package com.google.enterprise.cloudsearch.sdk.indexing;

import com.google.api.services.cloudsearch.v1.model.Item;
import com.google.api.services.cloudsearch.v1.model.ItemAcl;
import com.google.api.services.cloudsearch.v1.model.Operation;
import com.google.api.services.cloudsearch.v1.model.Principal;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.enterprise.cloudsearch.sdk.InvalidConfigurationException;
import com.google.enterprise.cloudsearch.sdk.StartupException;
import com.google.enterprise.cloudsearch.sdk.config.Configuration;
import com.google.enterprise.cloudsearch.sdk.indexing.Acl;
import com.google.enterprise.cloudsearch.sdk.indexing.IndexingItemBuilder;
import com.google.enterprise.cloudsearch.sdk.indexing.IndexingService;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.ExecutionException;

/* loaded from: input_file:com/google/enterprise/cloudsearch/sdk/indexing/DefaultAcl.class */
public class DefaultAcl {
    public static final String DEFAULT_ACL_MODE = "defaultAcl.mode";
    public static final String DEFAULT_ACL_PUBLIC = "defaultAcl.public";
    public static final String DEFAULT_ACL_READERS_USERS = "defaultAcl.readers.users";
    public static final String DEFAULT_ACL_READERS_GROUPS = "defaultAcl.readers.groups";
    public static final String DEFAULT_ACL_DENIED_USERS = "defaultAcl.denied.users";
    public static final String DEFAULT_ACL_DENIED_GROUPS = "defaultAcl.denied.groups";
    public static final String DEFAULT_ACL_NAME = "defaultAcl.name";
    public static final String DEFAULT_ACL_NAME_DEFAULT = "DEFAULT_ACL_VIRTUAL_CONTAINER";
    public static final String DEFAULT_ACL_QUEUE = "DEFAULT_ACL_VIRTUAL_CONTAINER_QUEUE";
    public static final Configuration.Parser<DefaultAclMode> DEFAULT_ACL_MODE_PARSER = str -> {
        try {
            return DefaultAclMode.valueOf(str.toUpperCase());
        } catch (IllegalArgumentException e) {
            throw new InvalidConfigurationException("Invalid default ACL mode config value: " + str, e);
        }
    };
    private final Acl commonAcl;
    private final DefaultAclMode aclMode;
    private final String defaultAclName;

    /* loaded from: input_file:com/google/enterprise/cloudsearch/sdk/indexing/DefaultAcl$Builder.class */
    public static final class Builder {
        private IndexingService indexingService;
        private DefaultAclMode aclMode = DefaultAclMode.NONE;
        private boolean isPublic = true;
        private List<Principal> readerUsers = Collections.emptyList();
        private List<Principal> readerGroups = Collections.emptyList();
        private List<Principal> deniedReaderUsers = Collections.emptyList();
        private List<Principal> deniedReaderGroups = Collections.emptyList();
        private String defaultAclName = DefaultAcl.DEFAULT_ACL_NAME_DEFAULT;

        public Builder setMode(DefaultAclMode defaultAclMode) {
            this.aclMode = defaultAclMode;
            return this;
        }

        public Builder setIsPublic(boolean z) {
            this.isPublic = z;
            return this;
        }

        public Builder setReaderUsers(List<Principal> list) {
            this.readerUsers = list;
            return this;
        }

        public Builder setReaderGroups(List<Principal> list) {
            this.readerGroups = list;
            return this;
        }

        public Builder setDeniedReaderUsers(List<Principal> list) {
            this.deniedReaderUsers = list;
            return this;
        }

        public Builder setDeniedReaderGroups(List<Principal> list) {
            this.deniedReaderGroups = list;
            return this;
        }

        public Builder setIndexingService(IndexingService indexingService) {
            this.indexingService = indexingService;
            return this;
        }

        public Builder setDefaultAclName(String str) {
            this.defaultAclName = str;
            return this;
        }

