package com.yahoo.elide.security;

import com.yahoo.elide.core.EntityDictionary;
import com.yahoo.elide.core.RequestScope;
import com.yahoo.elide.core.exceptions.ForbiddenAccessException;
import com.yahoo.elide.security.checks.ExtractedChecks;
import com.yahoo.elide.security.permissions.ExpressionBuilder;
import com.yahoo.elide.security.permissions.ExpressionResult;
import com.yahoo.elide.security.permissions.expressions.Expression;
import java.beans.ConstructorProperties;
import java.lang.annotation.Annotation;
import java.util.HashMap;
import java.util.Queue;
import java.util.concurrent.LinkedBlockingQueue;

/* loaded from: input_file:com/yahoo/elide/security/PermissionExecutor.class */
public class PermissionExecutor {
    private final Queue<QueuedCheck> commitCheckQueue = new LinkedBlockingQueue();
    private final RequestScope requestScope;
    private final ExpressionBuilder expressionBuilder;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/yahoo/elide/security/PermissionExecutor$QueuedCheck.class */
    public static class QueuedCheck {
        private final Expression expression;
        private final Class<? extends Annotation> annotationClass;

        @ConstructorProperties({"expression", "annotationClass"})
        public QueuedCheck(Expression expression, Class<? extends Annotation> cls) {
            this.expression = expression;
            this.annotationClass = cls;
        }

        public Expression getExpression() {
            return this.expression;
        }

        public Class<? extends Annotation> getAnnotationClass() {
            return this.annotationClass;
        }
    }

    public PermissionExecutor(RequestScope requestScope) {
        HashMap hashMap = new HashMap();
        this.requestScope = requestScope;
        this.expressionBuilder = new ExpressionBuilder(hashMap, requestScope.getDictionary());
    }

    public static <A extends Annotation> ExtractedChecks loadEntityChecks(Class<A> cls, Class<?> cls2, EntityDictionary entityDictionary) {
        return new ExtractedChecks(cls2, entityDictionary, cls);
    }

    public <A extends Annotation> void checkPermission(Class<A> cls, PersistentResource persistentResource) {
        checkPermission(cls, persistentResource, null);
    }

    public <A extends Annotation> void checkPermission(Class<A> cls, PersistentResource persistentResource, ChangeSpec changeSpec) {
        if (this.requestScope.getSecurityMode() == SecurityMode.SECURITY_INACTIVE) {
            return;
        }
        executeExpressions(this.expressionBuilder.buildAnyFieldExpressions(persistentResource, cls, changeSpec), cls);
    }

    public <A extends Annotation> void checkSpecificFieldPermissions(PersistentResource<?> persistentResource, ChangeSpec changeSpec, Class<A> cls, String str) {
        if (this.requestScope.getSecurityMode() == SecurityMode.SECURITY_INACTIVE) {
            return;
        }
        executeExpressions(this.expressionBuilder.buildSpecificFieldExpressions(persistentResource, cls, str, changeSpec), cls);
    }

    public <A extends Annotation> void checkSpecificFieldPermissionsDeferred(PersistentResource<?> persistentResource, ChangeSpec changeSpec, Class<A> cls, String str) {
        Expression commitExpression;
        if (this.requestScope.getSecurityMode() == SecurityMode.SECURITY_INACTIVE || (commitExpression = this.expressionBuilder.buildSpecificFieldExpressions(persistentResource, cls, str, changeSpec).getCommitExpression()) == null) {
            return;
        }
        this.commitCheckQueue.add(new QueuedCheck(commitExpression, cls));
    }

    public <A extends Annotation> void checkUserPermissions(PersistentResource<?> persistentResource, Class<A> cls, String str) {
        if (this.requestScope.getSecurityMode() == SecurityMode.SECURITY_INACTIVE) {
            return;
        }
        executeExpressions(this.expressionBuilder.buildUserCheckFieldExpressions(persistentResource, cls, str), cls);
    }

    public <A extends Annotation> void checkUserPermissions(Class<?> cls, Class<A> cls2) {
        if (this.requestScope.getSecurityMode() == SecurityMode.SECURITY_INACTIVE) {
            return;
        }
        executeExpressions(this.expressionBuilder.buildUserCheckAnyExpression(cls, cls2, this.requestScope), cls2);
    }

    public void executeCommitChecks() {
        this.commitCheckQueue.forEach(queuedCheck -> {
            ExpressionResult evaluate = queuedCheck.getExpression().evaluate();
            if (evaluate.getStatus() == ExpressionResult.Status.FAIL) {
                throw new ForbiddenAccessException(queuedCheck.getAnnotationClass().getSimpleName() + " " + evaluate.getFailureMessage());
            }
        });
        this.commitCheckQueue.clear();
    }

    private void executeExpressions(ExpressionBuilder.Expressions expressions, Class<? extends Annotation> cls) {
        ExpressionResult evaluate = expressions.getOperationExpression().evaluate();
        if (evaluate.getStatus() != ExpressionResult.Status.DEFERRED) {
            if (evaluate.getStatus() == ExpressionResult.Status.FAIL) {
                throw new ForbiddenAccessException(cls.getSimpleName() + " " + evaluate.getFailureMessage());
            }
        } else {
            Expression commitExpression = expressions.getCommitExpression();
            if (commitExpression != null) {
                this.commitCheckQueue.add(new QueuedCheck(commitExpression, cls));
            }
        }
    }
}
