package org.gridgain.internal.rbac.privileges;

import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.ignite3.internal.logger.IgniteLogger;
import org.apache.ignite3.internal.logger.Loggers;
import org.gridgain.internal.rbac.AssignmentOperationResult;
import org.gridgain.internal.rbac.authorization.Authorizer;
import org.gridgain.internal.rbac.configuration.AuthorizationConfigurationSchema;
import org.gridgain.internal.rbac.roles.RoleStore;
import org.gridgain.internal.rbac.roles.exception.RoleNotFoundException;
import org.gridgain.internal.rbac.roles.exception.RoleValidationException;
import org.gridgain.internal.rbac.store.OperationResultContainer;

/* loaded from: input_file:org/gridgain/internal/rbac/privileges/PrivilegeManagementImpl.class */
public class PrivilegeManagementImpl implements PrivilegeManagement {
    private static final IgniteLogger LOG = Loggers.forClass(PrivilegeManagementImpl.class);
    private final PrivilegeGrants privilegeGrantsStore;
    private final RoleStore roleStore;
    private final Authorizer authorizer;

    public PrivilegeManagementImpl(PrivilegeGrants privilegeGrants, RoleStore roleStore, Authorizer authorizer) {
        this.privilegeGrantsStore = privilegeGrants;
        this.roleStore = roleStore;
        this.authorizer = authorizer;
    }

    @Override // org.gridgain.internal.rbac.privileges.PrivilegeManagement
    public CompletableFuture<Void> grantAsync(Set<Privilege> set, Set<String> set2) {
        String superRole = superRole();
        if (superRole != null) {
            Stream<String> stream = set2.stream();
            Objects.requireNonNull(superRole);
            if (stream.anyMatch(superRole::equalsIgnoreCase)) {
                return CompletableFuture.failedFuture(new RoleValidationException("Cannot grant privileges to the super role: " + superRole));
            }
        }
        return this.authorizer.authorizeThenCompose(Action.GRANT_PRIVILEGE, () -> {
            return this.privilegeGrantsStore.grant(set, set2).thenAccept(PrivilegeManagementImpl::processOperationResult);
        });
    }

    @Override // org.gridgain.internal.rbac.privileges.PrivilegeManagement
    public CompletableFuture<Void> grantAsync(PrivilegeAlias privilegeAlias, Set<String> set) {
        String superRole = superRole();
        if (superRole != null) {
            Stream<String> stream = set.stream();
            Objects.requireNonNull(superRole);
            if (stream.anyMatch(superRole::equalsIgnoreCase)) {
                return CompletableFuture.failedFuture(new RoleValidationException("Cannot grant privileges to the super role: " + superRole));
            }
        }
        return this.authorizer.authorizeThenCompose(Action.GRANT_PRIVILEGE, () -> {
            return this.privilegeGrantsStore.grant(privilegeAlias.toPrivileges(), set).thenAccept(PrivilegeManagementImpl::processOperationResult);
        });
    }

    @Override // org.gridgain.internal.rbac.privileges.PrivilegeManagement
    public CompletableFuture<Set<Privilege>> getPrivilegesAsync(String str) {
        return this.authorizer.authorizeThenCompose(Action.READ_ROLE, () -> {
            return this.roleStore.get(str).thenApply(role -> {
                if (role == null) {
                    throw new RoleNotFoundException(str);
                }
                return role.privileges();
            });
        });
    }

    @Override // org.gridgain.internal.rbac.privileges.PrivilegeManagement
    public CompletableFuture<Map<String, Set<Privilege>>> getRolesWithPrivilegesAsync() {
        return this.authorizer.authorizeThenCompose(Action.READ_ROLE, () -> {
            return this.roleStore.getAll().thenApply(collection -> {
                return (Map) collection.stream().collect(Collectors.toMap((v0) -> {
                    return v0.name();
                }, (v0) -> {
                    return v0.privileges();
                }));
            });
        });
    }

    @Override // org.gridgain.internal.rbac.privileges.PrivilegeManagement
    public CompletableFuture<Void> revokeAsync(Set<Privilege> set, Set<String> set2) {
        String superRole = superRole();
        if (superRole != null) {
            Stream<String> stream = set2.stream();
            Objects.requireNonNull(superRole);
            if (stream.anyMatch(superRole::equalsIgnoreCase)) {
                return CompletableFuture.failedFuture(new RoleValidationException("Cannot revoke privileges from the super role: " + superRole));
            }
        }
        return this.authorizer.authorizeThenCompose(Action.REVOKE_PRIVILEGE, () -> {
            return this.privilegeGrantsStore.revoke(set, set2).thenAccept(PrivilegeManagementImpl::processOperationResult);
        });
    }

    @Override // org.gridgain.internal.rbac.privileges.PrivilegeManagement
    public CompletableFuture<Void> revokeAsync(PrivilegeAlias privilegeAlias, Set<String> set) {
        String superRole = superRole();
        if (superRole != null) {
            Stream<String> stream = set.stream();
            Objects.requireNonNull(superRole);
            if (stream.anyMatch(superRole::equalsIgnoreCase)) {
                return CompletableFuture.failedFuture(new RoleValidationException("Cannot revoke privileges from the super role: " + superRole));
            }
        }
        return this.authorizer.authorizeThenCompose(Action.REVOKE_PRIVILEGE, () -> {
            return this.privilegeGrantsStore.revoke(privilegeAlias.toPrivileges(), set).thenAccept(PrivilegeManagementImpl::processOperationResult);
        });
    }

    private static void processOperationResult(OperationResultContainer<AssignmentOperationResult> operationResultContainer) {
        switch (operationResultContainer.result()) {
            case SUCCESS:
                return;
            case ROLE_NOT_FOUND:
                String formatError = operationResultContainer.value().formatError();
                LOG.info(formatError, new Object[0]);
                throw RoleNotFoundException.fromMessage(formatError);
            default:
                throw new IllegalStateException("Unexpected operation result type: " + operationResultContainer);
        }
    }

    private static String superRole() {
        return AuthorizationConfigurationSchema.SYSTEM_ROLE_NAME;
    }
}
