package com.evolveum.midpoint.security.api;

import com.evolveum.midpoint.prism.path.PathSet;
import com.evolveum.midpoint.schema.selector.spec.ValueSelector;
import com.evolveum.midpoint.util.DebugDumpable;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationDecisionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationEnforcementStrategyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationLimitationsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OrderConstraintsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OwnedObjectSelectorType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ZoneOfControlType;
import com.evolveum.prism.xml.ns._public.types_3.ItemPathType;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import javax.xml.namespace.QName;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:BOOT-INF/lib/security-api-4.8.7-SNAPSHOT.jar:com/evolveum/midpoint/security/api/Authorization.class */
public class Authorization implements GrantedAuthority, DebugDumpable {
    private static final long serialVersionUID = 1;

    @NotNull
    private final AuthorizationType authorizationBean;
    private String sourceDescription;

    @NotNull
    private final PathSet items;

    @NotNull
    private final PathSet exceptItems;
    private List<ValueSelector> parsedObjectSelectors;
    private List<ValueSelector> parsedTargetSelectors;

    public Authorization(@NotNull AuthorizationType authorizationType) {
        this.authorizationBean = authorizationType;
        this.items = parseItems(this.authorizationBean.getItem());
        this.exceptItems = parseItems(this.authorizationBean.getExceptItem());
    }

    public static Authorization create(@NotNull AuthorizationType authorizationType, String str) {
        Authorization authorization = new Authorization(authorizationType);
        authorization.setSourceDescription(str);
        return authorization;
    }

    @Override // org.springframework.security.core.GrantedAuthority
    public String getAuthority() {
        return null;
    }

    public String getDescription() {
        return this.authorizationBean.getDescription();
    }

    public String getSourceDescription() {
        return this.sourceDescription;
    }

    public void setSourceDescription(String str) {
        this.sourceDescription = str;
    }

    @NotNull
    public AuthorizationDecisionType getDecision() {
        return (AuthorizationDecisionType) Objects.requireNonNullElse(this.authorizationBean.getDecision(), AuthorizationDecisionType.ALLOW);
    }

    public boolean isAllow() {
        return getDecision() == AuthorizationDecisionType.ALLOW;
    }

    @NotNull
    public List<String> getAction() {
        return this.authorizationBean.getAction();
    }

    @Nullable
    public AuthorizationPhaseType getPhase() {
        return this.authorizationBean.getPhase();
    }

    public boolean matchesPhase(@Nullable AuthorizationPhaseType authorizationPhaseType) {
        AuthorizationPhaseType phase = getPhase();
        return phase == null || phase == authorizationPhaseType;
    }

    public boolean matchesAnyAction(@NotNull List<String> list) {
        List<String> action = getAction();
        if (!action.contains(AuthorizationConstants.AUTZ_ALL_URL)) {
            Stream<String> stream = action.stream();
            Objects.requireNonNull(list);
            if (!stream.anyMatch((v1) -> {
                return r1.contains(v1);
            })) {
                return false;
            }
        }
        return true;
    }

    public AuthorizationEnforcementStrategyType getEnforcementStrategy() {
        return this.authorizationBean.getEnforcementStrategy();
    }

    public boolean maySkipOnSearch() {
        return getEnforcementStrategy() == AuthorizationEnforcementStrategyType.MAY_SKIP_ON_SEARCH;
    }

    public boolean keepZoneOfControl() {
        ZoneOfControlType zoneOfControl = this.authorizationBean.getZoneOfControl();
        return zoneOfControl == null || zoneOfControl == ZoneOfControlType.KEEP;
    }

    @NotNull
    private List<OwnedObjectSelectorType> getObjectSelectors() {
        return this.authorizationBean.getObject();
    }

    @NotNull
    public synchronized List<ValueSelector> getParsedObjectSelectors() throws ConfigurationException {
        List<ValueSelector> list = this.parsedObjectSelectors;
        if (list != null) {
            return list;
        }
        this.parsedObjectSelectors = parseSelectors(getObjectSelectors());
        return this.parsedObjectSelectors;
    }

    @NotNull
    public synchronized List<ValueSelector> getParsedTargetSelectors() throws ConfigurationException {
        List<ValueSelector> list = this.parsedTargetSelectors;
        if (list != null) {
            return list;
        }
        this.parsedTargetSelectors = parseSelectors(getTargetSelectors());
        return this.parsedTargetSelectors;
    }

    private List<ValueSelector> parseSelectors(List<? extends OwnedObjectSelectorType> list) throws ConfigurationException {
        ArrayList arrayList = new ArrayList();
        Iterator<? extends OwnedObjectSelectorType> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(ValueSelector.parse(it.next()));
        }
        return arrayList;
    }

    @NotNull
    public List<ItemPathType> getItem() {
        return this.authorizationBean.getItem();
    }

    @NotNull
    public List<ItemPathType> getExceptItem() {
        return this.authorizationBean.getExceptItem();
    }

    @NotNull
    public PathSet getItems() {
        return this.items;
    }

    @NotNull
    public PathSet getExceptItems() {
        return this.exceptItems;
    }

    @NotNull
    private PathSet parseItems(@NotNull List<ItemPathType> list) {
        PathSet pathSet = new PathSet();
        Iterator<ItemPathType> it = list.iterator();
        while (it.hasNext()) {
            pathSet.add(it.next().getItemPath());
        }
        pathSet.freeze();
        return pathSet;
    }

    public boolean hasItemSpecification() {
        return (getItem().isEmpty() && getExceptItem().isEmpty()) ? false : true;
    }

    @NotNull
    private List<OwnedObjectSelectorType> getTargetSelectors() {
        return this.authorizationBean.getTarget();
    }

    @NotNull
    public List<QName> getRelation() {
        return this.authorizationBean.getRelation();
    }

    public OrderConstraintsType getOrderConstraints() {
        return this.authorizationBean.getOrderConstraints();
    }

    public AuthorizationLimitationsType getLimitations() {
        return this.authorizationBean.getLimitations();
    }

    /* renamed from: clone, reason: merged with bridge method [inline-methods] */
    public Authorization m2139clone() {
        Authorization authorization = new Authorization(this.authorizationBean.mo1362clone());
        authorization.sourceDescription = this.sourceDescription;
        return authorization;
    }

    public String getHumanReadableDesc() {
        StringBuilder sb = new StringBuilder();
        if (this.authorizationBean.getName() != null) {
            sb.append("authorization '").append(this.authorizationBean.getName()).append("'");
        } else {
            sb.append("unnamed authorization");
        }
        if (this.sourceDescription != null) {
            Long id = this.authorizationBean.getId();
            if (id != null) {
                sb.append(" (#").append(id).append(")");
            }
            sb.append(" in ");
            sb.append(this.sourceDescription);
        }
        return sb.toString();
    }

    @Override // com.evolveum.midpoint.util.DebugDumpable
    public String debugDump(int i) {
        StringBuilder sb = new StringBuilder();
        DebugUtil.debugDumpLabel(sb, "Authorization", i);
        sb.append("\n");
        this.authorizationBean.asPrismContainerValue().debugDump(i + 1);
        return sb.toString();
    }

    public String toString() {
        return "Authorization(" + this.authorizationBean.getAction() + ")";
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        Authorization authorization = (Authorization) obj;
        return Objects.equals(this.authorizationBean, authorization.authorizationBean) && Objects.equals(this.sourceDescription, authorization.sourceDescription);
    }

    public int hashCode() {
        return Objects.hash(this.authorizationBean, this.sourceDescription);
    }
}
