package com.appiancorp.security.acl;

import com.appian.core.collections.Iterables2;
import com.appian.core.collections.Maps2;
import com.appiancorp.common.collect.ObjectArrays2;
import com.appiancorp.security.acl.RoleMapEntry;
import com.appiancorp.type.refs.GroupRef;
import com.appiancorp.type.refs.GroupRefImpl;
import com.appiancorp.type.refs.Ref;
import com.appiancorp.type.refs.UserOrGroup;
import com.appiancorp.type.refs.UserRef;
import com.appiancorp.type.refs.UserRefImpl;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.google.common.annotations.GwtCompatible;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Equivalence;
import com.google.common.base.MoreObjects;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Maps;
import com.google.common.collect.Multimap;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Comparator;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.persistence.Transient;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlType;
import javax.xml.namespace.QName;

@GwtCompatible
@XmlAccessorType(XmlAccessType.FIELD)
@XmlRootElement(namespace = "http://www.appian.com/ae/types/2009", name = "roleMap")
@XmlType(namespace = "http://www.appian.com/ae/types/2009", name = RoleMap.LOCAL_PART, propOrder = {"entries"})
/* loaded from: input_file:com/appiancorp/security/acl/RoleMap.class */
public class RoleMap implements ProvidesRoleMapEntries {
    private final Set<RoleMapEntry> entries;
    private transient boolean isPublic;
    public static final String LOCAL_PART = "RoleMap";
    public static final QName QNAME = new QName("http://www.appian.com/ae/types/2009", LOCAL_PART);
    private static final Equivalence<RoleMap> equalDataCheckInstance = new Equivalence<RoleMap>() { // from class: com.appiancorp.security.acl.RoleMap.1
        /* JADX INFO: Access modifiers changed from: protected */
        public boolean doEquivalent(RoleMap roleMap, RoleMap roleMap2) {
            if (roleMap.entries.size() != roleMap2.entries.size()) {
                return false;
            }
            for (RoleMapEntry roleMapEntry : roleMap.entries) {
                if (!RoleMapEntry.equalDataCheck().equivalent(roleMapEntry, roleMap2.getEntryForRole(roleMapEntry.getRole()))) {
                    return false;
                }
            }
            return true;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public int doHash(RoleMap roleMap) {
            return (31 * 1) + Iterables2.hash(roleMap.entries, RoleMapEntry.equalDataCheck());
        }
    };

    /* loaded from: input_file:com/appiancorp/security/acl/RoleMap$Builder.class */
    public static final class Builder {
        private final Multimap<Role, UserRef> users;
        private final Multimap<Role, GroupRef> groups;
        private final Map<Role, Long> roleToRoleMapEntryId;
        private boolean isPublic;

        /* loaded from: input_file:com/appiancorp/security/acl/RoleMap$Builder$ValidationMode.class */
        public enum ValidationMode {
            skip,
            throwException
        }

        private Builder() {
            this.users = ArrayListMultimap.create();
            this.groups = ArrayListMultimap.create();
            this.roleToRoleMapEntryId = Maps.newLinkedHashMap();
            this.isPublic = false;
        }

        private Builder(RoleMap roleMap) {
            this.users = ArrayListMultimap.create();
            this.groups = ArrayListMultimap.create();
            this.roleToRoleMapEntryId = Maps.newLinkedHashMap();
            this.isPublic = false;
            from(roleMap);
        }

        public Builder from(RoleMap roleMap) {
            if (roleMap != null) {
                entries(roleMap.getEntries());
                setIsPublic(roleMap.isPublic());
            }
            return this;
        }

        public Builder setIsPublic(boolean z) {
            this.isPublic = z;
            return this;
        }

        public Builder users(Role role, UserRef... userRefArr) {
            Preconditions.checkNotNull(role);
            if (userRefArr == null) {
                return this;
            }
            users(role, (Iterable<? extends UserRef>) Arrays.asList(userRefArr));
            return this;
        }

        public Builder users(Role role, Iterable<? extends UserRef> iterable) {
            Preconditions.checkNotNull(role);
            if (iterable == null) {
                return this;
            }
            this.users.putAll(role, iterable);
            return this;
        }

