package org.molgenis.data.security.permission.inheritance;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import org.molgenis.data.security.permission.EntityHelper;
import org.molgenis.data.security.permission.PermissionSetUtils;
import org.molgenis.data.security.permission.UserRoleTools;
import org.molgenis.data.security.permission.inheritance.model.InheritedAclPermissionsResult;
import org.molgenis.data.security.permission.inheritance.model.InheritedPermissionsResult;
import org.molgenis.data.security.permission.inheritance.model.InheritedUserPermissionsResult;
import org.molgenis.data.security.permission.model.LabelledObjectIdentity;
import org.molgenis.data.security.permission.model.LabelledPermission;
import org.molgenis.security.core.PermissionSet;
import org.springframework.security.acls.model.AccessControlEntry;
import org.springframework.security.acls.model.Acl;
import org.springframework.security.acls.model.Sid;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/molgenis/data/security/permission/inheritance/PermissionInheritanceResolver.class */
public class PermissionInheritanceResolver {
    private final UserRoleTools userRoleTools;
    private final EntityHelper entityHelper;

    PermissionInheritanceResolver(UserRoleTools userRoleTools, EntityHelper entityHelper) {
        this.userRoleTools = (UserRoleTools) Objects.requireNonNull(userRoleTools);
        this.entityHelper = (EntityHelper) Objects.requireNonNull(entityHelper);
    }

    InheritedPermissionsResult getInheritedPermissionsResults(Acl acl, Sid sid) {
        return InheritedPermissionsResult.create(getPermissionsForRoles(acl, sid), getParentAclPermissions(acl, sid).orElse(null));
    }

    private List<InheritedUserPermissionsResult> getPermissionsForRoles(Acl acl, Sid sid) {
        List<Sid> rolesForSid = this.userRoleTools.getRolesForSid(sid);
        ArrayList arrayList = new ArrayList();
        for (Sid sid2 : rolesForSid) {
            InheritedUserPermissionsResult create = InheritedUserPermissionsResult.create(sid2, getPermissionsForAcl(acl, sid2), getPermissionsForRoles(acl, sid2));
            if (isNotEmpty(create)) {
                arrayList.add(create);
            }
        }
        return arrayList;
    }

    private Optional<InheritedAclPermissionsResult> getParentAclPermissions(Acl acl, Sid sid) {
        Acl parentAcl = acl.getParentAcl();
        if (parentAcl != null) {
            InheritedAclPermissionsResult create = InheritedAclPermissionsResult.create(parentAcl, getPermissionsForAcl(parentAcl, sid), getPermissionsForRoles(parentAcl, sid), getParentAclPermissions(parentAcl, sid).orElse(null));
            if (isNotEmpty(create)) {
                return Optional.of(create);
            }
        }
        return Optional.empty();
    }

    private PermissionSet getPermissionsForAcl(Acl acl, Sid sid) {
        PermissionSet permissionSet = null;
        for (AccessControlEntry accessControlEntry : acl.getEntries()) {
            if (accessControlEntry.getSid().equals(sid)) {
                permissionSet = PermissionSetUtils.getPermissionSet(accessControlEntry);
            }
        }
        return permissionSet;
    }

    public boolean isNotEmpty(InheritedPermissionsResult inheritedPermissionsResult) {
        return !(inheritedPermissionsResult.getRequestedAclParentRolesPermissions() == null || inheritedPermissionsResult.getRequestedAclParentRolesPermissions().isEmpty()) || (inheritedPermissionsResult.getParentAclPermission() != null && isNotEmpty(inheritedPermissionsResult.getParentAclPermission()));
    }

    private boolean isNotEmpty(InheritedUserPermissionsResult inheritedUserPermissionsResult) {
        return (inheritedUserPermissionsResult.getOwnPermission() == null && (inheritedUserPermissionsResult.getInheritedUserPermissionsResult() == null || inheritedUserPermissionsResult.getInheritedUserPermissionsResult().isEmpty())) ? false : true;
    }

    private boolean isNotEmpty(InheritedAclPermissionsResult inheritedAclPermissionsResult) {
        return inheritedAclPermissionsResult.getOwnPermission() != null || !(inheritedAclPermissionsResult.getParentRolePermissions() == null || inheritedAclPermissionsResult.getParentRolePermissions().isEmpty()) || (inheritedAclPermissionsResult.getParentAclPermissions() != null && isNotEmpty(inheritedAclPermissionsResult.getParentAclPermissions()));
    }

    public Set<LabelledPermission> getInheritedPermissions(Acl acl, Sid sid) {
        return convertToInheritedPermissions(getInheritedPermissionsResults(acl, sid));
    }

    Set<LabelledPermission> convertToInheritedPermissions(InheritedPermissionsResult inheritedPermissionsResult) {
        return convertToInheritedPermissions(inheritedPermissionsResult.getRequestedAclParentRolesPermissions(), inheritedPermissionsResult.getParentAclPermission());
    }

    private Set<LabelledPermission> convertToInheritedPermissions(List<InheritedUserPermissionsResult> list, InheritedAclPermissionsResult inheritedAclPermissionsResult) {
        HashSet hashSet = new HashSet(convertInheritedRolePermissions(list));
        if (inheritedAclPermissionsResult != null) {
            hashSet.add(convertInheritedAclPermissions(inheritedAclPermissionsResult, this.entityHelper.getLabelledObjectIdentity(inheritedAclPermissionsResult.getAcl().getObjectIdentity())));
        }
        return hashSet;
    }

    private LabelledPermission convertInheritedAclPermissions(InheritedAclPermissionsResult inheritedAclPermissionsResult, LabelledObjectIdentity labelledObjectIdentity) {
        return LabelledPermission.create(null, labelledObjectIdentity, inheritedAclPermissionsResult.getOwnPermission(), convertToInheritedPermissions(inheritedAclPermissionsResult.getParentRolePermissions(), inheritedAclPermissionsResult.getParentAclPermissions()));
    }

    private Set<LabelledPermission> convertInheritedRolePermissions(List<InheritedUserPermissionsResult> list) {
        HashSet hashSet = new HashSet();
        for (InheritedUserPermissionsResult inheritedUserPermissionsResult : list) {
            PermissionSet ownPermission = inheritedUserPermissionsResult.getOwnPermission();
            Sid sid = inheritedUserPermissionsResult.getSid();
            Set<LabelledPermission> set = null;
            if (inheritedUserPermissionsResult.getInheritedUserPermissionsResult() != null) {
                set = convertInheritedRolePermissions(inheritedUserPermissionsResult.getInheritedUserPermissionsResult());
            }
            hashSet.add(LabelledPermission.create(sid, null, ownPermission, set));
        }
        return hashSet;
    }
}
