package com.evolveum.midpoint.security.api;

import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.util.DebugDumpable;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.ShortDumpable;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentHolderType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OtherPrivilegesLimitationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.WorkItemSelectorType;
import java.io.Serializable;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.jetbrains.annotations.VisibleForTesting;

/* loaded from: input_file:com/evolveum/midpoint/security/api/OtherPrivilegesLimitations.class */
public class OtherPrivilegesLimitations implements DebugDumpable, Serializable {

    @NotNull
    private final Map<SimpleReference, Limitation> limitationMap = new HashMap();
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:com/evolveum/midpoint/security/api/OtherPrivilegesLimitations$Limitation.class */
    public static final class Limitation extends Record implements ShortDumpable, Serializable, Cloneable {

        @NotNull
        private final Collection<Type> allowedTypes;

        public Limitation(@NotNull Collection<Type> collection) {
            this.allowedTypes = collection;
        }

        public static Limitation allowingAll() {
            return new Limitation(new HashSet(List.of((Object[]) Type.values())));
        }

        public static Limitation allowingNone() {
            return new Limitation(new HashSet());
        }

        public void restrict(@Nullable OtherPrivilegesLimitationType otherPrivilegesLimitationType) {
            if (otherPrivilegesLimitationType == null) {
                return;
            }
            if (isDenied(otherPrivilegesLimitationType.getCertificationWorkItems())) {
                this.allowedTypes.remove(Type.ACCESS_CERTIFICATION);
            }
            if (isDenied((WorkItemSelectorType) MiscUtil.getFirstNonNull(new WorkItemSelectorType[]{otherPrivilegesLimitationType.getCaseManagementWorkItems(), otherPrivilegesLimitationType.getApprovalWorkItems()}))) {
                this.allowedTypes.remove(Type.CASES);
            }
        }

        private boolean isDenied(WorkItemSelectorType workItemSelectorType) {
            return workItemSelectorType == null || !Boolean.TRUE.equals(workItemSelectorType.isAll());
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: clone, reason: merged with bridge method [inline-methods] */
        public Limitation m6clone() {
            try {
                return (Limitation) super.clone();
            } catch (CloneNotSupportedException e) {
                throw SystemException.unexpected(e);
            }
        }

        @VisibleForTesting
        public Limitation allow(@NotNull Type type) {
            this.allowedTypes.add(type);
            return this;
        }

        public Limitation allow(@NotNull Limitation limitation) {
            this.allowedTypes.addAll(limitation.allowedTypes);
            return this;
        }

        public boolean allows(@NotNull Type type) {
            return this.allowedTypes.contains(type);
        }

        public void shortDump(StringBuilder sb) {
            sb.append("allowed: ").append(this.allowedTypes);
        }

        @Override // java.lang.Record
        public String toString() {
            return "Limitation{allowedTypes=" + this.allowedTypes + "}";
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, Limitation.class), Limitation.class, "allowedTypes", "FIELD:Lcom/evolveum/midpoint/security/api/OtherPrivilegesLimitations$Limitation;->allowedTypes:Ljava/util/Collection;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, Limitation.class, Object.class), Limitation.class, "allowedTypes", "FIELD:Lcom/evolveum/midpoint/security/api/OtherPrivilegesLimitations$Limitation;->allowedTypes:Ljava/util/Collection;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        @NotNull
        public Collection<Type> allowedTypes() {
            return this.allowedTypes;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/evolveum/midpoint/security/api/OtherPrivilegesLimitations$SimpleReference.class */
    public static final class SimpleReference extends Record implements Serializable {

        @NotNull
        private final Class<?> type;

        @NotNull
        private final String oid;

        private SimpleReference(@NotNull Class<?> cls, @NotNull String str) {
            this.type = cls;
            this.oid = str;
        }

