package org.camunda.optimize.service.security;

import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.camunda.optimize.dto.engine.AuthorizationDto;
import org.camunda.optimize.service.util.configuration.EngineConstantsUtil;

/* loaded from: input_file:org/camunda/optimize/service/security/Session.class */
public class Session {
    private TokenVerifier tokenVerifier;
    private org.camunda.optimize.service.security.DefinitionAuthorizations definitionAuthorizations;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/camunda/optimize/service/security/Session$DefinitionAuthorizations.class */
    public class DefinitionAuthorizations {
        private boolean canSeeAll;
        private Set<String> authorizedDefinitions;
        private Set<String> prohibitedDefinitions;

        private DefinitionAuthorizations() {
            this.canSeeAll = false;
            this.authorizedDefinitions = new HashSet();
            this.prohibitedDefinitions = new HashSet();
        }

        void grantToSeeAllDefinitions() {
            this.canSeeAll = true;
            this.prohibitedDefinitions.clear();
            this.authorizedDefinitions.clear();
        }

        void revokeToSeeAllDefinitions() {
            this.canSeeAll = false;
            this.authorizedDefinitions.clear();
            this.prohibitedDefinitions.clear();
        }

        void authorizeDefinition(String str) {
            this.authorizedDefinitions.add(str);
            this.prohibitedDefinitions.remove(str);
        }

        void prohibitDefinition(String str) {
            this.prohibitedDefinitions.add(str);
            this.authorizedDefinitions.remove(str);
        }

        boolean isAuthorizedToSeeDefinition(String str) {
            return this.canSeeAll ? !this.prohibitedDefinitions.contains(str) : this.authorizedDefinitions.contains(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Session(TokenVerifier tokenVerifier, org.camunda.optimize.service.security.DefinitionAuthorizations definitionAuthorizations) {
        this.tokenVerifier = tokenVerifier;
        this.definitionAuthorizations = definitionAuthorizations;
    }

    public boolean isTokenValid(String str) {
        return this.tokenVerifier.isTokenValid(str);
    }

    public boolean isAuthorizedToSeeDefinition(String str) {
        if (str == null || str.isEmpty()) {
            return true;
        }
        DefinitionAuthorizations definitionAuthorizations = new DefinitionAuthorizations();
        addGloballyAuthorizedDefinitions(this.definitionAuthorizations.getAllDefinitionAuthorizations(), definitionAuthorizations);
        removeAuthorizationsForAllDefinitions(this.definitionAuthorizations.getGroupAuthorizations(), definitionAuthorizations);
        addAuthorizationsForAllDefinitions(this.definitionAuthorizations.getGroupAuthorizations(), definitionAuthorizations);
        removeAuthorizationsForProhibitedDefinition(this.definitionAuthorizations.getGroupAuthorizations(), definitionAuthorizations);
        addAuthorizationsForSingleDefinitions(this.definitionAuthorizations.getGroupAuthorizations(), definitionAuthorizations);
        removeAuthorizationsForAllDefinitions(this.definitionAuthorizations.getUserAuthorizations(), definitionAuthorizations);
        addAuthorizationsForAllDefinitions(this.definitionAuthorizations.getUserAuthorizations(), definitionAuthorizations);
        removeAuthorizationsForProhibitedDefinition(this.definitionAuthorizations.getUserAuthorizations(), definitionAuthorizations);
        addAuthorizationsForSingleDefinitions(this.definitionAuthorizations.getUserAuthorizations(), definitionAuthorizations);
        return definitionAuthorizations.isAuthorizedToSeeDefinition(str);
    }

    private void addGloballyAuthorizedDefinitions(List<AuthorizationDto> list, DefinitionAuthorizations definitionAuthorizations) {
        list.forEach(authorizationDto -> {
            addGloballyAuthorizedDefinition(authorizationDto, definitionAuthorizations);
        });
    }

    private void addAuthorizationsForAllDefinitions(List<AuthorizationDto> list, DefinitionAuthorizations definitionAuthorizations) {
        list.forEach(authorizationDto -> {
            addAuthorizationForAllDefinitions(authorizationDto, definitionAuthorizations);
        });
    }

