package org.revenj;

import java.io.Closeable;
import java.lang.invoke.SerializedLambda;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.concurrent.Callable;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.revenj.patterns.Generic;
import org.revenj.patterns.Query;
import org.revenj.patterns.SearchableRepository;
import org.revenj.patterns.ServiceLocator;
import org.revenj.patterns.Specification;
import org.revenj.security.GlobalPermission;
import org.revenj.security.PermissionManager;
import org.revenj.security.RolePermission;
import org.revenj.security.UserPrincipal;
import rx.Observable;
import rx.Subscription;

/* loaded from: input_file:org/revenj/RevenjPermissionManager.class */
final class RevenjPermissionManager implements PermissionManager, Closeable {
    private final Callable<Optional<SearchableRepository<GlobalPermission>>> globalRepository;
    private final Callable<Optional<SearchableRepository<RolePermission>>> rolesRepository;
    private final boolean defaultPermissions;
    private final Subscription globalSubscription;
    private final Subscription roleSubscription;
    private Map<String, Boolean> globalPermissions;
    private Map<String, List<Pair>> rolePermissions;
    private Map<String, Boolean> cache;
    private final Map<Class<?>, List<Filter>> registeredFilters;
    private boolean permissionsChanged;

    /* loaded from: input_file:org/revenj/RevenjPermissionManager$Filter.class */
    private final class Filter<T> {
        public final Specification<T> specification;
        public final String role;
        public final boolean inverse;

        public Filter(Specification<T> specification, String str, boolean z) {
            this.specification = specification;
            this.role = str;
            this.inverse = z;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/revenj/RevenjPermissionManager$Pair.class */
    public final class Pair {
        public final String name;
        public final boolean isAllowed;

        public Pair(String str, boolean z) {
            this.name = str;
            this.isAllowed = z;
        }
    }

    public RevenjPermissionManager(ServiceLocator serviceLocator) {
        this((Properties) serviceLocator.resolve(Properties.class), new Generic<Observable<Callable<GlobalPermission>>>() { // from class: org.revenj.RevenjPermissionManager.1
        }.resolve(serviceLocator), new Generic<Observable<Callable<RolePermission>>>() { // from class: org.revenj.RevenjPermissionManager.2
        }.resolve(serviceLocator), new Generic<Callable<Optional<SearchableRepository<GlobalPermission>>>>() { // from class: org.revenj.RevenjPermissionManager.3
        }.resolve(serviceLocator), new Generic<Callable<Optional<SearchableRepository<RolePermission>>>>() { // from class: org.revenj.RevenjPermissionManager.4
        }.resolve(serviceLocator));
    }

    public RevenjPermissionManager(Properties properties, Observable<Callable<GlobalPermission>> observable, Observable<Callable<RolePermission>> observable2, Callable<Optional<SearchableRepository<GlobalPermission>>> callable, Callable<Optional<SearchableRepository<RolePermission>>> callable2) {
        this.globalPermissions = new HashMap();
        this.rolePermissions = new HashMap();
        this.cache = new HashMap();
        this.registeredFilters = new HashMap();
        this.permissionsChanged = true;
        String property = properties.getProperty("revenj.permissions");
        if (property != null && property.length() > 0 && !property.equalsIgnoreCase("open") && !property.equalsIgnoreCase("closed")) {
            throw new RuntimeException("Invalid revenj.permission settings found: '" + property + "'.\nAllowed values are open and closed");
        }
        this.defaultPermissions = property == null || "open".equals(property);
        this.globalSubscription = observable.subscribe(callable3 -> {
            this.permissionsChanged = true;
        });
        this.roleSubscription = observable2.subscribe(callable4 -> {
            this.permissionsChanged = true;
        });
        this.globalRepository = callable;
        this.rolesRepository = callable2;
    }

    private void checkPermissions() {
        Optional<SearchableRepository<GlobalPermission>> empty;
        Optional<SearchableRepository<RolePermission>> empty2;
        if (this.permissionsChanged) {
            try {
                empty = this.globalRepository.call();
                empty2 = this.rolesRepository.call();
            } catch (Exception e) {
                empty = Optional.empty();
                empty2 = Optional.empty();
            }
            if (empty.isPresent()) {
                this.globalPermissions = (Map) empty.get().search().stream().collect(Collectors.toMap((v0) -> {
                    return v0.getName();
                }, (v0) -> {
                    return v0.getIsAllowed();
                }));
            }
            if (empty2.isPresent()) {
                this.rolePermissions = (Map) empty2.get().search().stream().collect(Collectors.groupingBy((v0) -> {
                    return v0.getName();
                }, Collectors.mapping(rolePermission -> {
                    return new Pair(rolePermission.getRoleID(), rolePermission.getIsAllowed());
                }, Collectors.toList())));
            }
            this.cache = new HashMap();
            this.permissionsChanged = false;
        }
    }

