package com.sap.sse.security.shared;

import com.sap.sse.common.Util;
import com.sap.sse.security.shared.impl.AccessControlList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.BiFunction;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Predicate;

/* loaded from: classes.dex */
public class PermissionChecker {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final BiFunction<WildcardPermission, WildcardPermission, Boolean> impliesChecker = new BiFunction() { // from class: com.sap.sse.security.shared.-$$Lambda$NtMHuUwQk8ALp-5rmDzSrDKiXwk
        @Override // java.util.function.BiFunction
        public final Object apply(Object obj, Object obj2) {
            return Boolean.valueOf(((WildcardPermission) obj).implies((WildcardPermission) obj2));
        }
    };
    private static final BiFunction<WildcardPermission, WildcardPermission, Boolean> impliesAnyChecker = new BiFunction() { // from class: com.sap.sse.security.shared.-$$Lambda$BADvCMcrRv1ZDWc7Uo4fSH55YvE
        @Override // java.util.function.BiFunction
        public final Object apply(Object obj, Object obj2) {
            return Boolean.valueOf(((WildcardPermission) obj).impliesAny((WildcardPermission) obj2));
        }
    };

    /* loaded from: classes.dex */
    public interface AclResolver<A extends SecurityAccessControlList<?>, O extends AbstractOwnership<?, ?>> {
        Iterable<AccessControlList> resolveDenyingAclsAndCheckIfAnyMatches(O o, String str, Iterable<String> iterable, Predicate<A> predicate, Iterable<AccessControlList> iterable2);
    }

    /* loaded from: classes.dex */
    public enum PermissionState {
        GRANTED,
        REVOKED,
        NONE
    }

    private static <A extends SecurityAccessControlList<G>, G extends SecurityUserGroup<?>> PermissionState checkAcl(WildcardPermission wildcardPermission, Iterable<G> iterable, Iterable<G> iterable2, A a) {
        return checkAcl(wildcardPermission, iterable, iterable2, a, wildcardPermission.getParts());
    }

    private static <G extends SecurityUserGroup<?>, A extends SecurityAccessControlList<G>> PermissionState checkAcl(WildcardPermission wildcardPermission, Iterable<G> iterable, Iterable<G> iterable2, A a, List<Set<String>> list) {
        String str;
        if (list.get(0).size() != 1) {
            throw new WrongPermissionFormatException(wildcardPermission);
        }
        PermissionState permissionState = PermissionState.NONE;
        if (a == null) {
            return permissionState;
        }
        if (list.size() < 2) {
            str = WildcardPermission.WILDCARD_TOKEN;
        } else {
            if (list.get(1).size() > 1) {
                throw new IllegalArgumentException("Permission to check must not have more than one sub-part: " + list.get(1));
            }
            str = (String) list.get(1).toArray()[0];
        }
        HashSet hashSet = new HashSet();
        Util.addAll(iterable, hashSet);
        Util.addAll(iterable2, hashSet);
        return a.hasPermission(str, hashSet);
    }

    public static <RD extends RoleDefinition, R extends AbstractRole<RD, G, UR>, O extends AbstractOwnership<G, UR>, UR extends UserReference, U extends SecurityUser<RD, R, G>, G extends SecurityUserGroup<RD>, A extends SecurityAccessControlList<G>> boolean checkMetaPermission(WildcardPermission wildcardPermission, Iterable<? extends HasPermissions> iterable, U u, U u2, final O o, AclResolver<A, O> aclResolver) {
        return checkMetaPermissionInternal(wildcardPermission, iterable, u, u2, new Function() { // from class: com.sap.sse.security.shared.-$$Lambda$PermissionChecker$U7FxU_laIM3g2SYiOiuYjBA6FF0
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                return PermissionChecker.lambda$checkMetaPermission$0(AbstractOwnership.this, (WildcardPermission) obj);
            }
        }, aclResolver);
    }

