package io.confluent.rbacapi.validation.v2;

import io.confluent.cloud.rbac.CloudScope;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.rbac.AccessPolicy;
import io.confluent.security.rbac.RbacRoles;
import io.confluent.security.rbac.Role;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.validation.Constraint;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
import javax.validation.Payload;

@Target({ElementType.PARAMETER, ElementType.FIELD})
@Retention(RetentionPolicy.RUNTIME)
@Constraint(validatedBy = {ScopeResourceTypeValidator.class})
/* loaded from: input_file:io/confluent/rbacapi/validation/v2/V2ValidScopeResourceType.class */
public @interface V2ValidScopeResourceType {

    /* loaded from: input_file:io/confluent/rbacapi/validation/v2/V2ValidScopeResourceType$ScopeResourceType.class */
    public static class ScopeResourceType {
        private final MdsScope scope;
        private final ResourceType resourceType;

        public ScopeResourceType(MdsScope mdsScope, ResourceType resourceType) {
            this.scope = mdsScope;
            this.resourceType = resourceType;
        }

        public MdsScope getScope() {
            return this.scope;
        }

        public ResourceType getResourceType() {
            return this.resourceType;
        }
    }

    /* loaded from: input_file:io/confluent/rbacapi/validation/v2/V2ValidScopeResourceType$ScopeResourceTypeValidator.class */
    public static class ScopeResourceTypeValidator implements ConstraintValidator<V2ValidScopeResourceType, ScopeResourceType> {
        private static final Map<String, Set<String>> VALID_SCOPE_RESOURCE_TYPES = new HashMap();

        public static void loadScopeResourceType(RbacRoles rbacRoles) {
            for (Role role : rbacRoles.roles()) {
                for (String str : role.accessPolicies().keySet()) {
                    Iterator<AccessPolicy> it = role.accessPolicies().get(str).iterator();
                    while (it.hasNext()) {
                        VALID_SCOPE_RESOURCE_TYPES.computeIfAbsent(str, str2 -> {
                            return new HashSet();
                        }).addAll((Set) it.next().allowedOperations().stream().map((v0) -> {
                            return v0.resourceType();
                        }).collect(Collectors.toSet()));
                    }
                }
            }
        }

        @Override // javax.validation.ConstraintValidator
        public void initialize(V2ValidScopeResourceType v2ValidScopeResourceType) {
        }

        @Override // javax.validation.ConstraintValidator
        public boolean isValid(ScopeResourceType scopeResourceType, ConstraintValidatorContext constraintValidatorContext) {
            return VALID_SCOPE_RESOURCE_TYPES.get(CloudScope.bindingScope(scopeResourceType.getScope().scope())).contains(scopeResourceType.getResourceType().name());
        }
    }

    Class<?>[] groups() default {};

    Class<? extends Payload>[] payload() default {};

    String message() default "Not a valid Scope Resource Type binding. Found: ${validatedValue}";
}
