package org.gorpipe.gor.auth;

import com.google.common.base.Strings;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.gorpipe.exceptions.GorSystemException;
import org.gorpipe.util.RegexpUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gorpipe/gor/auth/GorAuthRoleMatcher.class */
public class GorAuthRoleMatcher {
    private static final Logger log = LoggerFactory.getLogger(GorAuthRoleMatcher.class);
    private static Map<String, Pattern> patternCache = new ConcurrentHashMap();
    public static final String PROJECT_REGEX = "prj:";
    public static final String DELIMITER = ":";
    public static final String WILDCARD = "*";
    public static final String SYSTEM_ADMIN_ROLE = "system_admin";

    public static boolean hasRolebasedSystemAdminAccess(GorAuthInfo gorAuthInfo) {
        return matchRolePatterns(gorAuthInfo.getUserRoles(), Arrays.asList("system_admin"));
    }

    public static void needsRolebasedAccess(GorAuthInfo gorAuthInfo, String str, AuthorizationAction... authorizationActionArr) throws GorSystemException {
        if (hasRolebasedAccess(gorAuthInfo.getUserRoles(), gorAuthInfo.getProject(), str, authorizationActionArr)) {
            return;
        }
        log.warn(String.format("User '%s' in project '%s' does not have access to subject '%s' with any of '%s'", gorAuthInfo.getUsername(), gorAuthInfo.getProject(), str, Arrays.stream(authorizationActionArr).map(authorizationAction -> {
            return authorizationAction.value;
        }).collect(Collectors.joining(","))));
        throw new GorSystemException(String.format("User '%s' in project '%s' does not have access.", gorAuthInfo.getUsername(), gorAuthInfo.getProject()), null);
    }

    public static boolean hasRolebasedAccess(GorAuthInfo gorAuthInfo, String str, AuthorizationAction... authorizationActionArr) {
        return hasRolebasedAccess(gorAuthInfo.getUserRoles(), gorAuthInfo.getProject(), str, authorizationActionArr);
    }

    public static boolean hasRolebasedAccess(List<String> list, String str, String str2, AuthorizationAction... authorizationActionArr) {
        return matchRolePatterns(list, getRolesThatGiveAccess(str, str2, authorizationActionArr));
    }

    static List<String> getRolesThatGiveAccess(String str, String str2, AuthorizationAction... authorizationActionArr) {
        ArrayList arrayList = new ArrayList();
        for (AuthorizationAction authorizationAction : authorizationActionArr) {
            if (!Strings.isNullOrEmpty(str)) {
                arrayList.add("prj:" + str + ":" + authorizationAction.value);
                if (!Strings.isNullOrEmpty(str2)) {
                    arrayList.add("prj:" + str + ":" + authorizationAction.value + ":" + str2);
                }
            }
            if (authorizationAction == AuthorizationAction.WRITE && str2 != null && str2.startsWith("user_data/")) {
                arrayList.add("prj:" + str + ":" + AuthorizationAction.WRITE_TO_USER_DATA.value);
            }
        }
        if (!Strings.isNullOrEmpty(str)) {
            arrayList.add("prj:" + str + ":" + AuthorizationAction.PROJECT_ADMIN.value);
        }
        arrayList.add("system_admin");
        return arrayList;
    }

    static boolean matchRolePatterns(List<String> list, List<String> list2) {
        if (list == null || list.isEmpty() || list2 == null || list2.isEmpty()) {
            return false;
        }
        for (String str : list) {
            if (!Strings.isNullOrEmpty(str)) {
                Pattern computeIfAbsent = patternCache.computeIfAbsent(str, str2 -> {
                    return RegexpUtils.compilePattern(str2);
                });
                for (String str3 : list2) {
                    if (!Strings.isNullOrEmpty(str3) && matchRoles(computeIfAbsent, str3)) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    private static boolean matchRoles(Pattern pattern, String str) {
        if (Strings.isNullOrEmpty(pattern.pattern()) || Strings.isNullOrEmpty(str)) {
            return false;
        }
        return pattern.matcher(str).matches();
    }
}
