package org.hawkular.inventory.rest;

import java.util.EnumMap;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.transaction.HeuristicMixedException;
import javax.transaction.HeuristicRollbackException;
import javax.transaction.NotSupportedException;
import javax.transaction.RollbackException;
import javax.transaction.SystemException;
import javax.transaction.UserTransaction;
import org.hawkular.accounts.api.OperationService;
import org.hawkular.accounts.api.PermissionChecker;
import org.hawkular.accounts.api.model.Operation;
import org.hawkular.inventory.api.Inventory;
import org.hawkular.inventory.api.model.AbstractElement;
import org.hawkular.inventory.api.model.Entity;
import org.hawkular.inventory.api.model.EntityVisitor;
import org.hawkular.inventory.api.model.Environment;
import org.hawkular.inventory.api.model.Feed;
import org.hawkular.inventory.api.model.Metric;
import org.hawkular.inventory.api.model.MetricType;
import org.hawkular.inventory.api.model.Relationship;
import org.hawkular.inventory.api.model.ResourceType;
import org.hawkular.inventory.api.model.Tenant;
import org.hawkular.inventory.cdi.ObservableAutoTenant;

@Singleton
/* loaded from: input_file:WEB-INF/classes/org/hawkular/inventory/rest/Security.class */
public class Security {
    private final Map<Class<?>, Map<OperationType, Operation>> operationsByType = new HashMap();

    @Inject
    private PermissionChecker permissions;

    @Inject
    private OperationService operations;

    @Inject
    @ObservableAutoTenant
    private Inventory.Mixin.AutoTenantAndObservable inventory;

    @Resource
    private UserTransaction transaction;

    /* loaded from: input_file:WEB-INF/classes/org/hawkular/inventory/rest/Security$CreatePermissionCheckerFinisher.class */
    public final class CreatePermissionCheckerFinisher {
        private final Class<?> createdType;

        private CreatePermissionCheckerFinisher(Class<?> cls) {
            this.createdType = cls;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean under(Class<? extends Entity<?, ?>> cls, String... strArr) {
            return Security.this.safePermissionCheck(this.createdType, Security.last(strArr), Security.this.create(this.createdType), Security.getStableId(cls, strArr));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/org/hawkular/inventory/rest/Security$OperationType.class */
    public enum OperationType {
        CREATE,
        UPDATE,
        DELETE,
        COPY,
        ASSOCIATE
    }

    public static String getStableId(AbstractElement<?, ?> abstractElement) {
        return abstractElement instanceof Relationship ? abstractElement.getId() : (String) ((Entity) abstractElement).accept(new EntityVisitor<String, Void>() { // from class: org.hawkular.inventory.rest.Security.1
            @Override // org.hawkular.inventory.api.model.EntityVisitor
            public String visitTenant(Tenant tenant, Void r8) {
                return Security.getStableId(Tenant.class, tenant.getId());
            }

            @Override // org.hawkular.inventory.api.model.EntityVisitor
            public String visitEnvironment(Environment environment, Void r8) {
                return Security.getStableId(Environment.class, environment.getTenantId(), environment.getId());
            }

            @Override // org.hawkular.inventory.api.model.EntityVisitor
            public String visitFeed(Feed feed, Void r8) {
                return Security.getStableId(Feed.class, feed.getTenantId(), feed.getEnvironmentId(), feed.getId());
            }

            @Override // org.hawkular.inventory.api.model.EntityVisitor
            public String visitMetric(Metric metric, Void r8) {
                return metric.getFeedId() == null ? Security.getStableId(Metric.class, metric.getTenantId(), metric.getEnvironmentId(), metric.getId()) : Security.getStableId(Metric.class, metric.getTenantId(), metric.getEnvironmentId(), metric.getFeedId(), metric.getId());
            }

            @Override // org.hawkular.inventory.api.model.EntityVisitor
            public String visitMetricType(MetricType metricType, Void r8) {
                return Security.getStableId(MetricType.class, metricType.getTenantId(), metricType.getId());
            }

            @Override // org.hawkular.inventory.api.model.EntityVisitor
            public String visitResource(org.hawkular.inventory.api.model.Resource resource, Void r8) {
                return resource.getFeedId() == null ? Security.getStableId(org.hawkular.inventory.api.model.Resource.class, resource.getTenantId(), resource.getEnvironmentId(), resource.getId()) : Security.getStableId(org.hawkular.inventory.api.model.Resource.class, resource.getTenantId(), resource.getEnvironmentId(), resource.getFeedId(), resource.getId());
            }

