package org.openmetadata.service.security.mask;

import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import java.util.stream.Stream;
import javax.ws.rs.core.SecurityContext;
import org.openmetadata.common.utils.CommonUtil;
import org.openmetadata.schema.entity.data.Query;
import org.openmetadata.schema.entity.data.SearchIndex;
import org.openmetadata.schema.entity.data.Table;
import org.openmetadata.schema.entity.data.Topic;
import org.openmetadata.schema.entity.teams.User;
import org.openmetadata.schema.tests.TestCase;
import org.openmetadata.schema.tests.type.TestCaseResult;
import org.openmetadata.schema.type.Column;
import org.openmetadata.schema.type.ColumnProfile;
import org.openmetadata.schema.type.Field;
import org.openmetadata.schema.type.Include;
import org.openmetadata.schema.type.TableData;
import org.openmetadata.schema.type.searchindex.SearchIndexSampleData;
import org.openmetadata.schema.type.topic.TopicSampleData;
import org.openmetadata.service.Entity;
import org.openmetadata.service.jdbi3.ColumnUtil;
import org.openmetadata.service.jdbi3.TopicRepository;
import org.openmetadata.service.resources.feeds.MessageParser;
import org.openmetadata.service.security.Authorizer;
import org.openmetadata.service.util.FullyQualifiedName;
import org.openmetadata.service.util.ResultList;

/* loaded from: input_file:org/openmetadata/service/security/mask/PIIMasker.class */
public class PIIMasker {
    public static final String SENSITIVE_PII_TAG = "PII.Sensitive";
    public static final String MASKED_VALUE = "********";
    public static final String MASKED_NAME = "[MASKED]";
    public static final String MASKED_MAIL = "********@masked.com";

    private PIIMasker() {
    }

    public static TableData maskSampleData(TableData tableData, Table table, List<Column> list) {
        if (tableData == null) {
            return null;
        }
        List list2 = hasPiiSensitiveTag(table) ? (List) IntStream.range(0, list.size()).boxed().collect(Collectors.toList()) : (List) ((Map) list.stream().collect(Collectors.toMap(Function.identity(), column -> {
            return Integer.valueOf(tableData.getColumns().indexOf(column.getName()));
        }))).entrySet().stream().filter(entry -> {
            return hasPiiSensitiveTag((Column) entry.getKey());
        }).map((v0) -> {
            return v0.getValue();
        }).collect(Collectors.toList());
        List list3 = list2;
        tableData.setRows((List) tableData.getRows().stream().map(list4 -> {
            return maskSampleDataRow(list4, list3);
        }).collect(Collectors.toList()));
        List columns = tableData.getColumns();
        list2.forEach(num -> {
            columns.set(num.intValue(), flagMaskedName((String) columns.get(num.intValue())));
        });
        return tableData;
    }

    public static Table getSampleData(Table table) {
        table.setSampleData(maskSampleData(table.getSampleData(), table, table.getColumns()));
        return table;
    }

    public static Topic getSampleData(Topic topic) {
        TopicSampleData sampleData = topic.getSampleData();
        if (sampleData == null) {
            return topic;
        }
        if (hasPiiSensitiveTag(topic)) {
            sampleData.setMessages(List.of(MASKED_VALUE));
            topic.setSampleData(sampleData);
        }
        return topic;
    }

    public static SearchIndex getSampleData(SearchIndex searchIndex) {
        SearchIndexSampleData sampleData = searchIndex.getSampleData();
        if (sampleData == null) {
            return searchIndex;
        }
        if (hasPiiSensitiveTag(searchIndex)) {
            sampleData.setMessages(List.of(MASKED_VALUE));
            searchIndex.setSampleData(sampleData);
        }
        return searchIndex;
    }

    public static Table getTableProfile(Table table) {
        for (Column column : table.getColumns()) {
            if (hasPiiSensitiveTag(column)) {
                column.setProfile((ColumnProfile) null);
                column.setName(flagMaskedName(column.getName()));
            }
        }
        return table;
    }

    public static List<ColumnProfile> getColumnProfile(String str, List<ColumnProfile> list) {
        Column column = (Column) ((Table) Entity.getEntityByName("table", FullyQualifiedName.getTableFQN(str), "columns,tags", Include.ALL)).getColumns().stream().filter(column2 -> {
            return column2.getFullyQualifiedName().equals(str);
        }).findFirst().orElse(null);
        return (column == null || !hasPiiSensitiveTag(column)) ? list : Collections.nCopies(list.size(), new ColumnProfile());
    }

