package org.hawkular.inventory.rest.security;

import java.util.EnumMap;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.enterprise.inject.Default;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.transaction.SystemException;
import javax.transaction.UserTransaction;
import org.hawkular.accounts.api.OperationService;
import org.hawkular.accounts.api.PermissionChecker;
import org.hawkular.accounts.api.model.Operation;
import org.hawkular.inventory.api.Inventory;
import org.hawkular.inventory.api.model.Entity;
import org.hawkular.inventory.api.model.Environment;
import org.hawkular.inventory.api.model.Feed;
import org.hawkular.inventory.api.model.MetadataPack;
import org.hawkular.inventory.api.model.Metric;
import org.hawkular.inventory.api.model.MetricType;
import org.hawkular.inventory.api.model.Relationship;
import org.hawkular.inventory.api.model.ResourceType;
import org.hawkular.inventory.api.model.Tenant;
import org.hawkular.inventory.paths.CanonicalPath;
import org.hawkular.inventory.rest.RestApiLogger;
import org.hawkular.inventory.rest.cdi.AutoTenant;
import org.hawkular.inventory.rest.security.Security;

@Singleton
@Default
/* loaded from: input_file:WEB-INF/classes/org/hawkular/inventory/rest/security/InventorySecurity.class */
public class InventorySecurity implements Security {

    @Inject
    private PermissionChecker permissions;

    @Inject
    private OperationService operations;

    @Inject
    @AutoTenant
    private Inventory inventory;

    @Resource
    private UserTransaction transaction;
    private final Map<Class<?>, Map<OperationType, Operation>> operationsByType = new HashMap();
    private boolean inventoryInitialized = false;

    /* loaded from: input_file:WEB-INF/classes/org/hawkular/inventory/rest/security/InventorySecurity$CreatePermissionCheckerFinisherImpl.class */
    public final class CreatePermissionCheckerFinisherImpl implements Security.CreatePermissionCheckerFinisher {
        private final Class<?> createdType;

        private CreatePermissionCheckerFinisherImpl(Class<?> cls) {
            this.createdType = cls;
        }

        @Override // org.hawkular.inventory.rest.security.Security.CreatePermissionCheckerFinisher
        public boolean under(CanonicalPath canonicalPath) {
            return InventorySecurity.this.safePermissionCheck(this.createdType, canonicalPath.getSegment().getElementId(), InventorySecurity.this.create(this.createdType), EntityIdUtils.getStableId(canonicalPath));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/org/hawkular/inventory/rest/security/InventorySecurity$OperationType.class */
    public enum OperationType {
        CREATE,
        UPDATE,
        DELETE,
        COPY,
        ASSOCIATE
    }

    @Override // org.hawkular.inventory.rest.security.Security
    public Security.CreatePermissionCheckerFinisher canCreate(Class<?> cls) {
        return new CreatePermissionCheckerFinisherImpl(cls);
    }

    @Override // org.hawkular.inventory.rest.security.Security
    public boolean canUpdate(CanonicalPath canonicalPath) {
        return safePermissionCheck(canonicalPath, update(Entity.typeFromSegmentType(canonicalPath.getSegment().getElementType())));
    }

    @Override // org.hawkular.inventory.rest.security.Security
    public boolean canDelete(CanonicalPath canonicalPath) {
        return safePermissionCheck(canonicalPath, delete(Entity.typeFromSegmentType(canonicalPath.getSegment().getElementType())));
    }

    @Override // org.hawkular.inventory.rest.security.Security
    public boolean canAssociateFrom(CanonicalPath canonicalPath) {
        return safePermissionCheck(canonicalPath, associate());
    }

    @Override // org.hawkular.inventory.rest.security.Security
    public boolean canCopyEnvironment(CanonicalPath canonicalPath) {
        return safePermissionCheck(canonicalPath, copy());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Operation create(Class<?> cls) {
        return getOperation(cls, OperationType.CREATE);
    }

    private Operation update(Class<?> cls) {
        return getOperation(cls, OperationType.UPDATE);
    }

    private Operation delete(Class<?> cls) {
        return getOperation(cls, OperationType.DELETE);
    }

    private Operation associate() {
        return this.operationsByType.get(Relationship.class).get(OperationType.ASSOCIATE);
    }

    private Operation copy() {
        return this.operationsByType.get(Environment.class).get(OperationType.COPY);
    }