        public Builder groups(Role role, GroupRef... groupRefArr) {
            Preconditions.checkNotNull(role);
            if (groupRefArr == null) {
                return this;
            }
            groups(role, (Iterable<? extends GroupRef>) Arrays.asList(groupRefArr));
            return this;
        }

        public Builder groups(Role role, Iterable<? extends GroupRef> iterable) {
            Preconditions.checkNotNull(role);
            if (iterable == null) {
                return this;
            }
            this.groups.putAll(role, iterable);
            return this;
        }

        public Builder users(Role role, String... strArr) {
            Preconditions.checkNotNull(role);
            if (strArr == null) {
                return this;
            }
            users(role, (Collection<String>) Arrays.asList(strArr));
            return this;
        }

        public Builder users(Role role, Collection<String> collection) {
            Preconditions.checkNotNull(role);
            if (collection == null) {
                return this;
            }
            this.users.putAll(role, (Collection) collection.stream().map(str -> {
                return new UserRefImpl(str, (String) null);
            }).collect(Collectors.toList()));
            return this;
        }

        public Builder groups(Role role, Long... lArr) {
            Preconditions.checkNotNull(role);
            if (lArr == null) {
                return this;
            }
            groups(role, (Collection<Long>) Arrays.asList(lArr));
            return this;
        }

        public Builder groups(Role role, Collection<Long> collection) {
            Preconditions.checkNotNull(role);
            if (collection == null) {
                return this;
            }
            this.groups.putAll(role, (List) collection.stream().map(l -> {
                return new GroupRefImpl(l, (String) null);
            }).collect(Collectors.toList()));
            return this;
        }

        public Builder usersAndGroups(Role role, Collection<UserOrGroup> collection) {
            Preconditions.checkNotNull(role);
            if (collection == null) {
                return this;
            }
            this.users.putAll(role, RoleMap.getUsers(collection));
            this.groups.putAll(role, RoleMap.getGroups(collection));
            return this;
        }

        public Builder entries(RoleMapEntry... roleMapEntryArr) {
            if (roleMapEntryArr == null) {
                return this;
            }
            entries(Arrays.asList(roleMapEntryArr));
            return this;
        }

        public Builder entries(Iterable<RoleMapEntry> iterable) {
            if (iterable == null) {
                return this;
            }
            for (RoleMapEntry roleMapEntry : iterable) {
                if (roleMapEntry != null) {
                    Long id = roleMapEntry.getId();
                    Role role = roleMapEntry.getRole();
                    if (id != null) {
                        Long l = this.roleToRoleMapEntryId.get(role);
                        if (l != null && !l.equals(id)) {
                            throw new IllegalArgumentException("Two different RoleMapEntry ids cannot be specified for the same Role. role=" + role + ", existingId=" + l + ", id=" + id);
                        }
                        this.roleToRoleMapEntryId.put(role, id);
                    }
                    users(role, (Iterable<? extends UserRef>) roleMapEntry.getUsers());
                    groups(role, (Iterable<? extends GroupRef>) roleMapEntry.getGroups());
                }
            }
            return this;
        }

        public Builder entries(RoleMap roleMap, Map<Object, UserRef> map, Map<Long, GroupRef> map2, ValidationMode validationMode) {
            LinkedHashSet newLinkedHashSet = Sets.newLinkedHashSet();
            for (RoleMapEntry roleMapEntry : roleMap.getEntries()) {
                LinkedHashSet newLinkedHashSet2 = Sets.newLinkedHashSet();
                for (Object obj : roleMapEntry.getUserIds()) {
                    validateAndAdd(newLinkedHashSet2, map.get(obj), validationMode, obj, "user");
                }
                LinkedHashSet newLinkedHashSet3 = Sets.newLinkedHashSet();
                for (Long l : roleMapEntry.getGroupIds()) {
                    validateAndAdd(newLinkedHashSet3, map2.get(l), validationMode, l, "group");
                }
                newLinkedHashSet.add(new RoleMapEntry(roleMapEntry.getRole(), newLinkedHashSet2, newLinkedHashSet3));
            }
            entries(newLinkedHashSet);
            return this;
        }

