package org.apereo.cas.aws.authz;

import com.fasterxml.jackson.annotation.JsonInclude;
import java.time.Duration;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.aws.ChainingAWSCredentialsProvider;
import org.apereo.cas.configuration.support.ExpressionLanguageCapable;
import org.apereo.cas.services.BaseRegisteredServiceAccessStrategy;
import org.apereo.cas.services.RegisteredServiceAccessStrategyRequest;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.spring.SpringExpressionLanguageValueResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.awscore.defaultsmode.DefaultsMode;
import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration;
import software.amazon.awssdk.core.retry.RetryMode;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.verifiedpermissions.VerifiedPermissionsClient;
import software.amazon.awssdk.services.verifiedpermissions.model.ActionIdentifier;
import software.amazon.awssdk.services.verifiedpermissions.model.AttributeValue;
import software.amazon.awssdk.services.verifiedpermissions.model.ContextDefinition;
import software.amazon.awssdk.services.verifiedpermissions.model.Decision;
import software.amazon.awssdk.services.verifiedpermissions.model.EntityIdentifier;
import software.amazon.awssdk.services.verifiedpermissions.model.IsAuthorizedRequest;
import software.amazon.awssdk.services.verifiedpermissions.model.IsAuthorizedResponse;

@JsonInclude(JsonInclude.Include.NON_DEFAULT)
/* loaded from: input_file:org/apereo/cas/aws/authz/AmazonVerifiedPermissionsRegisteredServiceAccessStrategy.class */
public class AmazonVerifiedPermissionsRegisteredServiceAccessStrategy extends BaseRegisteredServiceAccessStrategy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AmazonVerifiedPermissionsRegisteredServiceAccessStrategy.class);
    private static final long serialVersionUID = 8331462526633144898L;

    @ExpressionLanguageCapable
    private String credentialAccessKey;

    @ExpressionLanguageCapable
    private String credentialSecretKey;

    @ExpressionLanguageCapable
    private String region;

    @ExpressionLanguageCapable
    private String policyStoreId;

    @ExpressionLanguageCapable
    private String actionId;
    private Map<String, Object> context = new TreeMap();

    public boolean authorizeRequest(RegisteredServiceAccessStrategyRequest registeredServiceAccessStrategyRequest) {
        SpringExpressionLanguageValueResolver springExpressionLanguageValueResolver = SpringExpressionLanguageValueResolver.getInstance();
        VerifiedPermissionsClient buildAmazonVerifiedPermissionsClient = buildAmazonVerifiedPermissionsClient();
        try {
            IsAuthorizedRequest isAuthorizedRequest = (IsAuthorizedRequest) IsAuthorizedRequest.builder().principal((EntityIdentifier) EntityIdentifier.builder().entityId(registeredServiceAccessStrategyRequest.getPrincipalId()).build()).resource((EntityIdentifier) EntityIdentifier.builder().entityId(registeredServiceAccessStrategyRequest.getService().getId()).build()).action((ActionIdentifier) ActionIdentifier.builder().actionId(springExpressionLanguageValueResolver.resolve(this.actionId)).build()).context((ContextDefinition) ContextDefinition.builder().contextMap(buildAuthorizationContextMap(registeredServiceAccessStrategyRequest)).build()).policyStoreId(springExpressionLanguageValueResolver.resolve(this.policyStoreId)).build();
            boolean booleanValue = ((Boolean) FunctionUtils.doAndHandle(() -> {
                LOGGER.debug("Sending authorization request [{}]", isAuthorizedRequest);
                IsAuthorizedResponse isAuthorized = buildAmazonVerifiedPermissionsClient.isAuthorized(isAuthorizedRequest);
                LOGGER.debug("Authorization response [{}], evaluated policies [{}]", isAuthorized.decisionAsString(), isAuthorized.determiningPolicies());
                return Boolean.valueOf(isAuthorized.decision() == Decision.ALLOW);
            }, th -> {
                return false;
            }).get()).booleanValue();
            if (buildAmazonVerifiedPermissionsClient != null) {
                buildAmazonVerifiedPermissionsClient.close();
            }
            return booleanValue;
        } catch (Throwable th2) {
            if (buildAmazonVerifiedPermissionsClient != null) {
                try {
                    buildAmazonVerifiedPermissionsClient.close();
                } catch (Throwable th3) {
                    th2.addSuppressed(th3);
                }
            }
            throw th2;
        }
    }

    protected Map<String, AttributeValue> buildAuthorizationContextMap(RegisteredServiceAccessStrategyRequest registeredServiceAccessStrategyRequest) {
        HashMap hashMap = new HashMap(buildAttributeValueMap(this.context));
        hashMap.putAll(buildAttributeValueMap(registeredServiceAccessStrategyRequest.getAttributes()));
        hashMap.putAll(buildAttributeValueMap(registeredServiceAccessStrategyRequest.getService().getAttributes()));
        return hashMap;
    }

    protected Map<String, AttributeValue> buildAttributeValueMap(Map<String, ?> map) {
        return (Map) map.entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return (AttributeValue) AttributeValue.builder().set(CollectionUtils.toCollection(entry.getValue()).stream().map(obj -> {
                return (AttributeValue) AttributeValue.builder().string(obj.toString()).build();
            }).toList()).build();
        }));
    }

    protected VerifiedPermissionsClient buildAmazonVerifiedPermissionsClient() {
        SpringExpressionLanguageValueResolver springExpressionLanguageValueResolver = SpringExpressionLanguageValueResolver.getInstance();
        return (VerifiedPermissionsClient) VerifiedPermissionsClient.builder().defaultsMode(DefaultsMode.STANDARD).region(StringUtils.isBlank(this.region) ? Region.US_EAST_1 : Region.of(springExpressionLanguageValueResolver.resolve(this.region))).credentialsProvider(ChainingAWSCredentialsProvider.getInstance(springExpressionLanguageValueResolver.resolve(this.credentialAccessKey), springExpressionLanguageValueResolver.resolve(this.credentialSecretKey))).overrideConfiguration((ClientOverrideConfiguration) ClientOverrideConfiguration.builder().apiCallTimeout(Duration.ofSeconds(5L)).apiCallAttemptTimeout(Duration.ofSeconds(5L)).retryPolicy(RetryMode.STANDARD).build()).build();
    }

