package org.graylog.security;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import com.mongodb.BasicDBObject;
import com.mongodb.client.MongoCollection;
import com.mongodb.client.model.Filters;
import com.mongodb.client.model.Updates;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import javax.inject.Inject;
import org.apache.commons.lang3.StringUtils;
import org.graylog.grn.GRN;
import org.graylog.grn.GRNRegistry;
import org.graylog2.bindings.providers.MongoJackObjectMapperProvider;
import org.graylog2.database.MongoConnection;
import org.graylog2.database.PaginatedDbService;
import org.graylog2.plugin.database.users.User;
import org.mongojack.DBQuery;

/* loaded from: input_file:org/graylog/security/DBGrantService.class */
public class DBGrantService extends PaginatedDbService<GrantDTO> {
    public static final String COLLECTION_NAME = "grants";
    private final GRNRegistry grnRegistry;

    @Inject
    public DBGrantService(MongoConnection mongoConnection, MongoJackObjectMapperProvider mongoJackObjectMapperProvider, GRNRegistry gRNRegistry) {
        super(mongoConnection, mongoJackObjectMapperProvider, GrantDTO.class, COLLECTION_NAME);
        this.grnRegistry = gRNRegistry;
        this.db.createIndex(new BasicDBObject("grantee", 1));
        this.db.createIndex(new BasicDBObject(GrantDTO.FIELD_TARGET, 1));
        this.db.createIndex(new BasicDBObject("grantee", 1).append("capability", 1).append(GrantDTO.FIELD_TARGET, 1), new BasicDBObject("unique", true));
        this.db.createIndex(new BasicDBObject("grantee", 1).append(GrantDTO.FIELD_TARGET, 1), new BasicDBObject("unique", true));
        MongoCollection collection = mongoConnection.getMongoDatabase().getCollection(COLLECTION_NAME);
        collection.updateMany(Filters.eq("capability", "grn::::capability:54e3deadbeefdeadbeef0000"), Updates.set("capability", Capability.VIEW.toId()));
        collection.updateMany(Filters.eq("capability", "grn::::capability:54e3deadbeefdeadbeef0001"), Updates.set("capability", Capability.MANAGE.toId()));
        collection.updateMany(Filters.eq("capability", "grn::::capability:54e3deadbeefdeadbeef0002"), Updates.set("capability", Capability.OWN.toId()));
    }

    public ImmutableSet<GrantDTO> getForGranteesOrGlobal(Set<GRN> set) {
        return (ImmutableSet) streamQuery(DBQuery.or(new DBQuery.Query[]{DBQuery.in("grantee", set), DBQuery.is("grantee", GRNRegistry.GLOBAL_USER_GRN.toString())})).collect(ImmutableSet.toImmutableSet());
    }

    public ImmutableSet<GrantDTO> getForGrantee(GRN grn) {
        return (ImmutableSet) streamQuery(DBQuery.is("grantee", grn)).collect(ImmutableSet.toImmutableSet());
    }

    public ImmutableSet<GrantDTO> getForGranteeWithCapability(GRN grn, Capability capability) {
        return (ImmutableSet) streamQuery(DBQuery.and(new DBQuery.Query[]{DBQuery.is("grantee", grn), DBQuery.is("capability", capability)})).collect(ImmutableSet.toImmutableSet());
    }

    public ImmutableSet<GrantDTO> getForGranteesOrGlobalWithCapability(Set<GRN> set, Capability capability) {
        return (ImmutableSet) streamQuery(DBQuery.and(new DBQuery.Query[]{DBQuery.or(new DBQuery.Query[]{DBQuery.in("grantee", set), DBQuery.is("grantee", GRNRegistry.GLOBAL_USER_GRN.toString())}), DBQuery.is("capability", capability)})).collect(ImmutableSet.toImmutableSet());
    }

    public List<GrantDTO> getForTargetAndGrantee(GRN grn, GRN grn2) {
        return getForTargetAndGrantees(grn, ImmutableSet.of(grn2));
    }

    public List<GrantDTO> getForTargetAndGrantees(GRN grn, Set<GRN> set) {
        return this.db.find(DBQuery.and(new DBQuery.Query[]{DBQuery.is(GrantDTO.FIELD_TARGET, grn), DBQuery.in("grantee", set)})).toArray();
    }

