package com.appiancorp.expr.server.environment.epex.security;

import com.appiancorp.expr.server.environment.epex.exceptions.EPExAuthorizationException;
import com.appiancorp.expr.server.environment.epex.security.SecuredAction;
import com.appiancorp.expr.server.environment.epex.services.DeploymentProvider;
import com.appiancorp.security.auth.SecurityContext;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/appiancorp/expr/server/environment/epex/security/Authorizer.class */
public abstract class Authorizer<A extends SecuredAction> {
    public static final String APP_ADMIN_GROUP_UUID = "SYSTEM_GROUP_PORTAL_ADMINISTRATORS";

    public void verifyAuthorization(SecurityContext securityContext, A a, String str) {
        if (!isAllowed(securityContext, (SecurityContext) a, str)) {
            throw new EPExAuthorizationException("User [" + securityContext.getUserRef().getUsername() + "] is not authorized to take action [" + a + "] on uuid [" + str + "]");
        }
    }

    public boolean isAllowed(SecurityContext securityContext, A a, String str) {
        if (securityContext.isSysAdmin()) {
            return true;
        }
        return isAllowed(securityContext, (SecurityContext) a, getRoleMap(str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isAllowed(SecurityContext securityContext, A a, Map<Role, RoleMembers> map) {
        String userUuid = securityContext.getUserUuid();
        Set<String> memberGroupUuids = securityContext.getMemberGroupUuids();
        if (isUserInRole(userUuid, memberGroupUuids, Role.EXPLICIT_NONMEMBER, map)) {
            return false;
        }
        Iterator<Role> it = a.getAllowedRoles().iterator();
        while (it.hasNext()) {
            if (isUserInRole(userUuid, memberGroupUuids, it.next(), map)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean[] isEachAllowed(SecurityContext securityContext, A[] aArr, String str) {
        boolean[] zArr = new boolean[aArr.length];
        if (securityContext.isSysAdmin()) {
            Arrays.fill(zArr, true);
            return zArr;
        }
        String userUuid = securityContext.getUserUuid();
        Set<String> memberGroupUuids = securityContext.getMemberGroupUuids();
        Map<Role, RoleMembers> roleMap = getRoleMap(str);
        if (isUserInRole(userUuid, memberGroupUuids, Role.EXPLICIT_NONMEMBER, roleMap)) {
            Arrays.fill(zArr, false);
            return zArr;
        }
        Set<Role> roles = getRoles(userUuid, memberGroupUuids, roleMap, false);
        for (int i = 0; i < aArr.length; i++) {
            zArr[i] = aArr[i].isAllowed(roles);
        }
        return zArr;
    }

    private Set<Role> getRoles(String str, Set<String> set, Map<Role, RoleMembers> map, boolean z) {
        HashSet hashSet = new HashSet();
        if (isAppAdmin(set)) {
            hashSet.add(Role.APP_ADMIN);
        }
        for (Map.Entry<Role, RoleMembers> entry : map.entrySet()) {
            Role key = entry.getKey();
            if (key != Role.EXPLICIT_NONMEMBER || z) {
                if (isUserInRole(str, set, entry.getValue())) {
                    hashSet.add(key);
                }
            }
        }
        return hashSet;
    }

    private boolean isUserInRole(String str, Set<String> set, Role role, Map<Role, RoleMembers> map) {
        return role == Role.APP_ADMIN ? isAppAdmin(set) : isUserInRole(str, set, map.get(role));
    }

    private boolean isUserInRole(String str, Set<String> set, RoleMembers roleMembers) {
        if (roleMembers == null) {
            return false;
        }
        return roleMembers.getUserUuids().contains(str) || !Collections.disjoint(set, roleMembers.getGroupUuids());
    }

    private boolean isAppAdmin(Set<String> set) {
        return set.contains(APP_ADMIN_GROUP_UUID);
    }

    protected abstract Map<Role, RoleMembers> getRoleMap(String str);

    public static Map<Role, RoleMembers> getOuterActorDefinitionRoleMap(String str) {
        return RoleMapTransformer.transformToJavaMap(DeploymentProvider.get().getDeployment().ofActor(str).getActorDefinitionStore().getOuterActorDefinitionRoleMap(str));
    }
}
