package com.el.core.security.rbac;

import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Stream;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.Authorizer;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.authz.permission.PermissionResolver;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/el/core/security/rbac/RbacAuthorizer.class */
public class RbacAuthorizer implements Authorizer {
    private static final Logger log = LoggerFactory.getLogger(RbacAuthorizer.class);
    private final PermissionResolver permissionResolver;

    private RbacPrincipal toRbacPrincipal(PrincipalCollection principalCollection) {
        return (RbacPrincipal) principalCollection.getPrimaryPrincipal();
    }

    private boolean imples(RbacPrincipal rbacPrincipal, Permission permission) {
        return rbacPrincipal.getObjectPermissions().contains(permission);
    }

    private boolean imples(RbacPrincipal rbacPrincipal, String str) {
        return this.permissionResolver != null ? rbacPrincipal.getObjectPermissions().contains(this.permissionResolver.resolvePermission(str)) : rbacPrincipal.getStringPermissions().contains(str);
    }

    public boolean isPermitted(PrincipalCollection principalCollection, String str) {
        RbacPrincipal rbacPrincipal = toRbacPrincipal(principalCollection);
        boolean imples = imples(rbacPrincipal, str);
        log.trace("[EDP-IAM] {} isPermitted {} ? {}", new Object[]{rbacPrincipal, str, Boolean.valueOf(imples)});
        return imples;
    }

    public boolean isPermitted(PrincipalCollection principalCollection, Permission permission) {
        RbacPrincipal rbacPrincipal = toRbacPrincipal(principalCollection);
        boolean imples = imples(rbacPrincipal, permission);
        log.trace("[EDP-IAM] {} isPermitted {} ? {}", new Object[]{rbacPrincipal, permission, Boolean.valueOf(imples)});
        return imples;
    }

    public boolean[] isPermitted(PrincipalCollection principalCollection, String... strArr) {
        if (strArr == null || strArr.length <= 0) {
            return new boolean[0];
        }
        RbacPrincipal rbacPrincipal = toRbacPrincipal(principalCollection);
        boolean[] zArr = new boolean[strArr.length];
        int i = 0;
        for (String str : strArr) {
            int i2 = i;
            i++;
            zArr[i2] = imples(rbacPrincipal, str);
        }
        log.trace("[EDP-IAM] {} isPermitted {} ? {}", new Object[]{rbacPrincipal, Arrays.toString(strArr), Arrays.toString(zArr)});
        return zArr;
    }

    public boolean[] isPermitted(PrincipalCollection principalCollection, List<Permission> list) {
        if (list == null || list.isEmpty()) {
            return new boolean[0];
        }
        RbacPrincipal rbacPrincipal = toRbacPrincipal(principalCollection);
        boolean[] zArr = new boolean[list.size()];
        int i = 0;
        Iterator<Permission> it = list.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            zArr[i2] = imples(rbacPrincipal, it.next());
        }
        log.trace("[EDP-IAM] {} isPermitted {} ? {}", new Object[]{rbacPrincipal, list, Arrays.toString(zArr)});
        return zArr;
    }

    public boolean isPermittedAll(PrincipalCollection principalCollection, String... strArr) {
        if (strArr == null || strArr.length <= 0) {
            return true;
        }
        RbacPrincipal rbacPrincipal = toRbacPrincipal(principalCollection);
        return Stream.of((Object[]) strArr).allMatch(str -> {
            return imples(rbacPrincipal, str);
        });
    }

    public boolean isPermittedAll(PrincipalCollection principalCollection, Collection<Permission> collection) {
        if (collection == null || collection.isEmpty()) {
            return true;
        }
        RbacPrincipal rbacPrincipal = toRbacPrincipal(principalCollection);
        return collection.stream().allMatch(permission -> {
            return imples(rbacPrincipal, permission);
        });
    }

    public void checkPermission(PrincipalCollection principalCollection, String str) throws AuthorizationException {
        if (!isPermitted(principalCollection, str)) {
            throw new UnauthorizedException("[EDP-IAM] Subject does not have permission [" + str + "]");
        }
    }

    public void checkPermission(PrincipalCollection principalCollection, Permission permission) throws AuthorizationException {
        if (!isPermitted(principalCollection, permission)) {
            throw new UnauthorizedException("[EDP-IAM] Subject does not have permission [" + permission + "]");
        }
    }

    public void checkPermissions(PrincipalCollection principalCollection, String... strArr) throws AuthorizationException {
        if (strArr != null) {
            for (String str : strArr) {
                checkPermission(principalCollection, str);
            }
        }
    }

    public void checkPermissions(PrincipalCollection principalCollection, Collection<Permission> collection) throws AuthorizationException {
        if (collection != null) {
            Iterator<Permission> it = collection.iterator();
            while (it.hasNext()) {
                checkPermission(principalCollection, it.next());
            }
        }
    }

    public boolean hasRole(PrincipalCollection principalCollection, String str) {
        RbacPrincipal rbacPrincipal = toRbacPrincipal(principalCollection);
        boolean hasRole = rbacPrincipal.hasRole(str);
        log.trace("[EDP-IAM] {} hasRole {} ? {}", new Object[]{rbacPrincipal, str, Boolean.valueOf(hasRole)});
        return hasRole;
    }

    public boolean hasAllRoles(PrincipalCollection principalCollection, Collection<String> collection) {
        if (collection == null || collection.isEmpty()) {
            return true;
        }
        RbacPrincipal rbacPrincipal = toRbacPrincipal(principalCollection);
        Stream<String> stream = collection.stream();
        rbacPrincipal.getClass();
        boolean allMatch = stream.allMatch(rbacPrincipal::hasRole);
        log.trace("[EDP-IAM] {} hasAllRoles {} ? {}", new Object[]{rbacPrincipal, collection, Boolean.valueOf(allMatch)});
        return allMatch;
    }

    public boolean[] hasRoles(PrincipalCollection principalCollection, List<String> list) {
        if (list == null || list.isEmpty()) {
            return new boolean[0];
        }
        RbacPrincipal rbacPrincipal = toRbacPrincipal(principalCollection);
        boolean[] zArr = new boolean[list.size()];
        int i = 0;
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            zArr[i2] = rbacPrincipal.hasRole(it.next());
        }
        log.trace("[EDP-IAM] {} hasRoles {} ? {}", new Object[]{rbacPrincipal, list, Arrays.toString(zArr)});
        return zArr;
    }

    public void checkRole(PrincipalCollection principalCollection, String str) throws AuthorizationException {
        if (!hasRole(principalCollection, str)) {
            throw new UnauthorizedException("Subject does not have role [" + str + "]");
        }
    }

    public void checkRoles(PrincipalCollection principalCollection, Collection<String> collection) throws AuthorizationException {
        if (collection != null) {
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                checkRole(principalCollection, it.next());
            }
        }
    }

    public void checkRoles(PrincipalCollection principalCollection, String... strArr) throws AuthorizationException {
        if (strArr != null) {
            for (String str : strArr) {
                checkRole(principalCollection, str);
            }
        }
    }

    public RbacAuthorizer(PermissionResolver permissionResolver) {
        this.permissionResolver = permissionResolver;
    }
}
