package org.sonar.iac.terraform.checks.azure.helper;

import java.util.Objects;
import java.util.function.Predicate;
import java.util.stream.Stream;
import org.sonar.iac.common.checks.TextUtils;
import org.sonar.iac.terraform.api.tree.AttributeAccessTree;
import org.sonar.iac.terraform.api.tree.ExpressionTree;
import org.sonar.iac.terraform.api.tree.LiteralExprTree;
import org.sonar.iac.terraform.api.tree.TemplateExpressionTree;
import org.sonar.iac.terraform.api.tree.TemplateInterpolationTree;
import org.sonar.iac.terraform.api.tree.TerraformTree;
import org.sonar.iac.terraform.checks.utils.PredicateUtils;
import org.sonar.iac.terraform.checks.utils.TerraformUtils;

/* loaded from: input_file:org/sonar/iac/terraform/checks/azure/helper/RoleScopeHelper.class */
public class RoleScopeHelper implements PredicateUtils {
    public static final String REFERENCE_SUBSCRIPTION_SCOPE_PATTERN = "data\\.azurerm_subscription\\.[^.]*(primary|current)[^.]*\\.id";
    public static final String PLAIN_SUBSCRIPTION_SCOPE_PATTERN = "^/subscriptions/[^/]+/?$";
    public static final String REFERENCE_MANAGEMENT_GROUP_SCOPE_PATTERN = "data\\.azurerm_management_group\\.[^.]*(parent|root)[^.]*\\.id";
    public static final String PLAIN_MANAGEMENT_GROUP_SCOPE_PATTERN = "^/providers/microsoft\\.management/.+";

    private RoleScopeHelper() {
    }

    public static boolean isSensitiveScope(ExpressionTree expressionTree, Predicate<String> predicate, Predicate<String> predicate2) {
        return expressionTree.is(TerraformTree.Kind.ATTRIBUTE_ACCESS) ? TerraformUtils.attributeAccessMatches(expressionTree, predicate).isTrue() : expressionTree.is(TerraformTree.Kind.TEMPLATE_EXPRESSION) ? !isLimitedToResourceGroup((TemplateExpressionTree) expressionTree) && containsSensitiveInterpolations((TemplateExpressionTree) expressionTree, predicate) : TextUtils.matchesValue(expressionTree, predicate2).isTrue();
    }

    private static boolean containsSensitiveInterpolations(TemplateExpressionTree templateExpressionTree, Predicate<String> predicate) {
        Stream<ExpressionTree> stream = templateExpressionTree.parts().stream();
        Class<TemplateInterpolationTree> cls = TemplateInterpolationTree.class;
        Objects.requireNonNull(TemplateInterpolationTree.class);
        Stream<R> map = stream.filter((v1) -> {
            return r1.isInstance(v1);
        }).map(expressionTree -> {
            return ((TemplateInterpolationTree) expressionTree).expression();
        });
        Class<AttributeAccessTree> cls2 = AttributeAccessTree.class;
        Objects.requireNonNull(AttributeAccessTree.class);
        Stream filter = map.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<AttributeAccessTree> cls3 = AttributeAccessTree.class;
        Objects.requireNonNull(AttributeAccessTree.class);
        return filter.map((v1) -> {
            return r1.cast(v1);
        }).anyMatch(attributeAccessTree -> {
            return TerraformUtils.attributeAccessMatches(attributeAccessTree, predicate).isTrue();
        });
    }

    private static boolean isLimitedToResourceGroup(TemplateExpressionTree templateExpressionTree) {
        Stream<ExpressionTree> stream = templateExpressionTree.parts().stream();
        Class<LiteralExprTree> cls = LiteralExprTree.class;
        Objects.requireNonNull(LiteralExprTree.class);
        return stream.filter((v1) -> {
            return r1.isInstance(v1);
        }).anyMatch(expressionTree -> {
            return TextUtils.matchesValue(expressionTree, str -> {
                return str.contains("resourceGroups");
            }).isTrue();
        });
    }
}
