package me.ahoo.cosec.authorization;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.SetsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import me.ahoo.cosec.api.authorization.Authorization;
import me.ahoo.cosec.api.authorization.AuthorizeResult;
import me.ahoo.cosec.api.context.SecurityContext;
import me.ahoo.cosec.api.context.request.Request;
import me.ahoo.cosec.api.policy.Effect;
import me.ahoo.cosec.api.policy.Policy;
import me.ahoo.cosec.api.policy.Statement;
import me.ahoo.cosec.api.policy.VerifyResult;
import me.ahoo.cosec.api.principal.CoSecPrincipal;
import me.ahoo.cosec.api.tenant.Tenant;
import org.jetbrains.annotations.NotNull;
import reactor.core.publisher.Mono;
import reactor.kotlin.core.publisher.MonoExtensionsKt;

/* compiled from: SimpleAuthorization.kt */
@Metadata(mv = {1, 7, 1}, k = 1, xi = 48, d1 = {"��<\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\"\n\u0002\u0018\u0002\n\u0002\b\u0004\u0018��2\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u001e\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00070\u00062\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bH\u0016J\u001e\u0010\f\u001a\b\u0012\u0004\u0012\u00020\r0\u00062\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bH\u0002J&\u0010\u000e\u001a\u00020\r2\f\u0010\u000f\u001a\b\u0012\u0004\u0012\u00020\u00110\u00102\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bH\u0002J\u001e\u0010\u0012\u001a\b\u0012\u0004\u0012\u00020\r0\u00062\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bH\u0002J\u001e\u0010\u0013\u001a\b\u0012\u0004\u0012\u00020\r0\u00062\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bH\u0002J\u0010\u0010\u0014\u001a\u00020\r2\u0006\u0010\n\u001a\u00020\u000bH\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0015"}, d2 = {"Lme/ahoo/cosec/authorization/SimpleAuthorization;", "Lme/ahoo/cosec/api/authorization/Authorization;", "permissionRepository", "Lme/ahoo/cosec/authorization/PermissionRepository;", "(Lme/ahoo/cosec/authorization/PermissionRepository;)V", "authorize", "Lreactor/core/publisher/Mono;", "Lme/ahoo/cosec/api/authorization/AuthorizeResult;", "request", "Lme/ahoo/cosec/api/context/request/Request;", "context", "Lme/ahoo/cosec/api/context/SecurityContext;", "verifyGlobalPolicies", "Lme/ahoo/cosec/api/policy/VerifyResult;", "verifyPolicies", "policies", "", "Lme/ahoo/cosec/api/policy/Policy;", "verifyPrincipalPolicies", "verifyRolePolicies", "verifyRoot", "cosec-core"})
/* loaded from: input_file:me/ahoo/cosec/authorization/SimpleAuthorization.class */
public final class SimpleAuthorization implements Authorization {

    @NotNull
    private final PermissionRepository permissionRepository;

    public SimpleAuthorization(@NotNull PermissionRepository permissionRepository) {
        Intrinsics.checkNotNullParameter(permissionRepository, "permissionRepository");
        this.permissionRepository = permissionRepository;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final VerifyResult verifyPolicies(Set<? extends Policy> set, Request request, SecurityContext securityContext) {
        Iterator<T> it = set.iterator();
        while (it.hasNext()) {
            Set statements = ((Policy) it.next()).getStatements();
            ArrayList arrayList = new ArrayList();
            for (Object obj : statements) {
                if (((Statement) obj).getEffect() == Effect.DENY) {
                    arrayList.add(obj);
                }
            }
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                if (((Statement) it2.next()).verify(request, securityContext) == VerifyResult.EXPLICIT_DENY) {
                    return VerifyResult.EXPLICIT_DENY;
                }
            }
        }
        Iterator<T> it3 = set.iterator();
        while (it3.hasNext()) {
            Set statements2 = ((Policy) it3.next()).getStatements();
            ArrayList arrayList2 = new ArrayList();
            for (Object obj2 : statements2) {
                if (((Statement) obj2).getEffect() == Effect.ALLOW) {
                    arrayList2.add(obj2);
                }
            }
            Iterator it4 = arrayList2.iterator();
            while (it4.hasNext()) {
                if (((Statement) it4.next()).verify(request, securityContext) == VerifyResult.ALLOW) {
                    return VerifyResult.ALLOW;
                }
            }
        }
        return VerifyResult.IMPLICIT_DENY;
    }

