package org.eclipse.basyx.components.registry.authorization.internal;

import java.io.IOException;
import java.io.UncheckedIOException;
import org.eclipse.basyx.components.configuration.BaSyxSecurityConfiguration;
import org.eclipse.basyx.components.security.authorization.internal.AuthorizationDynamicClassLoader;
import org.eclipse.basyx.extensions.aas.directory.tagged.authorized.internal.SimpleRbacTaggedDirectoryAuthorizer;
import org.eclipse.basyx.extensions.aas.registration.authorization.internal.SimpleRbacAASRegistryAuthorizer;
import org.eclipse.basyx.extensions.shared.authorization.internal.IRoleAuthenticator;
import org.eclipse.basyx.extensions.shared.authorization.internal.ISubjectInformationProvider;
import org.eclipse.basyx.extensions.shared.authorization.internal.PredefinedSetRbacRuleChecker;
import org.eclipse.basyx.extensions.shared.authorization.internal.RbacRuleSet;
import org.eclipse.basyx.extensions.shared.authorization.internal.RbacRuleSetDeserializer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/basyx.components.registry-1.3.0.jar:org/eclipse/basyx/components/registry/authorization/internal/SimpleRbacAuthorizedAASRegistryFeature.class */
public class SimpleRbacAuthorizedAASRegistryFeature<SubjectInformationType> extends AuthorizedAASRegistryFeature {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) SimpleRbacAuthorizedAASRegistryFeature.class);

    public SimpleRbacAuthorizedAASRegistryFeature(BaSyxSecurityConfiguration baSyxSecurityConfiguration) {
        super(baSyxSecurityConfiguration);
    }

    @Override // org.eclipse.basyx.components.registry.authorization.internal.AuthorizedAASRegistryFeature
    public IAASRegistryDecorator getAASRegistryDecorator() {
        logger.info("use SimpleRbac authorization strategy");
        PredefinedSetRbacRuleChecker predefinedSetRbacRuleChecker = new PredefinedSetRbacRuleChecker(getRbacRuleSet());
        IRoleAuthenticator<SubjectInformationType> roleAuthenticator = getRoleAuthenticator();
        return new AuthorizedAASRegistryDecorator(new SimpleRbacAASRegistryAuthorizer(predefinedSetRbacRuleChecker, roleAuthenticator), getSubjectInformationProvider());
    }

    @Override // org.eclipse.basyx.components.registry.authorization.internal.AuthorizedAASRegistryFeature
    public ITaggedDirectoryDecorator getTaggedDirectoryDecorator() {
        logger.info("use SimpleRbac authorization strategy");
        PredefinedSetRbacRuleChecker predefinedSetRbacRuleChecker = new PredefinedSetRbacRuleChecker(getRbacRuleSet());
        IRoleAuthenticator<SubjectInformationType> roleAuthenticator = getRoleAuthenticator();
        return new AuthorizedTaggedDirectoryDecorator(new SimpleRbacTaggedDirectoryAuthorizer(predefinedSetRbacRuleChecker, roleAuthenticator), getSubjectInformationProvider());
    }

    public RbacRuleSet getRbacRuleSet() {
        try {
            return new RbacRuleSetDeserializer().fromFile(this.securityConfig.getAuthorizationStrategySimpleRbacRulesFilePath());
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    private IRoleAuthenticator<SubjectInformationType> getRoleAuthenticator() {
        return (IRoleAuthenticator) AuthorizationDynamicClassLoader.loadInstanceDynamically(this.securityConfig, BaSyxSecurityConfiguration.AUTHORIZATION_STRATEGY_SIMPLERBAC_ROLE_AUTHENTICATOR, IRoleAuthenticator.class);
    }

    private ISubjectInformationProvider<SubjectInformationType> getSubjectInformationProvider() {
        return (ISubjectInformationProvider) AuthorizationDynamicClassLoader.loadInstanceDynamically(this.securityConfig, BaSyxSecurityConfiguration.AUTHORIZATION_STRATEGY_SIMPLERBAC_SUBJECT_INFORMATION_PROVIDER, ISubjectInformationProvider.class);
    }
}
