package org.eclipse.ditto.model.enforcers.trie;

import java.util.Set;
import java.util.stream.Collectors;
import org.eclipse.ditto.json.JsonFactory;
import org.eclipse.ditto.json.JsonField;
import org.eclipse.ditto.json.JsonKey;
import org.eclipse.ditto.json.JsonObject;
import org.eclipse.ditto.model.base.auth.AuthorizationContext;
import org.eclipse.ditto.model.base.common.ConditionChecker;
import org.eclipse.ditto.model.enforcers.EffectedSubjectIds;
import org.eclipse.ditto.model.enforcers.Enforcer;
import org.eclipse.ditto.model.policies.Permissions;
import org.eclipse.ditto.model.policies.Policy;
import org.eclipse.ditto.model.policies.PolicyEntry;
import org.eclipse.ditto.model.policies.ResourceKey;

/* loaded from: input_file:org/eclipse/ditto/model/enforcers/trie/TrieBasedPolicyEnforcer.class */
public final class TrieBasedPolicyEnforcer implements Enforcer {
    private final PolicyTrie inheritedTrie;
    private final PolicyTrie bottomUpGrantTrie;
    private final PolicyTrie bottomUpRevokeTrie;

    private TrieBasedPolicyEnforcer(Iterable<PolicyEntry> iterable) {
        this.inheritedTrie = PolicyTrie.fromPolicy(iterable).getTransitiveClosure();
        this.bottomUpGrantTrie = this.inheritedTrie.getBottomUpGrantTrie();
        this.bottomUpRevokeTrie = this.inheritedTrie.getBottomUpRevokeTrie();
    }

    public static TrieBasedPolicyEnforcer newInstance(Policy policy) {
        return new TrieBasedPolicyEnforcer((Iterable) ConditionChecker.checkNotNull(policy, "policy to interpret"));
    }

    @Override // org.eclipse.ditto.model.enforcers.Enforcer
    public boolean hasUnrestrictedPermissions(ResourceKey resourceKey, AuthorizationContext authorizationContext, Permissions permissions) {
        return seekWithFallback(resourceKey, this.bottomUpRevokeTrie, this.inheritedTrie).getGrantRevokeIndex().hasPermissions(getSubjectIds(authorizationContext), permissions);
    }

    @Override // org.eclipse.ditto.model.enforcers.Enforcer
    public boolean hasPartialPermissions(ResourceKey resourceKey, AuthorizationContext authorizationContext, Permissions permissions) {
        return seekWithFallback(resourceKey, this.bottomUpGrantTrie, this.inheritedTrie).getGrantRevokeIndex().hasPermissions(getSubjectIds(authorizationContext), permissions);
    }

    @Override // org.eclipse.ditto.model.enforcers.Enforcer
    public EffectedSubjectIds getSubjectIdsWithPermission(ResourceKey resourceKey, Permissions permissions) {
        checkResourceKey(resourceKey);
        checkPermissions(permissions);
        return this.inheritedTrie.seekToLeastAncestor(PolicyTrie.getJsonKeyIterator(resourceKey)).getGrantRevokeIndex().getEffectedSubjectIds(permissions);
    }

    private static void checkResourceKey(ResourceKey resourceKey) {
        ConditionChecker.checkNotNull(resourceKey, "resource key");
    }

    private static void checkPermissions(Permissions permissions) {
        ConditionChecker.checkNotNull(permissions, "permissions to check");
    }

    @Override // org.eclipse.ditto.model.enforcers.Enforcer
    public Set<String> getSubjectIdsWithPartialPermission(ResourceKey resourceKey, Permissions permissions) {
        checkResourceKey(resourceKey);
        checkPermissions(permissions);
        return seekWithFallback(resourceKey, this.bottomUpGrantTrie, this.inheritedTrie).getGrantRevokeIndex().getGrantedSubjectIds(permissions);
    }

    @Override // org.eclipse.ditto.model.enforcers.Enforcer
    public JsonObject buildJsonView(ResourceKey resourceKey, Iterable<JsonField> iterable, AuthorizationContext authorizationContext, Permissions permissions) {
        checkResourceKey(resourceKey);
        ConditionChecker.checkNotNull(iterable, "JSON fields");
        checkPermissions(permissions);
        return this.inheritedTrie.hasChild(JsonKey.of(resourceKey.getResourceType())) ? this.inheritedTrie.seekToLeastAncestor(PolicyTrie.getJsonKeyIterator(resourceKey)).buildJsonView(iterable, getSubjectIds(authorizationContext), permissions) : JsonFactory.newObject();
    }

    private static Set<String> getSubjectIds(AuthorizationContext authorizationContext) {
        ConditionChecker.checkNotNull(authorizationContext, "Authorization Context");
        return (Set) authorizationContext.stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet());
    }

    private static PolicyTrie seekWithFallback(ResourceKey resourceKey, PolicyTrie policyTrie, PolicyTrie policyTrie2) {
        return policyTrie.seekToExactNode(PolicyTrie.getJsonKeyIterator(resourceKey)).orElseGet(() -> {
            return policyTrie2.seekToLeastAncestor(PolicyTrie.getJsonKeyIterator(resourceKey));
        });
    }
}