    private final VerifyResult verifyRoot(SecurityContext securityContext) {
        return CoSecPrincipal.Companion.isRoot(securityContext.getPrincipal()) ? VerifyResult.ALLOW : VerifyResult.IMPLICIT_DENY;
    }

    private final Mono<VerifyResult> verifyGlobalPolicies(final Request request, final SecurityContext securityContext) {
        Mono defaultIfEmpty = this.permissionRepository.getGlobalPolicy().defaultIfEmpty(SetsKt.emptySet());
        Function1<Set<? extends Policy>, VerifyResult> function1 = new Function1<Set<? extends Policy>, VerifyResult>() { // from class: me.ahoo.cosec.authorization.SimpleAuthorization$verifyGlobalPolicies$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            public final VerifyResult invoke(@NotNull Set<? extends Policy> set) {
                VerifyResult verifyPolicies;
                Intrinsics.checkNotNullParameter(set, "policies");
                verifyPolicies = SimpleAuthorization.this.verifyPolicies(set, request, securityContext);
                return verifyPolicies;
            }
        };
        Mono<VerifyResult> map = defaultIfEmpty.map((v1) -> {
            return verifyGlobalPolicies$lambda$6(r1, v1);
        });
        Intrinsics.checkNotNullExpressionValue(map, "private fun verifyGlobal…text)\n            }\n    }");
        return map;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Mono<VerifyResult> verifyPrincipalPolicies(final Request request, final SecurityContext securityContext) {
        if (securityContext.getPrincipal().getPolicies().isEmpty()) {
            return MonoExtensionsKt.toMono(VerifyResult.IMPLICIT_DENY);
        }
        Mono defaultIfEmpty = this.permissionRepository.getPolicies(securityContext.getPrincipal().getPolicies()).defaultIfEmpty(SetsKt.emptySet());
        Function1<Set<? extends Policy>, VerifyResult> function1 = new Function1<Set<? extends Policy>, VerifyResult>() { // from class: me.ahoo.cosec.authorization.SimpleAuthorization$verifyPrincipalPolicies$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            public final VerifyResult invoke(@NotNull Set<? extends Policy> set) {
                VerifyResult verifyPolicies;
                Intrinsics.checkNotNullParameter(set, "policies");
                verifyPolicies = SimpleAuthorization.this.verifyPolicies(set, request, securityContext);
                return verifyPolicies;
            }
        };
        Mono<VerifyResult> map = defaultIfEmpty.map((v1) -> {
            return verifyPrincipalPolicies$lambda$7(r1, v1);
        });
        Intrinsics.checkNotNullExpressionValue(map, "private fun verifyPrinci…text)\n            }\n    }");
        return map;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Mono<VerifyResult> verifyRolePolicies(final Request request, final SecurityContext securityContext) {
        if (securityContext.getPrincipal().getRoles().isEmpty()) {
            return MonoExtensionsKt.toMono(VerifyResult.IMPLICIT_DENY);
        }
        Mono defaultIfEmpty = this.permissionRepository.getRolePolicy(securityContext.getPrincipal().getRoles()).defaultIfEmpty(SetsKt.emptySet());
        Function1<Set<? extends Policy>, VerifyResult> function1 = new Function1<Set<? extends Policy>, VerifyResult>() { // from class: me.ahoo.cosec.authorization.SimpleAuthorization$verifyRolePolicies$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            public final VerifyResult invoke(@NotNull Set<? extends Policy> set) {
                VerifyResult verifyPolicies;
                Intrinsics.checkNotNullParameter(set, "policies");
                verifyPolicies = SimpleAuthorization.this.verifyPolicies(set, request, securityContext);
                return verifyPolicies;
            }
        };
        Mono<VerifyResult> map = defaultIfEmpty.map((v1) -> {
            return verifyRolePolicies$lambda$8(r1, v1);
        });
        Intrinsics.checkNotNullExpressionValue(map, "private fun verifyRolePo…text)\n            }\n    }");
        return map;
    }

