package io.confluent.rbacapi.utils;

import com.google.common.annotations.VisibleForTesting;
import io.confluent.cloud.rbac.CloudRoleBinding;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.rbac.Role;
import io.confluent.security.rbac.RoleBinding;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.ws.rs.ClientErrorException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/rbacapi/utils/RoleUtilsBase.class */
public abstract class RoleUtilsBase {
    private static final Logger log = LoggerFactory.getLogger(RoleUtilsBase.class);

    public static Map<String, Role> mapRolesByName(Collection<Role> collection) {
        return mapRolesByName(collection, role -> {
            return true;
        });
    }

    public static Map<String, Role> mapRolesByName(Collection<Role> collection, Predicate<Role> predicate) {
        return (Map) collection.stream().filter(predicate).collect(Collectors.toMap(role -> {
            return role.name();
        }, role2 -> {
            return role2;
        }));
    }

    public static Map<String, String> mapRoleDisplayNamesByName(Collection<Role> collection) {
        return (Map) collection.stream().collect(Collectors.toMap((v0) -> {
            return v0.name();
        }, (v0) -> {
            return v0.displayName();
        }));
    }

    public static Map<String, Set<String>> mapRoleNamesByDisplayName(Collection<Role> collection) {
        return (Map) collection.stream().collect(Collectors.groupingBy((v0) -> {
            return v0.displayName();
        }, Collectors.mapping((v0) -> {
            return v0.name();
        }, Collectors.toSet())));
    }

    public Role resolveRoleByDisplayName(Collection<Role> collection, String str, Scope scope) {
        return collection.stream().filter(role -> {
            return role.displayName().equals(str) || role.name().equals(str);
        }).filter(role2 -> {
            return role2.mostSpecificBindingScope().equals(bindingScope(scope));
        }).findFirst().orElse(null);
    }

    @VisibleForTesting
    public Role resolveRoleByDisplayNameAndResource(Collection<Role> collection, String str, Scope scope, List<ResourcePattern> list) {
        Set set = (Set) list.stream().map(resourcePattern -> {
            return resourcePattern.resourceType().name();
        }).collect(Collectors.toSet());
        log.debug("Resource types associated with resource pattern: {}", set);
        return collection.stream().filter(role -> {
            return role.displayName().equals(str) || role.name().equals(str);
        }).filter(role2 -> {
            return role2.mostSpecificBindingScope().equals(bindingScope(scope));
        }).filter(role3 -> {
            Stream flatMap = role3.flatAccessPolicies().stream().flatMap(accessPolicy -> {
                return accessPolicy.allowedOperations().stream().map(resourceOperations -> {
                    return resourceOperations.resourceType();
                });
            });
            set.getClass();
            return flatMap.anyMatch((v1) -> {
                return r1.contains(v1);
            });
        }).findFirst().orElse(null);
    }

    public RoleBinding roleBindingWithDisplayName(Map<String, String> map, RoleBinding roleBinding) {
        return new RoleBinding(roleBinding.principal(), map.get(roleBinding.role()), roleBinding.scope(), roleBinding.resources());
    }

    public static CloudRoleBinding roleBindingWithDisplayName(Map<String, String> map, CloudRoleBinding cloudRoleBinding) {
        return new CloudRoleBinding(cloudRoleBinding.getResourceId(), cloudRoleBinding.getPrincipal(), map.get(cloudRoleBinding.getRole()), cloudRoleBinding.getScope(), cloudRoleBinding.getResourcePattern(), cloudRoleBinding.getCreated(), cloudRoleBinding.getModified(), cloudRoleBinding.getDeleted(), cloudRoleBinding.getLastChangeId());
    }

    public Set<RoleBinding> roleBindingsWithDisplayNames(Map<String, String> map, Set<RoleBinding> set) {
        return (Set) set.stream().map(roleBinding -> {
            return roleBindingWithDisplayName((Map<String, String>) map, roleBinding);
        }).collect(Collectors.toSet());
    }

    public static List<CloudRoleBinding> roleBindingsWithDisplayNames(Map<String, String> map, List<CloudRoleBinding> list) {
        return (List) list.stream().map(cloudRoleBinding -> {
            return roleBindingWithDisplayName((Map<String, String>) map, cloudRoleBinding);
        }).collect(Collectors.toList());
    }

    public Role getNamedRoleByResourceType(Collection<Role> collection, String str, Scope scope, List<ResourcePattern> list) {
        Role resolveRoleByDisplayName = list.isEmpty() ? resolveRoleByDisplayName(collection, str, scope) : resolveRoleByDisplayNameAndResource(collection, str, scope, list);
        if (resolveRoleByDisplayName == null) {
            throw new ClientErrorException(String.format("No role %s at scope %s", str, scope), 400);
        }
        return resolveRoleByDisplayName;
    }

    public abstract String bindingScope(Scope scope);
}
