package me.ahoo.cosec.authorization;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import me.ahoo.cosec.api.authorization.Authorization;
import me.ahoo.cosec.api.authorization.AuthorizeResult;
import me.ahoo.cosec.api.context.SecurityContext;
import me.ahoo.cosec.api.context.request.Request;
import me.ahoo.cosec.api.permission.AppRolePermission;
import me.ahoo.cosec.api.permission.Permission;
import me.ahoo.cosec.api.policy.Effect;
import me.ahoo.cosec.api.policy.Policy;
import me.ahoo.cosec.api.policy.Statement;
import me.ahoo.cosec.api.policy.VerifyResult;
import me.ahoo.cosec.api.principal.CoSecPrincipal;
import me.ahoo.cosec.authorization.VerifyContext;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.publisher.Mono;
import reactor.kotlin.core.publisher.MonoExtensionsKt;

/* compiled from: SimpleAuthorization.kt */
@Metadata(mv = {1, 8, 0}, k = 1, xi = 48, d1 = {"��P\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018�� \u001b2\u00020\u0001:\u0001\u001bB\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u001e\u0010\u0007\u001a\b\u0012\u0004\u0012\u00020\t0\b2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rH\u0016J\u001e\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\u000f0\b2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rH\u0002J\"\u0010\u000e\u001a\u0004\u0018\u00010\u000f2\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rH\u0002J\u001e\u0010\u0012\u001a\b\u0012\u0004\u0012\u00020\u000f0\b2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rH\u0002J(\u0010\u0013\u001a\u0004\u0018\u00010\u000f2\f\u0010\u0014\u001a\b\u0012\u0004\u0012\u00020\u00160\u00152\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\u0017\u001a\u00020\rH\u0002J\u001e\u0010\u0018\u001a\b\u0012\u0004\u0012\u00020\u000f0\b2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rH\u0002J\u0010\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\f\u001a\u00020\rH\u0002R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u001c"}, d2 = {"Lme/ahoo/cosec/authorization/SimpleAuthorization;", "Lme/ahoo/cosec/api/authorization/Authorization;", "policyRepository", "Lme/ahoo/cosec/authorization/PolicyRepository;", "appRolePermissionRepository", "Lme/ahoo/cosec/authorization/AppRolePermissionRepository;", "(Lme/ahoo/cosec/authorization/PolicyRepository;Lme/ahoo/cosec/authorization/AppRolePermissionRepository;)V", "authorize", "Lreactor/core/publisher/Mono;", "Lme/ahoo/cosec/api/authorization/AuthorizeResult;", "request", "Lme/ahoo/cosec/api/context/request/Request;", "context", "Lme/ahoo/cosec/api/context/SecurityContext;", "verifyAppRolePermission", "Lme/ahoo/cosec/authorization/VerifyContext;", "appRolePermission", "Lme/ahoo/cosec/api/permission/AppRolePermission;", "verifyGlobalPolicies", "verifyPolicies", "policies", "", "Lme/ahoo/cosec/api/policy/Policy;", "securityContext", "verifyPrincipalPolicies", "verifyRoot", "Lme/ahoo/cosec/api/policy/VerifyResult;", "Companion", "cosec-core"})
@SourceDebugExtension({"SMAP\nSimpleAuthorization.kt\nKotlin\n*S Kotlin\n*F\n+ 1 SimpleAuthorization.kt\nme/ahoo/cosec/authorization/SimpleAuthorization\n+ 2 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n+ 3 _Maps.kt\nkotlin/collections/MapsKt___MapsKt\n*L\n1#1,226:1\n766#2:227\n857#2,2:228\n1855#2:230\n766#2:231\n857#2,2:232\n1864#2,3:234\n1856#2:237\n1855#2:238\n766#2:239\n857#2,2:240\n1864#2,3:242\n1856#2:245\n766#2:247\n857#2,2:248\n1855#2,2:250\n766#2:254\n857#2,2:255\n1855#2,2:257\n215#3:246\n216#3:252\n215#3:253\n216#3:259\n*S KotlinDebug\n*F\n+ 1 SimpleAuthorization.kt\nme/ahoo/cosec/authorization/SimpleAuthorization\n*L\n50#1:227\n50#1:228,2\n54#1:230\n55#1:231\n55#1:232,2\n57#1:234,3\n54#1:237\n75#1:238\n76#1:239\n76#1:240,2\n78#1:242,3\n75#1:245\n112#1:247\n112#1:248,2\n114#1:250,2\n134#1:254\n134#1:255,2\n136#1:257,2\n109#1:246\n109#1:252\n131#1:253\n131#1:259\n*E\n"})
/* loaded from: input_file:me/ahoo/cosec/authorization/SimpleAuthorization.class */
public final class SimpleAuthorization implements Authorization {

