package org.forgerock.openam.rest.authz;

import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.delegation.DelegationEvaluator;
import com.sun.identity.delegation.DelegationPermissionFactory;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import org.forgerock.authz.filter.api.AuthorizationResult;
import org.forgerock.json.resource.ActionRequest;
import org.forgerock.json.resource.QueryRequest;
import org.forgerock.json.resource.ReadRequest;
import org.forgerock.json.resource.ResourceException;
import org.forgerock.openam.authz.PrivilegeAuthzModule;
import org.forgerock.openam.authz.PrivilegeDefinition;
import org.forgerock.openam.core.CoreWrapper;
import org.forgerock.openam.rest.RestConstants;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.services.context.Context;
import org.forgerock.util.AsyncFunction;
import org.forgerock.util.promise.Promise;
import org.forgerock.util.promise.Promises;

/* loaded from: input_file:org/forgerock/openam/rest/authz/PrivilegeWriteAndAnyPrivilegeReadOnlyAuthzModule.class */
public class PrivilegeWriteAndAnyPrivilegeReadOnlyAuthzModule extends CrestPrivilegeAuthzModule {
    private static final Set<String> READ_ONLY_ACTIONS = CollectionUtils.asSet(new String[]{RestConstants.SCHEMA, RestConstants.TEMPLATE, RestConstants.GET_ALL_TYPES, RestConstants.GET_CREATABLE_TYPES, RestConstants.GET_TYPE, RestConstants.NEXT_DESCENDENTS});
    private final AnyPrivilegeAuthzModule anyPrivilegeAuthzModule;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/forgerock/openam/rest/authz/PrivilegeWriteAndAnyPrivilegeReadOnlyAuthzModule$PermitAnyPrivilegedRead.class */
    public static class PermitAnyPrivilegedRead implements AsyncFunction<AuthorizationResult, AuthorizationResult, ResourceException> {
        private final AnyPrivilegeAuthzModule anyPrivilegeAuthzModule;
        private final Context context;

        private PermitAnyPrivilegedRead(AnyPrivilegeAuthzModule anyPrivilegeAuthzModule, Context context) {
            this.anyPrivilegeAuthzModule = anyPrivilegeAuthzModule;
            this.context = context;
        }

        /* renamed from: apply, reason: merged with bridge method [inline-methods] */
        public Promise<? extends AuthorizationResult, ? extends ResourceException> m18apply(AuthorizationResult authorizationResult) throws ResourceException {
            return authorizationResult.isAuthorized() ? Promises.newResultPromise(authorizationResult) : this.anyPrivilegeAuthzModule.evaluateAsPromise(this.context, PrivilegeAuthzModule.READ);
        }
    }

    @Inject
    public PrivilegeWriteAndAnyPrivilegeReadOnlyAuthzModule(DelegationEvaluator delegationEvaluator, @Named("CrestPrivilegeDefinitions") Map<String, PrivilegeDefinition> map, DelegationPermissionFactory delegationPermissionFactory, CoreWrapper coreWrapper, AnyPrivilegeAuthzModule anyPrivilegeAuthzModule, SSOTokenManager sSOTokenManager) {
        super(delegationEvaluator, map, delegationPermissionFactory, coreWrapper, sSOTokenManager);
        this.anyPrivilegeAuthzModule = anyPrivilegeAuthzModule;
    }

    @Override // org.forgerock.openam.rest.authz.CrestPrivilegeAuthzModule
    public Promise<AuthorizationResult, ResourceException> authorizeAction(Context context, ActionRequest actionRequest) {
        return READ_ONLY_ACTIONS.contains(actionRequest.getAction()) ? evaluateReadOnly(context) : super.authorizeAction(context, actionRequest);
    }

    @Override // org.forgerock.openam.rest.authz.CrestPrivilegeAuthzModule
    public Promise<AuthorizationResult, ResourceException> authorizeRead(Context context, ReadRequest readRequest) {
        return evaluateReadOnly(context);
    }

    @Override // org.forgerock.openam.rest.authz.CrestPrivilegeAuthzModule
    public Promise<AuthorizationResult, ResourceException> authorizeQuery(Context context, QueryRequest queryRequest) {
        return evaluateReadOnly(context);
    }

    private Promise<AuthorizationResult, ResourceException> evaluateReadOnly(Context context) {
        return super.evaluateAsPromise(context, READ).thenAsync(new PermitAnyPrivilegedRead(this.anyPrivilegeAuthzModule, context));
    }
}
