package org.eclipse.hono.auth;

import io.jsonwebtoken.Claims;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import org.eclipse.hono.util.ResourceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/hono-core-1.7.0.jar:org/eclipse/hono/auth/AuthoritiesImpl.class */
public final class AuthoritiesImpl implements Authorities {
    public static final String PREFIX_RESOURCE = "r:";
    public static final String PREFIX_OPERATION = "o:";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AuthoritiesImpl.class);
    private static final String TEMPLATE_OP = "o:%s:%s";
    private static final String TEMPLATE_RESOURCE = "r:%s";
    private final Map<String, String> authorities = new HashMap();

    public static Authorities from(Claims claims) {
        Objects.requireNonNull(claims);
        AuthoritiesImpl authoritiesImpl = new AuthoritiesImpl();
        claims.forEach((str, obj) -> {
            if ((!str.startsWith(PREFIX_OPERATION) && !str.startsWith(PREFIX_RESOURCE)) || !(obj instanceof String)) {
                LOG.trace("ignoring unsupported claim [key: {}]", str);
            } else {
                LOG.trace("adding claim [key: {}, value: {}]", str, obj);
                authoritiesImpl.authorities.put(str, (String) obj);
            }
        });
        return authoritiesImpl;
    }

    private static String getOperationKey(String str, String str2, String str3) {
        return str2 == null ? String.format(TEMPLATE_OP, str, str3) : String.format(TEMPLATE_OP, str + "/" + str2, str3);
    }

    private static String getResourceKey(String str, String str2) {
        return str2 == null ? String.format(TEMPLATE_RESOURCE, str) : String.format(TEMPLATE_RESOURCE, str + "/" + str2);
    }

    public AuthoritiesImpl addOperation(String str, String str2) {
        return addOperation(str, null, str2);
    }

    public AuthoritiesImpl addOperation(String str, String str2, String str3) {
        this.authorities.put(getOperationKey(str, str2, str3), String.valueOf(Activity.EXECUTE.getCode()));
        return this;
    }

    public AuthoritiesImpl addResource(String str, Activity... activityArr) {
        return addResource(str, null, activityArr);
    }

    public AuthoritiesImpl addResource(String str, String str2, Activity... activityArr) {
        StringBuilder sb = new StringBuilder();
        for (Activity activity : activityArr) {
            sb.append(activity.getCode());
        }
        this.authorities.put(getResourceKey(str, str2), sb.toString());
        return this;
    }

    public AuthoritiesImpl addAll(Authorities authorities) {
        authorities.asMap().entrySet().stream().filter(entry -> {
            return entry.getValue() instanceof String;
        }).forEach(entry2 -> {
            String str = (String) entry2.getValue();
            LOG.trace("adding authority [key: {}, activities: {}]", entry2.getKey(), str);
            this.authorities.put((String) entry2.getKey(), str);
        });
        return this;
    }

    @Override // org.eclipse.hono.auth.Authorities
    public boolean isAuthorized(ResourceIdentifier resourceIdentifier, Activity activity) {
        boolean z = false;
        if (resourceIdentifier.getResourceId() != null) {
            z = isAuthorized(String.format(TEMPLATE_RESOURCE, resourceIdentifier.toString()), activity);
        }
        if (!z && resourceIdentifier.getTenantId() != null) {
            z = isAuthorized(String.format(TEMPLATE_RESOURCE, new StringBuilder().append(resourceIdentifier.getEndpoint()).append("/").append(resourceIdentifier.getTenantId()).toString()), activity) || isAuthorized(String.format(TEMPLATE_RESOURCE, new StringBuilder().append(resourceIdentifier.getEndpoint()).append("/*").toString()), activity);
        }
        if (!z) {
            z = isAuthorized(String.format(TEMPLATE_RESOURCE, resourceIdentifier.getEndpoint()), activity) || isAuthorized(String.format(TEMPLATE_RESOURCE, "*"), activity);
        }
        return z;
    }

    @Override // org.eclipse.hono.auth.Authorities
    public boolean isAuthorized(ResourceIdentifier resourceIdentifier, String str) {
        boolean z = false;
        if (resourceIdentifier.getResourceId() != null) {
            z = isAuthorized(String.format(TEMPLATE_OP, resourceIdentifier.toString(), str), Activity.EXECUTE) || isAuthorized(String.format(TEMPLATE_OP, resourceIdentifier.toString(), "*"), Activity.EXECUTE);
        }
        if (!z && resourceIdentifier.getTenantId() != null) {
            z = isAuthorized(String.format(TEMPLATE_OP, new StringBuilder().append(resourceIdentifier.getEndpoint()).append("/").append(resourceIdentifier.getTenantId()).toString(), str), Activity.EXECUTE) || isAuthorized(String.format(TEMPLATE_OP, new StringBuilder().append(resourceIdentifier.getEndpoint()).append("/").append(resourceIdentifier.getTenantId()).toString(), "*"), Activity.EXECUTE) || isAuthorized(String.format(TEMPLATE_OP, new StringBuilder().append(resourceIdentifier.getEndpoint()).append("/*").toString(), str), Activity.EXECUTE) || isAuthorized(String.format(TEMPLATE_OP, new StringBuilder().append(resourceIdentifier.getEndpoint()).append("/*").toString(), "*"), Activity.EXECUTE);
        }
        if (!z) {
            z = isAuthorized(String.format(TEMPLATE_OP, resourceIdentifier.getEndpoint(), str), Activity.EXECUTE) || isAuthorized(String.format(TEMPLATE_OP, resourceIdentifier.getEndpoint(), "*"), Activity.EXECUTE) || isAuthorized(String.format(TEMPLATE_OP, "*", str), Activity.EXECUTE) || isAuthorized(String.format(TEMPLATE_OP, "*", "*"), Activity.EXECUTE);
        }
        return z;
    }

    @Override // org.eclipse.hono.auth.Authorities
    public Map<String, Object> asMap() {
        return new HashMap(this.authorities);
    }

    boolean isAuthorized(String str, Activity activity) {
        boolean z = false;
        String str2 = this.authorities.get(str);
        if (str2 == null) {
            LOG.trace("no claim for key [{}]", str);
        } else {
            z = str2.contains(String.valueOf(activity.getCode())) || str2.equals("*");
            Logger logger = LOG;
            Object[] objArr = new Object[4];
            objArr[0] = str;
            objArr[1] = str2;
            objArr[2] = z ? "" : "not ";
            objArr[3] = activity.name();
            logger.trace("found claim [key: {}, activities: {}] {}matching intent [{}]", objArr);
        }
        return z;
    }
}
