package com.dtolabs.rundeck.core.authorization.providers;

import com.dtolabs.rundeck.core.authorization.Attribute;
import com.dtolabs.rundeck.core.authorization.Explanation;
import com.dtolabs.rundeck.core.cli.jobs.JobsTool;
import com.dtolabs.rundeck.core.cli.run.RunTool;
import com.dtolabs.rundeck.core.utils.Converter;
import com.dtolabs.rundeck.core.utils.PairImpl;
import java.io.File;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.Predicate;
import org.apache.commons.collections.PredicateUtils;
import org.apache.log4j.Logger;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/dtolabs/rundeck/core/authorization/providers/YamlPolicy.class */
public final class YamlPolicy implements Policy {
    static final Logger logger = Logger.getLogger(YamlPolicy.class.getName());
    public static final String TYPE_PROPERTY = "type";
    public static final String FOR_SECTION = "for";
    public static final String JOB_TYPE = "job";
    public static final String RULES_SECTION = "rules";
    public static final String ACTIONS_SECTION = "actions";
    public static final String CONTEXT_SECTION = "context";
    public Map policyInput;
    private Set<String> usernames;
    private Set<Object> groups;
    AclContext aclContext;
    private File sourceFile;
    private int sourceIndex;
    private EnvironmentalContext environment;
    private boolean envchecked;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/dtolabs/rundeck/core/authorization/providers/YamlPolicy$ContextMatcher.class */
    public interface ContextMatcher {
        MatchedContext includes(Map<String, String> map, String str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/dtolabs/rundeck/core/authorization/providers/YamlPolicy$LegacyContextFactory.class */
    public interface LegacyContextFactory {
        AclContext createLegacyContext(Map map);
    }

    /* loaded from: input_file:com/dtolabs/rundeck/core/authorization/providers/YamlPolicy$LegacyRulesContext.class */
    static class LegacyRulesContext implements AclContext {
        private final Map rules;
        private ConcurrentHashMap<String, Pattern> patternCache = new ConcurrentHashMap<>();

        public LegacyRulesContext(Map map) {
            this.rules = map;
        }

        private boolean regexMatches(String str, String str2) {
            if (!this.patternCache.containsKey(str)) {
                this.patternCache.putIfAbsent(str, Pattern.compile(str));
            }
            return this.patternCache.get(str).matcher(str2).matches();
        }

        @Override // com.dtolabs.rundeck.core.authorization.providers.AclContext
        public ContextDecision includes(Map<String, String> map, String str) {
            String createLegacyJobResourcePath = YamlPolicy.createLegacyJobResourcePath(map);
            ArrayList arrayList = new ArrayList();
            for (Map.Entry entry : this.rules.entrySet()) {
                Object key = entry.getKey();
                if (key instanceof String) {
                    String str2 = (String) key;
                    if (str2 == null || str2.length() == 0) {
                        arrayList.add(new ContextEvaluation(Explanation.Code.REJECTED_CONTEXT_EVALUATION_ERROR, "Resource is empty or null"));
                    }
                    if (regexMatches(str2, createLegacyJobResourcePath)) {
                        Object obj = ((Map) entry.getValue()).get(YamlPolicy.ACTIONS_SECTION);
                        if (obj == null) {
                            arrayList.add(new ContextEvaluation(Explanation.Code.REJECTED_ACTIONS_DECLARED_EMPTY, "No actions configured"));
                        } else {
                            if (obj instanceof String) {
                                String str3 = (String) obj;
                                if ("*".equals(str3) || str3.contains(str)) {
                                    arrayList.add(new ContextEvaluation(Explanation.Code.GRANTED_ACTIONS_AND_COMMANDS_MATCHED, "Legacy rule: " + str2 + " action: " + str3));
                                    return new ContextDecision(Explanation.Code.GRANTED_ACTIONS_AND_COMMANDS_MATCHED, true, arrayList);
                                }
                            } else if (obj instanceof List) {
                                List list = (List) obj;
                                if (list.contains(str)) {
                                    arrayList.add(new ContextEvaluation(Explanation.Code.GRANTED_ACTIONS_AND_COMMANDS_MATCHED, "Legacy rule: " + str2 + " action: " + list));
                                    return new ContextDecision(Explanation.Code.GRANTED_ACTIONS_AND_COMMANDS_MATCHED, true, arrayList);
                                }
                            } else {
                                arrayList.add(new ContextEvaluation(Explanation.Code.REJECTED_CONTEXT_EVALUATION_ERROR, "Invalid action type."));
                            }
                            arrayList.add(new ContextEvaluation(Explanation.Code.REJECTED_NO_ACTIONS_MATCHED, "No actions matched"));
                        }
                    } else {
                        continue;
                    }
                } else {
                    arrayList.add(new ContextEvaluation(Explanation.Code.REJECTED_CONTEXT_EVALUATION_ERROR, "Invalid key type: " + key.getClass().getName()));
                }
            }
            return new ContextDecision(Explanation.Code.REJECTED, false, arrayList);
        }
    }