        private <T extends Ref<I, ?>, I> T validateAndAdd(Set<T> set, T t, ValidationMode validationMode, I i, String str) {
            if (t != null) {
                set.add(t);
                return t;
            }
            switch (validationMode) {
                case skip:
                    return null;
                case throwException:
                    throw new IllegalArgumentException("Role map has a " + str + " id=" + i + " that was not found in the bindings map.");
                default:
                    throw new UnsupportedOperationException("Unknown " + ValidationMode.class.getName() + ": " + validationMode);
            }
        }

        public RoleMap build() {
            return new RoleMap(asEntries(this.users, this.groups, this.roleToRoleMapEntryId), this.isPublic);
        }

        private static Iterable<RoleMapEntry> asEntries(Multimap<Role, UserRef> multimap, Multimap<Role, GroupRef> multimap2, final Map<Role, Long> map) {
            return Maps2.merge(multimap.asMap(), multimap2.asMap(), new Iterables2.Function3<Role, Collection<UserRef>, Collection<GroupRef>, RoleMapEntry>() { // from class: com.appiancorp.security.acl.RoleMap.Builder.1
                public RoleMapEntry apply(Role role, Collection<UserRef> collection, Collection<GroupRef> collection2) {
                    return new RoleMapEntry((Long) map.get(role), role, collection, collection2);
                }
            }).values();
        }

        public Builder removeUser(Role role, String str) {
            Collection collection = (Collection) this.users.get(role).stream().filter(userRef -> {
                return userRef != null ? !userRef.getUsername().equals(str) : str != null;
            }).collect(Collectors.toSet());
            this.users.removeAll(role);
            this.users.putAll(role, collection);
            return this;
        }
    }

    private RoleMap() {
        this.entries = Sets.newLinkedHashSet();
        this.isPublic = false;
    }

    @VisibleForTesting
    RoleMap(Iterable<RoleMapEntry> iterable) {
        this(iterable, false);
    }

    @VisibleForTesting
    RoleMap(Iterable<RoleMapEntry> iterable, boolean z) {
        this.entries = Sets.newLinkedHashSet();
        this.isPublic = false;
        this.isPublic = z;
        if (iterable != null) {
            LinkedHashMap newLinkedHashMap = Maps.newLinkedHashMap();
            for (RoleMapEntry roleMapEntry : iterable) {
                Role role = roleMapEntry.getRole();
                if (newLinkedHashMap.containsKey(role)) {
                    throw new IllegalArgumentException("Multiple RoleMapEntry objects cannot be specified for the same Role. role=" + role + ", entry1=" + newLinkedHashMap.get(role) + ", entry2=" + roleMapEntry);
                }
                newLinkedHashMap.put(role, roleMapEntry);
                this.entries.add(roleMapEntry);
            }
        }
    }

    @VisibleForTesting
    public RoleMap sortUsersByUsername() {
        ArrayList arrayList = new ArrayList();
        for (RoleMapEntry roleMapEntry : getEntries()) {
            ArrayList arrayList2 = new ArrayList(roleMapEntry.getUsers());
            arrayList2.sort(Comparator.comparing((v0) -> {
                return v0.getUuid();
            }));
            arrayList.add(new RoleMapEntry(roleMapEntry.getRole(), arrayList2, roleMapEntry.getGroups()));
        }
        return new RoleMap(arrayList, isPublic());
    }

    @Override // com.appiancorp.security.acl.ProvidesRoleMapEntries
    public Map<Role, RoleMapEntry> getEntriesByRole() {
        return Maps2.immutableMapFromEntries(Maps2.newLinkedHashMap(this.entries, RoleMapEntry.asRole).entrySet());
    }

    @Transient
    public RoleMap getRoleMapWithoutRole(Role role) {
        RoleMapEntry entryForRole = getEntryForRole(role);
        if (entryForRole == null) {
            return this;
        }
        return builder().entries((Set) this.entries.stream().filter(roleMapEntry -> {
            return !roleMapEntry.equals(entryForRole);
        }).collect(Collectors.toSet())).setIsPublic(this.isPublic).build();
    }

    @Override // com.appiancorp.security.acl.ProvidesRoleMapEntries
    public Set<RoleMapEntry> getEntries() {
        return ImmutableSet.copyOf(this.entries);
    }

