package de.gwdg.cdstar.runtime.client;

import de.gwdg.cdstar.Utils;
import de.gwdg.cdstar.auth.Principal;
import de.gwdg.cdstar.auth.Subject;
import de.gwdg.cdstar.runtime.client.auth.ArchivePermission;
import de.gwdg.cdstar.runtime.client.auth.StringSubject;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;

/* loaded from: input_file:de/gwdg/cdstar/runtime/client/AclChecker.class */
public class AclChecker {
    private final String vaultName;
    private final String archiveId;
    private final Subject subject;
    private final StringSubject.PrincipalSubject owner;
    private final Map<StringSubject, EnumSet<ArchivePermission>> acl;
    private final EnumSet<ArchivePermission> cachedPermissions = EnumSet.noneOf(ArchivePermission.class);
    private HashSet<StringSubject.GroupSubject> checkedGroups;

    public AclChecker(String str, String str2, Subject subject, StringSubject.PrincipalSubject principalSubject, Map<StringSubject, EnumSet<ArchivePermission>> map) {
        this.vaultName = str;
        this.archiveId = str2;
        this.subject = subject;
        this.owner = principalSubject;
        this.acl = map;
        loadDirectPermissions();
    }

    private void loadDirectPermissions() {
        EnumSet<ArchivePermission> enumSet;
        EnumSet<ArchivePermission> enumSet2 = this.acl.get(StringSubject.SpecialSubject.ANY);
        if (enumSet2 != null) {
            this.cachedPermissions.addAll(enumSet2);
        }
        if (this.subject.hasPrincipal()) {
            Principal principal = this.subject.getPrincipal();
            StringSubject.PrincipalSubject principalSubject = new StringSubject.PrincipalSubject(principal.getId(), principal.getDomain());
            StringSubject.PrincipalSubject principalSubject2 = new StringSubject.PrincipalSubject(principal.getId(), null);
            boolean equalNotNull = Utils.equalNotNull(this.owner, principalSubject);
            EnumSet<ArchivePermission> enumSet3 = this.acl.get(StringSubject.SpecialSubject.USER);
            if (enumSet3 != null) {
                this.cachedPermissions.addAll(enumSet3);
            }
            if (equalNotNull && (enumSet = this.acl.get(StringSubject.SpecialSubject.OWNER)) != null) {
                this.cachedPermissions.addAll(enumSet);
            }
            EnumSet<ArchivePermission> enumSet4 = this.acl.get(principalSubject);
            if (enumSet4 != null) {
                this.cachedPermissions.addAll(enumSet4);
            }
            EnumSet<ArchivePermission> enumSet5 = this.acl.get(principalSubject2);
            if (enumSet5 != null) {
                this.cachedPermissions.addAll(enumSet5);
            }
        }
    }

    private boolean checkGroupPermissions(ArchivePermission archivePermission) {
        if (this.checkedGroups == null) {
            this.checkedGroups = new HashSet<>();
        }
        for (Map.Entry<StringSubject, EnumSet<ArchivePermission>> entry : this.acl.entrySet()) {
            if ((entry.getKey() instanceof StringSubject.GroupSubject) && entry.getValue().contains(archivePermission)) {
                StringSubject.GroupSubject groupSubject = (StringSubject.GroupSubject) entry.getKey();
                if (this.checkedGroups.add(groupSubject)) {
                    if (groupSubject.isQualified() ? this.subject.isMemberOf(groupSubject.getName(), groupSubject.getDoamin()) : this.subject.isMemberOf(groupSubject.getName())) {
                        this.cachedPermissions.addAll(entry.getValue());
                        return true;
                    }
                } else {
                    continue;
                }
            }
        }
        return false;
    }

    private boolean checkExternalPermissions(ArchivePermission archivePermission) {
        if (!this.subject.isPermitted(archivePermission.toStringPermission(this.vaultName, this.archiveId))) {
            return false;
        }
        this.cachedPermissions.add(archivePermission);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized boolean isPermitted(ArchivePermission archivePermission) {
        return this.cachedPermissions.contains(archivePermission) || checkGroupPermissions(archivePermission) || checkExternalPermissions(archivePermission);
    }

    public StringSubject.PrincipalSubject getOwner() {
        return this.owner;
    }

    public Map<StringSubject, EnumSet<ArchivePermission>> getAclMap() {
        HashMap hashMap = new HashMap(this.acl.size());
        this.acl.forEach((stringSubject, enumSet) -> {
            hashMap.put(stringSubject, enumSet.clone());
        });
        return hashMap;
    }
}