    /* loaded from: input_file:com/dtolabs/rundeck/core/authorization/providers/YamlPolicy$MatchedContext.class */
    static class MatchedContext extends PairImpl<Boolean, ContextDecision> {
        MatchedContext(Boolean bool, ContextDecision contextDecision) {
            super(bool, contextDecision);
        }

        public Boolean isMatched() {
            return getFirst();
        }

        public ContextDecision getDecision() {
            return getSecond();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/dtolabs/rundeck/core/authorization/providers/YamlPolicy$RegexPredicate.class */
    public static class RegexPredicate implements Predicate {
        Pattern regex;

        RegexPredicate(Pattern pattern) {
            this.regex = pattern;
        }

        public boolean evaluate(Object obj) {
            return (obj instanceof String) && this.regex.matcher((String) obj).matches();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/dtolabs/rundeck/core/authorization/providers/YamlPolicy$SetContainsPredicate.class */
    public static class SetContainsPredicate implements Predicate {
        HashSet<String> items;

        SetContainsPredicate(Object obj) {
            this.items = new HashSet<>();
            if (obj instanceof String) {
                this.items.add((String) obj);
            } else if (obj instanceof List) {
                this.items.addAll((List) obj);
            } else {
                this.items = null;
            }
        }

        public boolean evaluate(Object obj) {
            Collection collection;
            if (null == this.items || null == obj) {
                return false;
            }
            if (obj instanceof String) {
                HashSet hashSet = new HashSet();
                for (String str : ((String) obj).split(",")) {
                    hashSet.add(str.trim());
                }
                collection = hashSet;
            } else {
                if (!(obj instanceof Collection)) {
                    return false;
                }
                collection = (Collection) obj;
            }
            return CollectionUtils.isSubCollection(this.items, collection);
        }
    }

    /* loaded from: input_file:com/dtolabs/rundeck/core/authorization/providers/YamlPolicy$TypeContext.class */
    static class TypeContext implements AclContext {
        private final List<ContextMatcher> typeRules;

        public TypeContext(List<ContextMatcher> list) {
            this.typeRules = list;
        }

