package io.helidon.security.abac.policy;

import io.helidon.common.Errors;
import io.helidon.common.HelidonServiceLoader;
import io.helidon.common.config.Config;
import io.helidon.security.EndpointConfig;
import io.helidon.security.ProviderRequest;
import io.helidon.security.SecurityLevel;
import io.helidon.security.abac.policy.spi.PolicyExecutor;
import io.helidon.security.abac.policy.spi.PolicyExecutorService;
import io.helidon.security.providers.abac.AbacAnnotation;
import io.helidon.security.providers.abac.AbacValidatorConfig;
import io.helidon.security.providers.abac.spi.AbacValidator;
import java.lang.System;
import java.lang.annotation.Annotation;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.ServiceLoader;
import java.util.Set;

/* loaded from: input_file:io/helidon/security/abac/policy/PolicyValidator.class */
public final class PolicyValidator implements AbacValidator<PolicyConfig> {
    private static final System.Logger LOGGER = System.getLogger(PolicyValidator.class.getName());
    private final List<PolicyExecutor> executors = new LinkedList();

    /* loaded from: input_file:io/helidon/security/abac/policy/PolicyValidator$Builder.class */
    public static final class Builder implements io.helidon.common.Builder<Builder, PolicyValidator> {
        private final List<PolicyExecutor> executors = new LinkedList();
        private Config config = Config.empty();

        private Builder() {
        }

        /* renamed from: build, reason: merged with bridge method [inline-methods] */
        public PolicyValidator m3build() {
            return new PolicyValidator(this);
        }

        public Builder addExecutor(PolicyExecutor policyExecutor) {
            this.executors.add(policyExecutor);
            return this;
        }

        public Builder config(Config config) {
            this.config = config;
            config.get("validators").asList(Config.class).ifPresent(list -> {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    Config config2 = (Config) it.next();
                    config2.get("class").asString().ifPresentOrElse(str -> {
                        addExecutor(instantiate(str));
                    }, () -> {
                        throw new SecurityException("validators key may only contain an array of class to class names, at key: " + String.valueOf(config2.key()));
                    });
                }
            });
            return this;
        }

        private PolicyExecutor instantiate(String str) {
            try {
                Class<?> cls = Class.forName(str);
                try {
                    return (PolicyExecutor) cls.getConstructor(new Class[0]).newInstance(new Object[0]);
                } catch (Exception e) {
                    PolicyValidator.LOGGER.log(System.Logger.Level.ERROR, "Could not instantiate: " + str + ". Class must have a default public");
                    throw new SecurityException("Failed to load PolicyExecutor from class " + String.valueOf(cls), e);
                }
            } catch (Exception e2) {
                throw new SecurityException("Failed to get class " + str, e2);
            }
        }
    }

    /* loaded from: input_file:io/helidon/security/abac/policy/PolicyValidator$PolicyConfig.class */
    public static final class PolicyConfig implements AbacValidatorConfig {
        private final List<String> policyStatements;
        private final boolean inherit;

        /* loaded from: input_file:io/helidon/security/abac/policy/PolicyValidator$PolicyConfig$Builder.class */
        public static final class Builder implements io.helidon.common.Builder<Builder, PolicyConfig> {
            private final List<String> policyStatements = new LinkedList();
            private boolean inherit = true;

            private Builder() {
            }

            public Builder statement(String str) {
                this.policyStatements.clear();
                this.policyStatements.add(str);
                return this;
            }

            public Builder inherit(boolean z) {
                this.inherit = z;
                return this;
            }

            public Builder config(Config config) {
                config.get("inherit").asBoolean().ifPresent((v1) -> {
                    inherit(v1);
                });
                config.get("statement").asString().ifPresent(this::statement);
                return this;
            }

            Builder from(PolicyStatement policyStatement) {
                return inherit(policyStatement.inherit()).statement(policyStatement.value());
            }

