package io.confluent.security.rbac;

import io.confluent.security.authorizer.utils.JsonMapper;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;

/* loaded from: input_file:io/confluent/security/rbac/RbacRoles.class */
public class RbacRoles {
    private static final String CP_POLICY_FILE = "cp_rbac_roles.json";
    private static final String CLOUD_CATALOG_SR_RESOURCE_POLICY_FILE = "cloud_catalog_sr_resource_roles.json";
    private BindingScopes bindingScopes;
    private final Map<String, Role> roles = new HashMap();
    private static final String CLOUD_CONTROL_PLANE_POLICY_FILE = "cloud_rbac_roles.json";
    private static final String CLOUD_KAFKA_POLICY_FILE = "cloud_kafka_rbac_roles.json";
    private static final String CLOUD_SDS_SR_POLICY_FILE = "cloud_sds_schema_registry_rbac_roles.json";
    private static final String CLOUD_SDS_KSQL_POLICY_FILE = "cloud_sds_ksql_rbac_roles.json";
    private static final List<String> CORE_CLOUD_POLICY_FILES = Arrays.asList(CLOUD_CONTROL_PLANE_POLICY_FILE, CLOUD_KAFKA_POLICY_FILE, CLOUD_SDS_SR_POLICY_FILE, CLOUD_SDS_KSQL_POLICY_FILE);
    private static final String CP_HIERARCHY_FILE = "cp_hierarchy.json";
    private static final BindingScopes CP_BINDING_SCOPES = loadBindingScopes(BindingScopes.class.getClassLoader(), CP_HIERARCHY_FILE);
    private static final String CLOUD_HIERARCHY_FILE = "cloud_hierarchy.json";
    private static final BindingScopes CLOUD_BINDING_SCOPES = loadBindingScopes(BindingScopes.class.getClassLoader(), CLOUD_HIERARCHY_FILE);

    public RbacRoles(List<Role> list, LinkedHashMap<String, Object> linkedHashMap) {
        this.bindingScopes = new BindingScopes(linkedHashMap);
        list.forEach(this::addRole);
    }

    public RbacRoles(List<Role> list, BindingScopes bindingScopes) {
        this.bindingScopes = bindingScopes;
        list.forEach(this::addRole);
    }

    public Role role(String str, String str2) {
        Role role = this.roles.get(str);
        if (role == null || !role.isInNamespace(str2)) {
            return null;
        }
        return role;
    }

    public Role role(String str) {
        return this.roles.get(str);
    }

    public Collection<Role> roles(String str) {
        return (Collection) this.roles.values().stream().filter(role -> {
            return role.isInNamespace(str);
        }).collect(Collectors.toList());
    }

    public Collection<Role> roles() {
        return new ArrayList(this.roles.values());
    }

    public Map<String, Role> rolesMap() {
        return this.roles;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj instanceof RbacRoles) {
            return Objects.equals(this.roles, ((RbacRoles) obj).roles);
        }
        return false;
    }

    public int hashCode() {
        return Objects.hash(this.roles);
    }

    void addRole(Role role) {
        Iterator<Collection<AccessPolicy>> it = role.accessPolicies().values().iterator();
        while (it.hasNext()) {
            for (AccessPolicy accessPolicy : it.next()) {
                if (!this.bindingScopes.isKnownScope(accessPolicy.bindingScope())) {
                    throw new InvalidRoleDefinitionException("Unknown binding scope '" + accessPolicy.bindingScope() + "' defined for " + role);
                }
                accessPolicy.allowedOperations().forEach(resourceOperations -> {
                    if (resourceOperations.resourceType() == null || resourceOperations.resourceType().isEmpty()) {
                        throw new InvalidRoleDefinitionException("Resource type not specified in role definition ops for " + role);
                    }
                    resourceOperations.operations().forEach(str -> {
                        if (str.isEmpty()) {
                            throw new InvalidRoleDefinitionException("Operation name not specified in role definition ops for " + role);
                        }
                    });
                });
            }
        }
        if (!this.bindingScopes.isPartialBindingScopePathUnique(role.bindingScopes())) {
            throw new InvalidRoleDefinitionException("Role should have binding scopes that follow a linear path in the tree");
        }
        role.setMostSpecificBindingScope(mostSpecificBindingScope(role));
        this.roles.put(role.name(), role);
    }

    public static RbacRoles loadDefaultPolicy(boolean z) throws InvalidRoleDefinitionException {
        return z ? load(RbacRoles.class.getClassLoader(), CORE_CLOUD_POLICY_FILES) : load(RbacRoles.class.getClassLoader(), CP_POLICY_FILE);
    }

    public static RbacRoles loadCloudPolicyWith(List<String> list) {
        ArrayList arrayList = new ArrayList(CORE_CLOUD_POLICY_FILES);
        if (list != null && list.size() > 0) {
            arrayList.addAll(list);
        }
        return load(RbacRoles.class.getClassLoader(), arrayList);
    }