        @Override // com.dtolabs.rundeck.core.authorization.providers.AclContext
        public ContextDecision includes(Map<String, String> map, String str) {
            ArrayList arrayList = new ArrayList();
            boolean z = false;
            boolean z2 = false;
            Iterator<ContextMatcher> it = this.typeRules.iterator();
            while (it.hasNext()) {
                MatchedContext includes = it.next().includes(map, str);
                if (includes.isMatched().booleanValue()) {
                    ContextDecision decision = includes.getDecision();
                    if (decision.granted()) {
                        z = true;
                    }
                    if (Explanation.Code.REJECTED_DENIED == decision.getCode()) {
                        z2 = true;
                    }
                    arrayList.addAll(decision.getEvaluations());
                    if (!z2) {
                        Iterator<ContextEvaluation> it2 = decision.getEvaluations().iterator();
                        while (true) {
                            if (it2.hasNext()) {
                                if (Explanation.Code.REJECTED_DENIED == it2.next().id) {
                                    z2 = true;
                                    break;
                                }
                            }
                        }
                    }
                }
            }
            return new ContextDecision(z2 ? Explanation.Code.REJECTED_DENIED : z ? Explanation.Code.GRANTED : Explanation.Code.REJECTED, z && !z2, arrayList);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/dtolabs/rundeck/core/authorization/providers/YamlPolicy$TypeContextFactory.class */
    public interface TypeContextFactory {
        AclContext createAclContext(List list);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/dtolabs/rundeck/core/authorization/providers/YamlPolicy$TypeRuleContextMatcher.class */
    public static class TypeRuleContextMatcher implements ContextMatcher {
        public static final String MATCH_SECTION = "match";
        public static final String EQUALS_SECTION = "equals";
        public static final String CONTAINS_SECTION = "contains";
        public static final String ALLOW_ACTIONS = "allow";
        public static final String DENY_ACTIONS = "deny";
        Map ruleSection;
        int index;
        YamlPolicy policy;
        private static ConcurrentHashMap<String, Pattern> patternCache = new ConcurrentHashMap<>();

        TypeRuleContextMatcher(Map map, int i) {
            this(map, i, null);
        }

        TypeRuleContextMatcher(Map map, int i, YamlPolicy yamlPolicy) {
            this.ruleSection = map;
            this.index = i;
            this.policy = yamlPolicy;
        }

        public String toString() {
            return identify();
        }

        private String identify() {
            return (null != this.policy ? this.policy.identify() : "(unknown policy)") + "[rule: " + this.index + ": " + this.ruleSection + "]";
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Pattern patternForRegex(String str) {
            if (!patternCache.containsKey(str)) {
                Pattern pattern = null;
                try {
                    pattern = Pattern.compile(str);
                } catch (Exception e) {
                }
                if (null == pattern) {
                    pattern = Pattern.compile("^" + Pattern.quote(str) + "$");
                }
                patternCache.putIfAbsent(str, pattern);
            }
            return patternCache.get(str);
        }

        @Override // com.dtolabs.rundeck.core.authorization.providers.YamlPolicy.ContextMatcher
        public MatchedContext includes(Map<String, String> map, String str) {
            ArrayList arrayList = new ArrayList();
            return !matchesRuleSections(map, arrayList) ? new MatchedContext(false, new ContextDecision(Explanation.Code.REJECTED, false, arrayList)) : new MatchedContext(true, evaluateActions(str, arrayList));
        }