    @Generated
    public String toString() {
        return "AmazonVerifiedPermissionsRegisteredServiceAccessStrategy(super=" + super.toString() + ", credentialAccessKey=" + this.credentialAccessKey + ", credentialSecretKey=" + this.credentialSecretKey + ", region=" + this.region + ", policyStoreId=" + this.policyStoreId + ", actionId=" + this.actionId + ", context=" + String.valueOf(this.context) + ")";
    }

    @Generated
    public String getCredentialAccessKey() {
        return this.credentialAccessKey;
    }

    @Generated
    public String getCredentialSecretKey() {
        return this.credentialSecretKey;
    }

    @Generated
    public String getRegion() {
        return this.region;
    }

    @Generated
    public String getPolicyStoreId() {
        return this.policyStoreId;
    }

    @Generated
    public String getActionId() {
        return this.actionId;
    }

    @Generated
    public Map<String, Object> getContext() {
        return this.context;
    }

    @Generated
    public AmazonVerifiedPermissionsRegisteredServiceAccessStrategy setCredentialAccessKey(String str) {
        this.credentialAccessKey = str;
        return this;
    }

    @Generated
    public AmazonVerifiedPermissionsRegisteredServiceAccessStrategy setCredentialSecretKey(String str) {
        this.credentialSecretKey = str;
        return this;
    }

    @Generated
    public AmazonVerifiedPermissionsRegisteredServiceAccessStrategy setRegion(String str) {
        this.region = str;
        return this;
    }

    @Generated
    public AmazonVerifiedPermissionsRegisteredServiceAccessStrategy setPolicyStoreId(String str) {
        this.policyStoreId = str;
        return this;
    }

    @Generated
    public AmazonVerifiedPermissionsRegisteredServiceAccessStrategy setActionId(String str) {
        this.actionId = str;
        return this;
    }

    @Generated
    public AmazonVerifiedPermissionsRegisteredServiceAccessStrategy setContext(Map<String, Object> map) {
        this.context = map;
        return this;
    }

    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof AmazonVerifiedPermissionsRegisteredServiceAccessStrategy)) {
            return false;
        }
        AmazonVerifiedPermissionsRegisteredServiceAccessStrategy amazonVerifiedPermissionsRegisteredServiceAccessStrategy = (AmazonVerifiedPermissionsRegisteredServiceAccessStrategy) obj;
        if (!amazonVerifiedPermissionsRegisteredServiceAccessStrategy.canEqual(this) || !super.equals(obj)) {
            return false;
        }
        String str = this.credentialAccessKey;
        String str2 = amazonVerifiedPermissionsRegisteredServiceAccessStrategy.credentialAccessKey;
        if (str == null) {
            if (str2 != null) {
                return false;
            }
        } else if (!str.equals(str2)) {
            return false;
        }
        String str3 = this.credentialSecretKey;
        String str4 = amazonVerifiedPermissionsRegisteredServiceAccessStrategy.credentialSecretKey;
        if (str3 == null) {
            if (str4 != null) {
                return false;
            }
        } else if (!str3.equals(str4)) {
            return false;
        }
        String str5 = this.region;
        String str6 = amazonVerifiedPermissionsRegisteredServiceAccessStrategy.region;
        if (str5 == null) {
            if (str6 != null) {
                return false;
            }
        } else if (!str5.equals(str6)) {
            return false;
        }
        String str7 = this.policyStoreId;
        String str8 = amazonVerifiedPermissionsRegisteredServiceAccessStrategy.policyStoreId;
        if (str7 == null) {
            if (str8 != null) {
                return false;
            }
        } else if (!str7.equals(str8)) {
            return false;
        }
        String str9 = this.actionId;
        String str10 = amazonVerifiedPermissionsRegisteredServiceAccessStrategy.actionId;
        if (str9 == null) {
            if (str10 != null) {
                return false;
            }
        } else if (!str9.equals(str10)) {
            return false;
        }
        Map<String, Object> map = this.context;
        Map<String, Object> map2 = amazonVerifiedPermissionsRegisteredServiceAccessStrategy.context;
        return map == null ? map2 == null : map.equals(map2);
    }

    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof AmazonVerifiedPermissionsRegisteredServiceAccessStrategy;
    }

    @Generated
    public int hashCode() {
        int hashCode = super.hashCode();
        String str = this.credentialAccessKey;
        int hashCode2 = (hashCode * 59) + (str == null ? 43 : str.hashCode());
        String str2 = this.credentialSecretKey;
        int hashCode3 = (hashCode2 * 59) + (str2 == null ? 43 : str2.hashCode());
        String str3 = this.region;
        int hashCode4 = (hashCode3 * 59) + (str3 == null ? 43 : str3.hashCode());
        String str4 = this.policyStoreId;
        int hashCode5 = (hashCode4 * 59) + (str4 == null ? 43 : str4.hashCode());
        String str5 = this.actionId;
        int hashCode6 = (hashCode5 * 59) + (str5 == null ? 43 : str5.hashCode());
        Map<String, Object> map = this.context;
        return (hashCode6 * 59) + (map == null ? 43 : map.hashCode());
    }

    @Generated
    public AmazonVerifiedPermissionsRegisteredServiceAccessStrategy() {
    }
}