    public GrantDTO create(GrantDTO grantDTO, @Nullable User user) {
        return create(grantDTO, ((User) Objects.requireNonNull(user, "currentUser cannot be null")).getName());
    }

    public GrantDTO create(GrantDTO grantDTO, String str) {
        Preconditions.checkArgument(StringUtils.isNotBlank(str), "creatorUsername cannot be null or empty");
        ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
        return save(grantDTO.toBuilder().createdBy(str).createdAt(now).updatedBy(str).updatedAt(now).build());
    }

    public GrantDTO create(GRN grn, Capability capability, GRN grn2, String str) {
        Preconditions.checkArgument(grn != null, "grantee cannot be null");
        Preconditions.checkArgument(capability != null, "capability cannot be null");
        Preconditions.checkArgument(grn2 != null, "target cannot be null");
        return create(GrantDTO.of(grn, capability, grn2), str);
    }

    public GrantDTO ensure(GRN grn, Capability capability, GRN grn2, String str) {
        List<GrantDTO> forTargetAndGrantee = getForTargetAndGrantee(grn2, grn);
        if (forTargetAndGrantee.isEmpty()) {
            return create(grn, capability, grn2, str);
        }
        Preconditions.checkState(forTargetAndGrantee.size() == 1);
        GrantDTO grantDTO = forTargetAndGrantee.get(0);
        return capability.priority() > grantDTO.capability().priority() ? save(grantDTO.toBuilder().capability(capability).build()) : grantDTO;
    }

    public GrantDTO update(GrantDTO grantDTO, @Nullable User user) {
        return save(get(grantDTO.id()).orElseThrow(() -> {
            return new IllegalArgumentException("Couldn't find grant with ID " + grantDTO.id());
        }).toBuilder().grantee(grantDTO.grantee()).capability(grantDTO.capability()).target(grantDTO.target()).updatedBy(((User) Objects.requireNonNull(user, "currentUser cannot be null")).getName()).updatedAt(ZonedDateTime.now(ZoneOffset.UTC)).build());
    }

    public ImmutableSet<GrantDTO> getAll() {
        Stream<GrantDTO> streamAll = streamAll();
        Throwable th = null;
        try {
            ImmutableSet<GrantDTO> immutableSet = (ImmutableSet) streamAll.collect(ImmutableSet.toImmutableSet());
            if (streamAll != null) {
                if (0 != 0) {
                    try {
                        streamAll.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    streamAll.close();
                }
            }
            return immutableSet;
        } catch (Throwable th3) {
            if (streamAll != null) {
                if (0 != 0) {
                    try {
                        streamAll.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    streamAll.close();
                }
            }
            throw th3;
        }
    }

    public List<GrantDTO> getForTarget(GRN grn) {
        return this.db.find(DBQuery.is(GrantDTO.FIELD_TARGET, grn.toString())).toArray();
    }

    public int deleteForGrantee(GRN grn) {
        return this.db.remove(DBQuery.is("grantee", grn.toString())).getN();
    }

    public int deleteForTarget(GRN grn) {
        return this.db.remove(DBQuery.is(GrantDTO.FIELD_TARGET, grn.toString())).getN();
    }

    public List<GrantDTO> getForTargetExcludingGrantee(GRN grn, GRN grn2) {
        return this.db.find(DBQuery.and(new DBQuery.Query[]{DBQuery.is(GrantDTO.FIELD_TARGET, grn.toString()), DBQuery.notEquals("grantee", grn2.toString())})).toArray();
    }

    public Map<GRN, Set<GRN>> getOwnersForTargets(Collection<GRN> collection) {
        return (Map) this.db.find(DBQuery.and(new DBQuery.Query[]{DBQuery.in(GrantDTO.FIELD_TARGET, collection), DBQuery.is("capability", Capability.OWN)})).toArray().stream().collect(Collectors.groupingBy((v0) -> {
            return v0.target();
        }, Collectors.mapping((v0) -> {
            return v0.grantee();
        }, Collectors.toSet())));
    }

    public boolean hasGrantFor(GRN grn, Capability capability, GRN grn2) {
        return this.db.findOne(DBQuery.and(new DBQuery.Query[]{DBQuery.is("grantee", grn), DBQuery.is("capability", capability), DBQuery.is(GrantDTO.FIELD_TARGET, grn2)})) != null;
    }
}
