package io.gravitee.management.service.impl;

import io.gravitee.management.model.NewRoleEntity;
import io.gravitee.management.model.RoleEntity;
import io.gravitee.management.model.UpdateRoleEntity;
import io.gravitee.management.model.permissions.ApiPermission;
import io.gravitee.management.model.permissions.ApplicationPermission;
import io.gravitee.management.model.permissions.GroupPermission;
import io.gravitee.management.model.permissions.ManagementPermission;
import io.gravitee.management.model.permissions.Permission;
import io.gravitee.management.model.permissions.PortalPermission;
import io.gravitee.management.model.permissions.RolePermissionAction;
import io.gravitee.management.model.permissions.SystemRole;
import io.gravitee.management.service.AuditService;
import io.gravitee.management.service.MembershipService;
import io.gravitee.management.service.RoleService;
import io.gravitee.management.service.exceptions.DefaultRoleNotFoundException;
import io.gravitee.management.service.exceptions.RoleAlreadyExistsException;
import io.gravitee.management.service.exceptions.RoleDeletionForbiddenException;
import io.gravitee.management.service.exceptions.RoleNotFoundException;
import io.gravitee.management.service.exceptions.RoleReservedNameException;
import io.gravitee.management.service.exceptions.TechnicalManagementException;
import io.gravitee.management.service.impl.configuration.application.registration.client.register.ClientRegistrationRequest;
import io.gravitee.repository.exceptions.TechnicalException;
import io.gravitee.repository.management.api.RoleRepository;
import io.gravitee.repository.management.model.Audit;
import io.gravitee.repository.management.model.Role;
import io.gravitee.repository.management.model.RoleScope;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.ArrayUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/gravitee/management/service/impl/RoleServiceImpl.class */
public class RoleServiceImpl extends AbstractService implements RoleService {
    private final Logger LOGGER = LoggerFactory.getLogger(RoleServiceImpl.class);

    @Autowired
    private RoleRepository roleRepository;

    @Autowired
    private MembershipService membershipService;

    @Autowired
    private AuditService auditService;

    @Override // io.gravitee.management.service.RoleService
    public RoleEntity findById(RoleScope roleScope, String str) {
        try {
            this.LOGGER.debug("Find Role by id");
            Optional findById = this.roleRepository.findById(roleScope, str);
            if (findById.isPresent()) {
                return convert((Role) findById.get());
            }
            throw new RoleNotFoundException(roleScope, str);
        } catch (TechnicalException e) {
            this.LOGGER.error("An error occurs while trying to find a role : {} {}", new Object[]{roleScope, str, e});
            throw new TechnicalManagementException("An error occurs while trying to find a role : " + roleScope + ClientRegistrationRequest.SCOPE_DELIMITER + str, e);
        }
    }

    @Override // io.gravitee.management.service.RoleService
    public List<RoleEntity> findAll() {
        try {
            this.LOGGER.debug("Find all Roles");
            return (List) this.roleRepository.findAll().stream().map(this::convert).collect(Collectors.toList());
        } catch (TechnicalException e) {
            this.LOGGER.error("An error occurs while trying to find all roles", e);
            throw new TechnicalManagementException("An error occurs while trying to find all roles", e);
        }
    }

    @Override // io.gravitee.management.service.RoleService
    public RoleEntity create(NewRoleEntity newRoleEntity) {
        try {
            Role convert = convert(newRoleEntity);
            if (this.roleRepository.findById(convert.getScope(), convert.getName()).isPresent()) {
                throw new RoleAlreadyExistsException(convert.getScope(), convert.getName());
            }
            convert.setCreatedAt(new Date());
            convert.setUpdatedAt(convert.getCreatedAt());
            RoleEntity convert2 = convert(this.roleRepository.create(convert));
            this.auditService.createPortalAuditLog(Collections.singletonMap(Audit.AuditProperties.ROLE, convert.getScope() + ":" + convert.getName()), Role.AuditEvent.ROLE_CREATED, convert.getCreatedAt(), null, convert);
            if (convert2.isDefaultRole()) {
                toggleDefaultRole(convert(newRoleEntity.getScope()), convert2.getName());
            }
            return convert2;
        } catch (TechnicalException e) {
            this.LOGGER.error("An error occurs while trying to create role {}", newRoleEntity.getName(), e);
            throw new TechnicalManagementException("An error occurs while trying to create role " + newRoleEntity.getName(), e);
        }
    }

    private boolean permissionsAreDifferent(Role role, Role role2) {
        return Arrays.stream(role.getPermissions()).reduce(Math::addExact).orElse(0) != Arrays.stream(role2.getPermissions()).reduce(Math::addExact).orElse(0);
    }