    private static TestCase getTestCase(Column column, TestCase testCase) {
        if (!hasPiiSensitiveTag(column)) {
            return testCase;
        }
        testCase.setTestCaseResult((TestCaseResult) null);
        testCase.setParameterValues((List) null);
        testCase.setDescription((String) null);
        testCase.setName(flagMaskedName(testCase.getName()));
        return testCase;
    }

    public static ResultList<TestCase> getTestCases(ResultList<TestCase> resultList, Authorizer authorizer, SecurityContext securityContext) {
        HashMap hashMap = new HashMap();
        resultList.setData((List) resultList.getData().stream().map(testCase -> {
            Table table;
            MessageParser.EntityLink parse = MessageParser.EntityLink.parse(testCase.getEntityLink());
            if (hashMap.containsKey(parse.getEntityFQN())) {
                table = (Table) hashMap.get(parse.getEntityFQN());
            } else {
                table = (Table) Entity.getEntityByName("table", parse.getEntityFQN(), "owners,tags,columns", Include.NON_DELETED);
                hashMap.put(parse.getEntityFQN(), table);
            }
            if (parse.getFieldName() == null) {
                return testCase;
            }
            Optional findFirst = table.getColumns().stream().filter(column -> {
                return parse.getFullyQualifiedFieldValue().equals(column.getFullyQualifiedName());
            }).findFirst();
            if (findFirst.isPresent()) {
                return !authorizer.authorizePII(securityContext, table.getOwners()) ? getTestCase((Column) findFirst.get(), testCase) : testCase;
            }
            return testCase;
        }).collect(Collectors.toList()));
        return resultList;
    }

    private static Query getQuery(Query query) {
        if (!hasPiiSensitiveTag(query)) {
            return query;
        }
        query.setQuery(MASKED_VALUE);
        return query;
    }

    public static ResultList<Query> getQueries(ResultList<Query> resultList, Authorizer authorizer, SecurityContext securityContext) {
        resultList.setData((List) resultList.getData().stream().map(query -> {
            return !authorizer.authorizePII(securityContext, query.getOwners()) ? getQuery(query) : query;
        }).collect(Collectors.toList()));
        return resultList;
    }

    private static boolean hasPiiSensitiveTag(Query query) {
        Stream map = query.getTags().stream().map((v0) -> {
            return v0.getTagFQN();
        });
        String str = SENSITIVE_PII_TAG;
        return map.anyMatch((v1) -> {
            return r1.equals(v1);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean hasPiiSensitiveTag(Column column) {
        Stream<String> stream = ColumnUtil.getAllTags(column).stream();
        String str = SENSITIVE_PII_TAG;
        return stream.anyMatch((v1) -> {
            return r1.equals(v1);
        });
    }

    private static boolean hasPiiSensitiveTag(Table table) {
        Stream map = table.getTags().stream().map((v0) -> {
            return v0.getTagFQN();
        });
        String str = SENSITIVE_PII_TAG;
        return map.anyMatch((v1) -> {
            return r1.equals(v1);
        });
    }

    private static boolean hasPiiSensitiveTag(SearchIndex searchIndex) {
        Stream map = searchIndex.getTags().stream().map((v0) -> {
            return v0.getTagFQN();
        });
        String str = SENSITIVE_PII_TAG;
        return map.anyMatch((v1) -> {
            return r1.equals(v1);
        });
    }

    private static boolean hasPiiSensitiveTag(Topic topic) {
        Stream map = topic.getTags().stream().map((v0) -> {
            return v0.getTagFQN();
        });
        String str = SENSITIVE_PII_TAG;
        if (map.anyMatch((v1) -> {
            return r1.equals(v1);
        })) {
            return true;
        }
        HashSet hashSet = new HashSet();
        Iterator it = CommonUtil.listOrEmpty(topic.getMessageSchema() != null ? topic.getMessageSchema().getSchemaFields() : null).iterator();
        while (it.hasNext()) {
            hashSet.addAll(TopicRepository.getAllFieldTags((Field) it.next()));
        }
        Stream map2 = hashSet.stream().map((v0) -> {
            return v0.getTagFQN();
        });
        String str2 = SENSITIVE_PII_TAG;
        return map2.anyMatch((v1) -> {
            return r1.equals(v1);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static List<Object> maskSampleDataRow(List<Object> list, List<Integer> list2) {
        list2.forEach(num -> {
            list.set(num.intValue(), MASKED_VALUE);
        });
        return list;
    }

    private static String flagMaskedName(String str) {
        return String.format("%s %s", str, MASKED_NAME);
    }

    public static User maskUser(Authorizer authorizer, SecurityContext securityContext, User user) {
        if (authorizer.authorizePII(securityContext, null)) {
            return user;
        }
        user.setEmail(MASKED_MAIL);
        return user;
    }
}
