package org.graylog.security;

import com.google.common.collect.ImmutableSet;
import jakarta.inject.Inject;
import java.util.Collections;
import java.util.Optional;
import java.util.Set;
import org.apache.shiro.authz.Permission;
import org.graylog.grn.GRN;
import org.graylog.security.permissions.CaseSensitiveWildcardPermission;
import org.graylog.security.permissions.GRNPermission;
import org.graylog2.shared.security.RestPermissions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog/security/DefaultPermissionAndRoleResolver.class */
public class DefaultPermissionAndRoleResolver implements PermissionAndRoleResolver {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultPermissionAndRoleResolver.class);
    private final Logger logger;
    private final BuiltinCapabilities builtinCapabilities;
    private final DBGrantService grantService;

    @Inject
    public DefaultPermissionAndRoleResolver(BuiltinCapabilities builtinCapabilities, DBGrantService dBGrantService) {
        this(LOG, builtinCapabilities, dBGrantService);
    }

    public DefaultPermissionAndRoleResolver(Logger logger, BuiltinCapabilities builtinCapabilities, DBGrantService dBGrantService) {
        this.logger = logger;
        this.builtinCapabilities = builtinCapabilities;
        this.grantService = dBGrantService;
    }

    protected Set<GRN> resolveTargets(GRN grn) {
        String type = grn.type();
        boolean z = -1;
        switch (type.hashCode()) {
            case -887328209:
                if (type.equals("system")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return Collections.emptySet();
            default:
                return Collections.singleton(grn);
        }
    }

    @Override // org.graylog.security.PermissionAndRoleResolver
    public Set<GRN> resolveGrantees(GRN grn) {
        return Collections.singleton(grn);
    }

    @Override // org.graylog.security.PermissionAndRoleResolver
    public Set<Permission> resolvePermissionsForPrincipal(GRN grn) {
        ImmutableSet<GrantDTO> forGranteesOrGlobal = this.grantService.getForGranteesOrGlobal(resolveGrantees(grn));
        ImmutableSet.Builder builder = ImmutableSet.builder();
        for (GrantDTO grantDTO : forGranteesOrGlobal) {
            Optional<CapabilityDescriptor> optional = this.builtinCapabilities.get(grantDTO.capability());
            if (optional.isPresent()) {
                Set<GRN> resolveTargets = resolveTargets(grantDTO.target());
                for (String str : optional.get().permissions()) {
                    for (GRN grn2 : resolveTargets) {
                        if (grn2.isPermissionApplicable(str)) {
                            if (str.equals(RestPermissions.ENTITY_OWN)) {
                                builder.add(GRNPermission.create(str, grn2));
                            } else {
                                builder.add(new CaseSensitiveWildcardPermission(str + ":" + grn2.entity()));
                            }
                        }
                    }
                }
            } else {
                this.logger.warn("Couldn't find capability <{}>", grantDTO.capability());
            }
        }
        return builder.build();
    }

    @Override // org.graylog.security.PermissionAndRoleResolver
    public Set<String> resolveRolesForPrincipal(GRN grn) {
        return ImmutableSet.of();
    }
}