    private Operation getOperation(Class<?> cls, OperationType operationType) {
        Map<OperationType, Operation> map = this.operationsByType.get(cls);
        if (map == null) {
            throw new IllegalArgumentException("There is no " + operationType + " operation for elements of type " + cls);
        }
        return map.get(operationType);
    }

    private boolean safePermissionCheck(CanonicalPath canonicalPath, Operation operation) {
        return safePermissionCheck(Entity.typeFromSegmentType(canonicalPath.getSegment().getElementType()), canonicalPath.getSegment().getElementId(), operation, EntityIdUtils.getStableId(canonicalPath));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean safePermissionCheck(Class<?> cls, String str, Operation operation, String str2) {
        try {
            if (!this.inventoryInitialized) {
                if (!this.inventory.tenants().get(str).exists()) {
                    this.inventory.tenants().create(Tenant.Blueprint.builder().withId(str).build());
                }
                this.inventoryInitialized = true;
            }
            RestApiLogger.LOGGER.debugf("Permission check for operation '%s' for entity with stable ID '%s'", operation.getName(), str2);
            return this.permissions.isAllowedTo(operation, str2);
        } catch (Exception e) {
            RestApiLogger.LOGGER.securityCheckFailed(str2, e);
            return false;
        }
    }

    @PostConstruct
    public void initOperationsMap() {
        if (SecurityIntegration.isDummy()) {
            return;
        }
        try {
            this.transaction.begin();
            this.operations.setup("update-tenant").add("SuperUser").persist();
            this.operations.setup("delete-tenant").add("SuperUser").persist();
            this.operations.setup("create-environment").add("Administrator").persist();
            this.operations.setup("update-environment").add("Administrator").persist();
            this.operations.setup("delete-environment").add("Administrator").persist();
            this.operations.setup("copy-environment").add("Administrator").persist();
            this.operations.setup("create-resourceType").add("Administrator").persist();
            this.operations.setup("update-resourceType").add("Administrator").persist();
            this.operations.setup("delete-resourceType").add("Administrator").persist();
            this.operations.setup("create-metricType").add("Administrator").persist();
            this.operations.setup("update-metricType").add("Administrator").persist();
            this.operations.setup("delete-metricType").add("Administrator").persist();
            this.operations.setup("create-operationType").add("Administrator").persist();
            this.operations.setup("update-operationType").add("Administrator").persist();
            this.operations.setup("delete-operationType").add("Administrator").persist();
            this.operations.setup("create-feed").add("Administrator").persist();
            this.operations.setup("update-feed").add("Administrator").persist();
            this.operations.setup("delete-feed").add("Administrator").persist();
            this.operations.setup("create-resource").add("Maintainer").persist();
            this.operations.setup("update-resource").add("Maintainer").persist();
            this.operations.setup("delete-resource").add("Maintainer").persist();
            this.operations.setup("create-metric").add("Maintainer").persist();
            this.operations.setup("update-metric").add("Maintainer").persist();
            this.operations.setup("delete-metric").add("Maintainer").persist();
            this.operations.setup("create-metadataPack").add("Maintainer").persist();
            this.operations.setup("update-metadataPack").add("Maintainer").persist();
            this.operations.setup("delete-metadataPack").add("Maintainer").persist();
            this.operations.setup("associate").add("Operator").persist();
            this.transaction.commit();
            final Operation byName = this.operations.getByName("update-tenant");
            final Operation byName2 = this.operations.getByName("delete-tenant");
            final Operation byName3 = this.operations.getByName("create-environment");
            final Operation byName4 = this.operations.getByName("update-environment");
            final Operation byName5 = this.operations.getByName("delete-environment");
            final Operation byName6 = this.operations.getByName("copy-environment");
            final Operation byName7 = this.operations.getByName("create-resourceType");
            final Operation byName8 = this.operations.getByName("update-resourceType");
            final Operation byName9 = this.operations.getByName("delete-resourceType");
            final Operation byName10 = this.operations.getByName("create-metricType");
            final Operation byName11 = this.operations.getByName("update-metricType");
            final Operation byName12 = this.operations.getByName("delete-metricType");
            final Operation byName13 = this.operations.getByName("create-operationType");
            final Operation byName14 = this.operations.getByName("update-operationType");
            final Operation byName15 = this.operations.getByName("delete-operationType");
            final Operation byName16 = this.operations.getByName("create-feed");
            final Operation byName17 = this.operations.getByName("update-feed");
            final Operation byName18 = this.operations.getByName("delete-feed");
            final Operation byName19 = this.operations.getByName("create-resource");
