package org.uberfire.security.impl.authz;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.jboss.errai.security.shared.api.Group;
import org.jboss.errai.security.shared.api.Role;
import org.jboss.errai.security.shared.api.identity.User;
import org.uberfire.security.Resource;
import org.uberfire.security.ResourceAction;
import org.uberfire.security.ResourceType;
import org.uberfire.security.authz.AuthorizationPolicy;
import org.uberfire.security.authz.AuthorizationResult;
import org.uberfire.security.authz.Permission;
import org.uberfire.security.authz.PermissionCollection;
import org.uberfire.security.authz.PermissionManager;
import org.uberfire.security.authz.PermissionTypeRegistry;
import org.uberfire.security.authz.VotingAlgorithm;
import org.uberfire.security.authz.VotingStrategy;

@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/uberfire-security-api-7.74.0.Final.jar:org/uberfire/security/impl/authz/DefaultPermissionManager.class */
public class DefaultPermissionManager implements PermissionManager {
    private PermissionTypeRegistry permissionTypeRegistry;
    private AuthorizationPolicy authorizationPolicy;
    private DefaultAuthzResultCache cache;
    private VotingStrategy defaultVotingStrategy;
    private Map<VotingStrategy, VotingAlgorithm> votingAlgorithmMap;
    private Map<String, PermissionCollection> permissionCollectionCache;

    @Inject
    public DefaultPermissionManager(PermissionTypeRegistry permissionTypeRegistry) {
        this(permissionTypeRegistry, new DefaultAuthzResultCache());
    }

    public DefaultPermissionManager() {
        this(new DefaultPermissionTypeRegistry(), new DefaultAuthzResultCache());
    }

    public DefaultPermissionManager(PermissionTypeRegistry permissionTypeRegistry, DefaultAuthzResultCache defaultAuthzResultCache) {
        this.authorizationPolicy = new DefaultAuthorizationPolicy();
        this.defaultVotingStrategy = VotingStrategy.PRIORITY;
        this.votingAlgorithmMap = new HashMap();
        this.permissionCollectionCache = new HashMap();
        this.permissionTypeRegistry = permissionTypeRegistry;
        this.cache = defaultAuthzResultCache;
        setVotingAlgorithm(VotingStrategy.AFFIRMATIVE, new AffirmativeBasedVoter());
        setVotingAlgorithm(VotingStrategy.CONSENSUS, new ConsensusBasedVoter());
        setVotingAlgorithm(VotingStrategy.UNANIMOUS, new UnanimousBasedVoter());
    }

    @Override // org.uberfire.security.authz.PermissionManager
    public AuthorizationPolicy getAuthorizationPolicy() {
        return this.authorizationPolicy;
    }

    @Override // org.uberfire.security.authz.PermissionManager
    public void setAuthorizationPolicy(AuthorizationPolicy authorizationPolicy) {
        this.authorizationPolicy = authorizationPolicy != null ? authorizationPolicy : new DefaultAuthorizationPolicy();
        this.cache.clear();
        this.permissionCollectionCache.clear();
    }

    @Override // org.uberfire.security.authz.PermissionManager
    public AuthorizationPolicyBuilder newAuthorizationPolicy() {
        return new AuthorizationPolicyBuilder(this.permissionTypeRegistry);
    }

    @Override // org.uberfire.security.authz.PermissionManager
    public VotingStrategy getDefaultVotingStrategy() {
        return this.defaultVotingStrategy;
    }

    @Override // org.uberfire.security.authz.PermissionManager
    public void setDefaultVotingStrategy(VotingStrategy votingStrategy) {
        this.defaultVotingStrategy = votingStrategy;
    }

    @Override // org.uberfire.security.authz.PermissionManager
    public VotingAlgorithm getVotingAlgorithm(VotingStrategy votingStrategy) {
        return this.votingAlgorithmMap.get(votingStrategy);
    }

    @Override // org.uberfire.security.authz.PermissionManager
    public void setVotingAlgorithm(VotingStrategy votingStrategy, VotingAlgorithm votingAlgorithm) {
        this.votingAlgorithmMap.put(votingStrategy, votingAlgorithm);
    }

    @Override // org.uberfire.security.authz.PermissionManager
    public Permission createPermission(String str, boolean z) {
        return this.permissionTypeRegistry.resolve(str).createPermission(str, z);
    }

    @Override // org.uberfire.security.authz.PermissionManager
    public Permission createPermission(Resource resource, ResourceAction resourceAction, boolean z) {
        return (resource.getResourceType() == null || resource.isType(ResourceType.UNKNOWN.getName())) ? createPermission(resource.getIdentifier(), z) : this.permissionTypeRegistry.resolve(resource.getResourceType().getName()).createPermission(resource, resourceAction, z);
    }

    @Override // org.uberfire.security.authz.PermissionManager
    public Permission createPermission(ResourceType resourceType, ResourceAction resourceAction, boolean z) {
        return this.permissionTypeRegistry.resolve(resourceType.getName()).createPermission(resourceType, resourceAction, z);
    }

    @Override // org.uberfire.security.authz.PermissionManager
    public AuthorizationResult checkPermission(Permission permission, User user) {
        return checkPermission(permission, user, this.defaultVotingStrategy);
    }

