package io.gravitee.am.management.service;

import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.management.service.permissions.PermissionAcls;
import io.gravitee.am.model.Acl;
import io.gravitee.am.model.Membership;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.model.Role;
import io.gravitee.am.model.permissions.Permission;
import io.gravitee.am.repository.management.api.search.MembershipCriteria;
import io.gravitee.am.service.ApplicationService;
import io.gravitee.am.service.EnvironmentService;
import io.gravitee.am.service.GroupService;
import io.gravitee.am.service.MembershipService;
import io.gravitee.am.service.RoleService;
import io.gravitee.am.service.exception.InvalidUserException;
import io.reactivex.rxjava3.core.Flowable;
import io.reactivex.rxjava3.core.Single;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

@Component
/* loaded from: input_file:io/gravitee/am/management/service/PermissionService.class */
public class PermissionService {
    private final MembershipService membershipService;
    private final GroupService groupService;
    private final RoleService roleService;
    private final EnvironmentService environmentService;
    private final DomainService domainService;
    private final ApplicationService applicationService;
    private final Map<String, Boolean> consistencyCache = new ConcurrentHashMap();

    public PermissionService(MembershipService membershipService, GroupService groupService, RoleService roleService, EnvironmentService environmentService, DomainService domainService, ApplicationService applicationService) {
        this.membershipService = membershipService;
        this.groupService = groupService;
        this.roleService = roleService;
        this.environmentService = environmentService;
        this.domainService = domainService;
        this.applicationService = applicationService;
    }

    public Single<Map<Permission, Set<Acl>>> findAllPermissions(User user, ReferenceType referenceType, String str) {
        return findMembershipPermissions(user, Collections.singletonMap(referenceType, str).entrySet().stream()).map(this::aclsPerPermission);
    }

    public Single<Boolean> hasPermission(User user, PermissionAcls permissionAcls) {
        return haveConsistentReferenceIds(permissionAcls).flatMap(bool -> {
            if (!bool.booleanValue()) {
                return Single.just(false);
            }
            Single<Map<Membership, Map<Permission, Set<Acl>>>> findMembershipPermissions = findMembershipPermissions(user, permissionAcls.referenceStream());
            Objects.requireNonNull(permissionAcls);
            return findMembershipPermissions.map(permissionAcls::match);
        });
    }

    protected Single<Boolean> haveConsistentReferenceIds(PermissionAcls permissionAcls) {
        try {
            Map map = (Map) permissionAcls.referenceStream().collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, (v0) -> {
                return v0.getValue();
            }));
            if (map.size() == 1) {
                return Single.just(true);
            }
            String str = (String) map.get(ReferenceType.APPLICATION);
            String str2 = (String) map.get(ReferenceType.DOMAIN);
            String str3 = (String) map.get(ReferenceType.ENVIRONMENT);
            String str4 = (String) map.get(ReferenceType.ORGANIZATION);
            String arrayToDelimitedString = StringUtils.arrayToDelimitedString(new String[]{str, str2, str3, str4}, "#");
            if (this.consistencyCache.containsKey(arrayToDelimitedString)) {
                return Single.just(this.consistencyCache.get(arrayToDelimitedString));
            }
            ArrayList arrayList = new ArrayList();
            if (str != null) {
                arrayList.add(isApplicationIdConsistent(str, str2, str3, str4));
            }
            if (str2 != null) {
                arrayList.add(isDomainIdConsistent(str2, str3, str4));
            }
            if (str3 != null) {
                arrayList.add(isEnvironmentIdConsistent(str3, str4));
            }
            return Single.merge(arrayList).all(bool -> {
                return bool.booleanValue();
            }).onErrorResumeNext(th -> {
                return Single.just(false);
            }).doOnSuccess(bool2 -> {
                this.consistencyCache.put(arrayToDelimitedString, bool2);
            });
        } catch (Exception e) {
            return Single.just(false);
        }
    }