    private static <RD extends RoleDefinition, R extends AbstractRole<RD, G, UR>, O extends AbstractOwnership<G, UR>, UR extends UserReference, U extends SecurityUser<RD, R, G>, G extends SecurityUserGroup<RD>, A extends SecurityAccessControlList<G>> boolean checkMetaPermissionInternal(WildcardPermission wildcardPermission, Iterable<? extends HasPermissions> iterable, U u, U u2, Function<WildcardPermission, O> function, AclResolver<A, O> aclResolver) {
        Set<String> emptySet;
        boolean z;
        Set<WildcardPermission> expandSingleWildcardPermissionToDistinctPermissions = expandSingleWildcardPermissionToDistinctPermissions(wildcardPermission, iterable, true);
        final Iterable groupsOfUser = getGroupsOfUser(u);
        final Iterable groupsOfUser2 = getGroupsOfUser(u2);
        HashMap hashMap = new HashMap();
        for (final WildcardPermission wildcardPermission2 : expandSingleWildcardPermissionToDistinctPermissions) {
            O apply = function.apply(wildcardPermission2);
            List<Set<String>> parts = wildcardPermission2.getParts();
            String next = parts.get(0).iterator().next();
            if (parts.size() >= 3) {
                emptySet = parts.get(2);
                z = WildcardPermission.WILDCARD_TOKEN.equals(emptySet.iterator().next());
            } else {
                emptySet = Collections.emptySet();
                z = true;
            }
            Util.Triple triple = new Util.Triple(next, emptySet, apply);
            Iterable<AccessControlList> iterable2 = (Iterable) hashMap.get(triple);
            if (z) {
                emptySet = null;
            }
            Iterable<AccessControlList> resolveDenyingAclsAndCheckIfAnyMatches = aclResolver.resolveDenyingAclsAndCheckIfAnyMatches(apply, next, emptySet, new Predicate() { // from class: com.sap.sse.security.shared.-$$Lambda$PermissionChecker$_Be2eVXUm-82R2EnJcWMGteXkfk
                @Override // java.util.function.Predicate
                public final boolean test(Object obj) {
                    return PermissionChecker.lambda$checkMetaPermissionInternal$2(WildcardPermission.this, groupsOfUser, groupsOfUser2, (SecurityAccessControlList) obj);
                }
            }, iterable2);
            if (resolveDenyingAclsAndCheckIfAnyMatches == null) {
                return false;
            }
            if (iterable2 == null) {
                hashMap.put(triple, resolveDenyingAclsAndCheckIfAnyMatches);
            }
            if (checkUserPermissions(wildcardPermission2, u, groupsOfUser, apply, impliesChecker, null, true, true) != PermissionState.GRANTED && checkUserPermissions(wildcardPermission2, u2, groupsOfUser2, apply, impliesChecker, null, true, true) != PermissionState.GRANTED) {
                return false;
            }
        }
        return true;
    }

    public static <RD extends RoleDefinition, R extends AbstractRole<RD, G, UR>, O extends AbstractOwnership<G, UR>, UR extends UserReference, U extends SecurityUser<RD, R, G>, G extends SecurityUserGroup<RD>, A extends SecurityAccessControlList<G>> boolean checkMetaPermissionWithOwnershipResolution(WildcardPermission wildcardPermission, Iterable<? extends HasPermissions> iterable, U u, U u2, final Function<QualifiedObjectIdentifier, O> function, AclResolver<A, O> aclResolver) {
        return checkMetaPermissionInternal(wildcardPermission, iterable, u, u2, new Function() { // from class: com.sap.sse.security.shared.-$$Lambda$PermissionChecker$pM1OqtmSc31kyX1NjQ6fLVasUmk
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                return PermissionChecker.lambda$checkMetaPermissionWithOwnershipResolution$1(function, (WildcardPermission) obj);
            }
        }, aclResolver);
    }

    private static <RD extends RoleDefinition, R extends AbstractRole<RD, G, UR>, O extends AbstractOwnership<G, UR>, UR extends UserReference, U extends SecurityUser<RD, R, G>, G extends SecurityUserGroup<RD>, A extends SecurityAccessControlList<G>> PermissionState checkUserPermissions(WildcardPermission wildcardPermission, U u, Iterable<G> iterable, O o, BiFunction<WildcardPermission, WildcardPermission, Boolean> biFunction, Iterable<R> iterable2, boolean z, boolean z2) {
        PermissionState permissionState = PermissionState.NONE;
        if (permissionState == PermissionState.NONE && u != null) {
            Iterator<WildcardPermission> it = u.getPermissions().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (biFunction.apply(it.next(), wildcardPermission).booleanValue()) {
                    permissionState = PermissionState.GRANTED;
                    break;
                }
            }
        }
        if (o != null && o.getTenantOwner() != null) {
            SecurityUserGroup tenantOwner = o.getTenantOwner();
            if (isPermissionGrantedByGroup(wildcardPermission, tenantOwner, Util.contains(iterable, tenantOwner), biFunction)) {
                permissionState = PermissionState.GRANTED;
            }
        } else if (!z) {
            Iterator<G> it2 = iterable.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (isPermissionGrantedByGroup(wildcardPermission, it2.next(), true, biFunction)) {
                    permissionState = PermissionState.GRANTED;
                    break;
                }
            }
        }
        if (permissionState != PermissionState.NONE || u == null) {
            return permissionState;
        }
        Iterable roles = u.getRoles();
        final HashSet hashSet = new HashSet();
        roles.forEach(new Consumer() { // from class: com.sap.sse.security.shared.-$$Lambda$0FZWZCasERk7yUb7_4O0YWM-dEc
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                hashSet.add((AbstractRole) obj);
            }
        });
        if (iterable2 != null) {
            iterable2.forEach(new Consumer() { // from class: com.sap.sse.security.shared.-$$Lambda$0FZWZCasERk7yUb7_4O0YWM-dEc
                @Override // java.util.function.Consumer
                public final void accept(Object obj) {
                    hashSet.add((AbstractRole) obj);
                }
            });
        }
        Iterator it3 = hashSet.iterator();
        while (it3.hasNext()) {
            if (implies((AbstractRole) it3.next(), wildcardPermission, o, biFunction, z, z2)) {
                return PermissionState.GRANTED;
            }
        }
        return permissionState;
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x002d  */
    /* JADX WARN: Removed duplicated region for block: B:17:0x004b  */
    /* JADX WARN: Removed duplicated region for block: B:25:0x006f A[LOOP:0: B:23:0x0069->B:25:0x006f, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:29:0x0081  */
    /* JADX WARN: Removed duplicated region for block: B:31:0x0095  */
    /* JADX WARN: Removed duplicated region for block: B:35:0x00a8  */
    /* JADX WARN: Removed duplicated region for block: B:71:0x0086  */
    /* JADX WARN: Removed duplicated region for block: B:74:0x0042  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.util.Set<com.sap.sse.security.shared.WildcardPermission> expandSingleWildcardPermissionToDistinctPermissions(com.sap.sse.security.shared.WildcardPermission r13, java.lang.Iterable<? extends com.sap.sse.security.shared.HasPermissions> r14, boolean r15) {
        /*
            Method dump skipped, instructions count: 311
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sap.sse.security.shared.PermissionChecker.expandSingleWildcardPermissionToDistinctPermissions(com.sap.sse.security.shared.WildcardPermission, java.lang.Iterable, boolean):java.util.Set");
    }