        ContextDecision evaluateActions(String str, List<ContextEvaluation> list) {
            boolean z = false;
            if (this.ruleSection.containsKey(DENY_ACTIONS)) {
                HashSet hashSet = new HashSet();
                Object obj = this.ruleSection.get(DENY_ACTIONS);
                if (obj instanceof String) {
                    hashSet.add((String) obj);
                } else if (obj instanceof List) {
                    hashSet.addAll((List) obj);
                } else {
                    list.add(new ContextEvaluation(Explanation.Code.REJECTED_CONTEXT_EVALUATION_ERROR, "Invalid action type."));
                }
                if (0 == hashSet.size()) {
                    YamlPolicy.logger.warn(identify() + ": No actions defined in Deny section");
                } else if (hashSet.contains("*") || hashSet.contains(str)) {
                    list.add(new ContextEvaluation(Explanation.Code.REJECTED_DENIED, this + " for actions: " + hashSet));
                    z = true;
                }
            }
            if (z) {
                return new ContextDecision(Explanation.Code.REJECTED_DENIED, false, list);
            }
            boolean z2 = false;
            if (this.ruleSection.containsKey(ALLOW_ACTIONS)) {
                HashSet hashSet2 = new HashSet();
                Object obj2 = this.ruleSection.get(ALLOW_ACTIONS);
                if (obj2 instanceof String) {
                    hashSet2.add((String) obj2);
                } else if (obj2 instanceof List) {
                    hashSet2.addAll((List) obj2);
                } else {
                    list.add(new ContextEvaluation(Explanation.Code.REJECTED_CONTEXT_EVALUATION_ERROR, "Invalid action type."));
                }
                if (0 == hashSet2.size()) {
                    YamlPolicy.logger.warn(identify() + ": No actions defined in Allow section");
                } else if (hashSet2.contains("*") || hashSet2.contains(str)) {
                    list.add(new ContextEvaluation(Explanation.Code.GRANTED_ACTIONS_AND_COMMANDS_MATCHED, this + " for actions: " + hashSet2));
                    z2 = true;
                }
            }
            return z2 ? new ContextDecision(Explanation.Code.GRANTED_ACTIONS_AND_COMMANDS_MATCHED, true, list) : new ContextDecision(Explanation.Code.REJECTED, false, list);
        }

        boolean matchesRuleSections(Map<String, String> map, List<ContextEvaluation> list) {
            int i = 0;
            int i2 = 0;
            if (this.ruleSection.containsKey(MATCH_SECTION)) {
                i = 0 + 1;
                if (ruleMatchesMatchSection(map, this.ruleSection)) {
                    i2 = 0 + 1;
                } else {
                    list.add(new ContextEvaluation(Explanation.Code.REJECTED, "match section did not match"));
                }
            }
            if (this.ruleSection.containsKey(EQUALS_SECTION)) {
                i++;
                if (ruleMatchesEqualsSection(map, this.ruleSection)) {
                    i2++;
                } else {
                    list.add(new ContextEvaluation(Explanation.Code.REJECTED, "equals section did not match"));
                }
            }
            if (this.ruleSection.containsKey(CONTAINS_SECTION)) {
                i++;
                if (ruleMatchesContainsSection(map, this.ruleSection)) {
                    i2++;
                } else {
                    list.add(new ContextEvaluation(Explanation.Code.REJECTED, "contains section did not match"));
                }
            }
            return i2 == i;
        }

        boolean ruleMatchesContainsSection(Map<String, String> map, Map map2) {
            return predicateMatchRules((Map) map2.get(CONTAINS_SECTION), map, true, new Converter<String, Predicate>() { // from class: com.dtolabs.rundeck.core.authorization.providers.YamlPolicy.TypeRuleContextMatcher.1
                @Override // com.dtolabs.rundeck.core.utils.Converter
                public Predicate convert(String str) {
                    return new SetContainsPredicate(str);
                }
            });
        }

        boolean ruleMatchesEqualsSection(Map<String, String> map, Map map2) {
            return predicateMatchRules((Map) map2.get(EQUALS_SECTION), map, false, new Converter<String, Predicate>() { // from class: com.dtolabs.rundeck.core.authorization.providers.YamlPolicy.TypeRuleContextMatcher.2
                @Override // com.dtolabs.rundeck.core.utils.Converter
                public Predicate convert(String str) {
                    return PredicateUtils.equalPredicate(str);
                }
            });
        }

        boolean ruleMatchesMatchSection(Map<String, String> map, Map map2) {
            return predicateMatchRules((Map) map2.get(MATCH_SECTION), map, true, new Converter<String, Predicate>() { // from class: com.dtolabs.rundeck.core.authorization.providers.YamlPolicy.TypeRuleContextMatcher.3
                @Override // com.dtolabs.rundeck.core.utils.Converter
                public Predicate convert(String str) {
                    return new RegexPredicate(TypeRuleContextMatcher.this.patternForRegex(str));
                }
            });
        }

