package com.yahoo.vespa.hosted.controller.api.integration.athenz;

import com.yahoo.vespa.athenz.api.AthenzDomain;
import com.yahoo.vespa.athenz.api.AthenzIdentity;
import com.yahoo.vespa.athenz.api.AthenzResourceName;
import com.yahoo.vespa.athenz.api.AthenzRole;
import com.yahoo.vespa.athenz.api.OktaAccessToken;
import com.yahoo.vespa.athenz.api.OktaIdentityToken;
import com.yahoo.vespa.athenz.client.zms.RoleAction;
import com.yahoo.vespa.athenz.client.zms.ZmsClient;
import com.yahoo.vespa.athenz.client.zms.ZmsClientException;
import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId;
import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzDbMock;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: input_file:com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.class */
public class ZmsClientMock implements ZmsClient {
    private final AthenzDbMock athenz;
    private final AthenzIdentity controllerIdentity;
    private static final Logger log = Logger.getLogger(ZmsClientMock.class.getName());
    private static final Pattern TENANT_RESOURCE_PATTERN = Pattern.compile("service\\.hosting\\.tenant\\.(?<tenantDomain>[\\w\\-_]+)\\..*");
    private static final Pattern APPLICATION_RESOURCE_PATTERN = Pattern.compile("service\\.hosting\\.tenant\\.[\\w\\-_]+\\.res_group\\.(?<resourceGroup>[\\w\\-_]+)\\.wildcard");

    public ZmsClientMock(AthenzDbMock athenzDbMock, AthenzIdentity athenzIdentity) {
        this.athenz = athenzDbMock;
        this.controllerIdentity = athenzIdentity;
    }

    public void createTenancy(AthenzDomain athenzDomain, AthenzIdentity athenzIdentity, OktaIdentityToken oktaIdentityToken, OktaAccessToken oktaAccessToken) {
        log("createTenancy(tenantDomain='%s')", athenzDomain);
        getDomainOrThrow(athenzDomain, false).isVespaTenant = true;
    }

    public void deleteTenancy(AthenzDomain athenzDomain, AthenzIdentity athenzIdentity, OktaIdentityToken oktaIdentityToken, OktaAccessToken oktaAccessToken) {
        log("deleteTenancy(tenantDomain='%s')", athenzDomain);
        AthenzDbMock.Domain domainOrThrow = getDomainOrThrow(athenzDomain, false);
        domainOrThrow.isVespaTenant = false;
        domainOrThrow.applications.clear();
        domainOrThrow.tenantAdmins.clear();
    }

    public void createProviderResourceGroup(AthenzDomain athenzDomain, AthenzIdentity athenzIdentity, String str, Set<RoleAction> set, OktaIdentityToken oktaIdentityToken, OktaAccessToken oktaAccessToken) {
        log("createProviderResourceGroup(tenantDomain='%s', resourceGroup='%s')", athenzDomain, str);
        AthenzDbMock.Domain domainOrThrow = getDomainOrThrow(athenzDomain, true);
        ApplicationId applicationId = new ApplicationId(str);
        if (domainOrThrow.applications.containsKey(applicationId)) {
            return;
        }
        domainOrThrow.applications.put(applicationId, new AthenzDbMock.Application());
    }

    public void deleteProviderResourceGroup(AthenzDomain athenzDomain, AthenzIdentity athenzIdentity, String str, OktaIdentityToken oktaIdentityToken, OktaAccessToken oktaAccessToken) {
        log("deleteProviderResourceGroup(tenantDomain='%s', resourceGroup='%s')", athenzDomain, str);
        getDomainOrThrow(athenzDomain, true).applications.remove(new ApplicationId(str));
    }

    public void addRoleMember(AthenzRole athenzRole, AthenzIdentity athenzIdentity) {
        if (!athenzRole.roleName().equals("tenancy.vespa.hosting.admin")) {
            throw new IllegalArgumentException("Mock only supports adding tenant admins, not " + athenzRole.roleName());
        }
        getDomainOrThrow(athenzRole.domain(), true).tenantAdmin(athenzIdentity);
    }