    @NotNull
    private final PolicyRepository policyRepository;

    @NotNull
    private final AppRolePermissionRepository appRolePermissionRepository;

    @NotNull
    public static final Companion Companion = new Companion(null);
    private static final Logger log = LoggerFactory.getLogger(SimpleAuthorization.class);

    /* compiled from: SimpleAuthorization.kt */
    @Metadata(mv = {1, 8, 0}, k = 1, xi = 48, d1 = {"��\u0014\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u0016\u0010\u0003\u001a\n \u0005*\u0004\u0018\u00010\u00040\u0004X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0006"}, d2 = {"Lme/ahoo/cosec/authorization/SimpleAuthorization$Companion;", "", "()V", "log", "Lorg/slf4j/Logger;", "kotlin.jvm.PlatformType", "cosec-core"})
    /* loaded from: input_file:me/ahoo/cosec/authorization/SimpleAuthorization$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public SimpleAuthorization(@NotNull PolicyRepository policyRepository, @NotNull AppRolePermissionRepository appRolePermissionRepository) {
        Intrinsics.checkNotNullParameter(policyRepository, "policyRepository");
        Intrinsics.checkNotNullParameter(appRolePermissionRepository, "appRolePermissionRepository");
        this.policyRepository = policyRepository;
        this.appRolePermissionRepository = appRolePermissionRepository;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final VerifyContext verifyPolicies(List<? extends Policy> list, Request request, SecurityContext securityContext) {
        ArrayList arrayList = new ArrayList();
        for (Object obj : list) {
            if (((Policy) obj).getCondition().match(request, securityContext)) {
                arrayList.add(obj);
            }
        }
        ArrayList<Policy> arrayList2 = arrayList;
        for (Policy policy : arrayList2) {
            List statements = policy.getStatements();
            ArrayList arrayList3 = new ArrayList();
            for (Object obj2 : statements) {
                if (((Statement) obj2).getEffect() == Effect.DENY) {
                    arrayList3.add(obj2);
                }
            }
            int i = 0;
            for (Object obj3 : arrayList3) {
                int i2 = i;
                i++;
                if (i2 < 0) {
                    CollectionsKt.throwIndexOverflow();
                }
                Statement statement = (Statement) obj3;
                VerifyResult verify = statement.verify(request, securityContext);
                if (verify == VerifyResult.EXPLICIT_DENY) {
                    if (log.isDebugEnabled()) {
                        log.debug("Verify [" + request + "] [" + securityContext + "] matched Policy[" + policy.getId() + "] Statement[" + i2 + "][" + statement.getName() + "] - [Explicit Deny].");
                    }
                    return new PolicyVerifyContext(policy, i2, statement, verify);
                }
            }
        }
        for (Policy policy2 : arrayList2) {
            List statements2 = policy2.getStatements();
            ArrayList arrayList4 = new ArrayList();
            for (Object obj4 : statements2) {
                if (((Statement) obj4).getEffect() == Effect.ALLOW) {
                    arrayList4.add(obj4);
                }
            }
            int i3 = 0;
            for (Object obj5 : arrayList4) {
                int i4 = i3;
                i3++;
                if (i4 < 0) {
                    CollectionsKt.throwIndexOverflow();
                }
                Statement statement2 = (Statement) obj5;
                VerifyResult verify2 = statement2.verify(request, securityContext);
                if (verify2 == VerifyResult.ALLOW) {
                    if (log.isDebugEnabled()) {
                        log.debug("Verify [" + request + "] [" + securityContext + "] matched Policy[" + policy2.getId() + "] Statement[" + i4 + "][" + statement2.getName() + "] - [Allow].");
                    }
                    return new PolicyVerifyContext(policy2, i4, statement2, verify2);
                }
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final VerifyContext verifyAppRolePermission(AppRolePermission appRolePermission, Request request, SecurityContext securityContext) {
        if (!appRolePermission.getAppPermission().getCondition().match(request, securityContext)) {
            return null;
        }
        for (Map.Entry entry : appRolePermission.getRolePermissionIndexer().entrySet()) {
            String str = (String) entry.getKey();
            List list = (List) entry.getValue();
            ArrayList<Permission> arrayList = new ArrayList();
            for (Object obj : list) {
                if (((Permission) obj).getEffect() == Effect.DENY) {
                    arrayList.add(obj);
                }
            }
            for (Permission permission : arrayList) {
                VerifyResult verify = permission.verify(request, securityContext);
                if (verify == VerifyResult.EXPLICIT_DENY) {
                    if (log.isDebugEnabled()) {
                        log.debug("Verify [" + request + "] [" + securityContext + "] matched Role[" + str + "] Permission[" + permission.getId() + "][" + permission.getName() + "] - [Explicit Deny].");
                    }
                    return new RoleVerifyContext(str, permission, verify);
                }
            }
        }
        for (Map.Entry entry2 : appRolePermission.getRolePermissionIndexer().entrySet()) {
            String str2 = (String) entry2.getKey();
            List list2 = (List) entry2.getValue();
            ArrayList<Permission> arrayList2 = new ArrayList();
            for (Object obj2 : list2) {
                if (((Statement) obj2).getEffect() == Effect.ALLOW) {
                    arrayList2.add(obj2);
                }
            }
            for (Permission permission2 : arrayList2) {
                VerifyResult verify2 = permission2.verify(request, securityContext);
                if (verify2 == VerifyResult.ALLOW) {
                    if (log.isDebugEnabled()) {
                        log.debug("Verify [" + request + "] [" + securityContext + "] matched Role[" + str2 + "] Permission[" + permission2.getId() + "][" + permission2.getName() + "] - [Allow].");
                    }
                    return new RoleVerifyContext(str2, permission2, verify2);
                }
            }
        }
        return null;
    }

