package org.molgenis.data.security.permission;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import org.molgenis.data.DataService;
import org.molgenis.data.UnknownEntityException;
import org.molgenis.data.security.EntityTypeIdentity;
import org.molgenis.data.security.EntityTypePermission;
import org.molgenis.data.security.auth.Role;
import org.molgenis.data.security.auth.RoleMembership;
import org.molgenis.data.security.auth.RoleMembershipMetadata;
import org.molgenis.data.security.auth.RoleMetadata;
import org.molgenis.data.security.auth.User;
import org.molgenis.data.security.auth.UserMetadata;
import org.molgenis.data.security.exception.InsufficientInheritancePermissionsException;
import org.molgenis.data.security.exception.UnknownRoleException;
import org.molgenis.data.security.user.UnknownUserException;
import org.molgenis.data.security.user.UserService;
import org.molgenis.security.core.SidUtils;
import org.molgenis.security.core.UserPermissionEvaluator;
import org.springframework.security.acls.domain.GrantedAuthoritySid;
import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.security.acls.model.Sid;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/molgenis/data/security/permission/UserRoleTools.class */
public class UserRoleTools {
    public static final String ANONYMOUS = "ANONYMOUS";
    private final UserService userService;
    private final DataService dataService;
    private final UserPermissionEvaluator userPermissionEvaluator;

    UserRoleTools(UserService userService, DataService dataService, UserPermissionEvaluator userPermissionEvaluator) {
        this.userService = (UserService) Objects.requireNonNull(userService);
        this.dataService = (DataService) Objects.requireNonNull(dataService);
        this.userPermissionEvaluator = (UserPermissionEvaluator) Objects.requireNonNull(userPermissionEvaluator);
    }

    public void checkRoleExists(String str) {
        if (getRole(str.toUpperCase()) == null) {
            throw new UnknownRoleException(str);
        }
    }

    private Role getRole(String str) {
        return this.dataService.query(RoleMetadata.ROLE, Role.class).eq("name", str).findOne();
    }

    public void checkUserExists(String str) {
        if (this.userService.getUser(str) == null) {
            throw new UnknownUserException(str);
        }
    }

    public List<Sid> getSids(List<String> list, List<String> list2) {
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            checkUserExists(str);
            arrayList.add(SidUtils.createUserSid(str));
        }
        for (String str2 : list2) {
            checkRoleExists(str2);
            arrayList.add(SidUtils.createRoleSid(str2));
        }
        return arrayList;
    }

    public static Optional<String> getUsername(Sid sid) {
        return sid instanceof PrincipalSid ? Optional.of(((PrincipalSid) sid).getPrincipal()) : Optional.empty();
    }

    public static Optional<String> getRolename(Sid sid) {
        return sid instanceof GrantedAuthoritySid ? Optional.of(SidUtils.getRoleName(((GrantedAuthoritySid) sid).getGrantedAuthority())) : Optional.empty();
    }

    public static String getName(Sid sid) {
        Optional<String> rolename = getRolename(sid);
        if (!rolename.isPresent()) {
            rolename = getUsername(sid);
        }
        if (rolename.isPresent()) {
            return rolename.get();
        }
        throw new IllegalStateException("Sid should always be either a GrantedAuthoritySid or a PrincipalSid");
    }

    public List<Sid> getRolesForSid(Sid sid) {
        List<Sid> arrayList = new ArrayList();
        if (sid instanceof PrincipalSid) {
            arrayList = getRolesForUser(sid);
        } else if (sid instanceof GrantedAuthoritySid) {
            arrayList = getParentRoles(SidUtils.getRoleName(((GrantedAuthoritySid) sid).getGrantedAuthority()));
        }
        return arrayList;
    }

