package io.confluent.security.policyapi.engine;

import io.confluent.security.policyapi.ConfluentPolicy;
import io.confluent.security.policyapi.PolicyRuleLoadingCache;
import io.confluent.security.policyapi.exception.PolicyEngineException;
import io.confluent.security.policyapi.rules.RuleBuilder;
import io.confluent.security.policyapi.rules.TrustPolicyRuleBuilder;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/security/policyapi/engine/TrustPolicyEngine.class */
public class TrustPolicyEngine implements PolicyEngine<String> {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) TrustPolicyEngine.class);
    public static final String CLAIM_PREFIX = "claims";
    private final PolicyRuleLoadingCache<String> cache;
    private final RuleBuilder<String> ruleBuilder;

    public TrustPolicyEngine() {
        this(null, null);
    }

    public TrustPolicyEngine(PolicyRuleLoadingCache<String> policyRuleLoadingCache) {
        this(null, policyRuleLoadingCache);
    }

    public TrustPolicyEngine(TrustPolicyRuleBuilder trustPolicyRuleBuilder, PolicyRuleLoadingCache<String> policyRuleLoadingCache) {
        this.ruleBuilder = trustPolicyRuleBuilder == null ? new TrustPolicyRuleBuilder() : trustPolicyRuleBuilder;
        this.cache = policyRuleLoadingCache == null ? new PolicyRuleLoadingCache<>(this.ruleBuilder) : policyRuleLoadingCache;
    }

    @Override // io.confluent.security.policyapi.engine.PolicyEngine
    public boolean evaluatePolicy(ConfluentPolicy<String> confluentPolicy, Map<String, Object> map) throws PolicyEngineException {
        try {
            return this.cache.get((ConfluentPolicy) Objects.requireNonNull(confluentPolicy)).evaluate(remapClaims(map));
        } catch (Throwable th) {
            throw new PolicyEngineException("Could not evaluate rule for workload identity " + confluentPolicy, th);
        }
    }

    @Override // io.confluent.security.policyapi.engine.PolicyEngine
    public void validatePolicy(String str) throws PolicyEngineException {
        try {
            this.ruleBuilder.read(str);
        } catch (Exception e) {
            LOGGER.error("Could not compile statements {}: {}", str, e);
            throw new PolicyEngineException(e);
        }
    }

    /* renamed from: validatePolicyEvaluation, reason: avoid collision after fix types in other method */
    public boolean validatePolicyEvaluation2(String str, Map<String, Object> map) throws PolicyEngineException {
        try {
            return this.ruleBuilder.read(str).evaluate(remapClaims(map));
        } catch (Exception e) {
            LOGGER.error("Could not evaluate rule for expression {}: {}", str, e);
            throw new PolicyEngineException(e);
        }
    }

    private static Map<String, Object> remapClaims(Map<String, Object> map) {
        return (Map) map.entrySet().stream().collect(Collectors.toMap(entry -> {
            return "claims." + ((String) entry.getKey());
        }, (v0) -> {
            return v0.getValue();
        }));
    }

    @Override // io.confluent.security.policyapi.engine.PolicyEngine
    public /* bridge */ /* synthetic */ boolean validatePolicyEvaluation(String str, Map map) throws PolicyEngineException {
        return validatePolicyEvaluation2(str, (Map<String, Object>) map);
    }
}
