package org.restheart.security.plugins.authorizers;

import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import io.undertow.attribute.ExchangeAttributes;
import io.undertow.predicate.Predicate;
import io.undertow.predicate.PredicateParser;
import io.undertow.server.HttpServerExchange;
import java.time.Instant;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import org.bson.BsonDocument;
import org.bson.BsonValue;
import org.restheart.utils.JsonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/restheart/security/plugins/authorizers/FilterPredicate.class */
public class FilterPredicate {
    private final BsonValue _id;
    private final Set<String> roles;
    private final Predicate predicate;
    private final BsonDocument readFilter;
    private final BsonDocument writeFilter;
    private final int priority;
    private static final Logger LOGGER = LoggerFactory.getLogger(FilterPredicate.class);

    FilterPredicate(BsonValue bsonValue, Set<String> set, Predicate predicate, BsonDocument bsonDocument, BsonDocument bsonDocument2, int i) {
        this._id = bsonValue;
        this.roles = set;
        this.predicate = predicate;
        this.readFilter = bsonDocument;
        this.writeFilter = bsonDocument2;
        this.priority = i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public FilterPredicate(BsonDocument bsonDocument) {
        this._id = bsonDocument.get("_id");
        BsonValue bsonValue = bsonDocument.get("roles");
        if (bsonValue == null || !bsonValue.isArray() || bsonValue.asArray().isEmpty()) {
            throw new IllegalArgumentException("roles must be an not empty array of strings");
        }
        if (StreamSupport.stream(bsonValue.asArray().spliterator(), true).anyMatch(bsonValue2 -> {
            return bsonValue2 == null || !bsonValue2.isString();
        })) {
            throw new IllegalArgumentException("roles must be an not empty array of strings");
        }
        this.roles = (Set) StreamSupport.stream(bsonValue.asArray().spliterator(), true).map(bsonValue3 -> {
            return bsonValue3.asString();
        }).map(bsonString -> {
            return bsonString.getValue();
        }).collect(Collectors.toSet());
        BsonValue bsonValue4 = bsonDocument.get("predicate");
        if (bsonValue4 == null || !bsonValue4.isString()) {
            throw new IllegalArgumentException("_predicate must be a string");
        }
        try {
            this.predicate = PredicateParser.parse(bsonValue4.asString().getValue(), getClass().getClassLoader());
            BsonValue bsonValue5 = bsonDocument.get("readFilter");
            if (bsonValue5 != null && !bsonValue5.isNull() && !bsonValue5.isDocument()) {
                throw new IllegalArgumentException("readFilter must be a JSON object or null");
            }
            this.readFilter = bsonValue5 == null ? null : bsonValue5.isNull() ? null : JsonUtils.escapeKeys(bsonValue5.asDocument(), true).asDocument();
            BsonValue bsonValue6 = bsonDocument.get("writeFilter");
            if (bsonValue6 != null && !bsonValue6.isNull() && !bsonValue6.isDocument()) {
                throw new IllegalArgumentException("writeFilter must be a JSON object or null");
            }
            this.writeFilter = bsonValue6 == null ? null : bsonValue6.isNull() ? null : JsonUtils.escapeKeys(bsonValue6.asDocument(), true).asDocument();
            BsonValue bsonValue7 = bsonDocument.get("priority");
            if (bsonValue7 != null && !bsonValue7.isNull() && bsonValue7.isNumber()) {
                this.priority = bsonValue7.asNumber().intValue();
            } else {
                this.priority = Integer.MAX_VALUE;
                LOGGER.warn("predicate {} doesn't have priority; setting it to 0", this._id);
            }
        } catch (Throwable th) {
            throw new IllegalArgumentException("wrong predicate " + bsonValue4, th);
        }
    }

    public Set<String> getRoles() {
        return this.roles;
    }

    public Predicate getPredicate() {
        return this.predicate;
    }

    public BsonDocument getReadFilter() {
        if (this.readFilter == null || this.readFilter.isNull()) {
            return null;
        }
        return JsonUtils.unescapeKeys(this.readFilter).asDocument();
    }

    public BsonDocument getWriteFilter() {
        return (this.writeFilter == null || this.writeFilter.isNull()) ? this.writeFilter : JsonUtils.unescapeKeys(this.writeFilter).asDocument();
    }

    public int getPriority() {
        return this.priority;
    }

    public BsonValue getId() {
        return this._id;
    }

    public static FilterPredicate from(HttpServerExchange httpServerExchange) {
        return (FilterPredicate) httpServerExchange.getAttachment(MongoAclAuthorizer.MATCHING_ACL_PREDICATE);
    }

    public boolean resolve(HttpServerExchange httpServerExchange) {
        if (this.predicate == null) {
            return false;
        }
        return this.predicate.resolve(httpServerExchange);
    }

    public static JsonObject interpolateFilterVars(HttpServerExchange httpServerExchange, BsonDocument bsonDocument) {
        String replace;
        if (Objects.isNull(bsonDocument) || bsonDocument.isNull()) {
            return null;
        }
        String bsonDocument2 = bsonDocument.toString();
        String readAttribute = ExchangeAttributes.remoteUser().readAttribute(httpServerExchange);
        if (readAttribute != null) {
            bsonDocument2 = bsonDocument2.replace("%USER", readAttribute);
        }
        if (Objects.nonNull(httpServerExchange.getSecurityContext()) && Objects.nonNull(httpServerExchange.getSecurityContext().getAuthenticatedAccount()) && Objects.nonNull(httpServerExchange.getSecurityContext().getAuthenticatedAccount().getRoles())) {
            replace = bsonDocument2.replace("%ROLES", httpServerExchange.getSecurityContext().getAuthenticatedAccount().getRoles().toString());
        } else {
            replace = bsonDocument2.replace("%ROLES", "[]");
        }
        return JsonParser.parseString(replace.replace("%NOW", "{'$date':" + (Instant.now().getEpochSecond() * 1000) + "}")).getAsJsonObject();
    }
}
