package de.gwdg.cdstar.auth.realm;

import de.gwdg.cdstar.auth.Permission;
import de.gwdg.cdstar.auth.Session;
import de.gwdg.cdstar.auth.StringPermission;
import de.gwdg.cdstar.auth.simple.QName;
import de.gwdg.cdstar.runtime.Config;
import de.gwdg.cdstar.runtime.ConfigException;
import de.gwdg.cdstar.runtime.Plugin;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Plugin
/* loaded from: input_file:de/gwdg/cdstar/auth/realm/DomainAuthorizer.class */
public class DomainAuthorizer implements Authorizer, GroupResolver {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DomainAuthorizer.class);
    private final String name;
    private final Map<String, Set<StringPermission>> domainGrants;
    private final Map<String, Set<QName>> domainGroups;

    public DomainAuthorizer() {
        this.domainGrants = new HashMap();
        this.domainGroups = new HashMap();
        this.name = "domain-authorizer";
    }

    public DomainAuthorizer(Config config) throws ConfigException {
        this.domainGrants = new HashMap();
        this.domainGroups = new HashMap();
        this.name = config.get("_name");
        for (Map.Entry<String, Config> entry : config.getTable().entrySet()) {
            String key = entry.getKey();
            Config value = entry.getValue();
            if (value.hasKey("groups")) {
                addDomainGroup(key, value.getArray("groups"));
            }
            if (value.hasKey("permissions")) {
                for (String str : value.getArray("permissions")) {
                    addDomainPermission(key, StringPermission.parse(str));
                }
            }
        }
    }

    public void addDomainPermission(String str, StringPermission... stringPermissionArr) {
        log.info("Adding domain permissions for {}: {}", str, stringPermissionArr);
        Set<StringPermission> computeIfAbsent = this.domainGrants.computeIfAbsent(str, str2 -> {
            return new HashSet();
        });
        for (StringPermission stringPermission : stringPermissionArr) {
            computeIfAbsent.add(stringPermission);
        }
    }

    public void addDomainGroup(String str, String... strArr) {
        log.info("Adding domain groups for {}: {}", str, strArr);
        Set<QName> computeIfAbsent = this.domainGroups.computeIfAbsent(str, str2 -> {
            return new HashSet();
        });
        for (String str3 : strArr) {
            computeIfAbsent.add(QName.fromString(str3, str));
        }
    }

    @Override // de.gwdg.cdstar.auth.realm.Realm
    public String getName() {
        return this.name;
    }

    @Override // de.gwdg.cdstar.auth.realm.GroupResolver
    public boolean isMemberOf(Session session, String str, String str2) {
        Set<QName> set = this.domainGroups.get(session.getPrincipal().getDomain());
        if (set == null || set.isEmpty()) {
            return false;
        }
        return set.contains(new QName(str, str2));
    }

    @Override // de.gwdg.cdstar.auth.realm.Authorizer
    public boolean isPermitted(Session session, Permission permission) {
        if (!(permission instanceof StringPermission)) {
            return false;
        }
        Set<StringPermission> set = this.domainGrants.get(session.getPrincipal().getDomain());
        if (set == null || set.isEmpty()) {
            return false;
        }
        Iterator<StringPermission> it = set.iterator();
        while (it.hasNext()) {
            if (it.next().implies(permission)) {
                return true;
            }
        }
        return false;
    }
}