        boolean predicateMatchRules(Map map, Map<String, String> map2, boolean z, Converter<String, Predicate> converter) {
            for (Map.Entry entry : map.entrySet()) {
                if (!applyTest(map2, z, converter, (String) entry.getKey(), entry.getValue())) {
                    return false;
                }
            }
            return true;
        }

        boolean applyTest(Map<String, String> map, boolean z, Converter<String, Predicate> converter, String str, Object obj) {
            ArrayList arrayList = new ArrayList();
            if (z && (obj instanceof List)) {
                Iterator it = ((List) obj).iterator();
                while (it.hasNext()) {
                    arrayList.add(converter.convert((String) it.next()));
                }
            } else {
                if (!(obj instanceof String)) {
                    YamlPolicy.logger.error(identify() + ": cannot evaluate unexpected type: " + obj.getClass().getName());
                    return false;
                }
                arrayList.add(converter.convert((String) obj));
            }
            return PredicateUtils.allPredicate(arrayList).evaluate(map.get(str));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/dtolabs/rundeck/core/authorization/providers/YamlPolicy$YamlAclContext.class */
    public static class YamlAclContext implements AclContext {
        Map policyDef;
        TypeContextFactory typeContextFactory;
        LegacyContextFactory legacyContextFactory;
        private String description = "Not Evaluated: ";
        private final ConcurrentHashMap<String, AclContext> typeContexts = new ConcurrentHashMap<>();

        YamlAclContext(Map map, TypeContextFactory typeContextFactory, LegacyContextFactory legacyContextFactory) {
            this.policyDef = map;
            this.typeContextFactory = typeContextFactory;
            this.legacyContextFactory = legacyContextFactory;
        }

        public String toString() {
            return "Context: " + this.description;
        }

        private AclContext createTypeContext(List list) {
            return this.typeContextFactory.createAclContext(list);
        }

        private AclContext createLegacyContext(Map map) {
            return this.legacyContextFactory.createLegacyContext(map);
        }

        @Override // com.dtolabs.rundeck.core.authorization.providers.AclContext
        public ContextDecision includes(Map<String, String> map, String str) {
            ArrayList arrayList = new ArrayList();
            Object obj = this.policyDef.get("description");
            if (obj == null || !(obj instanceof String)) {
                arrayList.add(new ContextEvaluation(Explanation.Code.REJECTED_NO_DESCRIPTION_PROVIDED, "Policy is missing a description."));
                return new ContextDecision(Explanation.Code.REJECTED_NO_DESCRIPTION_PROVIDED, false, arrayList);
            }
            this.description = (String) obj;
            String str2 = map.get("type");
            if (null == str2) {
                arrayList.add(new ContextEvaluation(Explanation.Code.REJECTED_NO_RESOURCE_TYPE, "Resource has no 'type'."));
                return new ContextDecision(Explanation.Code.REJECTED_NO_RESOURCE_TYPE, false, arrayList);
            }
            Object obj2 = this.policyDef.get(YamlPolicy.FOR_SECTION);
            if (null != obj2 && !(obj2 instanceof Map)) {
                arrayList.add(new ContextEvaluation(Explanation.Code.REJECTED_INVALID_FOR_SECTION, "'for' was not declared"));
                return new ContextDecision(Explanation.Code.REJECTED_INVALID_FOR_SECTION, false, arrayList);
            }
            Map map2 = (Map) obj2;
            Object obj3 = null != map2 ? map2.get(str2) : null;
            boolean z = "job".equals(str2) && this.policyDef.containsKey(YamlPolicy.RULES_SECTION) && (this.policyDef.get(YamlPolicy.RULES_SECTION) instanceof Map);
            if (null == this.typeContexts.get(str2)) {
                if (null != obj3) {
                    this.typeContexts.putIfAbsent(str2, createTypeContext((List) obj3));
                } else {
                    if (!z) {
                        arrayList.add(new ContextEvaluation(Explanation.Code.REJECTED_NO_RULES_DECLARED, "Section for type '" + str2 + "' was not declared in " + YamlPolicy.FOR_SECTION + " section"));
                        return new ContextDecision(Explanation.Code.REJECTED_NO_RULES_DECLARED, false, arrayList);
                    }
                    this.typeContexts.putIfAbsent(str2, createLegacyContext((Map) this.policyDef.get(YamlPolicy.RULES_SECTION)));
                }
            }
            return this.typeContexts.get(str2).includes(map, str);
        }
    }

