package org.opencastproject.security.api;

import com.entwinemedia.fn.Fn;
import com.entwinemedia.fn.Fn2;
import com.entwinemedia.fn.Pred;
import com.entwinemedia.fn.Prelude;
import com.entwinemedia.fn.Stream;
import com.entwinemedia.fn.fns.Booleans;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.opencastproject.util.Checksum;
import org.opencastproject.util.EqualsUtil;
import org.opencastproject.util.data.Either;
import org.opencastproject.util.data.Function;
import org.opencastproject.util.data.Function2;
import org.opencastproject.util.data.Monadics;
import org.opencastproject.util.data.Tuple;

/* loaded from: input_file:org/opencastproject/security/api/AccessControlUtil.class */
public final class AccessControlUtil {
    private static Comparator<AccessControlEntry> sortAcl = new Comparator<AccessControlEntry>() { // from class: org.opencastproject.security.api.AccessControlUtil.6
        @Override // java.util.Comparator
        public int compare(AccessControlEntry accessControlEntry, AccessControlEntry accessControlEntry2) {
            int compareTo = StringUtils.trimToEmpty(accessControlEntry.getRole()).compareTo(StringUtils.trimToEmpty(accessControlEntry2.getRole()));
            if (compareTo != 0) {
                return compareTo;
            }
            int compareTo2 = StringUtils.trimToEmpty(accessControlEntry.getAction()).compareTo(StringUtils.trimToEmpty(accessControlEntry2.getAction()));
            return compareTo2 != 0 ? compareTo2 : Boolean.valueOf(accessControlEntry.isAllow()).compareTo(Boolean.valueOf(accessControlEntry2.isAllow()));
        }
    };

    private AccessControlUtil() {
    }

    public static boolean isAuthorized(AccessControlList accessControlList, User user, Organization organization, Object obj) {
        if (obj == null || user == null || accessControlList == null || organization == null) {
            throw new IllegalArgumentException();
        }
        if (user.hasRole("ROLE_ADMIN") || user.hasRole(organization.getAdminRole())) {
            return true;
        }
        Set<Role> roles = user.getRoles();
        for (AccessControlEntry accessControlEntry : accessControlList.getEntries()) {
            if (obj.toString().equals(accessControlEntry.getAction())) {
                String role = accessControlEntry.getRole();
                Iterator<Role> it = roles.iterator();
                while (it.hasNext()) {
                    if (it.next().getName().equals(role)) {
                        return accessControlEntry.isAllow();
                    }
                }
            }
        }
        return false;
    }

    private static Pred<Object> isAuthorizedFn(final AccessControlList accessControlList, final User user, final Organization organization) {
        return new Pred<Object>() { // from class: org.opencastproject.security.api.AccessControlUtil.1
            /* renamed from: apply, reason: merged with bridge method [inline-methods] */
            public Boolean m402apply(Object obj) {
                return Boolean.valueOf(AccessControlUtil.isAuthorized(AccessControlList.this, user, organization, obj));
            }
        };
    }

    public static boolean isAuthorizedAll(AccessControlList accessControlList, User user, Organization organization, Object... objArr) {
        return !Stream.$(objArr).exists(Booleans.not(isAuthorizedFn(accessControlList, user, organization)));
    }

    public static boolean isAuthorizedOne(AccessControlList accessControlList, User user, Organization organization, Object... objArr) {
        return Stream.$(objArr).exists(isAuthorizedFn(accessControlList, user, organization));
    }

    public static boolean isProhibitedAll(AccessControlList accessControlList, User user, Organization organization, Object... objArr) {
        return !Stream.$(objArr).exists(isAuthorizedFn(accessControlList, user, organization));
    }

    public static boolean isProhibitedOne(AccessControlList accessControlList, User user, Organization organization, Object... objArr) {
        return Stream.$(objArr).exists(Booleans.not(isAuthorizedFn(accessControlList, user, organization)));
    }

