package de.iip_ecosphere.platform.support.aas.basyx2.apps.security;

import com.google.common.base.Supplier;
import de.iip_ecosphere.platform.support.aas.AuthenticationDescriptor;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.eclipse.digitaltwin.basyx.aasrepository.feature.authorization.AasTargetInformation;
import org.eclipse.digitaltwin.basyx.aasrepository.feature.authorization.rbac.AasTargetPermissionVerifier;
import org.eclipse.digitaltwin.basyx.authorization.rbac.Action;
import org.eclipse.digitaltwin.basyx.authorization.rbac.RbacPermissionResolver;
import org.eclipse.digitaltwin.basyx.authorization.rbac.RbacRule;
import org.eclipse.digitaltwin.basyx.authorization.rbac.RbacRuleKeyGenerator;
import org.eclipse.digitaltwin.basyx.authorization.rbac.RoleProvider;
import org.eclipse.digitaltwin.basyx.authorization.rbac.SimpleRbacPermissionResolver;
import org.eclipse.digitaltwin.basyx.authorization.rbac.TargetInformation;
import org.eclipse.digitaltwin.basyx.authorization.rbac.TargetPermissionVerifier;
import org.eclipse.digitaltwin.basyx.authorization.rules.rbac.backend.inmemory.InMemoryAuthorizationRbacStorage;
import org.eclipse.digitaltwin.basyx.submodelrepository.feature.authorization.SubmodelTargetInformation;
import org.eclipse.digitaltwin.basyx.submodelrepository.feature.authorization.rbac.SubmodelTargetPermissionVerifier;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;

/* loaded from: input_file:de/iip_ecosphere/platform/support/aas/basyx2/apps/security/RbacUtils.class */
public class RbacUtils {
    private static final Map<AuthenticationDescriptor.RbacAction, Action> ACTION_MAPPING = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/iip_ecosphere/platform/support/aas/basyx2/apps/security/RbacUtils$PreliminaryRbacRule.class */
    public static class PreliminaryRbacRule<T extends TargetInformation> {
        private String role;
        private Action action;
        private TargetInfoHandler<T> infoHandler;
        private T info;

        public PreliminaryRbacRule(String str, Action action, TargetInfoHandler<T> targetInfoHandler, AuthenticationDescriptor.RbacRule rbacRule) {
            this.role = str;
            this.action = action;
            this.infoHandler = targetInfoHandler;
            this.info = targetInfoHandler.create(rbacRule);
        }

        public String getKey() {
            return RbacRuleKeyGenerator.generateKey(this.role, this.action.toString(), this.infoHandler.getTypeName());
        }

        public void join(PreliminaryRbacRule<T> preliminaryRbacRule) {
            this.info = this.infoHandler.join(this.info, preliminaryRbacRule.info);
        }

        public RbacRule toRbacRule() {
            return new RbacRule(this.role, List.of(this.action), this.info);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/iip_ecosphere/platform/support/aas/basyx2/apps/security/RbacUtils$PreliminaryRbacRules.class */
    public static class PreliminaryRbacRules<T extends TargetInformation> {
        private Map<String, PreliminaryRbacRule<T>> rules = new HashMap();

        private PreliminaryRbacRules() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addRule(String str, List<Action> list, TargetInfoHandler<T> targetInfoHandler, AuthenticationDescriptor.RbacRule rbacRule) {
            Iterator<Action> it = list.iterator();
            while (it.hasNext()) {
                PreliminaryRbacRule<T> preliminaryRbacRule = new PreliminaryRbacRule<>(str, it.next(), targetInfoHandler, rbacRule);
                String key = preliminaryRbacRule.getKey();
                PreliminaryRbacRule<T> preliminaryRbacRule2 = this.rules.get(key);
                if (null == preliminaryRbacRule2) {
                    this.rules.put(key, preliminaryRbacRule);
                } else {
                    preliminaryRbacRule2.join(preliminaryRbacRule);
                }
            }
        }