    /* loaded from: input_file:com/dtolabs/rundeck/core/authorization/providers/YamlPolicy$YamlEnvironmentalContext.class */
    static class YamlEnvironmentalContext implements EnvironmentalContext {
        Map<URI, String> matcher = new HashMap();
        private boolean valid;
        private String validation;

        YamlEnvironmentalContext(String str, Map map) {
            this.valid = false;
            boolean z = false;
            ArrayList arrayList = new ArrayList();
            for (Map.Entry entry : map.entrySet()) {
                if (entry.getKey() instanceof String) {
                    try {
                        URI uri = new URI(str + ((String) entry.getKey()));
                        if (entry.getValue() instanceof String) {
                            this.matcher.put(uri, (String) entry.getValue());
                        } else {
                            arrayList.add("Context section: " + entry.getKey() + ": expected 'String', saw: " + entry.getValue().getClass().getName());
                            z = true;
                        }
                    } catch (URISyntaxException e) {
                        arrayList.add("Context section: " + entry.getKey() + ": invalid URI: " + e.getMessage());
                        z = true;
                    }
                } else {
                    arrayList.add("Context section key expected 'String', saw: " + entry.getKey().getClass().getName());
                    z = true;
                }
            }
            if (arrayList.size() > 0) {
                StringBuffer stringBuffer = new StringBuffer();
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    String str2 = (String) it.next();
                    if (stringBuffer.length() > 0) {
                        stringBuffer.append("; ");
                    }
                    stringBuffer.append(str2);
                }
                this.validation = stringBuffer.toString();
            }
            this.valid = !z && this.matcher.size() >= 1;
        }

        @Override // com.dtolabs.rundeck.core.authorization.providers.EnvironmentalContext
        public boolean matches(Set<Attribute> set) {
            Pattern pattern;
            HashSet hashSet = new HashSet();
            for (Attribute attribute : set) {
                String str = this.matcher.get(attribute.property);
                if (null != str) {
                    try {
                        pattern = Pattern.compile(str);
                    } catch (PatternSyntaxException e) {
                        pattern = null;
                    }
                    if (null != pattern) {
                        if (new RegexPredicate(pattern).evaluate(attribute.value)) {
                            hashSet.add(attribute.property);
                        }
                    } else if (str.equals(attribute.value)) {
                        hashSet.add(attribute.property);
                    }
                }
            }
            return this.valid && hashSet.size() == this.matcher.keySet().size();
        }

        @Override // com.dtolabs.rundeck.core.authorization.providers.EnvironmentalContext
        public boolean isValid() {
            return this.valid;
        }

        public String toString() {
            return "YamlEnvironmentalContext{" + (this.valid ? ", valid=" + this.valid + ", context='" + this.matcher + "'}" : ", valid=" + this.valid + ", validation='" + getValidation() + "'}");
        }

        public String getValidation() {
            return this.validation;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public YamlPolicy(Map map, File file, int i) {
        this.usernames = new HashSet();
        this.groups = new HashSet();
        this.policyInput = map;
        this.sourceFile = file;
        this.sourceIndex = i;
        parseByClause();
        createAclContext();
    }

    public YamlPolicy(Map map) {
        this(map, null, -1);
    }

    String identify() {
        if (null != this.policyInput.get(RunTool.Options.ID_OPTION_LONG)) {
            return this.policyInput.get(RunTool.Options.ID_OPTION_LONG).toString();
        }
        return (null != this.sourceFile ? this.sourceFile.getAbsolutePath() : "(unknown file)") + (this.sourceIndex >= 0 ? "[" + this.sourceIndex + "]" : "");
    }