    private void createOrUpdateSystemRole(SystemRole systemRole, RoleScope roleScope, io.gravitee.management.model.permissions.RoleScope roleScope2, Permission[] permissionArr) throws TechnicalException {
        Role createSystemRoleWithoutPermissions = createSystemRoleWithoutPermissions(systemRole.name(), roleScope, new Date());
        HashMap hashMap = new HashMap();
        for (Permission permission : permissionArr) {
            hashMap.put(permission.getName(), new char[]{RolePermissionAction.CREATE.getId(), RolePermissionAction.READ.getId(), RolePermissionAction.UPDATE.getId(), RolePermissionAction.DELETE.getId()});
        }
        createSystemRoleWithoutPermissions.setPermissions(convertPermissions(roleScope2, hashMap));
        Optional findById = this.roleRepository.findById(createSystemRoleWithoutPermissions.getScope(), createSystemRoleWithoutPermissions.getName());
        if (findById.isPresent() && permissionsAreDifferent((Role) findById.get(), createSystemRoleWithoutPermissions)) {
            this.roleRepository.update(createSystemRoleWithoutPermissions);
            this.auditService.createPortalAuditLog(Collections.singletonMap(Audit.AuditProperties.ROLE, createSystemRoleWithoutPermissions.getScope() + ":" + createSystemRoleWithoutPermissions.getName()), Role.AuditEvent.ROLE_UPDATED, createSystemRoleWithoutPermissions.getCreatedAt(), findById, createSystemRoleWithoutPermissions);
        } else {
            if (findById.isPresent()) {
                return;
            }
            this.roleRepository.create(createSystemRoleWithoutPermissions);
            this.auditService.createPortalAuditLog(Collections.singletonMap(Audit.AuditProperties.ROLE, createSystemRoleWithoutPermissions.getScope() + ":" + createSystemRoleWithoutPermissions.getName()), Role.AuditEvent.ROLE_CREATED, createSystemRoleWithoutPermissions.getCreatedAt(), null, createSystemRoleWithoutPermissions);
        }
    }

    @Override // io.gravitee.management.service.RoleService
    public void createOrUpdateSystemRoles() {
        try {
            createOrUpdateSystemRole(SystemRole.ADMIN, RoleScope.MANAGEMENT, io.gravitee.management.model.permissions.RoleScope.MANAGEMENT, ManagementPermission.values());
            createOrUpdateSystemRole(SystemRole.ADMIN, RoleScope.PORTAL, io.gravitee.management.model.permissions.RoleScope.PORTAL, PortalPermission.values());
            createOrUpdateSystemRole(SystemRole.PRIMARY_OWNER, RoleScope.API, io.gravitee.management.model.permissions.RoleScope.API, ApiPermission.values());
            createOrUpdateSystemRole(SystemRole.PRIMARY_OWNER, RoleScope.APPLICATION, io.gravitee.management.model.permissions.RoleScope.APPLICATION, ApplicationPermission.values());
            createOrUpdateSystemRole(SystemRole.ADMIN, RoleScope.GROUP, io.gravitee.management.model.permissions.RoleScope.GROUP, GroupPermission.values());
        } catch (TechnicalException e) {
            this.LOGGER.error("An error occurs while trying to create admin roles", e);
            throw new TechnicalManagementException("An error occurs while trying to create admin roles ", e);
        }
    }

    @Override // io.gravitee.management.service.RoleService
    public RoleEntity update(UpdateRoleEntity updateRoleEntity) {
        if (isReserved(updateRoleEntity.getName())) {
            throw new RoleReservedNameException(updateRoleEntity.getName());
        }
        RoleScope convert = convert(updateRoleEntity.getScope());
        try {
            Optional findById = this.roleRepository.findById(convert, updateRoleEntity.getName());
            if (!findById.isPresent()) {
                throw new RoleNotFoundException(convert, updateRoleEntity.getName());
            }
            Role role = (Role) findById.get();
            Role convert2 = convert(updateRoleEntity);
            convert2.setCreatedAt(role.getCreatedAt());
            RoleEntity convert3 = convert(this.roleRepository.update(convert2));
            this.auditService.createPortalAuditLog(Collections.singletonMap(Audit.AuditProperties.ROLE, role.getScope() + ":" + role.getName()), Role.AuditEvent.ROLE_UPDATED, convert2.getUpdatedAt(), role, convert2);
            if (convert3.isDefaultRole()) {
                toggleDefaultRole(convert, convert3.getName());
            }
            return convert3;
        } catch (TechnicalException e) {
            this.LOGGER.error("An error occurs while trying to update role {}", updateRoleEntity.getName(), e);
            throw new TechnicalManagementException("An error occurs while trying to update role " + updateRoleEntity.getName(), e);
        }
    }