    public void deleteRoleMember(AthenzRole athenzRole, AthenzIdentity athenzIdentity) {
        if (!athenzRole.roleName().equals("tenancy.vespa.hosting.admin")) {
            throw new IllegalArgumentException("Mock only supports deleting tenant admins, not " + athenzRole.roleName());
        }
        getDomainOrThrow(athenzRole.domain(), true).deleteTenantAdmin(athenzIdentity);
    }

    public boolean getMembership(AthenzRole athenzRole, AthenzIdentity athenzIdentity) {
        if (athenzRole.roleName().equals("admin")) {
            return getDomainOrThrow(athenzRole.domain(), false).admins.contains(athenzIdentity);
        }
        return false;
    }

    public List<AthenzDomain> getDomainList(String str) {
        log("getDomainList()", new Object[0]);
        return new ArrayList(this.athenz.domains.keySet());
    }

    public boolean hasAccess(AthenzResourceName athenzResourceName, String str, AthenzIdentity athenzIdentity) {
        log("hasAccess(resource=%s, action=%s, identity=%s)", athenzResourceName, str, athenzIdentity);
        if (!athenzResourceName.getDomain().equals(this.controllerIdentity.getDomain())) {
            return getDomainOrThrow(athenzResourceName.getDomain(), false).policies.stream().anyMatch(policy -> {
                return policy.principalMatches(athenzIdentity) && policy.actionMatches(str) && policy.resourceMatches(athenzResourceName.getEntityName());
            });
        }
        if (isHostedOperator(athenzIdentity)) {
            return true;
        }
        if (!athenzResourceName.getEntityName().startsWith("service.hosting.tenant.")) {
            return false;
        }
        AthenzDbMock.Domain domainOrThrow = getDomainOrThrow(getTenantDomain(athenzResourceName), true);
        if (domainOrThrow.admins.contains(athenzIdentity) || domainOrThrow.tenantAdmins.contains(athenzIdentity)) {
            return true;
        }
        if (!athenzResourceName.getEntityName().contains(".res_group.")) {
            return false;
        }
        ApplicationId applicationId = new ApplicationId(getResourceGroupName(athenzResourceName));
        AthenzDbMock.Application application = domainOrThrow.applications.get(applicationId);
        if (application == null) {
            throw zmsException(400, "Application '%s' not found", applicationId);
        }
        return application.acl.get(ApplicationAction.valueOf(str)).contains(athenzIdentity);
    }

    public void addPolicyRule(AthenzDomain athenzDomain, String str, String str2, AthenzResourceName athenzResourceName, AthenzRole athenzRole) {
    }

    public boolean deletePolicyRule(AthenzDomain athenzDomain, String str, String str2, AthenzResourceName athenzResourceName, AthenzRole athenzRole) {
        return false;
    }

    public void close() {
    }

    private static AthenzDomain getTenantDomain(AthenzResourceName athenzResourceName) {
        Matcher matcher = TENANT_RESOURCE_PATTERN.matcher(athenzResourceName.getEntityName());
        if (matcher.matches()) {
            return new AthenzDomain(matcher.group("tenantDomain"));
        }
        throw new IllegalArgumentException(athenzResourceName.toResourceNameString());
    }

    private static String getResourceGroupName(AthenzResourceName athenzResourceName) {
        Matcher matcher = APPLICATION_RESOURCE_PATTERN.matcher(athenzResourceName.getEntityName());
        if (matcher.matches()) {
            return matcher.group("resourceGroup");
        }
        throw new IllegalArgumentException(athenzResourceName.toResourceNameString());
    }

    private AthenzDbMock.Domain getDomainOrThrow(AthenzDomain athenzDomain, boolean z) {
        AthenzDbMock.Domain domain = (AthenzDbMock.Domain) Optional.ofNullable(this.athenz.domains.get(athenzDomain)).orElseThrow(() -> {
            return zmsException(400, "Domain '%s' not found", athenzDomain);
        });
        if (!z || domain.isVespaTenant) {
            return domain;
        }
        throw zmsException(400, "Domain not a Vespa tenant: '%s'", athenzDomain);
    }

    private boolean isHostedOperator(AthenzIdentity athenzIdentity) {
        return this.athenz.hostedOperators.contains(athenzIdentity);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ZmsClientException zmsException(int i, String str, Object... objArr) {
        return new ZmsClientException(i, String.format(str, objArr));
    }

    private static void log(String str, Object... objArr) {
        log.log(Level.INFO, String.format(str, objArr));
    }
}