    @NotNull
    public Mono<AuthorizeResult> authorize(@NotNull final Request request, @NotNull final SecurityContext securityContext) {
        Intrinsics.checkNotNullParameter(request, "request");
        Intrinsics.checkNotNullParameter(securityContext, "context");
        if (verifyRoot(securityContext) == VerifyResult.ALLOW) {
            return MonoExtensionsKt.toMono(AuthorizeResult.Companion.getALLOW());
        }
        if (securityContext.getPrincipal().authenticated() && !Intrinsics.areEqual(request.getTenantId(), securityContext.getTenant().getTenantId())) {
            return MonoExtensionsKt.toMono(new IllegalTenantContextException((Tenant) request, securityContext));
        }
        Mono<VerifyResult> verifyGlobalPolicies = verifyGlobalPolicies(request, securityContext);
        Function1<VerifyResult, Mono<? extends VerifyResult>> function1 = new Function1<VerifyResult, Mono<? extends VerifyResult>>() { // from class: me.ahoo.cosec.authorization.SimpleAuthorization$authorize$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            public final Mono<? extends VerifyResult> invoke(@NotNull VerifyResult verifyResult) {
                Mono<? extends VerifyResult> verifyPrincipalPolicies;
                Intrinsics.checkNotNullParameter(verifyResult, "globalVerifyResult");
                if (verifyResult != VerifyResult.IMPLICIT_DENY) {
                    return MonoExtensionsKt.toMono(verifyResult);
                }
                verifyPrincipalPolicies = SimpleAuthorization.this.verifyPrincipalPolicies(request, securityContext);
                return verifyPrincipalPolicies;
            }
        };
        Mono flatMap = verifyGlobalPolicies.flatMap((v1) -> {
            return authorize$lambda$9(r1, v1);
        });
        Function1<VerifyResult, Mono<? extends AuthorizeResult>> function12 = new Function1<VerifyResult, Mono<? extends AuthorizeResult>>() { // from class: me.ahoo.cosec.authorization.SimpleAuthorization$authorize$2

            /* compiled from: SimpleAuthorization.kt */
            @Metadata(mv = {1, 7, 1}, k = 3, xi = 48)
            /* loaded from: input_file:me/ahoo/cosec/authorization/SimpleAuthorization$authorize$2$WhenMappings.class */
            public /* synthetic */ class WhenMappings {
                public static final /* synthetic */ int[] $EnumSwitchMapping$0;

                static {
                    int[] iArr = new int[VerifyResult.values().length];
                    try {
                        iArr[VerifyResult.ALLOW.ordinal()] = 1;
                    } catch (NoSuchFieldError e) {
                    }
                    try {
                        iArr[VerifyResult.EXPLICIT_DENY.ordinal()] = 2;
                    } catch (NoSuchFieldError e2) {
                    }
                    try {
                        iArr[VerifyResult.IMPLICIT_DENY.ordinal()] = 3;
                    } catch (NoSuchFieldError e3) {
                    }
                    $EnumSwitchMapping$0 = iArr;
                }
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            public final Mono<? extends AuthorizeResult> invoke(@NotNull VerifyResult verifyResult) {
                Mono verifyRolePolicies;
                Intrinsics.checkNotNullParameter(verifyResult, "principalVerifyResult");
                switch (WhenMappings.$EnumSwitchMapping$0[verifyResult.ordinal()]) {
                    case 1:
                        return MonoExtensionsKt.toMono(AuthorizeResult.Companion.getALLOW());
                    case 2:
                        return MonoExtensionsKt.toMono(AuthorizeResult.Companion.getEXPLICIT_DENY());
                    case 3:
                        verifyRolePolicies = SimpleAuthorization.this.verifyRolePolicies(request, securityContext);
                        AnonymousClass1 anonymousClass1 = new Function1<VerifyResult, AuthorizeResult>() { // from class: me.ahoo.cosec.authorization.SimpleAuthorization$authorize$2.1

