package dev.galasa.framework.internal.rbac;

import dev.galasa.framework.spi.Environment;
import dev.galasa.framework.spi.IDynamicStatusStoreService;
import dev.galasa.framework.spi.auth.IAuthStoreService;
import dev.galasa.framework.spi.rbac.Action;
import dev.galasa.framework.spi.rbac.BuiltInAction;
import dev.galasa.framework.spi.rbac.RBACException;
import dev.galasa.framework.spi.rbac.RBACRoles;
import dev.galasa.framework.spi.rbac.RBACService;
import dev.galasa.framework.spi.rbac.Role;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.validation.constraints.NotNull;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:dev/galasa/framework/internal/rbac/RBACServiceImpl.class */
public class RBACServiceImpl implements RBACService {
    private static CacheRBAC userActionsCache;
    private static List<Action> actionsSortedByName;
    private static Map<String, Action> actionsMapById;
    private static Role roleAdmin;
    private static Role roleTester;
    private static Role roleOwner;
    private static Role roleDeactivated;
    private static List<Role> rolesSortedByName;
    private Set<String> owners;
    private Environment env;
    private final Log logger;
    private Set<String> ownerLoginIdSet;
    private static final List<Action> allActionsUnsorted = BuiltInAction.getActions();
    private static Map<String, Role> rolesMapById = new HashMap();

    public RBACServiceImpl(IDynamicStatusStoreService iDynamicStatusStoreService, IAuthStoreService iAuthStoreService, @NotNull Environment environment) {
        actionsSortedByName = new ArrayList(allActionsUnsorted);
        Collections.sort(actionsSortedByName, (action, action2) -> {
            return action.getName().compareTo(action2.getName());
        });
        ArrayList arrayList = new ArrayList();
        Iterator<Action> it = allActionsUnsorted.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getId());
        }
        actionsMapById = new HashMap();
        for (Action action3 : allActionsUnsorted) {
            actionsMapById.put(action3.getId(), action3);
        }
        roleAdmin = RBACRoles.ADMIN.getRole();
        roleOwner = RBACRoles.OWNER.getRole();
        roleTester = RBACRoles.TESTER.getRole();
        roleDeactivated = RBACRoles.DEACTIVATED.getRole();
        List<Role> of = List.of(roleAdmin, roleTester, roleDeactivated, roleOwner);
        rolesSortedByName = new ArrayList(of);
        Collections.sort(rolesSortedByName, (role, role2) -> {
            return role.getName().compareTo(role2.getName());
        });
        for (Role role3 : of) {
            rolesMapById.put(role3.getId(), role3);
        }
        this.logger = LogFactory.getLog(getClass());
        userActionsCache = new CacheRBACImpl(iDynamicStatusStoreService, iAuthStoreService, this);
        this.env = environment;
        this.owners = getOwnerLoginIdSet();
    }

    @Override // dev.galasa.framework.spi.rbac.RBACService
    public boolean isOwner(String str) {
        boolean z = false;
        if (this.owners.contains(str)) {
            z = true;
        }
        return z;
    }

    private Set<String> getOwnerLoginIdSet() {
        Set<String> set;
        synchronized (this) {
            if (this.ownerLoginIdSet == null) {
                this.ownerLoginIdSet = loadOwnerLoginIdSetFromEnvironmentVar(this.env);
            }
            set = this.ownerLoginIdSet;
        }
        return set;
    }

    private Set<String> loadOwnerLoginIdSetFromEnvironmentVar(Environment environment) {
        HashSet hashSet = new HashSet();
        String str = environment.getenv(RBACService.ENV_VARIABLE_GALASA_OWNER_LOGIN_IDS);
        if (str != null) {
            for (String str2 : str.split(",")) {
                String trim = str2.trim();
                if (!trim.isBlank()) {
                    hashSet.add(trim);
                }
            }
        }
        return hashSet;
    }

    @Override // dev.galasa.framework.spi.rbac.RBACService
    public Map<String, Role> getRolesMapById() {
        return rolesMapById;
    }

    @Override // dev.galasa.framework.spi.rbac.RBACService
    public List<Role> getRolesSortedByName() {
        return rolesSortedByName;
    }

    @Override // dev.galasa.framework.spi.rbac.RBACService
    public Map<String, Action> getActionsMapById() {
        return actionsMapById;
    }

    @Override // dev.galasa.framework.spi.rbac.RBACService
    public Role getRoleById(String str) {
        return getRolesMapById().get(str);
    }

    @Override // dev.galasa.framework.spi.rbac.RBACService
    public Action getActionById(String str) {
        return getActionsMapById().get(str);
    }

    @Override // dev.galasa.framework.spi.rbac.RBACService
    public List<Action> getActionsSortedByName() throws RBACException {
        return actionsSortedByName;
    }

    @Override // dev.galasa.framework.spi.rbac.RBACService
    public String getDefaultRoleId() throws RBACException {
        String id = roleDeactivated.getId();
        String str = this.env.getenv(RBACService.ENV_VARIABLE_GALASA_DEFAULT_USER_ROLE_NAME);
        if (str == null || str.trim().equals("")) {
            this.logger.warn("Warning: Environment variable GALASA_DEFAULT_USER_ROLE is not set. Your Galasa service owner can set it in the helm chart or kubernetes deployment descriptor for this pod. Default behaviour is to set new users to the 'deactivated' role which later requires an administratory to set up their most approriate role once they have initially logged in successfully.");
        } else {
            this.logger.info("Environment variable GALASA_DEFAULT_USER_ROLE is :" + str);
            id = getRoleByName(str).getId();
        }
        this.logger.info("getDefaultRoleId: returning role Id " + id);
        return id;
    }

    @Override // dev.galasa.framework.spi.rbac.RBACService
    public Role getRoleByName(String str) throws RBACException {
        Role role = null;
        Iterator<Role> it = rolesSortedByName.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Role next = it.next();
            if (next.getName().equals(str)) {
                role = next;
                break;
            }
        }
        return role;
    }

    @Override // dev.galasa.framework.spi.rbac.RBACService
    public boolean isActionPermitted(String str, String str2) throws RBACException {
        return isOwner(str) ? true : userActionsCache.isActionPermitted(str, str2);
    }

    @Override // dev.galasa.framework.spi.rbac.RBACService
    public void invalidateUser(String str) throws RBACException {
        userActionsCache.invalidateUser(str);
    }
}