    @Override // io.gravitee.management.service.RoleService
    public void delete(RoleScope roleScope, String str) {
        if (isReserved(str)) {
            throw new RoleReservedNameException(SystemRole.ADMIN.name());
        }
        try {
            Optional findById = this.roleRepository.findById(roleScope, str);
            if (!findById.isPresent()) {
                throw new RoleNotFoundException(roleScope, str);
            }
            Role role = (Role) findById.get();
            if (role.isDefaultRole() || role.isSystem()) {
                throw new RoleDeletionForbiddenException(roleScope, str);
            }
            List<RoleEntity> findDefaultRoleByScopes = findDefaultRoleByScopes(roleScope);
            if (findDefaultRoleByScopes.isEmpty()) {
                throw new DefaultRoleNotFoundException(new RoleScope[0]);
            }
            this.membershipService.removeRoleUsage(roleScope, str, findDefaultRoleByScopes.get(0).getName());
            this.roleRepository.delete(roleScope, str);
            this.auditService.createPortalAuditLog(Collections.singletonMap(Audit.AuditProperties.ROLE, role.getScope() + ":" + role.getName()), Role.AuditEvent.ROLE_DELETED, role.getUpdatedAt(), role, null);
        } catch (TechnicalException e) {
            this.LOGGER.error("An error occurs while trying to delete role {}/{}", new Object[]{roleScope, str, e});
            throw new TechnicalManagementException("An error occurs while trying to delete role " + roleScope + "/" + str, e);
        }
    }

    @Override // io.gravitee.management.service.RoleService
    public List<RoleEntity> findByScope(RoleScope roleScope) {
        try {
            this.LOGGER.debug("Find Roles by scope");
            return (List) this.roleRepository.findByScope(roleScope).stream().map(this::convert).sorted(Comparator.comparing((v0) -> {
                return v0.getName();
            })).collect(Collectors.toList());
        } catch (TechnicalException e) {
            this.LOGGER.error("An error occurs while trying to find roles by scope", e);
            throw new TechnicalManagementException("An error occurs while trying to find roles by scope", e);
        }
    }

    @Override // io.gravitee.management.service.RoleService
    public List<RoleEntity> findDefaultRoleByScopes(RoleScope... roleScopeArr) {
        try {
            this.LOGGER.debug("Find default Roles by scope");
            ArrayList arrayList = new ArrayList();
            for (RoleScope roleScope : roleScopeArr) {
                arrayList.addAll((Collection) this.roleRepository.findByScope(roleScope).stream().filter((v0) -> {
                    return v0.isDefaultRole();
                }).map(this::convert).collect(Collectors.toList()));
            }
            return arrayList;
        } catch (TechnicalException e) {
            this.LOGGER.error("An error occurs while trying to find default roles by scope", e);
            throw new TechnicalManagementException("An error occurs while trying to find default roles by scope", e);
        }
    }

    @Override // io.gravitee.management.service.RoleService
    public boolean hasPermission(Map<String, char[]> map, Permission permission, RolePermissionAction[] rolePermissionActionArr) {
        boolean z = false;
        if (map != null) {
            Iterator<Map.Entry<String, char[]>> it = map.entrySet().iterator();
            while (it.hasNext() && !z) {
                Map.Entry<String, char[]> next = it.next();
                if (permission.getName().equals(next.getKey())) {
                    String arrays = Arrays.toString(next.getValue());
                    for (RolePermissionAction rolePermissionAction : rolePermissionActionArr) {
                        if (arrays.indexOf(rolePermissionAction.getId()) != -1) {
                            z = true;
                        }
                    }
                }
            }
        }
        return z;
    }

    private void toggleDefaultRole(RoleScope roleScope, String str) throws TechnicalException {
        for (Role role : (List) this.roleRepository.findByScope(roleScope).stream().filter((v0) -> {
            return v0.isDefaultRole();
        }).collect(Collectors.toList())) {
            if (!role.getName().equals(str)) {
                Role role2 = new Role(role);
                role.setDefaultRole(false);
                role.setUpdatedAt(new Date());
                this.roleRepository.update(role);
                this.auditService.createPortalAuditLog(Collections.singletonMap(Audit.AuditProperties.ROLE, role.getScope() + ":" + role.getName()), Role.AuditEvent.ROLE_UPDATED, role.getUpdatedAt(), role2, role);
            }
        }
    }