    private Single<Boolean> isApplicationIdConsistent(String str, String str2, String str3, String str4) {
        return (str2 == null && str3 == null && str4 == null) ? Single.just(true) : this.applicationService.findById(str).flatMapSingle(application -> {
            return str2 != null ? Single.just(Boolean.valueOf(application.getDomain().equals(str2))) : isDomainIdConsistent(application.getDomain(), str3, str4);
        }).toSingle();
    }

    private Single<Boolean> isDomainIdConsistent(String str, String str2, String str3) {
        return (str2 == null && str3 == null) ? Single.just(true) : this.domainService.findById(str).flatMapSingle(domain -> {
            if (str2 != null) {
                return Single.just(Boolean.valueOf(domain.getReferenceId().equals(str2) && domain.getReferenceType() == ReferenceType.ENVIRONMENT));
            }
            return isEnvironmentIdConsistent(domain.getReferenceId(), str3);
        }).toSingle();
    }

    private Single<Boolean> isEnvironmentIdConsistent(String str, String str2) {
        return str2 == null ? Single.just(true) : this.environmentService.findById(str, str2).map(environment -> {
            return true;
        }).onErrorResumeNext(th -> {
            return Single.just(false);
        });
    }

    private Single<Map<Membership, Map<Permission, Set<Acl>>>> findMembershipPermissions(User user, Stream<Map.Entry<ReferenceType, String>> stream) {
        return user.getId() == null ? Single.error(new InvalidUserException("Specified user is invalid")) : this.groupService.findByMember(user.getId()).map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toList()).flatMap(list -> {
            MembershipCriteria membershipCriteria = new MembershipCriteria();
            membershipCriteria.setUserId(user.getId());
            membershipCriteria.setGroupIds(list.isEmpty() ? null : list);
            membershipCriteria.setLogicalOR(true);
            return Flowable.merge((Iterable) stream.map(entry -> {
                return this.membershipService.findByCriteria((ReferenceType) entry.getKey(), (String) entry.getValue(), membershipCriteria);
            }).collect(Collectors.toList()), 2).toList().flatMap(list -> {
                return list.isEmpty() ? Single.just(Collections.emptyMap()) : this.roleService.findByIdIn((List) list.stream().map((v0) -> {
                    return v0.getRoleId();
                }).distinct().collect(Collectors.toList())).map(set -> {
                    return permissionsPerMembership(list, set);
                });
            });
        });
    }

    private Map<Membership, Map<Permission, Set<Acl>>> permissionsPerMembership(List<Membership> list, Set<Role> set) {
        Map map = (Map) set.stream().collect(Collectors.toMap((v0) -> {
            return v0.getId();
        }, role -> {
            return role;
        }));
        Map<Membership, Map<Permission, Set<Acl>>> map2 = (Map) list.stream().collect(Collectors.toMap(membership -> {
            return membership;
        }, membership2 -> {
            return new HashMap();
        }));
        map2.forEach((membership3, map3) -> {
            Role role2 = (Role) map.get(membership3.getRoleId());
            if (role2 == null || role2.getAssignableType() != membership3.getReferenceType()) {
                return;
            }
            role2.getPermissionAcls().forEach((permission, set2) -> {
                map3.merge(permission, set2, (set2, set3) -> {
                    set2.addAll(set3);
                    return set2;
                });
            });
        });
        return map2;
    }

    private Map<Permission, Set<Acl>> aclsPerPermission(Map<Membership, Map<Permission, Set<Acl>>> map) {
        HashMap hashMap = new HashMap();
        map.forEach((membership, map2) -> {
            map2.forEach((permission, set) -> {
                if (hashMap.containsKey(permission)) {
                    ((Set) hashMap.get(permission)).addAll(set);
                } else {
                    hashMap.put(permission, new HashSet(set));
                }
            });
        });
        return hashMap;
    }
}