                            /* compiled from: SimpleAuthorization.kt */
                            @Metadata(mv = {1, 7, 1}, k = 3, xi = 48)
                            /* renamed from: me.ahoo.cosec.authorization.SimpleAuthorization$authorize$2$1$WhenMappings */
                            /* loaded from: input_file:me/ahoo/cosec/authorization/SimpleAuthorization$authorize$2$1$WhenMappings.class */
                            public /* synthetic */ class WhenMappings {
                                public static final /* synthetic */ int[] $EnumSwitchMapping$0;

                                static {
                                    int[] iArr = new int[VerifyResult.values().length];
                                    try {
                                        iArr[VerifyResult.ALLOW.ordinal()] = 1;
                                    } catch (NoSuchFieldError e) {
                                    }
                                    try {
                                        iArr[VerifyResult.EXPLICIT_DENY.ordinal()] = 2;
                                    } catch (NoSuchFieldError e2) {
                                    }
                                    try {
                                        iArr[VerifyResult.IMPLICIT_DENY.ordinal()] = 3;
                                    } catch (NoSuchFieldError e3) {
                                    }
                                    $EnumSwitchMapping$0 = iArr;
                                }
                            }

                            public final AuthorizeResult invoke(@NotNull VerifyResult verifyResult2) {
                                Intrinsics.checkNotNullParameter(verifyResult2, "roleVerifyResult");
                                switch (WhenMappings.$EnumSwitchMapping$0[verifyResult2.ordinal()]) {
                                    case 1:
                                        return AuthorizeResult.Companion.getALLOW();
                                    case 2:
                                        return AuthorizeResult.Companion.getEXPLICIT_DENY();
                                    case 3:
                                        return AuthorizeResult.Companion.getIMPLICIT_DENY();
                                    default:
                                        throw new NoWhenBranchMatchedException();
                                }
                            }
                        };
                        Mono<? extends AuthorizeResult> map = verifyRolePolicies.map((v1) -> {
                            return invoke$lambda$0(r1, v1);
                        });
                        Intrinsics.checkNotNullExpressionValue(map, "{\n                      …  }\n                    }");
                        return map;
                    default:
                        throw new NoWhenBranchMatchedException();
                }
            }

            private static final AuthorizeResult invoke$lambda$0(Function1 function13, Object obj) {
                Intrinsics.checkNotNullParameter(function13, "$tmp0");
                return (AuthorizeResult) function13.invoke(obj);
            }
        };
        Mono<AuthorizeResult> flatMap2 = flatMap.flatMap((v1) -> {
            return authorize$lambda$10(r1, v1);
        });
        Intrinsics.checkNotNullExpressionValue(flatMap2, "override fun authorize(r…    }\n            }\n    }");
        return flatMap2;
    }

    private static final VerifyResult verifyGlobalPolicies$lambda$6(Function1 function1, Object obj) {
        Intrinsics.checkNotNullParameter(function1, "$tmp0");
        return (VerifyResult) function1.invoke(obj);
    }

    private static final VerifyResult verifyPrincipalPolicies$lambda$7(Function1 function1, Object obj) {
        Intrinsics.checkNotNullParameter(function1, "$tmp0");
        return (VerifyResult) function1.invoke(obj);
    }

    private static final VerifyResult verifyRolePolicies$lambda$8(Function1 function1, Object obj) {
        Intrinsics.checkNotNullParameter(function1, "$tmp0");
        return (VerifyResult) function1.invoke(obj);
    }

    private static final Mono authorize$lambda$9(Function1 function1, Object obj) {
        Intrinsics.checkNotNullParameter(function1, "$tmp0");
        return (Mono) function1.invoke(obj);
    }

    private static final Mono authorize$lambda$10(Function1 function1, Object obj) {
        Intrinsics.checkNotNullParameter(function1, "$tmp0");
        return (Mono) function1.invoke(obj);
    }
}
