package org.yamcs.security;

import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
import org.yamcs.security.protobuf.AccountRecord;
import org.yamcs.security.protobuf.Clearance;
import org.yamcs.security.protobuf.ExternalIdentity;
import org.yamcs.security.protobuf.UserAccountRecordDetail;

/* loaded from: input_file:org/yamcs/security/User.class */
public class User extends Account {
    private String email;
    private String hash;
    private boolean superuser;
    private Clearance clearance;
    private Map<String, String> identitiesByProvider;
    private Set<String> roles;
    private Set<SystemPrivilege> externalSystemPrivileges;
    private Map<ObjectPrivilegeType, Set<ObjectPrivilege>> externalObjectPrivileges;
    private Set<SystemPrivilege> systemPrivileges;
    private Map<ObjectPrivilegeType, Set<ObjectPrivilege>> objectPrivileges;
    private Set<ClearanceListener> clearanceListeners;

    public User(String str, User user) {
        super(str, user);
        this.identitiesByProvider = new HashMap();
        this.roles = new HashSet();
        this.externalSystemPrivileges = new HashSet();
        this.externalObjectPrivileges = new HashMap();
        this.systemPrivileges = new HashSet();
        this.objectPrivileges = new HashMap();
        this.clearanceListeners = new CopyOnWriteArraySet();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public User(AccountRecord accountRecord) {
        super(accountRecord);
        this.identitiesByProvider = new HashMap();
        this.roles = new HashSet();
        this.externalSystemPrivileges = new HashSet();
        this.externalObjectPrivileges = new HashMap();
        this.systemPrivileges = new HashSet();
        this.objectPrivileges = new HashMap();
        this.clearanceListeners = new CopyOnWriteArraySet();
        UserAccountRecordDetail userDetail = accountRecord.getUserDetail();
        if (userDetail.hasHash()) {
            this.hash = userDetail.getHash();
        }
        if (userDetail.hasEmail()) {
            this.email = userDetail.getEmail();
        }
        this.superuser = userDetail.getSuperuser();
        for (ExternalIdentity externalIdentity : userDetail.getIdentitiesList()) {
            this.identitiesByProvider.put(externalIdentity.getProvider(), externalIdentity.getIdentity());
        }
        this.roles.addAll(userDetail.mo1014getRolesList());
        if (userDetail.hasClearance()) {
            this.clearance = userDetail.getClearance();
        }
    }

    public String getEmail() {
        return this.email;
    }

    public String getHash() {
        return this.hash;
    }

    public boolean isExternallyManaged() {
        return !this.identitiesByProvider.isEmpty();
    }

    public void addIdentity(String str, String str2) {
        this.identitiesByProvider.put(str, str2);
    }

    public Set<Map.Entry<String, String>> getIdentityEntrySet() {
        return this.identitiesByProvider.entrySet();
    }

    public void deleteIdentity(String str) {
        this.identitiesByProvider.remove(str);
    }

    public Clearance getClearance() {
        return this.clearance;
    }

    public void setClearance(Clearance clearance) {
        this.clearance = clearance;
        this.clearanceListeners.forEach(clearanceListener -> {
            clearanceListener.onChange(clearance);
        });
    }

    public Set<String> getRoles() {
        return Collections.unmodifiableSet(this.roles);
    }

    public void setRoles(Collection<String> collection) {
        this.roles.clear();
        this.roles.addAll(collection);
    }

    public void addRole(String str) {
        this.roles.add(str);
    }

    public void deleteRole(String str) {
        this.roles.remove(str);
    }

    public boolean isSuperuser() {
        return this.superuser;
    }

    public void setSuperuser(boolean z) {
        this.superuser = z;
    }

    public void setEmail(String str) {
        this.email = str;
    }

    public void setHash(String str) {
        this.hash = str;
    }

    public Set<SystemPrivilege> getSystemPrivileges() {
        return this.systemPrivileges;
    }

    public Map<ObjectPrivilegeType, Set<ObjectPrivilege>> getObjectPrivileges() {
        return this.objectPrivileges;
    }

    public Set<ObjectPrivilege> getObjectPrivileges(ObjectPrivilegeType objectPrivilegeType) {
        Set<ObjectPrivilege> set = this.objectPrivileges.get(objectPrivilegeType);
        return set != null ? set : Collections.emptySet();
    }

    public void addSystemPrivilege(SystemPrivilege systemPrivilege, boolean z) {
        if (z) {
            this.externalSystemPrivileges.add(systemPrivilege);
        }
        this.systemPrivileges.add(systemPrivilege);
    }

    public void addObjectPrivilege(ObjectPrivilege objectPrivilege, boolean z) {
        if (z) {
            Set<ObjectPrivilege> set = this.externalObjectPrivileges.get(objectPrivilege.getType());
            if (set == null) {
                set = new HashSet();
                this.externalObjectPrivileges.put(objectPrivilege.getType(), set);
            }
            set.add(objectPrivilege);
        }
        Set<ObjectPrivilege> set2 = this.objectPrivileges.get(objectPrivilege.getType());
        if (set2 == null) {
            set2 = new HashSet();
            this.objectPrivileges.put(objectPrivilege.getType(), set2);
        }
        set2.add(objectPrivilege);
    }

    public void clearDirectoryPrivileges() {
        this.systemPrivileges.clear();
        this.systemPrivileges.addAll(this.externalSystemPrivileges);
        this.objectPrivileges.clear();
        this.objectPrivileges.putAll(this.externalObjectPrivileges);
    }

    public boolean hasSystemPrivilege(SystemPrivilege systemPrivilege) {
        if (this.superuser) {
            return true;
        }
        return this.systemPrivileges.contains(systemPrivilege);
    }

    public boolean hasObjectPrivilege(ObjectPrivilegeType objectPrivilegeType, String str) {
        if (this.superuser) {
            return true;
        }
        Iterator<ObjectPrivilege> it = getObjectPrivileges(objectPrivilegeType).iterator();
        while (it.hasNext()) {
            if (str.matches(it.next().getObject())) {
                return true;
            }
        }
        return false;
    }

    public void addClearanceListener(ClearanceListener clearanceListener) {
        this.clearanceListeners.add(clearanceListener);
    }

    public void removeClearanceListener(ClearanceListener clearanceListener) {
        this.clearanceListeners.remove(clearanceListener);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AccountRecord toRecord() {
        UserAccountRecordDetail.Builder newBuilder = UserAccountRecordDetail.newBuilder();
        if (this.hash != null) {
            newBuilder.setHash(this.hash);
        }
        if (this.email != null) {
            newBuilder.setEmail(this.email);
        }
        newBuilder.addAllRoles(this.roles);
        newBuilder.setSuperuser(this.superuser);
        this.identitiesByProvider.forEach((str, str2) -> {
            newBuilder.addIdentities(ExternalIdentity.newBuilder().setProvider(str).setIdentity(str2));
        });
        if (this.clearance != null) {
            newBuilder.setClearance(this.clearance);
        }
        return newRecordBuilder().setUserDetail(newBuilder).m668build();
    }
}