    @Override // com.dtolabs.rundeck.core.authorization.providers.Policy
    public Set<String> getUsernames() {
        return this.usernames;
    }

    @Override // com.dtolabs.rundeck.core.authorization.providers.Policy
    public EnvironmentalContext getEnvironment() {
        synchronized (this) {
            if (!this.envchecked) {
                Object obj = this.policyInput.get(CONTEXT_SECTION);
                if (null != obj && (obj instanceof Map)) {
                    this.environment = new YamlEnvironmentalContext(EnvironmentalContext.URI_BASE, (Map) obj);
                }
                this.envchecked = true;
            }
        }
        return this.environment;
    }

    @Override // com.dtolabs.rundeck.core.authorization.providers.Policy
    public Set<Object> getGroups() {
        return this.groups;
    }

    @Override // com.dtolabs.rundeck.core.authorization.providers.Policy
    public AclContext getContext() {
        return this.aclContext;
    }

    private void createAclContext() {
        this.aclContext = new YamlAclContext(this.policyInput, new TypeContextFactory() { // from class: com.dtolabs.rundeck.core.authorization.providers.YamlPolicy.1
            @Override // com.dtolabs.rundeck.core.authorization.providers.YamlPolicy.TypeContextFactory
            public AclContext createAclContext(List list) {
                return new TypeContext(YamlPolicy.this.createTypeRules(list));
            }
        }, new LegacyContextFactory() { // from class: com.dtolabs.rundeck.core.authorization.providers.YamlPolicy.2
            @Override // com.dtolabs.rundeck.core.authorization.providers.YamlPolicy.LegacyContextFactory
            public AclContext createLegacyContext(Map map) {
                return new LegacyRulesContext(map);
            }
        });
    }

    List<ContextMatcher> createTypeRules(List list) {
        ArrayList arrayList = new ArrayList();
        int i = 1;
        Iterator it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(createTypeRuleContext((Map) it.next(), i));
            i++;
        }
        return arrayList;
    }

    ContextMatcher createTypeRuleContext(Map map, int i) {
        return new TypeRuleContextMatcher(map, i, this);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String createLegacyJobResourcePath(Map<String, String> map) {
        return map.get(JobsTool.GROUP_OPTION_LONG) + "/" + map.get("job");
    }

    private void parseByClause() {
        Object obj = this.policyInput.get("by");
        if (obj != null && (obj instanceof Map)) {
            Map map = (Map) obj;
            Object obj2 = map.get("username");
            Object obj3 = map.get(JobsTool.GROUP_OPTION_LONG);
            if (null != obj2) {
                if (obj2 instanceof String) {
                    this.usernames.add((String) obj2);
                } else if (obj2 instanceof Collection) {
                    for (Object obj4 : (Collection) obj2) {
                        if (obj4 instanceof String) {
                            this.usernames.add((String) obj4);
                        }
                    }
                }
            }
            if (null != obj3) {
                if (obj3 instanceof String) {
                    this.groups.add(obj3);
                    return;
                }
                if (obj3 instanceof Collection) {
                    for (Object obj5 : (Collection) obj3) {
                        if (obj5 instanceof String) {
                            this.groups.add(obj5);
                        }
                    }
                }
            }
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer("YamlPolicy[id:");
        stringBuffer.append(identify()).append(", groups:");
        Iterator<Object> it = getGroups().iterator();
        while (it.hasNext()) {
            stringBuffer.append(it.next().toString()).append(" ");
        }
        stringBuffer.append("]");
        return stringBuffer.toString();
    }
}