            Builder from(PolicyConfig policyConfig) {
                if (!policyConfig.inherit) {
                    this.policyStatements.clear();
                }
                inherit(policyConfig.inherit);
                this.policyStatements.addAll(policyConfig.policyStatements);
                return this;
            }

            /* renamed from: build, reason: merged with bridge method [inline-methods] */
            public PolicyConfig m4build() {
                return new PolicyConfig(this);
            }
        }

        private PolicyConfig(Builder builder) {
            this.policyStatements = builder.policyStatements;
            this.inherit = builder.inherit;
        }

        public static Builder builder() {
            return new Builder();
        }

        public List<String> policyStatements() {
            return Collections.unmodifiableList(this.policyStatements);
        }

        public boolean shouldInherit() {
            return this.inherit;
        }
    }

    @Target({ElementType.METHOD, ElementType.TYPE})
    @AbacAnnotation
    @Inherited
    @Retention(RetentionPolicy.RUNTIME)
    @Documented
    /* loaded from: input_file:io/helidon/security/abac/policy/PolicyValidator$PolicyStatement.class */
    public @interface PolicyStatement {
        String value();

        boolean inherit() default true;
    }

    private PolicyValidator(Builder builder) {
        Iterator it = HelidonServiceLoader.create(ServiceLoader.load(PolicyExecutorService.class)).iterator();
        while (it.hasNext()) {
            PolicyExecutorService policyExecutorService = (PolicyExecutorService) it.next();
            this.executors.add(policyExecutorService.instantiate(builder.config.get(policyExecutorService.configKey())));
        }
        this.executors.addAll(builder.executors);
    }

    public static Builder builder() {
        return new Builder();
    }

    public static PolicyValidator create(Config config) {
        return builder().config(config).m3build();
    }

    public Collection<Class<? extends Annotation>> supportedAnnotations() {
        return Set.of(PolicyStatement.class);
    }

    public Class<PolicyConfig> configClass() {
        return PolicyConfig.class;
    }

    public String configKey() {
        return "policy-validator";
    }

    /* renamed from: fromConfig, reason: merged with bridge method [inline-methods] */
    public PolicyConfig m2fromConfig(Config config) {
        return PolicyConfig.builder().config(config).m4build();
    }

    /* renamed from: fromAnnotations, reason: merged with bridge method [inline-methods] */
    public PolicyConfig m1fromAnnotations(EndpointConfig endpointConfig) {
        PolicyConfig.Builder builder = PolicyConfig.builder();
        for (SecurityLevel securityLevel : endpointConfig.securityLevels()) {
            for (EndpointConfig.AnnotationScope annotationScope : EndpointConfig.AnnotationScope.values()) {
                ArrayList<Annotation> arrayList = new ArrayList();
                Iterator<Class<? extends Annotation>> it = supportedAnnotations().iterator();
                while (it.hasNext()) {
                    arrayList.addAll(securityLevel.filterAnnotations(it.next(), annotationScope));
                }
                for (Annotation annotation : arrayList) {
                    if (annotation instanceof PolicyStatement) {
                        builder.from(PolicyConfig.builder().from((PolicyStatement) annotation).m4build());
                    }
                }
            }
        }
        return builder.m4build();
    }

    public void validate(PolicyConfig policyConfig, Errors.Collector collector, ProviderRequest providerRequest) {
        LinkedList linkedList = new LinkedList();
        for (String str : policyConfig.policyStatements()) {
            boolean z = false;
            Iterator<PolicyExecutor> it = this.executors.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                PolicyExecutor next = it.next();
                if (next.supports(str, providerRequest)) {
                    next.executePolicy(str, collector, providerRequest);
                    z = true;
                    break;
                }
            }
            if (!z) {
                linkedList.add(str);
            }
        }
        if (!linkedList.isEmpty()) {
            throw new SecurityException("Missing a policy executor for policy statement(s). Statements: " + String.valueOf(linkedList) + ", known executors: " + String.valueOf(this.executors));
        }
    }
}