    @Override // com.appiancorp.security.acl.ProvidesRoleMapEntries
    public boolean isEmpty() {
        return this.entries.isEmpty() || Iterables.all(this.entries, RoleMapEntry.isEmpty);
    }

    public int numRoles() {
        return this.entries.size();
    }

    @Transient
    public Set<UserRef> getUsers() {
        return Sets.newLinkedHashSet(Iterables2.selectMany(this.entries, RoleMapEntry.asUsers));
    }

    @Transient
    public Set<UserRef> getUsers(Role role) {
        RoleMapEntry entryForRole = getEntryForRole(role);
        return entryForRole == null ? ImmutableSet.of() : entryForRole.getUsers();
    }

    @Transient
    public Set<Object> getUserIds() {
        return Sets.newLinkedHashSet(Iterables2.selectMany(this.entries, RoleMapEntry.asUserIds));
    }

    @Transient
    public Set<Object> getUserIds(Role role) {
        RoleMapEntry entryForRole = getEntryForRole(role);
        return entryForRole == null ? ImmutableSet.of() : entryForRole.getUserIds();
    }

    public Set<Object> getUserIds(Role... roleArr) {
        HashSet newHashSet = Sets.newHashSet();
        for (Role role : roleArr) {
            RoleMapEntry entryForRole = getEntryForRole(role);
            if (entryForRole != null) {
                newHashSet.addAll(entryForRole.getUserIds());
            }
        }
        return newHashSet;
    }

    @Transient
    public Set<String> getUserUuids() {
        return Sets.newLinkedHashSet(Iterables2.selectMany(this.entries, RoleMapEntry.asUserUuids));
    }

    @Transient
    public Set<String> getUserUuids(Role role) {
        RoleMapEntry entryForRole = getEntryForRole(role);
        return entryForRole == null ? ImmutableSet.of() : entryForRole.getUserUuids();
    }

    @Transient
    public Set<GroupRef> getGroups() {
        return Sets.newLinkedHashSet(Iterables2.selectMany(this.entries, RoleMapEntry.asGroups));
    }

    @Transient
    public Set<GroupRef> getGroups(Role role) {
        RoleMapEntry entryForRole = getEntryForRole(role);
        return entryForRole == null ? ImmutableSet.of() : entryForRole.getGroups();
    }

    @Transient
    public Set<Long> getGroupIds() {
        return Sets.newLinkedHashSet(Iterables2.selectMany(this.entries, RoleMapEntry.asGroupIds));
    }

    @Transient
    public Set<Long> getGroupIds(Role role) {
        RoleMapEntry entryForRole = getEntryForRole(role);
        return entryForRole == null ? ImmutableSet.of() : entryForRole.getGroupIds();
    }

    public Set<Long> getGroupIds(Role... roleArr) {
        HashSet newHashSet = Sets.newHashSet();
        for (Role role : roleArr) {
            RoleMapEntry entryForRole = getEntryForRole(role);
            if (entryForRole != null) {
                newHashSet.addAll(entryForRole.getGroupIds());
            }
        }
        return newHashSet;
    }

    @Transient
    public Set<String> getGroupUuids() {
        return Sets.newLinkedHashSet(Iterables2.selectMany(this.entries, RoleMapEntry.asGroupUuids));
    }

    @Transient
    public Set<String> getGroupUuids(Role role) {
        RoleMapEntry entryForRole = getEntryForRole(role);
        return entryForRole == null ? ImmutableSet.of() : entryForRole.getGroupUuids();
    }

    @JsonIgnore
    @Transient
    public boolean isPublic() {
        return this.isPublic;
    }

    public void setPublic(boolean z) {
        this.isPublic = z;
    }

    public boolean isInRole(Long l, Set<Long> set, Role role) {
        RoleMapEntry entryForRole = getEntryForRole(role);
        if (entryForRole == null) {
            return false;
        }
        return entryForRole.getUserIds().contains(l) || !Sets.intersection(entryForRole.getGroupIds(), set).isEmpty();
    }