    public static AccessControlList extendAcl(AccessControlList accessControlList, String str, String str2, boolean z) {
        AccessControlList accessControlList2 = new AccessControlList();
        boolean z2 = false;
        for (AccessControlEntry accessControlEntry : accessControlList.getEntries()) {
            if (accessControlEntry.getAction().equalsIgnoreCase(str2) && accessControlEntry.getRole().equalsIgnoreCase(str)) {
                if (accessControlEntry.isAllow() == z) {
                    return accessControlList;
                }
                z2 = true;
                accessControlList2.getEntries().add(new AccessControlEntry(str, str2, z));
            } else {
                accessControlList2.getEntries().add(accessControlEntry);
            }
        }
        if (!z2) {
            accessControlList2.getEntries().add(new AccessControlEntry(str, str2, z));
        }
        return accessControlList2;
    }

    public static AccessControlList reduceAcl(AccessControlList accessControlList, String str, String str2) {
        AccessControlList accessControlList2 = new AccessControlList();
        for (AccessControlEntry accessControlEntry : accessControlList.getEntries()) {
            if (!accessControlEntry.getAction().equalsIgnoreCase(str2) || !accessControlEntry.getRole().equalsIgnoreCase(str)) {
                accessControlList2.getEntries().add(accessControlEntry);
            }
        }
        return accessControlList2;
    }

    public static AccessControlList acl(Either<AccessControlEntry, List<AccessControlEntry>>... eitherArr) {
        return new AccessControlList((List<AccessControlEntry>) Monadics.mlist(eitherArr).foldl(new ArrayList(), new Function2<List<AccessControlEntry>, Either<AccessControlEntry, List<AccessControlEntry>>, List<AccessControlEntry>>() { // from class: org.opencastproject.security.api.AccessControlUtil.2
            @Override // org.opencastproject.util.data.Function2
            public List<AccessControlEntry> apply(List<AccessControlEntry> list, Either<AccessControlEntry, List<AccessControlEntry>> either) {
                if (either.isLeft()) {
                    list.add(either.left().value());
                } else {
                    list.addAll(either.right().value());
                }
                return list;
            }
        }));
    }

    public static Either<AccessControlEntry, List<AccessControlEntry>> entry(String str, String str2, boolean z) {
        return Either.left(new AccessControlEntry(str, str2, z));
    }

    public static Either<AccessControlEntry, List<AccessControlEntry>> entries(final String str, Tuple<String, Boolean>... tupleArr) {
        return Either.right(Monadics.mlist(tupleArr).map(new Function<Tuple<String, Boolean>, AccessControlEntry>() { // from class: org.opencastproject.security.api.AccessControlUtil.3
            @Override // org.opencastproject.util.data.Function
            public AccessControlEntry apply(Tuple<String, Boolean> tuple) {
                return new AccessControlEntry(str, tuple.getA(), tuple.getB().booleanValue());
            }
        }).value());
    }

    public static boolean equals(AccessControlList accessControlList, AccessControlList accessControlList2) {
        return EqualsUtil.bothNotNull(accessControlList, accessControlList2) && EqualsUtil.eqListUnsorted(accessControlList.getEntries(), accessControlList2.getEntries());
    }

    public static Checksum calculateChecksum(AccessControlList accessControlList) {
        final byte[] bArr = {0};
        try {
            return Checksum.create("md5", Checksum.convertToHex(((MessageDigest) Stream.$(accessControlList.getEntries()).sort(sortAcl).bind(new Fn<AccessControlEntry, Stream<String>>() { // from class: org.opencastproject.security.api.AccessControlUtil.5
                public Stream<String> apply(AccessControlEntry accessControlEntry) {
                    return Stream.$(new String[]{accessControlEntry.getRole(), accessControlEntry.getAction(), Boolean.toString(accessControlEntry.isAllow())});
                }
            }).foldl(mkMd5MessageDigest(), new Fn2<MessageDigest, String, MessageDigest>() { // from class: org.opencastproject.security.api.AccessControlUtil.4
                public MessageDigest apply(MessageDigest messageDigest, String str) {
                    messageDigest.update(str.getBytes(StandardCharsets.UTF_8));
                    messageDigest.update(bArr);
                    return messageDigest;
                }
            })).digest()));
        } catch (NoSuchAlgorithmException e) {
            return (Checksum) Prelude.chuck(e);
        }
    }

    private static MessageDigest mkMd5MessageDigest() {
        try {
            return MessageDigest.getInstance("MD5");
        } catch (NoSuchAlgorithmException e) {
            return (MessageDigest) Prelude.chuck(e);
        }
    }
}
