package com.evolveum.midpoint.security.enforcer.impl;

import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.security.api.Authorization;
import com.evolveum.midpoint.security.enforcer.api.ItemSecurityConstraints;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationDecisionType;

/* loaded from: input_file:WEB-INF/lib/security-enforcer-impl-4.0.5-SNAPSHOT.jar:com/evolveum/midpoint/security/enforcer/impl/ItemSecurityConstraintsImpl.class */
public class ItemSecurityConstraintsImpl implements ItemSecurityConstraints {
    private AutzItemPaths allowedItems = new AutzItemPaths();
    private AutzItemPaths deniedItems = new AutzItemPaths();

    /* JADX INFO: Access modifiers changed from: protected */
    public AutzItemPaths getAllowedItems() {
        return this.allowedItems;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AutzItemPaths getDeniedItems() {
        return this.deniedItems;
    }

    public AutzItemPaths get(AuthorizationDecisionType authorizationDecisionType) {
        switch (authorizationDecisionType) {
            case ALLOW:
                return this.allowedItems;
            case DENY:
                return this.deniedItems;
            default:
                return null;
        }
    }

    public void collectItems(Authorization authorization) {
        AuthorizationDecisionType decision = authorization.getDecision();
        if (decision == null || decision == AuthorizationDecisionType.ALLOW) {
            this.allowedItems.collectItems(authorization);
        } else {
            this.deniedItems.collectItems(authorization);
        }
    }

    @Override // com.evolveum.midpoint.security.enforcer.api.ItemSecurityConstraints
    public AuthorizationDecisionType findItemDecision(ItemPath itemPath) {
        if (this.deniedItems.isApplicable(itemPath)) {
            return AuthorizationDecisionType.DENY;
        }
        if (this.allowedItems.isApplicable(itemPath)) {
            return AuthorizationDecisionType.ALLOW;
        }
        return null;
    }

    @Override // com.evolveum.midpoint.util.DebugDumpable
    public String debugDump(int i) {
        StringBuilder createTitleStringBuilderLn = DebugUtil.createTitleStringBuilderLn(ItemSecurityConstraintsImpl.class, i);
        DebugUtil.debugDumpShortWithLabelLn(createTitleStringBuilderLn, "allowedItems", this.allowedItems, i + 1);
        DebugUtil.debugDumpShortWithLabel(createTitleStringBuilderLn, "deniedItems", this.deniedItems, i + 1);
        return createTitleStringBuilderLn.toString();
    }

    public String toString() {
        StringBuilder sb = new StringBuilder("ItemSecurityConstraintsImpl(allowedItems=");
        this.allowedItems.shortDump(sb);
        sb.append(", deniedItems=");
        this.deniedItems.shortDump(sb);
        sb.append(")");
        return sb.toString();
    }
}
