package com.evolveum.midpoint.security.impl;

import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.security.api.AuthorizationConstants;
import com.evolveum.midpoint.security.api.ObjectSecurityConstraints;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationDecisionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:com/evolveum/midpoint/security/impl/ObjectSecurityConstraintsImpl.class */
public class ObjectSecurityConstraintsImpl implements ObjectSecurityConstraints {
    private Map<ItemPath, ItemSecurityConstraintsImpl> itemConstraintMap = new HashMap();
    private Map<String, PhaseDecisionImpl> actionDecisionMap = new HashMap();

    public Map<ItemPath, ItemSecurityConstraintsImpl> getItemConstraintMap() {
        return this.itemConstraintMap;
    }

    public Map<String, PhaseDecisionImpl> getActionDecisionMap() {
        return this.actionDecisionMap;
    }

    public AuthorizationDecisionType getActionDecision(String str, AuthorizationPhaseType authorizationPhaseType) {
        AuthorizationDecisionType simpleActionDecision = getSimpleActionDecision(this.actionDecisionMap, str, authorizationPhaseType);
        AuthorizationDecisionType simpleActionDecision2 = getSimpleActionDecision(this.actionDecisionMap, AuthorizationConstants.AUTZ_ALL_URL, authorizationPhaseType);
        if (simpleActionDecision == null && simpleActionDecision2 == null) {
            return null;
        }
        return (simpleActionDecision == AuthorizationDecisionType.DENY || simpleActionDecision2 == AuthorizationDecisionType.DENY) ? AuthorizationDecisionType.DENY : simpleActionDecision != null ? simpleActionDecision : simpleActionDecision2;
    }

    private AuthorizationDecisionType getSimpleActionDecision(Map<String, PhaseDecisionImpl> map, String str, AuthorizationPhaseType authorizationPhaseType) {
        PhaseDecisionImpl phaseDecisionImpl = map.get(str);
        if (phaseDecisionImpl == null) {
            return null;
        }
        if (authorizationPhaseType == AuthorizationPhaseType.REQUEST) {
            return phaseDecisionImpl.getRequestDecision();
        }
        if (authorizationPhaseType == AuthorizationPhaseType.EXECUTION) {
            return phaseDecisionImpl.getExecDecision();
        }
        if (authorizationPhaseType != null) {
            throw new IllegalArgumentException("Unexpected phase " + authorizationPhaseType);
        }
        if (phaseDecisionImpl.getRequestDecision() == null && phaseDecisionImpl.getExecDecision() == null) {
            return null;
        }
        if (phaseDecisionImpl.getRequestDecision() == AuthorizationDecisionType.DENY || phaseDecisionImpl.getExecDecision() == AuthorizationDecisionType.DENY) {
            return AuthorizationDecisionType.DENY;
        }
        if (phaseDecisionImpl.getRequestDecision() == null || phaseDecisionImpl.getExecDecision() == null) {
            return null;
        }
        return AuthorizationDecisionType.ALLOW;
    }

    public AuthorizationDecisionType findItemDecision(ItemPath itemPath, String str, AuthorizationPhaseType authorizationPhaseType) {
        ItemSecurityConstraintsImpl value;
        boolean z = false;
        for (Map.Entry<ItemPath, ItemSecurityConstraintsImpl> entry : this.itemConstraintMap.entrySet()) {
            if (entry.getKey().isSubPathOrEquivalent(itemPath) && (value = entry.getValue()) != null) {
                AuthorizationDecisionType simpleActionDecision = getSimpleActionDecision(value.getActionDecisionMap(), str, authorizationPhaseType);
                AuthorizationDecisionType simpleActionDecision2 = getSimpleActionDecision(value.getActionDecisionMap(), AuthorizationConstants.AUTZ_ALL_URL, authorizationPhaseType);
                if (simpleActionDecision == AuthorizationDecisionType.DENY || simpleActionDecision2 == AuthorizationDecisionType.DENY) {
                    return AuthorizationDecisionType.DENY;
                }
                if (simpleActionDecision == AuthorizationDecisionType.ALLOW || simpleActionDecision2 == AuthorizationDecisionType.ALLOW) {
                    z = true;
                }
            }
        }
        if (z) {
            return AuthorizationDecisionType.ALLOW;
        }
        return null;
    }

    public boolean hasNoItemDecisions() {
        return this.itemConstraintMap.isEmpty();
    }

    public String debugDump() {
        return debugDump(0);
    }

    public String debugDump(int i) {
        StringBuilder sb = new StringBuilder();
        DebugUtil.indentDebugDump(sb, i);
        sb.append("ObjectSecurityConstraintsImpl");
        sb.append("\n");
        DebugUtil.debugDumpWithLabel(sb, "itemConstraintMap", this.itemConstraintMap, i + 1);
        sb.append("\n");
        DebugUtil.debugDumpWithLabel(sb, "actionDecisionMap", this.actionDecisionMap, i + 1);
        return sb.toString();
    }
}
