package org.gridgain.internal.rbac.privileges;

import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionException;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import org.apache.ignite3.internal.util.ExceptionUtils;
import org.gridgain.internal.rbac.roles.exception.RoleNotFoundException;
import org.gridgain.internal.security.context.GridGainSecurity;

/* loaded from: input_file:org/gridgain/internal/rbac/privileges/PrivilegeCheckerImpl.class */
public class PrivilegeCheckerImpl implements PrivilegeChecker {
    private final PrivilegeManagement privilegeManagement;

    public PrivilegeCheckerImpl(PrivilegeManagement privilegeManagement) {
        this.privilegeManagement = privilegeManagement;
    }

    private static boolean parentMatch(Set<Privilege> set, Privilege privilege) {
        Privilege findParent = ObjectTree.findParent(privilege);
        if (set.contains(findParent)) {
            return true;
        }
        if (findParent == null || ObjectTree.isRoot(findParent)) {
            return false;
        }
        return parentMatch(set, findParent);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Boolean checkPrivilege(Privilege privilege, Set<Privilege> set) {
        if (parentMatch(set, privilege)) {
            return true;
        }
        return Boolean.valueOf(set.contains(privilege));
    }

    @Override // org.gridgain.internal.rbac.privileges.PrivilegeChecker
    public CompletableFuture<Boolean> checkAsync(Privilege privilege, String str) {
        return fetchPrivilegesAsync(str).thenApply(set -> {
            return checkPrivilege(privilege, set);
        });
    }

    @Override // org.gridgain.internal.rbac.privileges.PrivilegeChecker
    public CompletableFuture<Boolean> checkAnyAsync(Privilege privilege, Set<String> set) {
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        return CompletableFuture.allOf((CompletableFuture[]) set.stream().map(this::fetchPrivilegesAsync).map(completableFuture -> {
            return completableFuture.thenAccept(set2 -> {
                if (checkPrivilege(privilege, set2).booleanValue()) {
                    atomicBoolean.set(true);
                }
            });
        }).toArray(i -> {
            return new CompletableFuture[i];
        })).thenApply(r3 -> {
            return Boolean.valueOf(atomicBoolean.get());
        });
    }

    @Override // org.gridgain.internal.rbac.privileges.PrivilegeChecker
    public CompletableFuture<PrivilegeCheckResult> checkAllAsync(Set<Privilege> set, String str) {
        return fetchPrivilegesAsync(str).thenApply(set2 -> {
            HashSet hashSet = new HashSet();
            Iterator it = set.iterator();
            while (it.hasNext()) {
                Privilege privilege = (Privilege) it.next();
                if (!checkPrivilege(privilege, set2).booleanValue()) {
                    hashSet.add(privilege);
                }
            }
            return hashSet.isEmpty() ? PrivilegeCheckResult.allowed() : PrivilegeCheckResult.denied(hashSet);
        });
    }

    @Override // org.gridgain.internal.rbac.privileges.PrivilegeChecker
    public CompletableFuture<PrivilegeCheckResult> checkAllAsync(Set<Privilege> set, Set<String> set2) {
        if (set2.isEmpty()) {
            return CompletableFuture.completedFuture(PrivilegeCheckResult.denied(set));
        }
        PrivilegeCheckResult[] privilegeCheckResultArr = new PrivilegeCheckResult[set2.size()];
        List copyOf = List.copyOf(set2);
        return CompletableFuture.allOf((CompletableFuture[]) IntStream.range(0, copyOf.size()).mapToObj(i -> {
            return (CompletableFuture) GridGainSecurity.bypass(() -> {
                return checkAllAsync((Set<Privilege>) set, (String) copyOf.get(i)).thenAccept(privilegeCheckResult -> {
                    privilegeCheckResultArr[i] = privilegeCheckResult;
                });
            });
        }).toArray(i2 -> {
            return new CompletableFuture[i2];
        })).thenApply(r6 -> {
            List list = (List) Arrays.stream(privilegeCheckResultArr).filter(Predicate.not((v0) -> {
                return v0.isAllowed();
            })).map((v0) -> {
                return v0.missedPrivileges();
            }).collect(Collectors.toList());
            if (!list.isEmpty()) {
                HashSet hashSet = new HashSet((Collection) list.get(0));
                for (int i3 = 1; i3 < list.size(); i3++) {
                    hashSet.retainAll((Collection) list.get(i3));
                }
                if (!hashSet.isEmpty()) {
                    return PrivilegeCheckResult.denied(hashSet);
                }
            }
            return PrivilegeCheckResult.allowed();
        });
    }

    @Override // org.gridgain.internal.rbac.privileges.PrivilegeChecker
    public CompletableFuture<PrivilegeCheckResult> checkSelfPrivilegesAsync(Privilege privilege, String str) {
        if (privilege.action().allowSelfAction()) {
            return str.equals(privilege.selector().objectName()) ? CompletableFuture.completedFuture(PrivilegeCheckResult.allowed()) : CompletableFuture.completedFuture(PrivilegeCheckResult.denied(Set.of(privilege)));
        }
        throw new IllegalStateException("Privilege " + privilege + " does not allow self action. Please, use PrivilegeChecker#checkAsync instead.");
    }

    private CompletableFuture<Set<Privilege>> fetchPrivilegesAsync(String str) {
        return this.privilegeManagement.getPrivilegesAsync(str).exceptionally(th -> {
            if ((th instanceof CompletionException) && (th.getCause() instanceof RoleNotFoundException)) {
                return new HashSet();
            }
            throw ((RuntimeException) ExceptionUtils.sneakyThrow(th));
        });
    }
}
