package org.eclipse.ditto.policies.api;

import java.text.MessageFormat;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import org.eclipse.ditto.base.model.common.Validator;
import org.eclipse.ditto.policies.model.PoliciesResourceType;
import org.eclipse.ditto.policies.model.PolicyEntry;
import org.eclipse.ditto.policies.model.ResourceKey;

/* loaded from: input_file:org/eclipse/ditto/policies/api/PoliciesValidator.class */
public final class PoliciesValidator implements Validator {
    private static final ResourceKey ROOT_RESOURCE = PoliciesResourceType.policyResource("/");
    private static final String NO_AUTH_SUBJECT_PATTERN = "It must contain at least one permanent Subject with permission(s) <{0}> on resource <{1}>!";
    private final Iterable<PolicyEntry> policyEntries;
    private boolean validationResult = true;
    private String reason = null;

    private PoliciesValidator(Iterable<PolicyEntry> iterable) {
        this.policyEntries = iterable;
    }

    public static PoliciesValidator newInstance(Iterable<PolicyEntry> iterable) {
        Objects.requireNonNull(iterable, "The policyEntries to validate must not be null!");
        return new PoliciesValidator(iterable);
    }

    public boolean isValid() {
        Set set = (Set) StreamSupport.stream(this.policyEntries.spliterator(), false).filter(this::hasPermissionGranted).map((v0) -> {
            return v0.getSubjects();
        }).flatMap((v0) -> {
            return v0.stream();
        }).filter(subject -> {
            return subject.getExpiry().isEmpty();
        }).collect(Collectors.toSet());
        set.removeAll((Set) StreamSupport.stream(this.policyEntries.spliterator(), false).filter(this::hasPermissionRevoked).map((v0) -> {
            return v0.getSubjects();
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toSet()));
        this.validationResult = !set.isEmpty();
        if (!this.validationResult) {
            this.reason = MessageFormat.format(NO_AUTH_SUBJECT_PATTERN, Permission.MIN_REQUIRED_POLICY_PERMISSIONS, ROOT_RESOURCE);
        }
        return this.validationResult;
    }

    private boolean hasPermissionGranted(PolicyEntry policyEntry) {
        return policyEntry.getResources().stream().anyMatch(resource -> {
            return ROOT_RESOURCE.equals(resource.getResourceKey()) && resource.getEffectedPermissions().getGrantedPermissions().contains(Permission.MIN_REQUIRED_POLICY_PERMISSIONS);
        });
    }

    private boolean hasPermissionRevoked(PolicyEntry policyEntry) {
        return policyEntry.getResources().stream().anyMatch(resource -> {
            return ROOT_RESOURCE.equals(resource.getResourceKey()) && resource.getEffectedPermissions().getRevokedPermissions().contains(Permission.MIN_REQUIRED_POLICY_PERMISSIONS);
        });
    }

    public Optional<String> getReason() {
        return Optional.ofNullable(this.reason);
    }
}