        @NotNull
        static SimpleReference of(PrismObject<?> prismObject) {
            return new SimpleReference(prismObject.asObjectable().getClass(), (String) MiscUtil.argNonNull(prismObject.getOid(), "No OID of %s", new Object[]{prismObject}));
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, SimpleReference.class), SimpleReference.class, "type;oid", "FIELD:Lcom/evolveum/midpoint/security/api/OtherPrivilegesLimitations$SimpleReference;->type:Ljava/lang/Class;", "FIELD:Lcom/evolveum/midpoint/security/api/OtherPrivilegesLimitations$SimpleReference;->oid:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, SimpleReference.class), SimpleReference.class, "type;oid", "FIELD:Lcom/evolveum/midpoint/security/api/OtherPrivilegesLimitations$SimpleReference;->type:Ljava/lang/Class;", "FIELD:Lcom/evolveum/midpoint/security/api/OtherPrivilegesLimitations$SimpleReference;->oid:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, SimpleReference.class, Object.class), SimpleReference.class, "type;oid", "FIELD:Lcom/evolveum/midpoint/security/api/OtherPrivilegesLimitations$SimpleReference;->type:Ljava/lang/Class;", "FIELD:Lcom/evolveum/midpoint/security/api/OtherPrivilegesLimitations$SimpleReference;->oid:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        @NotNull
        public Class<?> type() {
            return this.type;
        }

        @NotNull
        public String oid() {
            return this.oid;
        }
    }

    /* loaded from: input_file:com/evolveum/midpoint/security/api/OtherPrivilegesLimitations$Type.class */
    public enum Type {
        CASES,
        ACCESS_CERTIFICATION
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void copyValuesFrom(OtherPrivilegesLimitations otherPrivilegesLimitations) {
        if (!$assertionsDisabled && !this.limitationMap.isEmpty()) {
            throw new AssertionError();
        }
        otherPrivilegesLimitations.limitationMap.forEach((simpleReference, limitation) -> {
            this.limitationMap.put(simpleReference, limitation.m6clone());
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addDelegationTarget(PrismObject<? extends AssignmentHolderType> prismObject, @NotNull Limitation limitation) {
        this.limitationMap.compute(SimpleReference.of(prismObject), (simpleReference, limitation2) -> {
            if (limitation2 == null) {
                limitation2 = Limitation.allowingNone();
            }
            limitation2.allow(limitation);
            return limitation2;
        });
    }

    @Nullable
    public Limitation get(@NotNull Class<?> cls, @NotNull String str) {
        return this.limitationMap.get(new SimpleReference(cls, str));
    }

    public String debugDump(int i) {
        StringBuilder createTitleStringBuilderLn = DebugUtil.createTitleStringBuilderLn(getClass(), i);
        DebugUtil.debugDumpWithLabel(createTitleStringBuilderLn, "limitations", this.limitationMap, i + 1);
        return createTitleStringBuilderLn.toString();
    }

    public String toString() {
        return "OtherPrivilegesLimitations{limitationMap=" + this.limitationMap + "}";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public Set<String> getDelegatorsFor(@Nullable Type type) {
        return (Set) this.limitationMap.entrySet().stream().filter(entry -> {
            return type == null || ((Limitation) entry.getValue()).allows(type);
        }).map(entry2 -> {
            return (SimpleReference) entry2.getKey();
        }).filter(simpleReference -> {
            return simpleReference.type.equals(UserType.class);
        }).map(simpleReference2 -> {
            return simpleReference2.oid;
        }).collect(Collectors.toSet());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public Set<String> getDelegatedMembershipFor(@Nullable Type type) {
        return (Set) this.limitationMap.entrySet().stream().filter(entry -> {
            return type == null || ((Limitation) entry.getValue()).allows(type);
        }).map(entry2 -> {
            return ((SimpleReference) entry2.getKey()).oid;
        }).collect(Collectors.toSet());
    }

    public void clear() {
        this.limitationMap.clear();
    }

    static {
        $assertionsDisabled = !OtherPrivilegesLimitations.class.desiredAssertionStatus();
    }
}
