAccess(Subject subject) {
        long j = 0;
        if (subject != null) {
            long currentTimeMillis = System.currentTimeMillis();
            j = processAclEntriesForSubject(subject, currentTimeMillis) | processGroups(subject.getPrincipals(GroupIdPrincipal.class), currentTimeMillis);
        }
        return j;
    }

    private long processAclEntriesForSubject(Subject subject, long j) {
        UUID uniqueId = SubjectHelper.getUniqueId(subject);
        return this.aclEntries.stream().filter(aclEntry -> {
            return isValidAclEntry(aclEntry, j, uniqueId);
        }).mapToLong((v0) -> {
            return v0.getPermissions();
        }).reduce(0L, (j2, j3) -> {
            return j2 | j3;
        });
    }

    private long processGroups(Set<GroupIdPrincipal> set, long j) {
        return set.stream().flatMap(groupIdPrincipal -> {
            return groupIdPrincipal.getGroupIds().stream();
        }).mapToLong(groupIdMap -> {
            return processAclEntriesForGroupId(groupIdMap, j);
        }).reduce(0L, (j2, j3) -> {
            return j2 | j3;
        });
    }

    private long processAclEntriesForGroupId(GroupIdMap groupIdMap, long j) {
        return this.aclEntries.stream().filter(aclEntry -> {
            return isValidAclEntry(aclEntry, j, groupIdMap.getAuthId());
        }).mapToLong((v0) -> {
            return v0.getPermissions();
        }).reduce(0L, (j2, j3) -> {
            return j2 | j3;
        });
    }

    private boolean isValidAclEntry(AclEntry aclEntry, long j, UUID uuid) {
        return !aclEntry.getExpiryPolicy().hasExpired(j) && aclEntry.matches(uuid);
    }

    @Override // io.mapsmessaging.security.access.AccessControlList
    public boolean canAccess(Subject subject, long j) {
        if (subject == null || j == 0) {
            return false;
        }
        if (checkAccessForId(SubjectHelper.getUniqueId(subject), j)) {
            return true;
        }
        if (subject.getPrincipals(GroupIdPrincipal.class).isEmpty()) {
            return false;
        }
        Iterator it = subject.getPrincipals(GroupIdPrincipal.class).iterator();
        while (it.hasNext()) {
            Iterator<GroupIdMap> it2 = ((GroupIdPrincipal) it.next()).getGroupIds().iterator();
            while (it2.hasNext()) {
                if (checkAccessForId(it2.next().getAuthId(), j)) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean checkAccessForId(UUID uuid, long j) {
        Iterator<AclEntry> it = this.aclEntries.iterator();
        while (it.hasNext()) {
            if (isAccessGranted(it.next(), j, uuid)) {
                return true;
            }
        }
        return false;
    }

    private boolean isAccessGranted(AclEntry aclEntry, long j, UUID uuid) {
        return (aclEntry.getPermissions() & j) == j && aclEntry.matches(uuid);
    }
}
