package org.kinotic.structures.api.services.security.graphos;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import org.kinotic.continuum.api.exceptions.AuthorizationException;
import org.kinotic.continuum.idl.api.schema.ObjectC3Type;
import org.kinotic.structures.api.domain.EntityOperation;
import org.kinotic.structures.api.domain.SecurityContext;
import org.kinotic.structures.api.domain.Structure;
import org.kinotic.structures.api.domain.idl.decorators.EntityServiceDecorator;
import org.kinotic.structures.api.domain.idl.decorators.EntityServiceDecoratorsDecorator;
import org.kinotic.structures.api.domain.idl.decorators.PolicyDecorator;
import org.kinotic.structures.api.services.security.AuthorizationService;
import org.kinotic.structures.internal.api.services.impl.security.graphos.PolicyEvaluator;
import org.kinotic.structures.internal.api.services.impl.security.graphos.PolicyEvaluatorWithOperation;
import org.kinotic.structures.internal.api.services.impl.security.graphos.PolicyEvaluatorWithoutOperation;
import org.kinotic.structures.internal.api.services.impl.security.graphos.SharedPolicyManager;
import org.kinotic.structures.internal.idl.converters.common.DecoratedProperty;
import org.kinotic.structures.internal.utils.StructuresUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/kinotic/structures/api/services/security/graphos/StructurePolicyAuthorizationService.class */
public class StructurePolicyAuthorizationService implements AuthorizationService<EntityOperation> {
    private static final Logger log = LoggerFactory.getLogger(StructurePolicyAuthorizationService.class);
    private final Map<EntityOperation, PolicyEvaluator> operationEvaluators = new HashMap();
    private final String structureId;

    public StructurePolicyAuthorizationService(Structure structure, PolicyAuthorizer policyAuthorizer) {
        this.structureId = StructuresUtil.structureNameToId(structure.getNamespace(), structure.getName());
        ObjectC3Type entityDefinition = structure.getEntityDefinition();
        PolicyDecorator policyDecorator = (PolicyDecorator) entityDefinition.findDecorator(PolicyDecorator.class);
        HashMap hashMap = new HashMap();
        for (DecoratedProperty decoratedProperty : structure.getDecoratedProperties()) {
            PolicyDecorator policyDecorator2 = (PolicyDecorator) decoratedProperty.findDecorator(PolicyDecorator.class);
            if (policyDecorator2 != null) {
                hashMap.put(decoratedProperty.getJsonPath(), policyDecorator2.getPolicies());
            }
        }
        SharedPolicyManager sharedPolicyManager = new SharedPolicyManager(policyDecorator != null ? policyDecorator.getPolicies() : null, hashMap);
        PolicyEvaluatorWithoutOperation policyEvaluatorWithoutOperation = new PolicyEvaluatorWithoutOperation(policyAuthorizer, sharedPolicyManager);
        EntityServiceDecoratorsDecorator entityServiceDecoratorsDecorator = (EntityServiceDecoratorsDecorator) entityDefinition.findDecorator(EntityServiceDecoratorsDecorator.class);
        if (entityServiceDecoratorsDecorator != null) {
            for (Map.Entry<EntityOperation, List<EntityServiceDecorator>> entry : entityServiceDecoratorsDecorator.getConfig().getOperationDecoratorMap().entrySet()) {
                List<List<String>> extractPolicies = extractPolicies(entry.getValue());
                if (extractPolicies.isEmpty()) {
                    this.operationEvaluators.put(entry.getKey(), policyEvaluatorWithoutOperation);
                } else {
                    this.operationEvaluators.put(entry.getKey(), new PolicyEvaluatorWithOperation(policyAuthorizer, sharedPolicyManager, extractPolicies));
                }
            }
        }
    }

    @Override // org.kinotic.structures.api.services.security.AuthorizationService
    public CompletableFuture<Void> authorize(EntityOperation entityOperation, SecurityContext securityContext) {
        try {
            PolicyEvaluator policyEvaluator = this.operationEvaluators.get(entityOperation);
            if (policyEvaluator != null) {
                return policyEvaluator.evaluatePolicies(securityContext).thenCompose(authorizationResult -> {
                    if (!authorizationResult.operationAllowed()) {
                        return CompletableFuture.failedFuture(new AuthorizationException("Operation %s not allowed.".formatted(entityOperation)));
                    }
                    if (!authorizationResult.entityAllowed()) {
                        return CompletableFuture.failedFuture(new AuthorizationException("Structure %s Entity access not allowed.".formatted(this.structureId)));
                    }
                    ArrayList arrayList = new ArrayList();
                    for (Map.Entry<String, Boolean> entry : authorizationResult.fieldResults().entrySet()) {
                        if (!entry.getValue().booleanValue()) {
                            arrayList.add(entry.getKey());
                        }
                    }
                    return !arrayList.isEmpty() ? CompletableFuture.failedFuture(new AuthorizationException("Structure %s Fields %s access not allowed.".formatted(this.structureId, arrayList))) : CompletableFuture.completedFuture(null);
                });
            }
            log.error("No policy evaluator found for operation: {}.", entityOperation);
            return CompletableFuture.failedFuture(new IllegalArgumentException("No policy evaluator found for operation: " + String.valueOf(entityOperation)));
        } catch (Exception e) {
            return CompletableFuture.failedFuture(e);
        }
    }

    private List<List<String>> extractPolicies(List<EntityServiceDecorator> list) {
        for (EntityServiceDecorator entityServiceDecorator : list) {
            if (entityServiceDecorator instanceof PolicyDecorator) {
                return ((PolicyDecorator) entityServiceDecorator).getPolicies();
            }
        }
        return List.of();
    }
}
