package io.crnk.security;

import io.crnk.core.engine.registry.RegistryEntry;
import io.crnk.core.exception.ResourceNotFoundException;
import io.crnk.core.module.InitializingModule;
import io.crnk.core.module.Module;
import io.crnk.core.utils.Supplier;
import io.crnk.security.internal.SecurityRepositoryFilter;
import io.crnk.security.internal.SecurityResourceFilter;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/crnk/security/SecurityModule.class */
public class SecurityModule implements InitializingModule {
    protected static final String ALL_ROLE = null;
    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityModule.class);
    private Map<String, Map<String, ResourcePermission>> permissions;
    private Module.ModuleContext context;
    private Supplier<Boolean> enabled = new Supplier<Boolean>() { // from class: io.crnk.security.SecurityModule.1
        /* renamed from: get, reason: merged with bridge method [inline-methods] */
        public Boolean m2get() {
            return Boolean.TRUE;
        }
    };
    private SecurityConfig config;

    protected SecurityModule() {
    }

    protected SecurityModule(SecurityConfig securityConfig) {
        this.config = securityConfig;
    }

    public static SecurityModule newServerModule(SecurityConfig securityConfig) {
        return new SecurityModule(securityConfig);
    }

    public static SecurityModule newClientModule() {
        return new SecurityModule(null);
    }

    private static void configureRule(Map<String, Map<String, ResourcePermission>> map, String str, String str2, ResourcePermission resourcePermission) {
        Map<String, ResourcePermission> map2 = map.get(str);
        if (map2 == null) {
            map2 = new HashMap();
            map.put(str, map2);
        }
        ResourcePermission resourcePermission2 = map2.get(str2);
        ResourcePermission resourcePermission3 = resourcePermission;
        if (resourcePermission2 != null) {
            resourcePermission3 = resourcePermission2.or(resourcePermission);
        }
        map2.put(str2, resourcePermission3);
        LOGGER.debug("configure rule for resourceType={} role={} permission=", new Object[]{str, str2, resourcePermission});
    }

    private static ResourcePermission updateMissingPermissions(ResourcePermission resourcePermission, ResourcePermission resourcePermission2) {
        return resourcePermission.and(resourcePermission.xor(resourcePermission2));
    }

    public void setEnabled(final boolean z) {
        setEnabled(new Supplier<Boolean>() { // from class: io.crnk.security.SecurityModule.2
            /* renamed from: get, reason: merged with bridge method [inline-methods] */
            public Boolean m3get() {
                return Boolean.valueOf(z);
            }
        });
    }

    public boolean isEnabled() {
        return ((Boolean) this.enabled.get()).booleanValue();
    }

    public void setEnabled(Supplier<Boolean> supplier) {
        this.enabled = supplier;
    }

    public String getModuleName() {
        return "security";
    }

    public void init() {
    }

    private void checkInit() {
        if (this.config == null || this.permissions != null) {
            return;
        }
        reconfigure(this.config);
    }

    public void reconfigure(SecurityConfig securityConfig) {
        Class<?> resourceClass;
        this.config = securityConfig;
        LOGGER.debug("reconfiguring with {} rules", Integer.valueOf(securityConfig.getRules().size()));
        HashMap hashMap = new HashMap();
        for (SecurityRule securityRule : securityConfig.getRules()) {
            String resourceType = securityRule.getResourceType();
            if (resourceType == null && (resourceClass = securityRule.getResourceClass()) != null) {
                resourceType = toType(resourceClass);
            }
            if (resourceType == null) {
                Iterator it = this.context.getResourceRegistry().getResources().iterator();
                while (it.hasNext()) {
                    configureRule(hashMap, ((RegistryEntry) it.next()).getResourceInformation().getResourceType(), securityRule.getRole(), securityRule.getPermission());
                }
            } else {
                configureRule(hashMap, resourceType, securityRule.getRole(), securityRule.getPermission());
            }
        }
        this.permissions = hashMap;
    }

    public SecurityConfig getConfig() {
        return this.config;
    }

    public void setupModule(Module.ModuleContext moduleContext) {
        this.context = moduleContext;
        moduleContext.addRepositoryFilter(new SecurityRepositoryFilter(this));
        moduleContext.addResourceFilter(new SecurityResourceFilter(this));
    }

    public boolean isAllowed(Class<?> cls, ResourcePermission resourcePermission) {
        return isAllowed(toType(cls), resourcePermission);
    }

    public boolean isAllowed(String str, ResourcePermission resourcePermission) {
        if (!isEnabled()) {
            return true;
        }
        checkInit();
        Map<String, ResourcePermission> map = this.permissions.get(str);
        ResourcePermission resourcePermission2 = resourcePermission;
        if (map != null) {
            for (Map.Entry<String, ResourcePermission> entry : map.entrySet()) {
                String key = entry.getKey();
                ResourcePermission and = entry.getValue().and(resourcePermission);
                if ((!and.isEmpty()) && isUserInRole(key)) {
                    resourcePermission2 = updateMissingPermissions(resourcePermission2, and);
                    if (resourcePermission2.isEmpty()) {
                        break;
                    }
                }
            }
        }
        boolean isEmpty = resourcePermission2.isEmpty();
        LOGGER.debug("isAllowed returns {} for permission {} due to missing {}", new Object[]{Boolean.valueOf(isEmpty), resourcePermission, resourcePermission2});
        return isEmpty;
    }

    public ResourcePermission getResourcePermission(Class<?> cls) {
        return getResourcePermission(toType(cls));
    }

    public ResourcePermission getResourcePermission(String str) {
        checkInit();
        if (!isEnabled()) {
            return ResourcePermission.ALL;
        }
        Map<String, ResourcePermission> map = this.permissions.get(str);
        ResourcePermission resourcePermission = ResourcePermission.EMPTY;
        if (map != null) {
            for (Map.Entry<String, ResourcePermission> entry : map.entrySet()) {
                if (isUserInRole(entry.getKey())) {
                    resourcePermission = resourcePermission.or(entry.getValue());
                }
            }
        }
        return resourcePermission;
    }

    public boolean isUserInRole(String str) {
        if (!isEnabled()) {
            throw new IllegalStateException("security module is disabled");
        }
        checkInit();
        boolean z = str == ALL_ROLE || this.context.getSecurityProvider().isUserInRole(str);
        LOGGER.debug("isUserInRole returns {} for role {}", Boolean.valueOf(z), str);
        return z;
    }

    private <T> String toType(Class<T> cls) {
        RegistryEntry entryForClass = this.context.getResourceRegistry().getEntryForClass(cls);
        if (entryForClass == null) {
            throw new ResourceNotFoundException("resource type not found: " + cls.getName());
        }
        return entryForClass.getResourceInformation().getResourceType();
    }
}