        private void addAll(InMemoryAuthorizationRbacStorage inMemoryAuthorizationRbacStorage) {
            Iterator<PreliminaryRbacRule<T>> it = this.rules.values().iterator();
            while (it.hasNext()) {
                inMemoryAuthorizationRbacStorage.addRule(it.next().toRbacRule());
            }
        }
    }

    public static <T extends TargetInformation> RbacPermissionResolver<T> createPermissionResolver(AuthenticationDescriptor authenticationDescriptor, TargetInfoHandler<T> targetInfoHandler, Supplier<TargetPermissionVerifier<T>> supplier, AuthenticationDescriptor.RbacAasComponent... rbacAasComponentArr) {
        RoleProvider roleProvider = new RoleProvider() { // from class: de.iip_ecosphere.platform.support.aas.basyx2.apps.security.RbacUtils.1
            public List<String> getRoles() {
                ArrayList arrayList = new ArrayList();
                Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
                if (null == principal) {
                    Stream.of((Object[]) AuthenticationDescriptor.Role.allAnonymous()).forEach(role -> {
                        arrayList.add(role.name());
                    });
                } else if (principal instanceof User) {
                    User user = (User) principal;
                    if (null != user.getAuthorities()) {
                        user.getAuthorities().forEach(grantedAuthority -> {
                            arrayList.add(grantedAuthority.getAuthority());
                        });
                    }
                } else if (principal instanceof String) {
                    arrayList.add(principal.toString());
                }
                return arrayList;
            }
        };
        InMemoryAuthorizationRbacStorage inMemoryAuthorizationRbacStorage = new InMemoryAuthorizationRbacStorage(new HashMap());
        PreliminaryRbacRules preliminaryRbacRules = new PreliminaryRbacRules();
        authenticationDescriptor.getAccessRules().stream().filter(rbacRule -> {
            return containsByRef(rbacAasComponentArr, rbacRule.getComponent());
        }).forEach(rbacRule2 -> {
            preliminaryRbacRules.addRule(rbacRule2.getRole().name(), (List) rbacRule2.getActions().stream().map(rbacAction -> {
                return ACTION_MAPPING.get(rbacAction);
            }).filter(action -> {
                return action != null;
            }).collect(Collectors.toList()), targetInfoHandler, rbacRule2);
        });
        preliminaryRbacRules.addAll(inMemoryAuthorizationRbacStorage);
        return new SimpleRbacPermissionResolver(inMemoryAuthorizationRbacStorage, roleProvider, (TargetPermissionVerifier) supplier.get());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <T> boolean containsByRef(T[] tArr, T t) {
        for (T t2 : tArr) {
            if (t2 == t) {
                return true;
            }
        }
        return false;
    }

    public static RbacPermissionResolver<SubmodelTargetInformation> createSubmodelPermissionResolver(AuthenticationDescriptor authenticationDescriptor) {
        return createPermissionResolver(authenticationDescriptor, SubmodelInfoCreator.INSTANCE, () -> {
            return new SubmodelTargetPermissionVerifier();
        }, AuthenticationDescriptor.RbacAasComponent.SUBMODEL, AuthenticationDescriptor.RbacAasComponent.SUBMODEL_ELEMENT);
    }

    public static RbacPermissionResolver<AasTargetInformation> createAasPermissionResolver(AuthenticationDescriptor authenticationDescriptor) {
        return createPermissionResolver(authenticationDescriptor, AasInfoHandler.INSTANCE, () -> {
            return new AasTargetPermissionVerifier();
        }, AuthenticationDescriptor.RbacAasComponent.AAS);
    }

    static {
        ACTION_MAPPING.put(AuthenticationDescriptor.RbacAction.CREATE, Action.CREATE);
        ACTION_MAPPING.put(AuthenticationDescriptor.RbacAction.DELETE, Action.DELETE);
        ACTION_MAPPING.put(AuthenticationDescriptor.RbacAction.EXECUTE, Action.EXECUTE);
        ACTION_MAPPING.put(AuthenticationDescriptor.RbacAction.READ, Action.READ);
        ACTION_MAPPING.put(AuthenticationDescriptor.RbacAction.UPDATE, Action.UPDATE);
    }
}
