package io.confluent.security.roledefinitions;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import io.confluent.security.roledefinitions.RbacQuotas;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/* loaded from: input_file:io/confluent/security/roledefinitions/Role.class */
public class Role {
    public static final String NAMESPACE_PUBLIC = "public";
    public static final String NAMESPACE_CONFLUENT = "confluent";
    public static final String NAMESPACE_CDX = "cdx";
    public static final String NAMESPACE_DATAPLANE = "dataplane";
    public static final String NAMESPACE_DATAGOVERNANCE = "datagovernance";
    public static final String NAMESPACE_STREAMCATALOG = "streamcatalog";
    public static final String NAMESPACE_KSMS = "ksms";
    public static final String NAMESPACE_NETWORKING = "networking";
    public static final String NAMESPACE_CONNECT = "connect";
    public static final String NAMESPACE_CONNECT_V2 = "connectv2";
    public static final String NAMESPACE_CONNECT_V3 = "connectv3";
    public static final String NAMESPACE_KSQL = "ksql";
    public static final String NAMESPACE_FLINK = "flink";
    public static final String NAMESPACE_PIPELINES = "pipelines";
    public static final String NAMESPACE_KAFKAQUEUES = "kafkaqueues";
    public static final String NAMESPACE_WORKLOAD = "workload";
    public static final String NAMESPACE_BILLING = "billing";
    public static final String NAMESPACE_BASEPERMISSION = "basepermission";
    public static final String NAMESPACE_CLOUDACCESSIDENTITY = "cloudaccessidentity";
    private final String name;
    private final String displayName;
    private final String namespace;
    private final boolean internal;
    private final RbacQuotas.RbacQuota rbacQuota;
    private final Map<String, Collection<AccessPolicy>> accessPolicies;
    private String mostSpecificBindingScope = null;

    @JsonCreator
    public Role(@JsonProperty("name") String str, @JsonProperty("displayName") String str2, @JsonProperty("namespace") String str3, @JsonProperty("internal") boolean z, @JsonProperty("rbacQuota") RbacQuotas.RbacQuota rbacQuota, @JsonProperty("policy") AccessPolicy accessPolicy, @JsonProperty("policies") List<AccessPolicy> list) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("Role name must be non-empty");
        }
        this.name = str;
        this.displayName = str2 == null ? str : str2;
        this.namespace = str3;
        this.internal = z;
        this.rbacQuota = rbacQuota == null ? RbacQuotas.RbacQuota.NONE : rbacQuota;
        HashMap hashMap = new HashMap();
        if (accessPolicy != null) {
            if (list != null) {
                throw new InvalidRoleDefinitionException("role must not define both 'accessPolicy' and 'accessPolicies'");
            }
            hashMap.put(accessPolicy.bindingScope(), Collections.singletonList(accessPolicy));
        }
        if (list != null) {
            for (AccessPolicy accessPolicy2 : list) {
                ((Collection) hashMap.computeIfAbsent(accessPolicy2.bindingScope(), str4 -> {
                    return new ArrayList();
                })).add(accessPolicy2);
            }
        }
        if (hashMap.isEmpty()) {
            throw new InvalidRoleDefinitionException("at least one access policy must be supplied");
        }
        this.accessPolicies = Collections.unmodifiableMap(hashMap);
    }

    private Role(String str, String str2, String str3, boolean z, RbacQuotas.RbacQuota rbacQuota, Map<String, Collection<AccessPolicy>> map) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("Role name must be non-empty");
        }
        this.name = str;
        this.displayName = str2 == null ? str : str2;
        this.namespace = str3;
        this.internal = z;
        this.rbacQuota = rbacQuota;
        if (map.isEmpty()) {
            throw new InvalidRoleDefinitionException("at least one access policy must be supplied");
        }
        this.accessPolicies = Collections.unmodifiableMap(map);
    }

    public static Role merge(Role role, Role role2) {
        if (!Objects.equals(role.name, role2.name)) {
            throw new IllegalArgumentException("Role name does not match");
        }
        if (!Objects.equals(role.displayName(), role2.displayName())) {
            throw new IllegalArgumentException("Role display name does not match");
        }
        if (!Objects.equals(role.namespace, role2.namespace)) {
            throw new IllegalArgumentException("Role namespace does not match");
        }
        if (!Objects.equals(Boolean.valueOf(role.internal), Boolean.valueOf(role2.internal))) {
            throw new IllegalArgumentException("Role state internal does not match");
        }
        if (!Objects.equals(role.rbacQuota, role2.rbacQuota)) {
            throw new IllegalArgumentException("Role rbacQuota does not match");
        }
        HashMap hashMap = new HashMap(role.accessPolicies);
        role2.accessPolicies.forEach((str, collection) -> {
            hashMap.merge(str, collection, Role::mergeAtBindingScope);
        });
        return new Role(role.name, role.displayName(), role.namespace, role.internal, role.rbacQuota, hashMap);
    }

