package com.datahub.authorization;

import com.datahub.authorization.AuthorizationResult;
import com.datahub.plugins.auth.authorization.Authorizer;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import javax.annotation.Nonnull;

/* loaded from: input_file:com/datahub/authorization/AuthUtil.class */
public class AuthUtil {
    public static boolean isAuthorized(@Nonnull Authorizer authorizer, @Nonnull String str, @Nonnull Optional<ResourceSpec> optional, @Nonnull DisjunctivePrivilegeGroup disjunctivePrivilegeGroup) {
        Iterator<ConjunctivePrivilegeGroup> it = disjunctivePrivilegeGroup.getAuthorizedPrivilegeGroups().iterator();
        while (it.hasNext()) {
            if (isAuthorized(authorizer, str, it.next(), optional)) {
                return true;
            }
        }
        return false;
    }

    public static boolean isAuthorizedForResources(@Nonnull Authorizer authorizer, @Nonnull String str, @Nonnull List<Optional<ResourceSpec>> list, @Nonnull DisjunctivePrivilegeGroup disjunctivePrivilegeGroup) {
        Iterator<ConjunctivePrivilegeGroup> it = disjunctivePrivilegeGroup.getAuthorizedPrivilegeGroups().iterator();
        while (it.hasNext()) {
            if (isAuthorizedForResources(authorizer, str, it.next(), list)) {
                return true;
            }
        }
        return false;
    }

    private static boolean isAuthorized(@Nonnull Authorizer authorizer, @Nonnull String str, @Nonnull ConjunctivePrivilegeGroup conjunctivePrivilegeGroup, @Nonnull Optional<ResourceSpec> optional) {
        Iterator<String> it = conjunctivePrivilegeGroup.getRequiredPrivileges().iterator();
        while (it.hasNext()) {
            if (AuthorizationResult.Type.DENY.equals(authorizer.authorize(new AuthorizationRequest(str, it.next(), optional)).getType())) {
                return false;
            }
        }
        return true;
    }

    private static boolean isAuthorizedForResources(@Nonnull Authorizer authorizer, @Nonnull String str, @Nonnull ConjunctivePrivilegeGroup conjunctivePrivilegeGroup, @Nonnull List<Optional<ResourceSpec>> list) {
        for (String str2 : conjunctivePrivilegeGroup.getRequiredPrivileges()) {
            Iterator<Optional<ResourceSpec>> it = list.iterator();
            while (it.hasNext()) {
                if (AuthorizationResult.Type.DENY.equals(authorizer.authorize(new AuthorizationRequest(str, str2, it.next())).getType())) {
                    return false;
                }
            }
        }
        return true;
    }

    private AuthUtil() {
    }
}
