package io.confluent.connect.security.permissions;

import io.confluent.common.security.util.StreamUtils;
import io.confluent.connect.security.permissions.entities.Permissions;
import io.confluent.connect.security.permissions.entities.PermittedOperations;
import io.confluent.security.auth.client.RestAuthorizer;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import org.apache.kafka.common.security.auth.KafkaPrincipal;

/* loaded from: input_file:io/confluent/connect/security/permissions/PermissionsBuilder.class */
public class PermissionsBuilder {
    private final LinkedHashMap<ResourceType, LinkedHashMap<String, List<Operation>>> permissionsRequests = new LinkedHashMap<>();
    private Scope scope = null;
    private KafkaPrincipal principal = null;
    private RestAuthorizer authorizer = null;

    public PermissionsBuilder withScope(Scope scope) {
        Objects.requireNonNull(scope, "Scope cannot be null");
        if (this.scope != null) {
            throw new IllegalStateException("A scope has already been specified");
        }
        this.scope = scope;
        return this;
    }

    public PermissionsBuilder withPrincipal(KafkaPrincipal kafkaPrincipal) {
        Objects.requireNonNull(kafkaPrincipal, "Principal cannot be null");
        if (this.principal != null) {
            throw new IllegalStateException("A principal has already been specified");
        }
        this.principal = kafkaPrincipal;
        return this;
    }

    public PermissionsBuilder withAuthorizer(RestAuthorizer restAuthorizer) {
        Objects.requireNonNull(restAuthorizer, "Authorizer cannot be null");
        if (this.authorizer != null) {
            throw new IllegalStateException("An authorizer has already been specified");
        }
        this.authorizer = restAuthorizer;
        return this;
    }

    public PermissionsBuilder withOperations(ResourceType resourceType, String str, Collection<Operation> collection) {
        Objects.requireNonNull(resourceType, "Resource type cannot be null");
        Objects.requireNonNull(str, "Resource cannot be null");
        Objects.requireNonNull(collection, "List of operations cannot be null");
        collection.forEach(operation -> {
        });
        this.permissionsRequests.computeIfAbsent(resourceType, resourceType2 -> {
            return new LinkedHashMap();
        }).computeIfAbsent(str, str2 -> {
            return new ArrayList();
        }).addAll(collection);
        return this;
    }

    public PermissionsBuilder withOperation(ResourceType resourceType, String str, Operation operation) {
        return withOperations(resourceType, str, Collections.singleton(operation));
    }

    public Permissions build() {
        if (this.scope == null) {
            throw new IllegalStateException("A scope must be provided before building permissions");
        }
        if (this.principal == null) {
            throw new IllegalStateException("A principal must be provided before building permissions");
        }
        if (this.authorizer == null) {
            throw new IllegalStateException("An authorizer must be provided before building permissions");
        }
        List list = (List) this.permissionsRequests.entrySet().stream().flatMap(entry -> {
            ResourceType resourceType = (ResourceType) entry.getKey();
            return ((LinkedHashMap) entry.getValue()).entrySet().stream().flatMap(entry -> {
                String str = (String) entry.getKey();
                return ((List) entry.getValue()).stream().map(operation -> {
                    return new Action(this.scope, resourceType, str, operation);
                });
            });
        }).collect(Collectors.toList());
        return list.isEmpty() ? new Permissions(Collections.emptyMap(), this.scope) : new Permissions((Map) StreamUtils.zip(this.authorizer.authorize(this.principal, (String) null, list), list).filter(pair -> {
            return AuthorizeResult.ALLOWED.equals(pair.getKey());
        }).map((v0) -> {
            return v0.getValue();
        }).collect(Collectors.groupingBy((v0) -> {
            return v0.resourceType();
        }, Collectors.groupingBy((v0) -> {
            return v0.resourceName();
        }, Collectors.collectingAndThen(Collectors.mapping(action -> {
            return action.operation().toString();
        }, Collectors.toSet()), (v1) -> {
            return new PermittedOperations(v1);
        })))), this.scope);
    }
}