    private List<Sid> getParentRoles(String str) {
        ArrayList arrayList = new ArrayList();
        if (!this.userPermissionEvaluator.hasPermission(new EntityTypeIdentity(RoleMetadata.ROLE), EntityTypePermission.READ_DATA)) {
            throw new InsufficientInheritancePermissionsException();
        }
        if (!str.equals(ANONYMOUS)) {
            Role role = getRole(str);
            if (role == null) {
                throw new UnknownEntityException(RoleMetadata.ROLE, str);
            }
            arrayList.addAll((Collection) StreamSupport.stream(role.getIncludes().spliterator(), false).map(role2 -> {
                return SidUtils.createRoleSid(role2.getName());
            }).collect(Collectors.toList()));
        }
        return arrayList;
    }

    private List<Sid> getRolesForUser(Sid sid) {
        String orElseThrow = getUsername(sid).orElseThrow(() -> {
            return new NullPointerException("null username");
        });
        if (!this.userPermissionEvaluator.hasPermission(new EntityTypeIdentity(RoleMembershipMetadata.ROLE_MEMBERSHIP), EntityTypePermission.READ_DATA)) {
            throw new InsufficientInheritancePermissionsException();
        }
        User user = this.userService.getUser(orElseThrow);
        if (user == null) {
            throw new UnknownUserException(orElseThrow);
        }
        return (List) this.dataService.getRepository(RoleMembershipMetadata.ROLE_MEMBERSHIP, RoleMembership.class).query().eq("user", user.getId()).findAll().map(roleMembership -> {
            return SidUtils.createRoleSid(roleMembership.getRole().getName());
        }).collect(Collectors.toList());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<Sid> getRoles(Sid sid) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        resolveRoles(sid, linkedHashSet);
        return linkedHashSet;
    }

    List<Sid> getRoles(Set<Sid> set) {
        LinkedList linkedList = new LinkedList();
        set.forEach(sid -> {
            linkedList.addAll(getRoles(sid));
        });
        return linkedList;
    }

    private void resolveRoles(Sid sid, Set<Sid> set) {
        List<Sid> rolesForSid = getRolesForSid(sid);
        set.addAll(rolesForSid);
        Iterator<Sid> it = rolesForSid.iterator();
        while (it.hasNext()) {
            resolveRoles(it.next(), set);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LinkedHashSet<Sid> getInheritedSids(Set<Sid> set) {
        LinkedList linkedList = new LinkedList();
        linkedList.addAll(set);
        linkedList.addAll(getRoles(set));
        return new LinkedHashSet<>(linkedList);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v24, types: [java.util.Set] */
    public Set<Sid> getAllAvailableSids() {
        HashSet hashSet = new HashSet();
        if (this.userPermissionEvaluator.hasPermission(new EntityTypeIdentity(UserMetadata.USER), EntityTypePermission.READ_DATA)) {
            hashSet = (Set) this.userService.getUsers().stream().map(user -> {
                return new PrincipalSid(user.getUsername());
            }).collect(Collectors.toSet());
        }
        if (this.userPermissionEvaluator.hasPermission(new EntityTypeIdentity(RoleMetadata.ROLE), EntityTypePermission.READ_DATA)) {
            hashSet.addAll((Set) this.dataService.findAll(RoleMetadata.ROLE).map(entity -> {
                return new GrantedAuthoritySid("ROLE_" + entity.getString("name"));
            }).collect(Collectors.toSet()));
        }
        hashSet.add(SidUtils.createSecurityContextSid());
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<Sid> sortSids(Set<Sid> set) {
        LinkedList linkedList = new LinkedList(set);
        linkedList.sort(Comparator.comparing(UserRoleTools::getName));
        return linkedList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSuperUser(Sid sid) {
        String orElse = getUsername(sid).orElse(null);
        if (orElse == null) {
            return "ROLE_SU".equals(SidUtils.createRoleAuthority(getRolename(sid).orElseThrow(() -> {
                return new IllegalArgumentException("Sid is neither a user nor a role.");
            })));
        }
        User user = this.userService.getUser(orElse);
        return user != null && user.isSuperuser();
    }
}