        public DefaultAcl build() {
            Preconditions.checkNotNull(this.readerUsers, "Default ACL readers cannot be null.");
            Preconditions.checkNotNull(this.readerGroups, "Default ACL reader groups cannot be null.");
            Preconditions.checkNotNull(this.deniedReaderUsers, "Default ACL denied readers cannot be null.");
            Preconditions.checkNotNull(this.deniedReaderGroups, "Default ACL denied reader groups cannot be null.");
            Preconditions.checkNotNull(this.indexingService, "Default ACL IndexingService cannot be null.");
            Preconditions.checkNotNull(this.defaultAclName, "Default ACL name cannot be null.");
            if (!this.aclMode.isEnabled() || this.isPublic) {
                Preconditions.checkArgument(this.readerUsers.isEmpty(), "can not specify reader users if default acl is public or not enabled");
                Preconditions.checkArgument(this.readerGroups.isEmpty(), "can not specify reader groups if default acl is public or not enabled");
                Preconditions.checkArgument(this.deniedReaderUsers.isEmpty(), "can not specify denied reader users if default acl is public or not enabled");
                Preconditions.checkArgument(this.deniedReaderGroups.isEmpty(), "can not specify denied reader groups if default acl is public or not enabled");
            }
            if (this.aclMode.isEnabled() && !this.isPublic) {
                Preconditions.checkArgument((this.readerUsers.isEmpty() && this.readerGroups.isEmpty() && this.deniedReaderUsers.isEmpty() && this.deniedReaderGroups.isEmpty()) ? false : true, "no principal specified for non public default ACL");
            }
            return new DefaultAcl(this);
        }
    }

    /* loaded from: input_file:com/google/enterprise/cloudsearch/sdk/indexing/DefaultAcl$DefaultAclMode.class */
    public enum DefaultAclMode {
        NONE("none"),
        FALLBACK("fallback"),
        APPEND("append"),
        OVERRIDE("override");

        private String value;

        DefaultAclMode(String str) {
            this.value = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.value;
        }

        public boolean isEnabled() {
            return this != NONE;
        }
    }

    private DefaultAcl(Builder builder) {
        this.aclMode = builder.aclMode;
        this.defaultAclName = builder.defaultAclName;
        if (!this.aclMode.isEnabled()) {
            this.commonAcl = null;
            return;
        }
        if (builder.isPublic) {
            this.commonAcl = new Acl.Builder().setReaders(Collections.singleton(Acl.getCustomerPrincipal())).build();
        } else {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(builder.readerUsers);
            arrayList.addAll(builder.readerGroups);
            ArrayList arrayList2 = new ArrayList();
            arrayList2.addAll(builder.deniedReaderUsers);
            arrayList2.addAll(builder.deniedReaderGroups);
            this.commonAcl = new Acl.Builder().setReaders(arrayList).setDeniedReaders(arrayList2).build();
        }
        try {
            Operation operation = (Operation) builder.indexingService.indexItem(new IndexingItemBuilder(this.defaultAclName).setItemType(IndexingItemBuilder.ItemType.VIRTUAL_CONTAINER_ITEM).setAcl(this.commonAcl).setQueue(DEFAULT_ACL_QUEUE).build(), IndexingService.RequestMode.SYNCHRONOUS).get();
            if (!operation.getDone().booleanValue()) {
                throw new StartupException(String.format("Unable to upload default ACL. %s", operation));
            }
            if (operation.getError() != null) {
                throw new StartupException(String.format("Unable to upload default ACL. %s", operation));
            }
        } catch (IOException e) {
            throw new StartupException("Unable to upload default ACL.", e);
        } catch (InterruptedException e2) {
            Thread.currentThread().interrupt();
            throw new StartupException("Interrupted while creating virtual container item for Default ACL.", e2);
        } catch (ExecutionException e3) {
            throw new StartupException("Unable to upload default ACL.", e3.getCause());
        }
    }