    private final VerifyResult verifyRoot(SecurityContext securityContext) {
        if (!CoSecPrincipal.Companion.isRoot(securityContext.getPrincipal())) {
            return VerifyResult.IMPLICIT_DENY;
        }
        if (log.isDebugEnabled()) {
            log.debug("Verify [" + securityContext + "] matched Root - [Allow].");
        }
        return VerifyResult.ALLOW;
    }

    private final Mono<VerifyContext> verifyGlobalPolicies(final Request request, final SecurityContext securityContext) {
        Mono<List<Policy>> globalPolicy = this.policyRepository.getGlobalPolicy();
        Function1<List<? extends Policy>, VerifyContext> function1 = new Function1<List<? extends Policy>, VerifyContext>() { // from class: me.ahoo.cosec.authorization.SimpleAuthorization$verifyGlobalPolicies$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            public final VerifyContext invoke(@NotNull List<? extends Policy> list) {
                VerifyContext verifyPolicies;
                Intrinsics.checkNotNullParameter(list, "policies");
                verifyPolicies = SimpleAuthorization.this.verifyPolicies(list, request, securityContext);
                return verifyPolicies;
            }
        };
        Mono<VerifyContext> mapNotNull = globalPolicy.mapNotNull((v1) -> {
            return verifyGlobalPolicies$lambda$13(r1, v1);
        });
        Intrinsics.checkNotNullExpressionValue(mapNotNull, "private fun verifyGlobal…text)\n            }\n    }");
        return mapNotNull;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Mono<VerifyContext> verifyPrincipalPolicies(final Request request, final SecurityContext securityContext) {
        if (securityContext.getPrincipal().getPolicies().isEmpty()) {
            Mono<VerifyContext> empty = Mono.empty();
            Intrinsics.checkNotNullExpressionValue(empty, "empty()");
            return empty;
        }
        Mono<List<Policy>> policies = this.policyRepository.getPolicies(securityContext.getPrincipal().getPolicies());
        Function1<List<? extends Policy>, VerifyContext> function1 = new Function1<List<? extends Policy>, VerifyContext>() { // from class: me.ahoo.cosec.authorization.SimpleAuthorization$verifyPrincipalPolicies$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            public final VerifyContext invoke(@NotNull List<? extends Policy> list) {
                VerifyContext verifyPolicies;
                Intrinsics.checkNotNullParameter(list, "policies");
                verifyPolicies = SimpleAuthorization.this.verifyPolicies(list, request, securityContext);
                return verifyPolicies;
            }
        };
        Mono<VerifyContext> mapNotNull = policies.mapNotNull((v1) -> {
            return verifyPrincipalPolicies$lambda$14(r1, v1);
        });
        Intrinsics.checkNotNullExpressionValue(mapNotNull, "private fun verifyPrinci…text)\n            }\n    }");
        return mapNotNull;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Mono<VerifyContext> verifyAppRolePermission(final Request request, final SecurityContext securityContext) {
        if (securityContext.getPrincipal().getRoles().isEmpty()) {
            Mono<VerifyContext> empty = Mono.empty();