            @Override // org.hawkular.inventory.api.model.EntityVisitor
            public String visitResourceType(ResourceType resourceType, Void r8) {
                return Security.getStableId(ResourceType.class, resourceType.getTenantId(), resourceType.getId());
            }
        }, null);
    }

    public static String getStableId(Class<? extends AbstractElement<?, ?>> cls, String... strArr) {
        if (Tenant.class.isAssignableFrom(cls)) {
            return join("tenants", strArr[0]);
        }
        if (Environment.class.isAssignableFrom(cls)) {
            return join(strArr[0], "environments", strArr[1]);
        }
        if (ResourceType.class.isAssignableFrom(cls)) {
            return join(strArr[0], "resourceTypes", strArr[1]);
        }
        if (MetricType.class.isAssignableFrom(cls)) {
            return join(strArr[0], "metricTypes", strArr[1]);
        }
        if (Feed.class.isAssignableFrom(cls)) {
            return join(strArr[0], strArr[1], "feeds", strArr[2]);
        }
        if (org.hawkular.inventory.api.model.Resource.class.isAssignableFrom(cls)) {
            return strArr.length == 3 ? join(strArr[0], strArr[1], "resources", strArr[2]) : join(strArr[0], strArr[1], strArr[2], "resources", strArr[3]);
        }
        if (Metric.class.isAssignableFrom(cls)) {
            return strArr.length == 3 ? join(strArr[0], strArr[1], "metrics", strArr[2]) : join(strArr[0], strArr[1], strArr[2], "metrics", strArr[3]);
        }
        if (Relationship.class.isAssignableFrom(cls)) {
            return join("relationships", strArr[0]);
        }
        throw new IllegalArgumentException("Unknown entity type: " + cls);
    }

    private static String join(String... strArr) {
        if (strArr.length == 0) {
            return null;
        }
        if (strArr.length == 1) {
            return strArr[0];
        }
        StringBuilder sb = new StringBuilder(strArr[0]);
        for (int i = 1; i < strArr.length; i++) {
            sb.append('/').append(strArr[i]);
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Operation create(Class<?> cls) {
        return getOperation(cls, OperationType.CREATE);
    }

    public CreatePermissionCheckerFinisher canCreate(Class<?> cls) {
        return new CreatePermissionCheckerFinisher(cls);
    }

    private Operation update(Class<?> cls) {
        return getOperation(cls, OperationType.UPDATE);
    }

    public boolean canUpdate(Class<? extends Entity<?, ?>> cls, String... strArr) {
        return safePermissionCheck(cls, last(strArr), update(cls), getStableId(cls, strArr));
    }

    private Operation delete(Class<?> cls) {
        return getOperation(cls, OperationType.DELETE);
    }

    public boolean canDelete(Class<? extends Entity<?, ?>> cls, String... strArr) {
        return safePermissionCheck(cls, last(strArr), delete(cls), getStableId(cls, strArr));
    }

    private Operation associate() {
        return this.operationsByType.get(Relationship.class).get(OperationType.ASSOCIATE);
    }

    public boolean canAssociateFrom(Class<? extends Entity<?, ?>> cls, String... strArr) {
        return safePermissionCheck(cls, last(strArr), associate(), getStableId(cls, strArr));
    }

    private Operation copy() {
        return this.operationsByType.get(Environment.class).get(OperationType.COPY);
    }

    public boolean canCopyEnvironment(String... strArr) {
        return safePermissionCheck(Environment.class, last(strArr), copy(), getStableId(Environment.class, strArr));
    }

    private Operation getOperation(Class<?> cls, OperationType operationType) {
        Map<OperationType, Operation> map = this.operationsByType.get(cls);
        if (map == null) {
            throw new IllegalArgumentException("There is no " + operationType + " operation for elements of type " + cls);
        }
        return map.get(operationType);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean safePermissionCheck(Class<?> cls, String str, Operation operation, String str2) {
        try {
            if (Tenant.class.equals(cls) && !this.inventory.tenants().get(str).exists()) {
                this.inventory.tenants().create(Tenant.Blueprint.builder().withId(str).build());
            }
            return this.permissions.isAllowedTo(operation, str2);
        } catch (Exception e) {
            RestApiLogger.LOGGER.securityCheckFailed(str2, e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String last(String... strArr) {
        return strArr[strArr.length - 1];
    }

