package org.dataone.service.types.v1.util;

import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.log4j.Logger;
import org.dataone.service.types.v1.AccessRule;
import org.dataone.service.types.v1.Group;
import org.dataone.service.types.v1.Permission;
import org.dataone.service.types.v1.Person;
import org.dataone.service.types.v1.Session;
import org.dataone.service.types.v1.Subject;
import org.dataone.service.types.v1.SubjectInfo;
import org.dataone.service.types.v1.SystemMetadata;
import org.dataone.service.util.Constants;

/* loaded from: input_file:org/dataone/service/types/v1/util/AuthUtils.class */
public class AuthUtils {
    private static final Logger logger = Logger.getLogger((Class<?>) AuthUtils.class);

    private static Subject buildSubject(String str) {
        Subject subject = new Subject();
        subject.setValue(str);
        return subject;
    }

    public static Set<Subject> authorizedClientSubjects(Session session) {
        HashSet hashSet = new HashSet();
        hashSet.add(buildSubject("public"));
        if (session != null) {
            Subject subject = session.getSubject();
            if (subject != null) {
                hashSet.add(subject);
                if (subject.getValue().equals("public")) {
                    session.setSubjectInfo(null);
                } else {
                    hashSet.add(buildSubject(Constants.SUBJECT_AUTHENTICATED_USER));
                }
            }
            SubjectInfo subjectInfo = session.getSubjectInfo();
            if (subjectInfo != null) {
                findPersonsSubjects(hashSet, subjectInfo, subject);
            }
        }
        return hashSet;
    }

    public static void findPersonsSubjects(Set<Subject> set, SubjectInfo subjectInfo, Subject subject) {
        set.add(subject);
        List<Group> groupList = subjectInfo != null ? subjectInfo.getGroupList() : null;
        if (subjectInfo == null || subjectInfo.getPersonList() == null) {
            return;
        }
        for (Person person : subjectInfo.getPersonList()) {
            if (person.getSubject().equals(subject)) {
                logger.debug("traversing person: " + subject.getValue());
                if (person.getVerified() != null && person.getVerified().booleanValue()) {
                    set.add(buildSubject(Constants.SUBJECT_VERIFIED_USER));
                }
                List<Subject> isMemberOfList = person.getIsMemberOfList();
                if (isMemberOfList != null) {
                    Iterator<Subject> it = isMemberOfList.iterator();
                    while (it.hasNext()) {
                        set.add(it.next());
                    }
                }
                if (groupList != null) {
                    for (Group group : groupList) {
                        if (group.getHasMemberList() != null) {
                            Iterator<Subject> it2 = group.getHasMemberList().iterator();
                            while (it2.hasNext()) {
                                if (it2.next().equals(person.getSubject())) {
                                    set.add(group.getSubject());
                                }
                            }
                        }
                    }
                }
                List<Subject> equivalentIdentityList = person.getEquivalentIdentityList();
                if (equivalentIdentityList != null) {
                    for (Subject subject2 : equivalentIdentityList) {
                        if (!set.contains(subject2)) {
                            findPersonsSubjects(set, subjectInfo, subject2);
                        }
                    }
                }
            }
        }
    }

    public static Set<Subject> findEquivalentSubjects(SubjectInfo subjectInfo, Subject subject) {
        HashSet hashSet = new HashSet();
        findPersonsSubjects(hashSet, subjectInfo, subject);
        if (hashSet.isEmpty() || hashSet.size() == 1) {
            findEquivalentSubjectsForGroup(hashSet, subjectInfo, subject);
        }
        return hashSet;
    }

    private static void findEquivalentSubjectsForGroup(Set<Subject> set, SubjectInfo subjectInfo, Subject subject) {
        List<Group> groupList;
        if (subject == null || subject.getValue() == null || subject.getValue().trim().equals("")) {
            return;
        }
        set.add(subject);
        if (subjectInfo == null || (groupList = subjectInfo.getGroupList()) == null) {
            return;
        }
        for (Group group : groupList) {
            if (group != null && group.getHasMemberList() != null && group.getSubject() != null) {
                for (Subject subject2 : group.getHasMemberList()) {
                    if (subject2.getValue() != null && subject2.getValue().equals(subject.getValue())) {
                        if (set.contains(group.getSubject())) {
                            return;
                        }
                        set.add(group.getSubject());
                        findEquivalentSubjectsForGroup(set, subjectInfo, group.getSubject());
                    }
                }
            }
        }
    }

    public static boolean isAuthorized(Collection<Subject> collection, Permission permission, SystemMetadata systemMetadata) {
        if (CollectionUtils.isEmpty(collection)) {
            return false;
        }
        if (collection.contains(systemMetadata.getRightsHolder())) {
            return true;
        }
        boolean z = false;
        try {
            List<AccessRule> allowList = systemMetadata.getAccessPolicy().getAllowList();
            if (allowList != null) {
                loop0: for (AccessRule accessRule : allowList) {
                    if (accessRule.sizePermissionList() > 0) {
                        Iterator<Subject> it = collection.iterator();
                        while (it.hasNext()) {
                            if (accessRule.getSubjectList().contains(it.next())) {
                                z = comparePermissions(permission, accessRule.getPermissionList());
                                if (z) {
                                    break loop0;
                                }
                            }
                        }
                    }
                }
            }
        } catch (Exception e) {
            logger.error("Problem checking authorization - defaulting to deny", e);
            z = false;
        }
        return z;
    }

    public static boolean comparePermissions(Permission permission, Collection<Permission> collection) {
        if (CollectionUtils.isEmpty(collection)) {
            return false;
        }
        if (permission.equals(Permission.READ) || collection.contains(Permission.CHANGE_PERMISSION)) {
            return true;
        }
        return permission.equals(Permission.WRITE) && collection.contains(Permission.WRITE);
    }
}