            final Operation byName20 = this.operations.getByName("update-resource");
            final Operation byName21 = this.operations.getByName("delete-resource");
            final Operation byName22 = this.operations.getByName("create-metric");
            final Operation byName23 = this.operations.getByName("update-metric");
            final Operation byName24 = this.operations.getByName("delete-metric");
            final Operation byName25 = this.operations.getByName("create-metadataPack");
            final Operation byName26 = this.operations.getByName("update-metadataPack");
            final Operation byName27 = this.operations.getByName("delete-metadataPack");
            final Operation byName28 = this.operations.getByName("associate");
            this.operationsByType.put(Tenant.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.security.InventorySecurity.1
                {
                    put((AnonymousClass1) OperationType.UPDATE, (OperationType) byName);
                    put((AnonymousClass1) OperationType.DELETE, (OperationType) byName2);
                }
            });
            this.operationsByType.put(Environment.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.security.InventorySecurity.2
                {
                    put((AnonymousClass2) OperationType.CREATE, (OperationType) byName3);
                    put((AnonymousClass2) OperationType.UPDATE, (OperationType) byName4);
                    put((AnonymousClass2) OperationType.DELETE, (OperationType) byName5);
                    put((AnonymousClass2) OperationType.COPY, (OperationType) byName6);
                }
            });
            this.operationsByType.put(ResourceType.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.security.InventorySecurity.3
                {
                    put((AnonymousClass3) OperationType.CREATE, (OperationType) byName7);
                    put((AnonymousClass3) OperationType.UPDATE, (OperationType) byName8);
                    put((AnonymousClass3) OperationType.DELETE, (OperationType) byName9);
                }
            });
            this.operationsByType.put(MetricType.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.security.InventorySecurity.4
                {
                    put((AnonymousClass4) OperationType.CREATE, (OperationType) byName10);
                    put((AnonymousClass4) OperationType.UPDATE, (OperationType) byName11);
                    put((AnonymousClass4) OperationType.DELETE, (OperationType) byName12);
                }
            });
            this.operationsByType.put(Feed.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.security.InventorySecurity.5
                {
                    put((AnonymousClass5) OperationType.CREATE, (OperationType) byName16);
                    put((AnonymousClass5) OperationType.UPDATE, (OperationType) byName17);
                    put((AnonymousClass5) OperationType.DELETE, (OperationType) byName18);
                }
            });
            this.operationsByType.put(org.hawkular.inventory.api.model.Resource.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.security.InventorySecurity.6
                {
                    put((AnonymousClass6) OperationType.CREATE, (OperationType) byName19);
                    put((AnonymousClass6) OperationType.UPDATE, (OperationType) byName20);
                    put((AnonymousClass6) OperationType.DELETE, (OperationType) byName21);
                }
            });
            this.operationsByType.put(Metric.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.security.InventorySecurity.7
                {
                    put((AnonymousClass7) OperationType.CREATE, (OperationType) byName22);
                    put((AnonymousClass7) OperationType.UPDATE, (OperationType) byName23);
                    put((AnonymousClass7) OperationType.DELETE, (OperationType) byName24);
                }
            });
            this.operationsByType.put(Relationship.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.security.InventorySecurity.8
                {
                    put((AnonymousClass8) OperationType.ASSOCIATE, (OperationType) byName28);
                }
            });
            this.operationsByType.put(org.hawkular.inventory.api.model.OperationType.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.security.InventorySecurity.9
                {
                    put((AnonymousClass9) OperationType.CREATE, (OperationType) byName13);
                    put((AnonymousClass9) OperationType.UPDATE, (OperationType) byName14);
                    put((AnonymousClass9) OperationType.DELETE, (OperationType) byName15);
                }
            });
            this.operationsByType.put(MetadataPack.class, new EnumMap<OperationType, Operation>(OperationType.class) { // from class: org.hawkular.inventory.rest.security.InventorySecurity.10
                {
                    put((AnonymousClass10) OperationType.CREATE, (OperationType) byName25);
                    put((AnonymousClass10) OperationType.UPDATE, (OperationType) byName26);
                    put((AnonymousClass10) OperationType.DELETE, (OperationType) byName27);
                }
            });
        } catch (Throwable th) {
            try {
                this.transaction.rollback();
                throw new IllegalStateException(th);
            } catch (SystemException e) {
                throw new IllegalStateException("Unable to do the rollback: " + e.getMessage(), th);
            }
        }
    }
}
