package com.azure.resourcemanager.authorization.utils;

import com.azure.core.management.exception.ManagementException;
import com.azure.resourcemanager.authorization.AuthorizationManager;
import com.azure.resourcemanager.authorization.models.BuiltInRole;
import com.azure.resourcemanager.authorization.models.RoleAssignment;
import com.azure.resourcemanager.resources.fluentcore.arm.ResourceId;
import com.azure.resourcemanager.resources.fluentcore.dag.TaskGroup;
import com.azure.resourcemanager.resources.fluentcore.model.Indexable;
import java.util.Objects;
import reactor.core.publisher.Mono;

/* loaded from: input_file:WEB-INF/lib/azure-resourcemanager-authorization-2.25.0.jar:com/azure/resourcemanager/authorization/utils/RoleAssignmentHelper.class */
public class RoleAssignmentHelper {
    private static final String CURRENT_RESOURCE_GROUP_SCOPE = "CURRENT_RESOURCE_GROUP";
    private final AuthorizationManager authorizationManager;
    private final IdProvider idProvider;
    private final TaskGroup preRunTaskGroup;

    /* loaded from: input_file:WEB-INF/lib/azure-resourcemanager-authorization-2.25.0.jar:com/azure/resourcemanager/authorization/utils/RoleAssignmentHelper$IdProvider.class */
    public interface IdProvider {
        String principalId();

        String resourceId();
    }

    public RoleAssignmentHelper(AuthorizationManager authorizationManager, TaskGroup taskGroup, IdProvider idProvider) {
        this.authorizationManager = (AuthorizationManager) Objects.requireNonNull(authorizationManager);
        this.idProvider = (IdProvider) Objects.requireNonNull(idProvider);
        this.preRunTaskGroup = (TaskGroup) Objects.requireNonNull(taskGroup);
    }

    public RoleAssignmentHelper withAccessToCurrentResourceGroup(BuiltInRole builtInRole) {
        return withAccessTo(CURRENT_RESOURCE_GROUP_SCOPE, builtInRole);
    }

    public RoleAssignmentHelper withAccessTo(String str, BuiltInRole builtInRole) {
        this.preRunTaskGroup.addPostRunDependent(context -> {
            String principalId = this.idProvider.principalId();
            if (principalId == null) {
                return context.voidMono();
            }
            return this.authorizationManager.roleAssignments().define2(this.authorizationManager.internalContext().randomUuid()).forObjectId(principalId).withBuiltInRole(builtInRole).withScope(str.equals(CURRENT_RESOURCE_GROUP_SCOPE) ? resourceGroupId(this.idProvider.resourceId()) : str).createAsync().cast(Indexable.class).onErrorResume(th -> {
                return isRoleAssignmentExists(th) ? context.voidMono() : Mono.error(th);
            });
        }, this.authorizationManager.internalContext());
        return this;
    }

    public RoleAssignmentHelper withAccessToCurrentResourceGroup(String str) {
        return withAccessTo(CURRENT_RESOURCE_GROUP_SCOPE, str);
    }

    public RoleAssignmentHelper withAccessTo(String str, String str2) {
        this.preRunTaskGroup.addPostRunDependent(context -> {
            String principalId = this.idProvider.principalId();
            if (principalId == null) {
                return context.voidMono();
            }
            return this.authorizationManager.roleAssignments().define2(this.authorizationManager.internalContext().randomUuid()).forObjectId(principalId).withRoleDefinition(str2).withScope(str.equals(CURRENT_RESOURCE_GROUP_SCOPE) ? resourceGroupId(this.idProvider.resourceId()) : str).createAsync().cast(Indexable.class).onErrorResume(th -> {
                return isRoleAssignmentExists(th) ? context.voidMono() : Mono.error(th);
            });
        }, this.authorizationManager.internalContext());
        return this;
    }

    public RoleAssignmentHelper withoutAccessTo(RoleAssignment roleAssignment) {
        String principalId = roleAssignment.principalId();
        if (principalId == null || !principalId.equalsIgnoreCase(this.idProvider.principalId())) {
            return this;
        }
        this.preRunTaskGroup.addPostRunDependent(context -> {
            return this.authorizationManager.roleAssignments().deleteByIdAsync(roleAssignment.id()).then(context.voidMono());
        });
        return this;
    }

    public RoleAssignmentHelper withoutAccessTo(String str, BuiltInRole builtInRole) {
        this.preRunTaskGroup.addPostRunDependent(context -> {
            return this.authorizationManager.roleDefinitions().getByScopeAndRoleNameAsync(str, builtInRole.toString()).flatMap(roleDefinition -> {
                return this.authorizationManager.roleAssignments().listByScopeAsync(str).filter(roleAssignment -> {
                    return roleDefinition != null && roleAssignment != null && roleAssignment.roleDefinitionId().equalsIgnoreCase(roleDefinition.id()) && roleAssignment.principalId().equalsIgnoreCase(this.idProvider.principalId());
                }).last();
            }).flatMap(roleAssignment -> {
                return this.authorizationManager.roleAssignments().deleteByIdAsync(roleAssignment.id()).then(context.voidMono());
            });
        });
        return this;
    }

    private static String resourceGroupId(String str) {
        ResourceId fromString = ResourceId.fromString(str);
        StringBuilder sb = new StringBuilder();
        sb.append("/subscriptions/").append(fromString.subscriptionId()).append("/resourceGroups/").append(fromString.resourceGroupName());
        return sb.toString();
    }

    private static boolean isRoleAssignmentExists(Throwable th) {
        if (!(th instanceof ManagementException)) {
            return false;
        }
        ManagementException managementException = (ManagementException) th;
        return (managementException.getValue() == null || managementException.getValue().getCode() == null || !managementException.getValue().getCode().equalsIgnoreCase("RoleAssignmentExists")) ? false : true;
    }
}