    public static RbacRoles loadDataPlanePolicy() throws InvalidRoleDefinitionException {
        return load(RbacRoles.class.getClassLoader(), (List<String>) Collections.singletonList(CLOUD_KAFKA_POLICY_FILE));
    }

    public static RbacRoles loadSDSPolicy() throws InvalidRoleDefinitionException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(CLOUD_SDS_SR_POLICY_FILE);
        arrayList.add(CLOUD_SDS_KSQL_POLICY_FILE);
        return load(RbacRoles.class.getClassLoader(), arrayList);
    }

    public static RbacRoles loadCatalogSRResourceLevelPolicy() throws InvalidRoleDefinitionException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(CLOUD_CATALOG_SR_RESOURCE_POLICY_FILE);
        return load(RbacRoles.class.getClassLoader(), arrayList);
    }

    public static RbacRoles loadSDSKsqlPolicy() throws InvalidRoleDefinitionException {
        return load(RbacRoles.class.getClassLoader(), (List<String>) Collections.singletonList(CLOUD_SDS_KSQL_POLICY_FILE));
    }

    public static RbacRoles loadSDSSchemaRegistryPolicy() throws InvalidRoleDefinitionException {
        return load(RbacRoles.class.getClassLoader(), (List<String>) Collections.singletonList(CLOUD_SDS_SR_POLICY_FILE));
    }

    public static BindingScopes loadBindingScopes(ClassLoader classLoader, String str) {
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(classLoader.getResourceAsStream(str)));
            Throwable th = null;
            try {
                try {
                    BindingScopes bindingScopes = (BindingScopes) JsonMapper.objectMapper().readValue(bufferedReader, BindingScopes.class);
                    if (bufferedReader != null) {
                        if (0 != 0) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    return bindingScopes;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new InvalidRoleDefinitionException("BindingScopes could not be loaded from " + str, e);
        }
    }

    public static RbacRoles load(ClassLoader classLoader, String str) throws InvalidRoleDefinitionException {
        return load(classLoader, (List<String>) Collections.singletonList(str));
    }

    public static RbacRoles load(ClassLoader classLoader, List<String> list) throws InvalidRoleDefinitionException {
        if (list.size() == 0) {
            throw new InvalidRoleDefinitionException("Invalid RBAC policies");
        }
        return list.size() == 1 ? parseRbacRoles(classLoader, list.get(0)) : mergedRbacRoles(classLoader, list);
    }

    public static RbacRoles loadRbacRolesForTesting(String str, String str2) {
        BindingScopes loadBindingScopes = loadBindingScopes(BindingScopes.class.getClassLoader(), str2);
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(Roles.class.getClassLoader().getResourceAsStream(str)));
            Throwable th = null;
            try {
                RbacRoles rbacRoles = new RbacRoles(((Roles) JsonMapper.objectMapper().readValue(bufferedReader, Roles.class)).roles, loadBindingScopes);
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                return rbacRoles;
            } finally {
            }
        } catch (IOException e) {
            throw new InvalidRoleDefinitionException("RBAC roles could not be loaded from " + str, e);
        }
    }

    private static RbacRoles mergedRbacRoles(ClassLoader classLoader, List<String> list) {
        List list2 = (List) list.stream().map(str -> {
            return parseRbacRoles(classLoader, str);
        }).collect(Collectors.toList());
        RbacRoles rbacRoles = (RbacRoles) list2.remove(0);
        Iterator it = list2.iterator();
        while (it.hasNext()) {
            rbacRoles = merge(rbacRoles, (RbacRoles) it.next());
        }
        return rbacRoles;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static RbacRoles parseRbacRoles(ClassLoader classLoader, String str) {
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(classLoader.getResourceAsStream(str)));
            Throwable th = null;
            try {
                try {
                    RbacRoles rbacRoles = new RbacRoles(((Roles) JsonMapper.objectMapper().readValue(bufferedReader, Roles.class)).roles, str.startsWith("cp") ? CP_BINDING_SCOPES : CLOUD_BINDING_SCOPES);
                    if (bufferedReader != null) {
                        if (0 != 0) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    return rbacRoles;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new InvalidRoleDefinitionException("RBAC policies could not be loaded from " + str, e);
        }
    }

    private String mostSpecificBindingScope(Role role) {
        return this.bindingScopes.findMostSpecificBindingScope(role.bindingScopes());
    }

    public static RbacRoles merge(RbacRoles rbacRoles, RbacRoles rbacRoles2) {
        if (!rbacRoles.bindingScopes.equals(rbacRoles2.bindingScopes)) {
            throw new IllegalArgumentException("bindingScopes are not equal");
        }
        HashMap hashMap = new HashMap(rbacRoles.rolesMap());
        rbacRoles2.rolesMap().forEach((str, role) -> {
        });
        return new RbacRoles(new ArrayList(hashMap.values()), rbacRoles.bindingScopes);
    }

    public BindingScopes bindingScopes() {
        return this.bindingScopes;
    }
}
