package io.confluent.security.roledefinitions;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import io.confluent.security.roledefinitions.AccessPolicy;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.stream.Collectors;

/* loaded from: input_file:io/confluent/security/roledefinitions/RolePermissionsFilter.class */
public class RolePermissionsFilter {
    private final Map<String, Map<String, List<String>>> rolePermissions;

    /* loaded from: input_file:io/confluent/security/roledefinitions/RolePermissionsFilter$FilterNames.class */
    public enum FilterNames {
        CLOUD_CORE_POLICY_FILTER("CloudCorePolicyFilter"),
        CLOUD_KAFKA_FILTER("CloudKafkaFilter"),
        CLOUD_SDS_FILTER("CloudSdsFilter"),
        CLOUD_RBAC_ROLES_FILTER("CloudRbacRolesFilter"),
        CLOUD_CATALOG_KAFKA_RESOURCE_FILTER("CloudCatalogKafkaResourceFilter"),
        CLOUD_CONNECT_V2_FILTER("CloudConnectV2Filter"),
        CLOUD_CONNECT_V3_FILTER("CloudConnectV3Filter"),
        CLOUD_ACCESS_POINT_FILTER("CloudAccessPointFilter"),
        CLOUD_BILLING_FILTER("CloudBillingFilter"),
        CLOUD_DNSRECORD_FILTER("CloudDnsRecordFilter"),
        CLOUD_FLINK_COMPUTE_POOL_FILTER("CloudFlinkComputePoolFilter"),
        CLOUD_FLINK_CONNECTION_FILTER("CloudFlinkConnectionFilter"),
        CLOUD_FLINK_FUNCTION_FILTER("CloudFlinkFunctionFilter"),
        CLOUD_FLINK_MODEL_FILTER("CloudFlinkModelFilter"),
        CLOUD_GATEWAY_FILTER("CloudGatewayFilter"),
        CLOUD_PRINCIPAL_DESCRIBE_FILTER("CloudPrincipalDescribeFilter"),
        CLOUD_PROVIDER_INTEGRATION_FILTER("CloudProviderIntegrationFilter"),
        CLOUD_WORKLOAD_IDENTITY_FILTER("CloudWorkloadIdentityFilter"),
        CLOUD_SA_CREATE_FILTER("CloudSaCreateFilter"),
        CLOUD_SDS_KEK_SR_RESOURCE_FILTER("CloudSdsKekSrResourceFilter"),
        CLOUD_SDS_KSQL_FILTER("CloudSdsKsqlFilter"),
        CLOUD_SDS_SR_FILTER("CloudSdsSrFilter"),
        CLOUD_IDENTITY_POOL_RESOURCE_OWNER_FILTER("CloudIdentityPoolResourceOwnerFilter"),
        CLOUD_GROUP_MAPPING_RESOURCE_OWNER_FILTER("CloudGroupMappingResourceOwnerFilter"),
        CLOUD_INTERNAL_PRINCIPAL_FILTER("CloudInternalPrincipalFilter"),
        CLOUD_IDENTITY_POOL_CREATE_FILTER("CloudIdentityPoolCreateFilter"),
        CLOUD_CONFLUENT_BESPOKE_ROLE_TESTING_FILTER("CloudBespokeConfluentTestingFilter"),
        CLOUD_OPERATOR_CONNECTORS_FILTER("CloudOperatorConnectorsFilter"),
        CLOUD_DOMAIN_OWNERSHIP_FILTER("CloudDomainOwnershipFilter");

        private final String filterName;

        FilterNames(String str) {
            this.filterName = str;
        }

        public String filterName() {
            return this.filterName;
        }
    }

    @JsonCreator
    public RolePermissionsFilter(@JsonProperty("roles") Map<String, Map<String, List<String>>> map) {
        this.rolePermissions = map;
    }

    public List<String> getRolesInFilter() {
        return new ArrayList(this.rolePermissions.keySet());
    }

    public static List<String> getAllCloudFilters() {
        return (List) Arrays.stream(FilterNames.values()).map((v0) -> {
            return v0.filterName();
        }).collect(Collectors.toList());
    }

    public static boolean doesFilterExist(String str) {
        return Arrays.asList(FilterNames.values()).stream().anyMatch(filterNames -> {
            return filterNames.filterName().equals(str);
        });
    }

    public ArrayList<AccessPolicy> filter(Role role) {
        return filterAccessPoliciesForRole(role);
    }

    private ArrayList<AccessPolicy> filterAccessPoliciesForRole(Role role) {
        ArrayList<AccessPolicy> arrayList = new ArrayList<>();
        role.accessPolicies().forEach((str, collection) -> {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                AccessPolicy accessPolicy = (AccessPolicy) it.next();
                AccessPolicy accessPolicy2 = new AccessPolicy(str, Boolean.valueOf(accessPolicy.bindWithResource()), filterResourceOperations(accessPolicy, this.rolePermissions.get(role.name())));
                if (!accessPolicy2.allowedOperations().isEmpty()) {
                    arrayList.add(accessPolicy2);
                }
            }
        });
        return arrayList;
    }

    private Collection<AccessPolicy.ResourceOperations> filterResourceOperations(AccessPolicy accessPolicy, Map<String, List<String>> map) {
        ArrayList arrayList = new ArrayList();
        for (AccessPolicy.ResourceOperations resourceOperations : accessPolicy.allowedOperations()) {
            if (map != null && map.containsKey(resourceOperations.resourceType())) {
                String resourceType = resourceOperations.resourceType();
                Collection<String> filterOperations = filterOperations(resourceOperations, map.get(resourceType));
                if (!filterOperations.isEmpty()) {
                    arrayList.add(new AccessPolicy.ResourceOperations(resourceType, filterOperations));
                }
            }
        }
        return arrayList;
    }

    private Collection<String> filterOperations(AccessPolicy.ResourceOperations resourceOperations, List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (String str : resourceOperations.operations()) {
            if (list.contains(str)) {
                arrayList.add(str);
            } else if (str.equals("All")) {
                arrayList.addAll(list);
            }
        }
        return arrayList;
    }

    public static String listRolesAsASingleFilter(List<String> list) {
        List<Role> list2 = (List) RbacRoles.loadRolesWithFilters(list).roles().stream().sorted(Comparator.comparing((v0) -> {
            return v0.name();
        })).collect(Collectors.toList());
        StringBuilder sb = new StringBuilder();
        sb.append("roles:\n");
        for (Role role : list2) {
            sb.append("\t").append(role.name()).append(":").append("\n");
            Collection<AccessPolicy> flatAccessPolicies = role.flatAccessPolicies();
            TreeMap treeMap = new TreeMap();
            Iterator<AccessPolicy> it = flatAccessPolicies.iterator();
            while (it.hasNext()) {
                for (AccessPolicy.ResourceOperations resourceOperations : it.next().allowedOperations()) {
                    if (treeMap.containsKey(resourceOperations.resourceType())) {
                        List list3 = (List) treeMap.get(resourceOperations.resourceType());
                        list3.addAll(resourceOperations.operations());
                        list3.sort((v0, v1) -> {
                            return v0.compareTo(v1);
                        });
                        treeMap.put(resourceOperations.resourceType(), list3);
                    } else {
                        treeMap.put(resourceOperations.resourceType(), (List) resourceOperations.operations().stream().sorted().collect(Collectors.toList()));
                    }
                }
            }
            for (Map.Entry entry : treeMap.entrySet()) {
                sb.append("\t\t").append((String) entry.getKey()).append(": ").append(entry.getValue()).append("\n");
            }
            sb.append("\n");
        }
        return sb.toString();
    }
}
