package org.wildfly.security.authz;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Predicate;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.server._private.ElytronMessages;
import org.wildfly.security.permission.PermissionVerifier;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.3.Final.jar:org/wildfly/security/authz/SimplePermissionMapper.class */
public class SimplePermissionMapper implements PermissionMapper {
    private final MappingMode mappingMode;
    private final List<Mapping> mappings;

    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.3.Final.jar:org/wildfly/security/authz/SimplePermissionMapper$Builder.class */
    public static class Builder {
        private boolean built = false;
        private MappingMode mappingMode = MappingMode.FIRST_MATCH;
        private final List<Mapping> mappings = new ArrayList();

        Builder() {
        }

        public Builder setMappingMode(MappingMode mappingMode) {
            assertNotBuilt();
            this.mappingMode = mappingMode;
            return this;
        }

        public Builder addMapping(Set<String> set, Set<String> set2, PermissionVerifier permissionVerifier) {
            assertNotBuilt();
            List<Mapping> list = this.mappings;
            HashSet hashSet = new HashSet((Collection) Assert.checkNotNullParam("principals", set));
            list.add(new Mapping((v1) -> {
                return r3.contains(v1);
            }, set2, permissionVerifier));
            return this;
        }

        public Builder addMatchAllPrincipals(PermissionVerifier permissionVerifier) {
            assertNotBuilt();
            this.mappings.add(new Mapping(str -> {
                return true;
            }, Collections.emptySet(), permissionVerifier));
            return this;
        }

        public PermissionMapper build() {
            assertNotBuilt();
            this.built = true;
            return new SimplePermissionMapper(this.mappingMode, this.mappings);
        }

        private void assertNotBuilt() {
            if (this.built) {
                throw ElytronMessages.log.builderAlreadyBuilt();
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.3.Final.jar:org/wildfly/security/authz/SimplePermissionMapper$Mapping.class */
    static class Mapping {
        final Predicate<String> principalPredicate;
        final Set<String> roles;
        final PermissionVerifier permissionVerifier;

        Mapping(Predicate<String> predicate, Set<String> set, PermissionVerifier permissionVerifier) {
            this.principalPredicate = predicate;
            this.roles = Collections.unmodifiableSet(new HashSet((Collection) Assert.checkNotNullParam("roles", set)));
            this.permissionVerifier = (PermissionVerifier) Assert.checkNotNullParam("permissionVerifier", permissionVerifier);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.3.Final.jar:org/wildfly/security/authz/SimplePermissionMapper$MappingMode.class */
    public enum MappingMode {
        FIRST_MATCH,
        AND,
        OR,
        XOR,
        UNLESS
    }

    private SimplePermissionMapper(MappingMode mappingMode, List<Mapping> list) {
        this.mappingMode = mappingMode;
        this.mappings = list;
    }

    @Override // org.wildfly.security.authz.PermissionMapper
    public PermissionVerifier mapPermissions(PermissionMappable permissionMappable, Roles roles) {
        Assert.checkNotNullParam("permissionMappable", permissionMappable);
        Assert.checkNotNullParam("roles", roles);
        PermissionVerifier permissionVerifier = null;
        for (Mapping mapping : this.mappings) {
            if (mapping.principalPredicate.test(permissionMappable.getPrincipal().getName()) || roles.containsAny(mapping.roles)) {
                switch (this.mappingMode) {
                    case FIRST_MATCH:
                        return mapping.permissionVerifier;
                    case AND:
                        permissionVerifier = permissionVerifier != null ? permissionVerifier.and(mapping.permissionVerifier) : mapping.permissionVerifier;
                        break;
                    case OR:
                        permissionVerifier = permissionVerifier != null ? permissionVerifier.or(mapping.permissionVerifier) : mapping.permissionVerifier;
                        break;
                    case UNLESS:
                        permissionVerifier = permissionVerifier != null ? permissionVerifier.unless(mapping.permissionVerifier) : mapping.permissionVerifier;
                        break;
                    case XOR:
                        permissionVerifier = permissionVerifier != null ? permissionVerifier.xor(mapping.permissionVerifier) : mapping.permissionVerifier;
                        break;
                }
            }
        }
        return permissionVerifier != null ? permissionVerifier : PermissionVerifier.NONE;
    }

    public static Builder builder() {
        return new Builder();
    }
}