            Intrinsics.checkNotNullExpressionValue(empty, "empty()");
            return empty;
        }
        Mono<AppRolePermission> appRolePermission = this.appRolePermissionRepository.getAppRolePermission(request.getAppId(), securityContext.getPrincipal().getRoles());
        Function1<AppRolePermission, VerifyContext> function1 = new Function1<AppRolePermission, VerifyContext>() { // from class: me.ahoo.cosec.authorization.SimpleAuthorization$verifyAppRolePermission$3
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            public final VerifyContext invoke(AppRolePermission appRolePermission2) {
                VerifyContext verifyAppRolePermission;
                SimpleAuthorization simpleAuthorization = SimpleAuthorization.this;
                Intrinsics.checkNotNullExpressionValue(appRolePermission2, "it");
                verifyAppRolePermission = simpleAuthorization.verifyAppRolePermission(appRolePermission2, request, securityContext);
                return verifyAppRolePermission;
            }
        };
        Mono<VerifyContext> mapNotNull = appRolePermission.mapNotNull((v1) -> {
            return verifyAppRolePermission$lambda$15(r1, v1);
        });
        Intrinsics.checkNotNullExpressionValue(mapNotNull, "private fun verifyAppRol…text)\n            }\n    }");
        return mapNotNull;
    }

    @NotNull
    public Mono<AuthorizeResult> authorize(@NotNull final Request request, @NotNull final SecurityContext securityContext) {
        Intrinsics.checkNotNullParameter(request, "request");
        Intrinsics.checkNotNullParameter(securityContext, "context");
        if (verifyRoot(securityContext) == VerifyResult.ALLOW) {
            return MonoExtensionsKt.toMono(AuthorizeResult.Companion.getALLOW());
        }
        Mono switchIfEmpty = MonoExtensionsKt.switchIfEmpty(MonoExtensionsKt.switchIfEmpty(verifyGlobalPolicies(request, securityContext), new Function0<Mono<VerifyContext>>() { // from class: me.ahoo.cosec.authorization.SimpleAuthorization$authorize$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @NotNull
            /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
            public final Mono<VerifyContext> m2invoke() {
                Mono<VerifyContext> verifyPrincipalPolicies;
                verifyPrincipalPolicies = SimpleAuthorization.this.verifyPrincipalPolicies(request, securityContext);
                return verifyPrincipalPolicies;
            }
        }), new Function0<Mono<VerifyContext>>() { // from class: me.ahoo.cosec.authorization.SimpleAuthorization$authorize$2
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @NotNull
            /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
            public final Mono<VerifyContext> m3invoke() {
                Mono<VerifyContext> verifyAppRolePermission;
                verifyAppRolePermission = SimpleAuthorization.this.verifyAppRolePermission(request, securityContext);
                return verifyAppRolePermission;
            }
        });
        Function1<VerifyContext, AuthorizeResult> function1 = new Function1<VerifyContext, AuthorizeResult>() { // from class: me.ahoo.cosec.authorization.SimpleAuthorization$authorize$3

