package io.confluent.kafka.schemaregistry.security.permissions;

import io.confluent.kafka.schemaregistry.security.authorizer.AuthorizeRequest;
import io.confluent.kafka.schemaregistry.security.authorizer.AuthorizerException;
import io.confluent.kafka.schemaregistry.security.authorizer.SchemaRegistryAuthorizer;
import io.confluent.kafka.schemaregistry.security.authorizer.rbac.SchemaRegistryOperations;
import io.confluent.kafka.schemaregistry.security.permissions.entities.Permissions;
import io.confluent.kafka.schemaregistry.security.permissions.entities.PermittedOperations;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;

/* loaded from: input_file:io/confluent/kafka/schemaregistry/security/permissions/PermissionsBuilder.class */
public class PermissionsBuilder {
    private final Principal principal;
    private final LinkedHashMap<ResourceType, LinkedHashMap<String, List<AuthorizeRequest>>> permissionsRequests = new LinkedHashMap<>();
    private SchemaRegistryAuthorizer authorizer = null;
    private Scope scope = null;

    public PermissionsBuilder(Principal principal) {
        this.principal = principal;
    }

    public PermissionsBuilder withAuthorizer(SchemaRegistryAuthorizer schemaRegistryAuthorizer) {
        Objects.requireNonNull(schemaRegistryAuthorizer, "Authorizer cannot be null");
        if (this.authorizer != null) {
            throw new IllegalStateException("An authorizer has already been specified");
        }
        this.authorizer = schemaRegistryAuthorizer;
        return this;
    }

    public PermissionsBuilder withRequests(ResourceType resourceType, String str, List<AuthorizeRequest> list) {
        Objects.requireNonNull(resourceType, "Resource type cannot be null");
        Objects.requireNonNull(str, "Resource cannot be null");
        Objects.requireNonNull(list, "List of requests cannot be null");
        list.forEach(authorizeRequest -> {
            Objects.requireNonNull(authorizeRequest, "Requests cannot be null");
            if (!this.principal.equals(authorizeRequest.getUser())) {
                throw new IllegalArgumentException(String.format("Principal for authorize request %s does not match expected principal of %s", authorizeRequest, this.principal));
            }
        });
        this.permissionsRequests.computeIfAbsent(resourceType, resourceType2 -> {
            return new LinkedHashMap();
        }).computeIfAbsent(str, str2 -> {
            return new ArrayList();
        }).addAll(list);
        return this;
    }

    public PermissionsBuilder withRequest(ResourceType resourceType, String str, AuthorizeRequest authorizeRequest) {
        return withRequests(resourceType, str, Collections.singletonList(authorizeRequest));
    }

    public PermissionsBuilder withScope(Scope scope) {
        Objects.requireNonNull(scope, "Scope cannot be null");
        if (this.scope != null) {
            throw new IllegalStateException("A scope has already been specified");
        }
        this.scope = scope;
        return this;
    }

    public Permissions build() throws AuthorizerException {
        if (this.authorizer == null) {
            throw new IllegalStateException("An authorizer must be provided before building permissions");
        }
        List<Boolean> bulkAuthorize = this.authorizer.bulkAuthorize(this.principal, (List) this.permissionsRequests.values().stream().flatMap(linkedHashMap -> {
            return linkedHashMap.values().stream();
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toList()));
        HashMap hashMap = new HashMap();
        int i = 0;
        for (Map.Entry<ResourceType, LinkedHashMap<String, List<AuthorizeRequest>>> entry : this.permissionsRequests.entrySet()) {
            for (Map.Entry<String, List<AuthorizeRequest>> entry2 : entry.getValue().entrySet()) {
                ArrayList arrayList = new ArrayList();
                for (AuthorizeRequest authorizeRequest : entry2.getValue()) {
                    if (bulkAuthorize.get(i).booleanValue()) {
                        arrayList.add(SchemaRegistryOperations.operationFor(authorizeRequest.getSchemaRegistryResourceOperation()).toString());
                    }
                    i++;
                }
                if (!arrayList.isEmpty()) {
                    ((Map) hashMap.computeIfAbsent(entry.getKey(), resourceType -> {
                        return new HashMap();
                    })).put(entry2.getKey(), new PermittedOperations(arrayList));
                }
            }
        }
        return new Permissions(hashMap, this.scope);
    }
}