    @PostConstruct
    public void initOperationsMap() throws SystemException, NotSupportedException, HeuristicRollbackException, HeuristicMixedException, RollbackException {
        this.transaction.begin();
        try {
            this.operations.setup("update-tenant").add("SuperUser").persist();
            this.operations.setup("delete-tenant").add("SuperUser").persist();
            this.operations.setup("create-environment").add("Administrator").persist();
            this.operations.setup("update-environment").add("Administrator").persist();
            this.operations.setup("delete-environment").add("Administrator").persist();
            this.operations.setup("copy-environment").add("Administrator").persist();
            this.operations.setup("create-resourceType").add("Administrator").persist();
            this.operations.setup("update-resourceType").add("Administrator").persist();
            this.operations.setup("delete-resourceType").add("Administrator").persist();
            this.operations.setup("create-metricType").add("Administrator").persist();
            this.operations.setup("update-metricType").add("Administrator").persist();
            this.operations.setup("delete-metricType").add("Administrator").persist();
            this.operations.setup("create-feed").add("Administrator").persist();
            this.operations.setup("update-feed").add("Administrator").persist();
            this.operations.setup("delete-feed").add("Administrator").persist();
            this.operations.setup("create-resource").add("Maintainer").persist();
            this.operations.setup("update-resource").add("Maintainer").persist();
            this.operations.setup("delete-resource").add("Maintainer").persist();
            this.operations.setup("create-metric").add("Maintainer").persist();
            this.operations.setup("update-metric").add("Maintainer").persist();
            this.operations.setup("delete-metric").add("Maintainer").persist();
            this.operations.setup("associate").add("Operator").persist();
            this.transaction.commit();
            final Operation byName = this.operations.getByName("update-tenant");
            final Operation byName2 = this.operations.getByName("delete-tenant");
            final Operation byName3 = this.operations.getByName("create-environment");
            final Operation byName4 = this.operations.getByName("update-environment");
            final Operation byName5 = this.operations.getByName("delete-environment");
            final Operation byName6 = this.operations.getByName("copy-environment");
            final Operation byName7 = this.operations.getByName("create-resourceType");
            final Operation byName8 = this.operations.getByName("update-resourceType");
            final Operation byName9 = this.operations.getByName("delete-resourceType");
            final Operation byName10 = this.operations.getByName("create-metricType");
            final Operation byName11 = this.operations.getByName("update-metricType");
            final Operation byName12 = this.operations.getByName("delete-metricType");
            final Operation byName13 = this.operations.getByName("create-feed");
            final Operation byName14 = this.operations.getByName("update-feed");
            final Operation byName15 = this.operations.getByName("delete-feed");
            final Operation byName16 = this.operations.getByName("create-resource");
            final Operation byName17 = this.operations.getByName("update-resource");
            final Operation byName18 = this.operations.getByName("delete-resource");
            final Operation byName19 = this.operations.getByName("create-metric");
            final Operation byName20 = this.operations.getByName("update-metric");
            final Operation byName21 = this.operations.getByName("delete-metric");
            final Operation byName22 = this.operations.getByName("associate");
            this.operationsByType.put(Tenant.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.Security.2
                {
                    put((AnonymousClass2) OperationType.UPDATE, (OperationType) byName);
                    put((AnonymousClass2) OperationType.DELETE, (OperationType) byName2);
                }
            });
            this.operationsByType.put(Environment.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.Security.3
                {
                    put((AnonymousClass3) OperationType.CREATE, (OperationType) byName3);
                    put((AnonymousClass3) OperationType.UPDATE, (OperationType) byName4);
                    put((AnonymousClass3) OperationType.DELETE, (OperationType) byName5);
                    put((AnonymousClass3) OperationType.COPY, (OperationType) byName6);
                }
            });
            this.operationsByType.put(ResourceType.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.Security.4
                {
                    put((AnonymousClass4) OperationType.CREATE, (OperationType) byName7);
                    put((AnonymousClass4) OperationType.UPDATE, (OperationType) byName8);
                    put((AnonymousClass4) OperationType.DELETE, (OperationType) byName9);
                }
            });
            this.operationsByType.put(MetricType.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.Security.5
                {
                    put((AnonymousClass5) OperationType.CREATE, (OperationType) byName10);
                    put((AnonymousClass5) OperationType.UPDATE, (OperationType) byName11);
                    put((AnonymousClass5) OperationType.DELETE, (OperationType) byName12);
                }
            });
            this.operationsByType.put(Feed.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.Security.6
                {
                    put((AnonymousClass6) OperationType.CREATE, (OperationType) byName13);
                    put((AnonymousClass6) OperationType.UPDATE, (OperationType) byName14);
                    put((AnonymousClass6) OperationType.DELETE, (OperationType) byName15);
                }
            });
            this.operationsByType.put(org.hawkular.inventory.api.model.Resource.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.Security.7
                {
                    put((AnonymousClass7) OperationType.CREATE, (OperationType) byName16);
                    put((AnonymousClass7) OperationType.UPDATE, (OperationType) byName17);
                    put((AnonymousClass7) OperationType.DELETE, (OperationType) byName18);
                }
            });
            this.operationsByType.put(Metric.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.Security.8
                {
                    put((AnonymousClass8) OperationType.CREATE, (OperationType) byName19);
                    put((AnonymousClass8) OperationType.UPDATE, (OperationType) byName20);
                    put((AnonymousClass8) OperationType.DELETE, (OperationType) byName21);
                }
            });
            this.operationsByType.put(Relationship.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.Security.9
                {
                    put((AnonymousClass9) OperationType.ASSOCIATE, (OperationType) byName22);
                }
            });
        } catch (Throwable th) {
            this.transaction.rollback();
            throw th;
        }
    }
}