    public boolean isInRole(String str, Set<String> set, Role role) {
        RoleMapEntry entryForRole = getEntryForRole(role);
        if (entryForRole == null) {
            return false;
        }
        return entryForRole.getUserUuids().contains(str) || !Sets.intersection(entryForRole.getGroupUuids(), set).isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public RoleMapEntry getEntryForRole(Role role) {
        return (RoleMapEntry) Iterables2.firstOrNull(Iterables.filter(this.entries, RoleMapEntry.matchesRole(role)));
    }

    public static Builder builder() {
        return new Builder();
    }

    public static Builder builder(RoleMap roleMap) {
        return new Builder();
    }

    public String toString() {
        return "RoleMap[" + this.entries + "]";
    }

    public static Equivalence<RoleMap> equalDataCheck() {
        return equalDataCheckInstance;
    }

    public boolean hasPermission(String str, Set<String> set, Role... roleArr) {
        return hasPermission(this, str, set, roleArr);
    }

    public RoleMap applyRoleMap(RoleMap roleMap, RoleMapEntry.PermissionMergeStrategy permissionMergeStrategy) {
        return applyRoleMap(this, roleMap, permissionMergeStrategy);
    }

    public static boolean hasPermission(RoleMap roleMap, String str, Set<String> set, final Role... roleArr) {
        RoleMap roleMap2 = (RoleMap) MoreObjects.firstNonNull(roleMap, new RoleMap());
        Predicate<RoleMapEntry> hasPermission = RoleMapEntry.hasPermission(str, set);
        ImmutableList copyOf = ImmutableList.copyOf(Iterables.filter(roleMap2.getEntries(), new Predicate<RoleMapEntry>() { // from class: com.appiancorp.security.acl.RoleMap.2
            public boolean apply(RoleMapEntry roleMapEntry) {
                return ObjectArrays2.any(roleArr, Predicates.equalTo(roleMapEntry.getRole()));
            }
        }));
        if (copyOf.isEmpty()) {
            return false;
        }
        return Iterables.all(copyOf, hasPermission);
    }

    public static RoleMap applyRoleMap(RoleMap roleMap, RoleMap roleMap2, RoleMapEntry.PermissionMergeStrategy permissionMergeStrategy) {
        return builder().entries(RoleMapEntry.mergeEntries(((RoleMap) MoreObjects.firstNonNull(roleMap, builder().build())).getEntries(), ((RoleMap) MoreObjects.firstNonNull(roleMap2, builder().build())).getEntries(), permissionMergeStrategy)).build();
    }

    public Set<String> usersWithAnyOfRoles(Map<String, Set<Long>> map, Role... roleArr) {
        Set<Object> userIds = getUserIds(roleArr);
        Set<Long> groupIds = getGroupIds(roleArr);
        HashSet newHashSetWithExpectedSize = Sets.newHashSetWithExpectedSize(map.size());
        for (Map.Entry<String, Set<Long>> entry : map.entrySet()) {
            String key = entry.getKey();
            if (userIds.contains(key) || !Sets.intersection(entry.getValue(), groupIds).isEmpty()) {
                newHashSetWithExpectedSize.add(key);
            }
        }
        return newHashSetWithExpectedSize;
    }

    public Set<String> usersWithoutAnyOfRoles(Map<String, Set<Long>> map, Role... roleArr) {
        Set<String> usersWithAnyOfRoles = usersWithAnyOfRoles(map, roleArr);
        HashSet newHashSetWithExpectedSize = Sets.newHashSetWithExpectedSize(map.size());
        for (String str : map.keySet()) {
            if (!usersWithAnyOfRoles.contains(str)) {
                newHashSetWithExpectedSize.add(str);
            }
        }
        return newHashSetWithExpectedSize;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Iterable<UserRef> getUsers(Iterable<UserOrGroup> iterable) {
        return Iterables2.select(Iterables.filter(iterable, userOrGroup -> {
            return userOrGroup.getValue() instanceof UserRef;
        }), userOrGroup2 -> {
            return (UserRef) userOrGroup2.getValue();
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Iterable<GroupRef> getGroups(Iterable<UserOrGroup> iterable) {
        return Iterables2.select(Iterables.filter(iterable, userOrGroup -> {
            return userOrGroup.getValue() instanceof GroupRef;
        }), userOrGroup2 -> {
            return (GroupRef) userOrGroup2.getValue();
        });
    }
}