    @Override // org.uberfire.security.authz.PermissionManager
    public AuthorizationResult checkPermission(Permission permission, User user, VotingStrategy votingStrategy) {
        if (this.authorizationPolicy == null || permission == null) {
            return AuthorizationResult.ACCESS_ABSTAIN;
        }
        AuthorizationResult authorizationResult = this.cache.get(user, permission);
        if (authorizationResult == null) {
            authorizationResult = _checkPermission(permission, user, votingStrategy == null ? this.defaultVotingStrategy : votingStrategy);
            this.cache.put(user, permission, authorizationResult);
        }
        return authorizationResult;
    }

    protected AuthorizationResult _checkPermission(Permission permission, User user, VotingStrategy votingStrategy) {
        if (VotingStrategy.PRIORITY.equals(votingStrategy)) {
            return _checkPermission(permission, resolvePermissions(user, VotingStrategy.PRIORITY));
        }
        return this.votingAlgorithmMap.get(votingStrategy).vote(_checkRoleAndGroupPermissions(permission, user));
    }

    protected List<AuthorizationResult> _checkRoleAndGroupPermissions(Permission permission, User user) {
        ArrayList arrayList = new ArrayList();
        if (user.getRoles() != null) {
            Iterator<Role> it = user.getRoles().iterator();
            while (it.hasNext()) {
                arrayList.add(_checkPermission(permission, this.authorizationPolicy.getPermissions(it.next())));
            }
        }
        if (user.getGroups() != null) {
            Iterator<Group> it2 = user.getGroups().iterator();
            while (it2.hasNext()) {
                arrayList.add(_checkPermission(permission, this.authorizationPolicy.getPermissions(it2.next())));
            }
        }
        return arrayList;
    }

    protected AuthorizationResult _checkPermission(Permission permission, PermissionCollection permissionCollection) {
        if (permissionCollection == null) {
            return AuthorizationResult.ACCESS_ABSTAIN;
        }
        Permission permission2 = permissionCollection.get(permission.getName());
        if (permission2 != null) {
            return permission2.getResult().equals(permission.getResult()) ? AuthorizationResult.ACCESS_GRANTED : AuthorizationResult.ACCESS_DENIED;
        }
        if (permissionCollection.implies(permission)) {
            return AuthorizationResult.ACCESS_GRANTED;
        }
        Permission m5886clone = permission.m5886clone();
        m5886clone.setResult(m5886clone.getResult().invert());
        return permissionCollection.implies(m5886clone) ? AuthorizationResult.ACCESS_DENIED : AuthorizationResult.ACCESS_ABSTAIN;
    }

    @Override // org.uberfire.security.authz.PermissionManager
    public String resolveResourceId(Permission permission) {
        return this.permissionTypeRegistry.resolve(permission.getName()).resolveResourceId(permission);
    }

    @Override // org.uberfire.security.authz.PermissionManager
    public PermissionCollection resolvePermissions(User user, VotingStrategy votingStrategy) {
        if (user == null) {
            return new DefaultPermissionCollection();
        }
        switch (votingStrategy) {
            case AFFIRMATIVE:
                return resolvePermissionsAffirmative(user);
            case CONSENSUS:
                return resolvePermissionsConsensus(user);
            case UNANIMOUS:
                return resolvePermissionsUnanimous(user);
            default:
                return resolvePermissionsPriority(user);
        }
    }

    @Override // org.uberfire.security.authz.PermissionManager
    public void invalidate(User user) {
        this.cache.invalidate(user);
    }

    private PermissionCollection resolvePermissionsAffirmative(User user) {
        return new DefaultPermissionCollection();
    }

    private PermissionCollection resolvePermissionsConsensus(User user) {
        return new DefaultPermissionCollection();
    }

    private PermissionCollection resolvePermissionsUnanimous(User user) {
        return new DefaultPermissionCollection();
    }

    private PermissionCollection resolvePermissionsPriority(User user) {
        if (this.authorizationPolicy == null) {
            return null;
        }
        if (this.permissionCollectionCache.containsKey(user.getIdentifier())) {
            return this.permissionCollectionCache.get(user.getIdentifier());
        }
        int[] iArr = {Integer.MIN_VALUE};
        PermissionCollection mergeGroupPermissions = mergeGroupPermissions(user, mergeRolePermissions(user, this.authorizationPolicy.getPermissions(), iArr), iArr);
        this.permissionCollectionCache.put(user.getIdentifier(), mergeGroupPermissions);
        return mergeGroupPermissions;
    }

    private PermissionCollection mergeRolePermissions(User user, PermissionCollection permissionCollection, int[] iArr) {
        PermissionCollection permissionCollection2 = permissionCollection;
        if (user.getRoles() != null) {
            for (Role role : user.getRoles()) {
                PermissionCollection permissions = this.authorizationPolicy.getPermissions(role);
                int priority = this.authorizationPolicy.getPriority(role);
                permissionCollection2 = permissionCollection2.merge(permissions, resolve(priority, iArr[0]));
                if (priority > iArr[0]) {
                    iArr[0] = priority;
                }
            }
        }
        return permissionCollection2;
    }

    private PermissionCollection mergeGroupPermissions(User user, PermissionCollection permissionCollection, int[] iArr) {
        PermissionCollection permissionCollection2 = permissionCollection;
        if (user.getGroups() != null) {
            for (Group group : user.getGroups()) {
                PermissionCollection permissions = this.authorizationPolicy.getPermissions(group);
                int priority = this.authorizationPolicy.getPriority(group);
                permissionCollection2 = permissionCollection2.merge(permissions, resolve(priority, iArr[0]));
                if (priority > iArr[0]) {
                    iArr[0] = priority;
                }
            }
        }
        return permissionCollection2;
    }

    private int resolve(int i, int i2) {
        if (i == i2) {
            return 0;
        }
        return i > i2 ? 1 : -1;
    }
}