    private Role convert(NewRoleEntity newRoleEntity) {
        Role role = new Role();
        role.setName(generateId(newRoleEntity.getName()));
        role.setDescription(newRoleEntity.getDescription());
        role.setScope(convert(newRoleEntity.getScope()));
        role.setDefaultRole(newRoleEntity.isDefaultRole());
        role.setPermissions(convertPermissions(newRoleEntity.getScope(), newRoleEntity.getPermissions()));
        role.setCreatedAt(new Date());
        role.setUpdatedAt(role.getCreatedAt());
        return role;
    }

    private Role convert(UpdateRoleEntity updateRoleEntity) {
        if (updateRoleEntity == null) {
            return null;
        }
        Role role = new Role();
        role.setName(generateId(updateRoleEntity.getName()));
        role.setDescription(updateRoleEntity.getDescription());
        role.setScope(convert(updateRoleEntity.getScope()));
        role.setDefaultRole(updateRoleEntity.isDefaultRole());
        role.setPermissions(convertPermissions(updateRoleEntity.getScope(), updateRoleEntity.getPermissions()));
        role.setUpdatedAt(new Date());
        return role;
    }

    private RoleEntity convert(Role role) {
        if (role == null) {
            return null;
        }
        RoleEntity roleEntity = new RoleEntity();
        roleEntity.setName(role.getName());
        roleEntity.setDescription(role.getDescription());
        roleEntity.setScope(convert(role.getScope()));
        roleEntity.setDefaultRole(role.isDefaultRole());
        roleEntity.setSystem(role.isSystem());
        roleEntity.setPermissions(convertPermissions(roleEntity.getScope(), role.getPermissions()));
        return roleEntity;
    }

    private int[] convertPermissions(io.gravitee.management.model.permissions.RoleScope roleScope, Map<String, char[]> map) {
        if (map == null || map.isEmpty()) {
            return new int[0];
        }
        int[] iArr = new int[map.size()];
        int i = 0;
        for (Map.Entry<String, char[]> entry : map.entrySet()) {
            int i2 = 0;
            for (char c : entry.getValue()) {
                i2 += RolePermissionAction.findById(c).getMask();
            }
            int i3 = i;
            i++;
            iArr[i3] = Permission.findByScopeAndName(roleScope, entry.getKey()).getMask() + i2;
        }
        return iArr;
    }

    private Map<String, char[]> convertPermissions(io.gravitee.management.model.permissions.RoleScope roleScope, int[] iArr) {
        if (iArr == null) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        Stream.of((Object[]) Permission.findByScope(roleScope)).forEach(permission -> {
            for (int i : iArr) {
                if (i / 100 == permission.getMask() / 100) {
                    ArrayList arrayList = new ArrayList();
                    for (RolePermissionAction rolePermissionAction : RolePermissionAction.values()) {
                        if (((i - permission.getMask()) & rolePermissionAction.getMask()) != 0) {
                            arrayList.add(Character.valueOf(rolePermissionAction.getId()));
                        }
                    }
                    hashMap.put(permission.getName(), ArrayUtils.toPrimitive((Character[]) arrayList.toArray(new Character[arrayList.size()])));
                }
            }
        });
        return hashMap;
    }

    private RoleScope convert(io.gravitee.management.model.permissions.RoleScope roleScope) {
        if (roleScope == null) {
            return null;
        }
        return RoleScope.valueOf(roleScope.name());
    }

    private io.gravitee.management.model.permissions.RoleScope convert(RoleScope roleScope) {
        if (roleScope == null) {
            return null;
        }
        return io.gravitee.management.model.permissions.RoleScope.valueOf(roleScope.name());
    }

    private String generateId(String str) {
        String replaceAll = str.trim().toUpperCase().replaceAll(" +", ClientRegistrationRequest.SCOPE_DELIMITER).replaceAll(ClientRegistrationRequest.SCOPE_DELIMITER, "_").replaceAll("[^\\w\\s]", "_").replaceAll("-+", "_");
        if (isReserved(replaceAll)) {
            throw new RoleReservedNameException(replaceAll);
        }
        return replaceAll;
    }

    private boolean isReserved(String str) {
        for (SystemRole systemRole : SystemRole.values()) {
            if (systemRole.name().equals(str)) {
                return true;
            }
        }
        return false;
    }

    private Role createSystemRoleWithoutPermissions(String str, RoleScope roleScope, Date date) {
        this.LOGGER.info("      - <" + roleScope + "> " + str + " (system)");
        Role role = new Role();
        role.setName(str);
        role.setDescription("System Role. Created by Gravitee.io");
        role.setDefaultRole(false);
        role.setSystem(true);
        role.setScope(roleScope);
        role.setCreatedAt(date);
        role.setUpdatedAt(date);
        return role;
    }
}