    public static Role mergeYaml(Role role, Role role2) {
        if (!Objects.equals(role.name, role2.name)) {
            throw new IllegalArgumentException("Role name does not match");
        }
        if (!Objects.equals(role.displayName(), role2.displayName())) {
            throw new IllegalArgumentException("Role display name does not match");
        }
        if (!Objects.equals(role.namespace, role2.namespace)) {
            throw new IllegalArgumentException("Role namespace does not match");
        }
        if (!Objects.equals(Boolean.valueOf(role.internal), Boolean.valueOf(role2.internal))) {
            throw new IllegalArgumentException("Role state internal does not match");
        }
        if (!Objects.equals(role.rbacQuota, role2.rbacQuota)) {
            throw new IllegalArgumentException("Role rbacQuota does not match");
        }
        HashMap hashMap = new HashMap(role.accessPolicies);
        role2.accessPolicies.forEach((str, collection) -> {
            hashMap.merge(str, collection, Role::mergeAtBindingScopeYaml);
        });
        return new Role(role.name, role.displayName(), role.namespace, role.internal, role.rbacQuota, hashMap);
    }

    public static Collection<AccessPolicy> mergeAtBindingScope(Collection<AccessPolicy> collection, Collection<AccessPolicy> collection2) {
        validateAccessPoliciesAtBindingScope(collection);
        validateAccessPoliciesAtBindingScope(collection2);
        return ((Map) Stream.concat(collection.stream(), collection2.stream()).collect(Collectors.toMap((v0) -> {
            return v0.bindWithResource();
        }, Function.identity(), AccessPolicy::merge))).values();
    }

    public static Collection<AccessPolicy> mergeAtBindingScopeYaml(Collection<AccessPolicy> collection, Collection<AccessPolicy> collection2) {
        validateAccessPoliciesAtBindingScope(collection);
        validateAccessPoliciesAtBindingScope(collection2);
        return ((Map) Stream.concat(collection.stream(), collection2.stream()).collect(Collectors.toMap((v0) -> {
            return v0.bindWithResource();
        }, Function.identity(), AccessPolicy::mergeYaml))).values();
    }

    private static void validateAccessPoliciesAtBindingScope(Collection<AccessPolicy> collection) {
        if (collection.size() > 2) {
            throw new IllegalArgumentException("We can have at most 2 accessPolicies at a given BindingScope. accessPolicies = " + collection);
        }
        if (collection.stream().filter((v0) -> {
            return v0.bindWithResource();
        }).count() > 1) {
            throw new IllegalArgumentException("We can have at most 1 accessPolicy at a given BindingScope with bindWithResource=true. accessPolicies = " + collection);
        }
        if (collection.stream().filter(accessPolicy -> {
            return !accessPolicy.bindWithResource();
        }).count() > 1) {
            throw new IllegalArgumentException("We can have at most 1 accessPolicy at a given BindingScope with bindWithResource=false. accessPolicies = " + collection);
        }
    }

    @JsonProperty
    public String name() {
        return this.name;
    }

    @JsonProperty
    public String displayName() {
        return this.displayName == null ? this.name : this.displayName;
    }

    @JsonProperty
    public String namespace() {
        return this.namespace;
    }

    @JsonProperty
    public boolean internal() {
        return this.internal;
    }

    @JsonProperty
    public RbacQuotas.RbacQuota rbacQuota() {
        return this.rbacQuota;
    }

    public boolean isInNamespace(String str) {
        return this.namespace.equals(str);
    }

    @JsonProperty("policies")
    public Map<String, Collection<AccessPolicy>> accessPolicies() {
        return this.accessPolicies;
    }

    public Collection<AccessPolicy> flatAccessPolicies() {
        return (Collection) this.accessPolicies.values().stream().flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toList());
    }

    public Set<String> bindingScopes() {
        return this.accessPolicies.keySet();
    }

    public boolean bindWithResource() {
        return this.accessPolicies.values().stream().anyMatch(collection -> {
            return collection.stream().anyMatch((v0) -> {
                return v0.bindWithResource();
            });
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setMostSpecificBindingScope(String str) {
        this.mostSpecificBindingScope = str;
    }

    public String mostSpecificBindingScope() {
        return this.mostSpecificBindingScope;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof Role)) {
            return false;
        }
        Role role = (Role) obj;
        return Objects.equals(this.name, role.name) && Objects.equals(this.accessPolicies, role.accessPolicies);
    }

    public int hashCode() {
        return Objects.hash(this.name, this.accessPolicies);
    }

    public String toString() {
        return "Role{name='" + this.name + "', displayName='" + this.displayName + "', namespace='" + this.namespace + "', internal='" + this.internal + "', rbacQuota='" + this.rbacQuota + "', accessPolicies=" + this.accessPolicies + ", mostSpecificBindingScope='" + this.mostSpecificBindingScope + "'}";
    }
}