    private void addAuthorizationsForSingleDefinitions(List<AuthorizationDto> list, DefinitionAuthorizations definitionAuthorizations) {
        list.forEach(authorizationDto -> {
            addAuthorizationForDefinition(authorizationDto, definitionAuthorizations);
        });
    }

    private void removeAuthorizationsForAllDefinitions(List<AuthorizationDto> list, DefinitionAuthorizations definitionAuthorizations) {
        list.forEach(authorizationDto -> {
            removeAuthorizationForAllDefinitions(authorizationDto, definitionAuthorizations);
        });
    }

    private void removeAuthorizationsForProhibitedDefinition(List<AuthorizationDto> list, DefinitionAuthorizations definitionAuthorizations) {
        list.forEach(authorizationDto -> {
            removeAuthorizationForProhibitedDefinition(authorizationDto, definitionAuthorizations);
        });
    }

    private void addGloballyAuthorizedDefinition(AuthorizationDto authorizationDto, DefinitionAuthorizations definitionAuthorizations) {
        boolean hasCorrectPermissions = hasCorrectPermissions(authorizationDto);
        boolean z = authorizationDto.getType().intValue() == 0;
        boolean z2 = authorizationDto.getResourceType().intValue() == 6;
        if (hasCorrectPermissions && z && z2) {
            String resourceId = authorizationDto.getResourceId();
            if (resourceId.trim().equals("*")) {
                definitionAuthorizations.grantToSeeAllDefinitions();
            } else {
                if (resourceId.isEmpty()) {
                    return;
                }
                definitionAuthorizations.authorizeDefinition(resourceId);
            }
        }
    }

    private boolean hasCorrectPermissions(AuthorizationDto authorizationDto) {
        List<String> permissions = authorizationDto.getPermissions();
        return permissions.contains("ALL") || permissions.contains(EngineConstantsUtil.READ_HISTORY_PERMISSION);
    }

    private void addAuthorizationForAllDefinitions(AuthorizationDto authorizationDto, DefinitionAuthorizations definitionAuthorizations) {
        boolean hasCorrectPermissions = hasCorrectPermissions(authorizationDto);
        boolean z = authorizationDto.getType().intValue() == 1;
        boolean z2 = authorizationDto.getResourceType().intValue() == 6;
        if (hasCorrectPermissions && z && z2 && authorizationDto.getResourceId().trim().equals("*")) {
            definitionAuthorizations.grantToSeeAllDefinitions();
        }
    }

    private void addAuthorizationForDefinition(AuthorizationDto authorizationDto, DefinitionAuthorizations definitionAuthorizations) {
        boolean hasCorrectPermissions = hasCorrectPermissions(authorizationDto);
        boolean z = authorizationDto.getType().intValue() == 1;
        boolean z2 = authorizationDto.getResourceType().intValue() == 6;
        if (hasCorrectPermissions && z && z2) {
            String resourceId = authorizationDto.getResourceId();
            if (resourceId.isEmpty()) {
                return;
            }
            definitionAuthorizations.authorizeDefinition(resourceId);
        }
    }

    private void removeAuthorizationForAllDefinitions(AuthorizationDto authorizationDto, DefinitionAuthorizations definitionAuthorizations) {
        boolean hasCorrectPermissions = hasCorrectPermissions(authorizationDto);
        boolean z = authorizationDto.getType().intValue() == 2;
        boolean z2 = authorizationDto.getResourceType().intValue() == 6;
        if (hasCorrectPermissions && z && z2 && authorizationDto.getResourceId().trim().equals("*")) {
            definitionAuthorizations.revokeToSeeAllDefinitions();
        }
    }

    private void removeAuthorizationForProhibitedDefinition(AuthorizationDto authorizationDto, DefinitionAuthorizations definitionAuthorizations) {
        boolean hasCorrectPermissions = hasCorrectPermissions(authorizationDto);
        boolean z = authorizationDto.getType().intValue() == 2;
        boolean z2 = authorizationDto.getResourceType().intValue() == 6;
        if (hasCorrectPermissions && z && z2) {
            String resourceId = authorizationDto.getResourceId();
            if (resourceId.isEmpty()) {
                return;
            }
            definitionAuthorizations.prohibitDefinition(resourceId);
        }
    }
}
