package org.eclipse.ditto.model.things;

import java.text.MessageFormat;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.concurrent.Immutable;
import org.eclipse.ditto.model.base.common.Validator;

@Deprecated
@Immutable
/* loaded from: input_file:org/eclipse/ditto/model/things/AclValidator.class */
public final class AclValidator implements Validator {
    private static final String NO_AUTH_SUBJECT_PATTERN = "It must contain at least one Authorization Subject with the following permission(s): <{0}>!";
    private static final String AUTH_SUBJECT_NOT_PERMITTED_PATTERN = "The Authorization Subject <{0}> must have at least the permission(s): <{1}>!";
    private final AccessControlList acl;
    private final Permissions permissions;
    private boolean validationResult = true;
    private String reason = null;

    private AclValidator(AccessControlList accessControlList, Permissions permissions) {
        this.acl = accessControlList;
        this.permissions = permissions;
    }

    public static AclValidator newInstance(AccessControlList accessControlList, Permissions permissions) {
        Objects.requireNonNull(accessControlList, "The Access Control List to validate must not be null!");
        return new AclValidator(accessControlList, permissions);
    }

    public boolean isValid() {
        checkIfCompletelyEmpty();
        if (checkIfSingleEntryIsValid()) {
            checkIfAnyAuthorizationSubjectsWithRequiredPermissionsDoExist();
        }
        return this.validationResult;
    }

    public Optional<String> getReason() {
        return Optional.ofNullable(this.reason);
    }

    private void checkIfCompletelyEmpty() {
        if (this.acl.isEmpty()) {
            this.reason = MessageFormat.format(NO_AUTH_SUBJECT_PATTERN, this.permissions);
        }
    }

    private boolean checkIfSingleEntryIsValid() {
        boolean z;
        if (!this.validationResult) {
            z = false;
        } else if (1 == this.acl.getSize()) {
            AclEntry next = this.acl.getEntriesSet().iterator().next();
            if (!next.containsAll(this.permissions)) {
                this.reason = MessageFormat.format(AUTH_SUBJECT_NOT_PERMITTED_PATTERN, next.getAuthorizationSubject(), this.permissions);
                this.validationResult = false;
            }
            z = false;
        } else {
            z = true;
        }
        return z;
    }

    private void checkIfAnyAuthorizationSubjectsWithRequiredPermissionsDoExist() {
        if (this.acl.getAuthorizedSubjectsFor(this.permissions).isEmpty()) {
            this.reason = MessageFormat.format(NO_AUTH_SUBJECT_PATTERN, this.permissions);
            this.validationResult = false;
        }
    }
}
