package io.confluent.rbacapi.validation.v1;

import com.google.common.collect.ImmutableSet;
import io.confluent.security.authorizer.Scope;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.util.Set;
import javax.validation.Constraint;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
import javax.validation.Payload;
import org.apache.commons.lang3.StringUtils;

@Target({ElementType.PARAMETER, ElementType.FIELD})
@Retention(RetentionPolicy.RUNTIME)
@Constraint(validatedBy = {ScopeValidator.class})
/* loaded from: input_file:io/confluent/rbacapi/validation/v1/V1ValidScope.class */
public @interface V1ValidScope {

    /* loaded from: input_file:io/confluent/rbacapi/validation/v1/V1ValidScope$ScopeValidator.class */
    public static class ScopeValidator implements ConstraintValidator<V1ValidScope, Scope> {
        private static final String KAFKA_CLUSTER = "kafka-cluster";
        private static final Set<String> validClusterKeys = ImmutableSet.of("kafka-cluster", "connect-cluster", "ksql-cluster", "schema-registry-cluster");

        @Override // javax.validation.ConstraintValidator
        public void initialize(V1ValidScope v1ValidScope) {
        }

        @Override // javax.validation.ConstraintValidator
        public boolean isValid(Scope scope, ConstraintValidatorContext constraintValidatorContext) {
            constraintValidatorContext.disableDefaultConstraintViolation();
            if (scope == null) {
                constraintValidatorContext.buildConstraintViolationWithTemplate("Invalid Scope : scope should be included in the request body").addConstraintViolation();
                return false;
            }
            if (scope.path() != null && !scope.path().isEmpty()) {
                constraintValidatorContext.buildConstraintViolationWithTemplate("Invalid Scope : path should be empty").addConstraintViolation();
                return false;
            }
            if (scope.clusters() == null || scope.clusters().size() == 0 || scope.clusters().size() > 2) {
                constraintValidatorContext.buildConstraintViolationWithTemplate("Invalid Scope : clusters should only contain one or two cluster id keys").addConstraintViolation();
                return false;
            }
            if (!scope.clusters().keySet().contains("kafka-cluster")) {
                constraintValidatorContext.buildConstraintViolationWithTemplate("Invalid Scope : kafka-cluster should always be defined").addConstraintViolation();
                return false;
            }
            if (scope.clusters().keySet().stream().anyMatch(str -> {
                return !validClusterKeys.contains(str);
            })) {
                constraintValidatorContext.buildConstraintViolationWithTemplate("Invalid Scope : invalid cluster key found").addConstraintViolation();
                return false;
            }
            if (!scope.clusters().values().stream().anyMatch((v0) -> {
                return StringUtils.isBlank(v0);
            })) {
                return true;
            }
            constraintValidatorContext.buildConstraintViolationWithTemplate("Invalid Scope : cluster value cannot be blank").addConstraintViolation();
            return false;
        }
    }

    Class<?>[] groups() default {};

    Class<? extends Payload>[] payload() default {};

    String message() default "Invalid Scope";
}