            /* compiled from: SimpleAuthorization.kt */
            @Metadata(mv = {1, 8, 0}, k = 3, xi = 48)
            /* loaded from: input_file:me/ahoo/cosec/authorization/SimpleAuthorization$authorize$3$WhenMappings.class */
            public /* synthetic */ class WhenMappings {
                public static final /* synthetic */ int[] $EnumSwitchMapping$0;

                static {
                    int[] iArr = new int[VerifyResult.values().length];
                    try {
                        iArr[VerifyResult.ALLOW.ordinal()] = 1;
                    } catch (NoSuchFieldError e) {
                    }
                    try {
                        iArr[VerifyResult.EXPLICIT_DENY.ordinal()] = 2;
                    } catch (NoSuchFieldError e2) {
                    }
                    try {
                        iArr[VerifyResult.IMPLICIT_DENY.ordinal()] = 3;
                    } catch (NoSuchFieldError e3) {
                    }
                    $EnumSwitchMapping$0 = iArr;
                }
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            public final AuthorizeResult invoke(VerifyContext verifyContext) {
                VerifyContext.Companion companion = VerifyContext.Companion;
                SecurityContext securityContext2 = securityContext;
                Intrinsics.checkNotNullExpressionValue(verifyContext, "it");
                companion.setVerifyContext(securityContext2, verifyContext);
                switch (WhenMappings.$EnumSwitchMapping$0[verifyContext.getResult().ordinal()]) {
                    case 1:
                        return AuthorizeResult.Companion.getALLOW();
                    case 2:
                        return AuthorizeResult.Companion.getEXPLICIT_DENY();
                    case 3:
                        throw new IllegalStateException("VerifyResult.IMPLICIT_DENY");
                    default:
                        throw new NoWhenBranchMatchedException();
                }
            }
        };
        Mono map = switchIfEmpty.map((v1) -> {
            return authorize$lambda$16(r1, v1);
        });
        Intrinsics.checkNotNullExpressionValue(map, "override fun authorize(r…ono()\n            }\n    }");
        return MonoExtensionsKt.switchIfEmpty(map, new Function0<Mono<AuthorizeResult>>() { // from class: me.ahoo.cosec.authorization.SimpleAuthorization$authorize$4
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @NotNull
            /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
            public final Mono<AuthorizeResult> m5invoke() {
                Logger logger;
                Logger logger2;
                logger = SimpleAuthorization.log;
                if (logger.isDebugEnabled()) {
                    logger2 = SimpleAuthorization.log;
                    logger2.debug("Verify [" + request + "] [" + securityContext + "] No policies matched - [Implicit Deny].");
                }
                return MonoExtensionsKt.toMono(AuthorizeResult.Companion.getIMPLICIT_DENY());
            }
        });
    }

    private static final VerifyContext verifyGlobalPolicies$lambda$13(Function1 function1, Object obj) {
        Intrinsics.checkNotNullParameter(function1, "$tmp0");
        return (VerifyContext) function1.invoke(obj);
    }

    private static final VerifyContext verifyPrincipalPolicies$lambda$14(Function1 function1, Object obj) {
        Intrinsics.checkNotNullParameter(function1, "$tmp0");
        return (VerifyContext) function1.invoke(obj);
    }

    private static final VerifyContext verifyAppRolePermission$lambda$15(Function1 function1, Object obj) {
        Intrinsics.checkNotNullParameter(function1, "$tmp0");
        return (VerifyContext) function1.invoke(obj);
    }

    private static final AuthorizeResult authorize$lambda$16(Function1 function1, Object obj) {
        Intrinsics.checkNotNullParameter(function1, "$tmp0");
        return (AuthorizeResult) function1.invoke(obj);
    }
}