    public static DefaultAcl fromConfiguration(IndexingService indexingService) {
        Preconditions.checkState(Configuration.isInitialized(), "Configuration not initialized");
        DefaultAclMode defaultAclMode = (DefaultAclMode) Configuration.getValue(DEFAULT_ACL_MODE, DefaultAclMode.NONE, DEFAULT_ACL_MODE_PARSER).get();
        boolean booleanValue = ((Boolean) Configuration.getBoolean(DEFAULT_ACL_PUBLIC, false).get()).booleanValue();
        List<Principal> list = (List) Configuration.getMultiValue(DEFAULT_ACL_READERS_USERS, Collections.emptyList(), Acl.USER_PARSER).get();
        List<Principal> list2 = (List) Configuration.getMultiValue(DEFAULT_ACL_READERS_GROUPS, Collections.emptyList(), Acl.GROUP_PARSER).get();
        List<Principal> list3 = (List) Configuration.getMultiValue(DEFAULT_ACL_DENIED_USERS, Collections.emptyList(), Acl.USER_PARSER).get();
        List<Principal> list4 = (List) Configuration.getMultiValue(DEFAULT_ACL_DENIED_GROUPS, Collections.emptyList(), Acl.GROUP_PARSER).get();
        return new Builder().setMode(defaultAclMode).setIsPublic(booleanValue).setReaderUsers(list).setReaderGroups(list2).setDeniedReaderUsers(list3).setDeniedReaderGroups(list4).setIndexingService(indexingService).setDefaultAclName((String) Configuration.getString(DEFAULT_ACL_NAME, DEFAULT_ACL_NAME_DEFAULT).get()).build();
    }

    public boolean applyToIfEnabled(Item item) {
        if (!this.aclMode.isEnabled()) {
            return false;
        }
        Preconditions.checkNotNull(item, "Item cannot be null.");
        if (isAclEmpty(item)) {
            applyInheritedAcl(item);
            return true;
        }
        switch (this.aclMode) {
            case FALLBACK:
                return false;
            case APPEND:
                List<Principal> copyOrEmptyList = getCopyOrEmptyList(item.getAcl().getReaders());
                copyOrEmptyList.addAll(this.commonAcl.getReaders());
                List<Principal> copyOrEmptyList2 = getCopyOrEmptyList(item.getAcl().getDeniedReaders());
                copyOrEmptyList2.addAll(this.commonAcl.getDeniedReaders());
                Acl.Builder owners = new Acl.Builder().setReaders(copyOrEmptyList).setDeniedReaders(copyOrEmptyList2).setInheritFrom(item.getAcl().getInheritAclFrom()).setOwners(getCopyOrEmptyList(item.getAcl().getOwners()));
                if (!Strings.isNullOrEmpty(item.getAcl().getAclInheritanceType())) {
                    owners.setInheritanceType(Acl.InheritanceType.valueOf(item.getAcl().getAclInheritanceType()));
                }
                owners.build().applyTo(item);
                return true;
            case OVERRIDE:
                applyInheritedAcl(item);
                return true;
            default:
                throw new IllegalStateException("Attempting to apply a default ACL with mode: " + this.aclMode.toString());
        }
    }

    @VisibleForTesting
    static boolean isAclEmpty(Item item) {
        ItemAcl acl = item.getAcl();
        return acl == null || (isNullOrEmpty(acl.getReaders()) && isNullOrEmpty(acl.getDeniedReaders()) && acl.getInheritAclFrom() == null);
    }

    private static List<Principal> getCopyOrEmptyList(Collection<Principal> collection) {
        return collection == null ? new ArrayList() : new ArrayList(collection);
    }

    private static boolean isNullOrEmpty(Collection<?> collection) {
        return collection == null || collection.isEmpty();
    }

    private void applyInheritedAcl(Item item) {
        Acl.Builder inheritanceType = new Acl.Builder().setInheritFrom(this.defaultAclName).setInheritanceType(Acl.InheritanceType.PARENT_OVERRIDE);
        ItemAcl acl = item.getAcl();
        if (acl != null && !isNullOrEmpty(acl.getOwners())) {
            inheritanceType.setOwners(acl.getOwners());
        }
        inheritanceType.build().applyTo(item);
    }

    public DefaultAclMode getDefaultAclMode() {
        return this.aclMode;
    }
}
