package org.jboss.hal.meta.security;

import java.util.Iterator;
import java.util.Optional;
import java.util.Set;
import org.jboss.hal.config.AccessControlProvider;
import org.jboss.hal.config.Environment;
import org.jetbrains.annotations.NonNls;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jboss/hal/meta/security/AuthorisationDecision.class */
public class AuthorisationDecision {

    @NonNls
    private static final Logger logger = LoggerFactory.getLogger(AuthorisationDecision.class);
    private final boolean strict;
    private final Environment environment;
    private final SecurityContextResolver resolver;

    public static AuthorisationDecision strict(Environment environment, SecurityContextRegistry securityContextRegistry) {
        return new AuthorisationDecision(true, environment, constraint -> {
            return securityContextRegistry.contains(constraint.getTemplate()) ? Optional.of(securityContextRegistry.lookup(constraint.getTemplate())) : Optional.empty();
        });
    }

    public static AuthorisationDecision strict(Environment environment, SecurityContext securityContext) {
        return new AuthorisationDecision(true, environment, constraint -> {
            return Optional.of(securityContext);
        });
    }

    public static AuthorisationDecision strict(Environment environment, SecurityContextResolver securityContextResolver) {
        return new AuthorisationDecision(true, environment, securityContextResolver);
    }

    public static AuthorisationDecision lenient(Environment environment, SecurityContextRegistry securityContextRegistry) {
        return new AuthorisationDecision(false, environment, constraint -> {
            return securityContextRegistry.contains(constraint.getTemplate()) ? Optional.of(securityContextRegistry.lookup(constraint.getTemplate())) : Optional.empty();
        });
    }

    public static AuthorisationDecision lenient(Environment environment, SecurityContext securityContext) {
        return new AuthorisationDecision(false, environment, constraint -> {
            return Optional.of(securityContext);
        });
    }

    public static AuthorisationDecision lenient(Environment environment, SecurityContextResolver securityContextResolver) {
        return new AuthorisationDecision(false, environment, securityContextResolver);
    }

    private AuthorisationDecision(boolean z, Environment environment, SecurityContextResolver securityContextResolver) {
        this.strict = z;
        this.environment = environment;
        this.resolver = securityContextResolver;
    }

    public boolean isAllowed(Set<Constraint> set) {
        if (this.environment.getAccessControlProvider() == AccessControlProvider.SIMPLE) {
            return true;
        }
        Iterator<Constraint> it = set.iterator();
        while (it.hasNext()) {
            if (!isAllowed(it.next())) {
                return false;
            }
        }
        return true;
    }

    public boolean isAllowed(Constraint constraint) {
        if (this.environment.getAccessControlProvider() == AccessControlProvider.SIMPLE) {
            return true;
        }
        boolean z = !this.strict;
        Optional<SecurityContext> resolve = this.resolver.resolve(constraint);
        if (resolve.isPresent()) {
            SecurityContext securityContext = resolve.get();
            if (constraint.getTarget() != Target.OPERATION) {
                if (constraint.getTarget() == Target.ATTRIBUTE) {
                    switch (constraint.getPermission()) {
                        case EXECUTABLE:
                            logger.error("Unsupported permission in constraint {}. Only ({}|{}) are allowed for target {}.", new Object[]{constraint, Permission.READABLE.name().toLowerCase(), Permission.WRITABLE.name().toLowerCase(), Target.ATTRIBUTE.name().toLowerCase()});
                            break;
                        case READABLE:
                            z = securityContext.isReadable(constraint.getName());
                            break;
                        case WRITABLE:
                            z = securityContext.isWritable(constraint.getName());
                            break;
                    }
                }
            } else {
                switch (constraint.getPermission()) {
                    case EXECUTABLE:
                        z = securityContext.isExecutable(constraint.getName());
                        break;
                    case READABLE:
                    case WRITABLE:
                        logger.error("Unsupported permission in constraint {}. Only {} is allowed for target {}.", new Object[]{constraint, Permission.EXECUTABLE.name().toLowerCase(), Target.OPERATION.name().toLowerCase()});
                        break;
                }
            }
        } else {
            logger.warn("No security context found for {}", constraint);
        }
        return z;
    }
}