    private boolean checkOpen(String[] strArr, int i) {
        if (i < 0) {
            return this.defaultPermissions;
        }
        Boolean bool = this.globalPermissions.get(String.join(".", (CharSequence[]) Arrays.copyOf(strArr, i)));
        return bool != null ? bool.booleanValue() : checkOpen(strArr, i - 1);
    }

    private boolean implies(Principal principal, String str) {
        return principal instanceof UserPrincipal ? ((UserPrincipal) principal).implies(str) : str.equals(principal.getName());
    }

    @Override // org.revenj.security.PermissionManager
    public boolean canAccess(String str, Principal principal) {
        checkPermissions();
        String str2 = str != null ? str : "";
        String str3 = principal != null ? principal.getName() + ":" + str2 : str2;
        Boolean bool = this.cache.get(str3);
        if (bool != null) {
            return bool.booleanValue();
        }
        String[] split = str2.split("\\.");
        boolean checkOpen = checkOpen(split, split.length);
        if (principal != null) {
            int length = split.length;
            while (true) {
                if (length < 0) {
                    break;
                }
                List<Pair> list = this.rolePermissions.get(String.join(".", (CharSequence[]) Arrays.copyOf(split, length)));
                if (list != null) {
                    Optional<Pair> findFirst = list.stream().filter(pair -> {
                        return implies(principal, pair.name);
                    }).findFirst();
                    if (findFirst.isPresent()) {
                        checkOpen = findFirst.get().isAllowed;
                        break;
                    }
                }
                length--;
            }
        }
        HashMap hashMap = new HashMap(this.cache);
        hashMap.put(str3, Boolean.valueOf(checkOpen));
        this.cache = hashMap;
        return checkOpen;
    }

    @Override // org.revenj.security.PermissionManager
    public <T, S extends T> Query<S> applyFilters(Class<T> cls, Principal principal, Query<S> query) {
        if (principal == null) {
            return query.filter(obj -> {
                return this.defaultPermissions;
            });
        }
        List<Filter> list = this.registeredFilters.get(cls);
        if (list == null) {
            return query;
        }
        Query<S> query2 = query;
        for (Filter filter : list) {
            if (implies(principal, filter.role) != filter.inverse) {
                query2 = query2.filter(filter.specification);
            }
        }
        return query2;
    }

    @Override // org.revenj.security.PermissionManager
    public <T, S extends T> List<S> applyFilters(Class<T> cls, Principal principal, List<S> list) {
        if (principal == null) {
            return this.defaultPermissions ? list : Collections.EMPTY_LIST;
        }
        List<Filter> list2 = this.registeredFilters.get(cls);
        if (list2 == null) {
            return list;
        }
        Stream<S> stream = list.stream();
        boolean z = false;
        for (Filter filter : list2) {
            if (implies(principal, filter.role) != filter.inverse) {
                stream = stream.filter(filter.specification);
                z = true;
            }
        }
        return z ? (List) stream.collect(Collectors.toList()) : list;
    }

    @Override // org.revenj.security.PermissionManager
    public <T> Closeable registerFilter(Class<T> cls, Specification<T> specification, String str, boolean z) {
        List<Filter> list = this.registeredFilters.get(cls);
        if (list == null) {
            list = new ArrayList();
            this.registeredFilters.put(cls, list);
        }
        Filter filter = new Filter(specification, str, z);
        List<Filter> list2 = list;
        list2.add(filter);
        return () -> {
            list2.remove(filter);
        };
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        this.globalSubscription.unsubscribe();
        this.roleSubscription.unsubscribe();
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1897822961:
                if (implMethodName.equals("lambda$applyFilters$c0631087$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("org/revenj/patterns/Specification") && serializedLambda.getFunctionalInterfaceMethodName().equals("test") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Z") && serializedLambda.getImplClass().equals("org/revenj/RevenjPermissionManager") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/Object;)Z")) {
                    RevenjPermissionManager revenjPermissionManager = (RevenjPermissionManager) serializedLambda.getCapturedArg(0);
                    return obj -> {
                        return this.defaultPermissions;
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
