package org.kathra.resourcemanager.resource.service.security;

import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;
import org.kathra.core.model.Resource;
import org.kathra.resourcemanager.security.SecurityContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/kathra/resourcemanager/resource/service/security/ResourceSecurityService.class */
public class ResourceSecurityService {
    Logger logger = LoggerFactory.getLogger(ResourceSecurityService.class);

    @Autowired
    KeycloakClient keycloakClient;

    public List<String> getIdsAuthorized(SecurityContext securityContext, Class<? extends Resource> cls, Scope scope) throws Exception {
        try {
            return this.keycloakClient.getResourcesByType(securityContext.getSession(), getTypeFromClazz(cls), getScopeIdentifier(cls, scope));
        } catch (Exception e) {
            this.logger.error("unable to get identifiers authorized for resources " + getTypeFromClazz(cls) + " with scope " + scope.getScopeName());
            throw e;
        }
    }

    public boolean isAuthorized(SecurityContext securityContext, Resource resource, Scope scope) throws Exception {
        try {
            String resourceById = this.keycloakClient.getResourceById(securityContext.getSession(), getIdentifier(resource), getScopeIdentifier(resource.getClass(), scope));
            if (resourceById != null) {
                if (resourceById.equals(getIdentifier(resource))) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            this.logger.error("unable to get identifiers authorized for resources " + getIdentifier(resource) + " with scope " + scope.getScopeName());
            throw e;
        }
    }

    private String getTypeFromClazz(Class cls) {
        return cls.getSimpleName().toLowerCase();
    }

    public String getScopeIdentifier(Class cls, Scope scope) {
        return "kathra:scope:" + getTypeFromClazz(cls) + ":" + scope.getScopeName();
    }

    public void grantAccess(SecurityContext securityContext, Resource resource, Scope[] scopeArr) throws Exception {
        List<String> list = (List) Arrays.stream(scopeArr).map(scope -> {
            return getScopeIdentifier(resource.getClass(), scope);
        }).collect(Collectors.toList());
        try {
            this.keycloakClient.createResource(securityContext.getSession(), getTypeFromClazz(resource.getClass()), resource.getId(), list, getMetadata(resource));
        } catch (Exception e) {
            this.logger.error("unable to grant access to resource " + getIdentifier(resource) + " with scopes : " + String.join(",", list));
            throw e;
        }
    }

    private Map<String, String> getMetadata(Resource resource) {
        HashMap hashMap = new HashMap();
        if (resource.getMetadata() != null) {
            for (Map.Entry entry : resource.getMetadata().entrySet()) {
                hashMap.put((String) entry.getKey(), entry.getValue().toString());
            }
        }
        return hashMap;
    }

    public void revokeAccess(SecurityContext securityContext, Resource resource) throws Exception {
        AtomicReference atomicReference = new AtomicReference();
        try {
            this.keycloakClient.deleteResource(securityContext.getSession(), getIdentifier(resource), getScopeIdentifier(resource.getClass(), Scope.DELETE));
        } catch (Exception e) {
            this.logger.error("unable to revoke access to resource " + getIdentifier(resource) + " with scope " + Scope.DELETE);
            atomicReference.set(e);
        }
    }

    public void deleteResourceScope(SecurityContext securityContext, Resource resource, Scope[] scopeArr) throws Exception {
        AtomicReference atomicReference = new AtomicReference();
        Arrays.stream(scopeArr).forEach(scope -> {
            try {
                this.keycloakClient.deleteResourceScope(securityContext.getSession(), getIdentifier(resource), getScopeIdentifier(resource.getClass(), scope));
            } catch (Exception e) {
                this.logger.error("unable to delete scope to resource " + getIdentifier(resource) + " with scope " + scope.getScopeName());
                atomicReference.set(e);
            }
        });
        if (atomicReference.get() != null) {
            throw ((Exception) atomicReference.get());
        }
    }

    private String getIdentifier(Resource resource) {
        return resource.getId();
    }
}
