package eu.xenit.contentcloud.thunx.pdp.opa;

import eu.xenit.contentcloud.opa.client.OpaClient;
import eu.xenit.contentcloud.opa.client.api.CompileApi;
import eu.xenit.contentcloud.thunx.pdp.AuthenticationContext;
import eu.xenit.contentcloud.thunx.pdp.PolicyDecision;
import eu.xenit.contentcloud.thunx.pdp.PolicyDecisionPointClient;
import eu.xenit.contentcloud.thunx.pdp.PolicyDecisions;
import eu.xenit.contentcloud.thunx.pdp.RequestContext;
import eu.xenit.contentcloud.thunx.predicates.model.ThunkExpression;
import eu.xenit.contentcloud.thunx.visitor.reducer.ThunkReducerVisitor;
import java.net.URI;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/xenit/contentcloud/thunx/pdp/opa/OpenPolicyAgentPDPClient.class */
public class OpenPolicyAgentPDPClient implements PolicyDecisionPointClient {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(OpenPolicyAgentPDPClient.class);
    private final OpaClient opaClient;
    private OpaQueryProvider queryProvider;

    public OpenPolicyAgentPDPClient(OpaClient opaClient, OpaQueryProvider opaQueryProvider) {
        Objects.requireNonNull(opaClient, "opaClient is required");
        Objects.requireNonNull(opaQueryProvider, "queryProvider is required");
        this.opaClient = opaClient;
        this.queryProvider = opaQueryProvider;
    }

    public CompletableFuture<PolicyDecision> conditional(AuthenticationContext authenticationContext, RequestContext requestContext) {
        CompileApi.PartialEvaluationRequest partialEvaluationRequest = new CompileApi.PartialEvaluationRequest(this.queryProvider.createQuery(requestContext), createInput(authenticationContext, requestContext), List.of("input.entity"));
        return this.opaClient.compile(partialEvaluationRequest).thenApply(partialEvalResponse -> {
            log.trace("Partial policy evaluation request:\n{}\nResponse:\n{}", partialEvaluationRequest, partialEvalResponse);
            return new QuerySetToThunkExpressionConverter().convert(partialEvalResponse.getResult().getQueries());
        }).thenApply(thunkExpression -> {
            ThunkExpression assertResultType = ((ThunkExpression) thunkExpression.accept(ThunkReducerVisitor.DEFAULT_INSTANCE)).assertResultType(Boolean.class);
            log.trace("Thunx expression:\n{}\nReduced to:\n{}", thunkExpression, assertResultType);
            return (PolicyDecision) ThunkExpression.maybeValue(assertResultType).map(bool -> {
                return bool.booleanValue() ? PolicyDecisions.allowed() : PolicyDecisions.denied();
            }).orElse(PolicyDecisions.conditional(assertResultType));
        });
    }

    static Map<String, Object> createInput(AuthenticationContext authenticationContext, RequestContext requestContext) {
        return Map.of("path", uriToPathArray(requestContext.getURI()), "method", requestContext.getHttpMethod(), "queryParams", requestContext.getQueryParams(), "auth", authenticationContext, "user", authenticationContext.getUser());
    }

    static String[] uriToPathArray(URI uri) {
        Objects.requireNonNull(uri, "Argument 'uri' is required");
        String path = uri.normalize().getPath();
        if (path == null) {
            return new String[0];
        }
        if (path.startsWith("/")) {
            path = path.substring(1);
        }
        return path.length() == 0 ? new String[0] : path.split("/");
    }
}
