package io.confluent.rbacapi.resources.v2;

import io.confluent.crn.ConfluentCloudCrnAuthority;
import io.confluent.crn.CrnSyntaxException;
import io.confluent.crn.ScopedResourcePattern;
import io.confluent.rbacapi.entities.V2ListResponse;
import io.confluent.rbacapi.resources.base.RolesResource;
import io.confluent.rest.annotations.PerformanceMetric;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.rbac.AccessPolicy;
import io.confluent.security.rbac.RbacRoles;
import io.confluent.security.rbac.Role;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotNull;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.SecurityContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Produces({"application/json"})
@Path("/iam/v2/")
/* loaded from: input_file:io/confluent/rbacapi/resources/v2/V2CloudRolesResource.class */
public class V2CloudRolesResource {
    private static final String API_VERSION = "iam/v2";
    private static final String KIND_ROLE_DISPLAY_NAME_LIST = "RoleDisplayNameList";
    private final RolesResource delegate;
    private final ConfluentCloudCrnAuthority authority;
    private Map<String, Map<String, Map<String, List<Role>>>> resourceToRolesMap;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) V2RolesResource.class);

    public V2CloudRolesResource(RbacRoles rbacRoles, ConfluentCloudCrnAuthority confluentCloudCrnAuthority) {
        this.delegate = new RolesResource(rbacRoles);
        setupResourceToRolesMap(rbacRoles);
        this.authority = confluentCloudCrnAuthority;
    }

    private void setupResourceToRolesMap(RbacRoles rbacRoles) {
        this.resourceToRolesMap = new HashMap();
        for (Role role : rbacRoles.roles()) {
            String namespace = role.namespace();
            String mostSpecificBindingScope = role.mostSpecificBindingScope();
            Map<String, List<Role>> computeIfAbsent = this.resourceToRolesMap.computeIfAbsent(namespace, str -> {
                return new HashMap();
            }).computeIfAbsent(mostSpecificBindingScope, str2 -> {
                return new HashMap();
            });
            if (role.bindWithResource()) {
                Collection<AccessPolicy> collection = role.accessPolicies().get(mostSpecificBindingScope);
                if (collection == null) {
                    throw new RuntimeException("Could not load access policies at mostSpecificBindingScope");
                }
                collection.stream().filter((v0) -> {
                    return v0.bindWithResource();
                }).flatMap(accessPolicy -> {
                    return accessPolicy.allowedOperations().stream();
                }).forEach(resourceOperations -> {
                    ((List) computeIfAbsent.computeIfAbsent(resourceOperations.resourceType(), str3 -> {
                        return new ArrayList();
                    })).add(role);
                });
            } else {
                computeIfAbsent.computeIfAbsent(null, str3 -> {
                    return new ArrayList();
                }).add(role);
            }
        }
    }

    @GET
    @Path("roles")
    @PerformanceMetric("v2.cloud.roles.list")
    public List<Role> roles(@QueryParam("namespace") String str) {
        return (str == null || str.isEmpty()) ? this.delegate.roles() : this.delegate.roles(str);
    }

    @GET
    @Path("roles/{roleName}")
    @PerformanceMetric("v2.cloud.role.get")
    public Role role(@PathParam("roleName") String str, @QueryParam("namespace") String str2) {
        Role role = (str2 == null || str2.isEmpty()) ? this.delegate.role(str) : this.delegate.role(str, str2);
        if (role == null) {
            throw new ClientErrorException("Role not found: " + str, 404);
        }
        return role;
    }

    @GET
    @Produces({"application/json"})
    @Path("/ui/roles")
    public V2ListResponse<String> resourceToRoles(@Context SecurityContext securityContext, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @NotNull @QueryParam("crn_pattern") String str, @QueryParam("namespace") String str2) throws CrnSyntaxException {
        ScopedResourcePattern resolveScopePattern = this.authority.resolveScopePattern(this.authority.canonicalCrn(str));
        ResourcePattern resourcePattern = resolveScopePattern.resourcePattern();
        String name = (resourcePattern == null || !V2CloudRbacRoleBindingResource.fullScopeResourcePattern(resourcePattern)) ? resolveScopePattern.resourcePattern().resourceType().name() : null;
        Scope scope = resolveScopePattern.scope();
        if (str2 == null) {
            str2 = "public";
        }
        String str3 = name;
        return new V2ListResponse<>(API_VERSION, KIND_ROLE_DISPLAY_NAME_LIST, null, (List) Arrays.stream(str2.split(",")).map(str4 -> {
            return this.resourceToRolesMap.get(str4);
        }).filter(map -> {
            return map != null;
        }).map(map2 -> {
            return (Map) map2.get(scope.bindingScope());
        }).filter(map3 -> {
            return map3 != null;
        }).map(map4 -> {
            return (List) map4.get(str3);
        }).filter(list -> {
            return list != null;
        }).flatMap(list2 -> {
            return list2.stream();
        }).map((v0) -> {
            return v0.displayName();
        }).distinct().collect(Collectors.toList()));
    }
}