    private static <U extends SecurityUser<?, ?, G>, G extends SecurityUserGroup<?>> Iterable<G> getGroupsOfUser(U u) {
        return u == null ? Collections.emptySet() : u.getUserGroups();
    }

    public static <RD extends RoleDefinition, R extends AbstractRole<RD, G, UR>, O extends AbstractOwnership<G, UR>, UR extends UserReference, U extends SecurityUser<RD, R, G>, G extends SecurityUserGroup<RD>, A extends SecurityAccessControlList<G>> boolean hasUserAnyPermission(WildcardPermission wildcardPermission, Iterable<? extends HasPermissions> iterable, U u, U u2, O o) {
        for (WildcardPermission wildcardPermission2 : expandSingleWildcardPermissionToDistinctPermissions(wildcardPermission, iterable, false)) {
            if (checkUserPermissions(wildcardPermission2, u, getGroupsOfUser(u), o, impliesAnyChecker, null, false, false) == PermissionState.GRANTED || checkUserPermissions(wildcardPermission2, u2, getGroupsOfUser(u2), o, impliesAnyChecker, null, false, false) == PermissionState.GRANTED) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Removed duplicated region for block: B:22:0x0062  */
    /* JADX WARN: Removed duplicated region for block: B:33:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static <RD extends com.sap.sse.security.shared.RoleDefinition, R extends com.sap.sse.security.shared.AbstractRole<RD, G, UR>, O extends com.sap.sse.security.shared.AbstractOwnership<G, UR>, UR extends com.sap.sse.security.shared.UserReference, U extends com.sap.sse.security.shared.SecurityUser<RD, R, G>, G extends com.sap.sse.security.shared.SecurityUserGroup<RD>, A extends com.sap.sse.security.shared.SecurityAccessControlList<G>> boolean implies(R r5, com.sap.sse.security.shared.WildcardPermission r6, O r7, java.util.function.BiFunction<com.sap.sse.security.shared.WildcardPermission, com.sap.sse.security.shared.WildcardPermission, java.lang.Boolean> r8, boolean r9, boolean r10) {
        /*
            com.sap.sse.security.shared.SecurityUserGroup r0 = r5.getQualifiedForTenant()
            r1 = 1
            r2 = 0
            if (r0 == 0) goto La
            r0 = 1
            goto Lb
        La:
            r0 = 0
        Lb:
            com.sap.sse.security.shared.UserReference r3 = r5.getQualifiedForUser()
            if (r3 == 0) goto L13
            r3 = 1
            goto L14
        L13:
            r3 = 0
        L14:
            if (r7 == 0) goto L24
            com.sap.sse.security.shared.SecurityUserGroup r4 = r7.getTenantOwner()
            if (r4 != 0) goto L22
            com.sap.sse.security.shared.UserReference r4 = r7.getUserOwner()
            if (r4 == 0) goto L24
        L22:
            r4 = 1
            goto L25
        L24:
            r4 = 0
        L25:
            if (r10 == 0) goto L32
            java.lang.Boolean r10 = r5.isTransitive()
            boolean r10 = r10.booleanValue()
            if (r10 != 0) goto L32
            return r2
        L32:
            if (r0 != 0) goto L39
            if (r3 == 0) goto L37
            goto L39
        L37:
            r7 = 1
            goto L60
        L39:
            if (r4 != 0) goto L3e
            r7 = r9 ^ 1
            goto L60
        L3e:
            if (r0 == 0) goto L4e
            com.sap.sse.security.shared.SecurityUserGroup r9 = r5.getQualifiedForTenant()
            com.sap.sse.security.shared.SecurityUserGroup r10 = r7.getTenantOwner()
            boolean r9 = com.sap.sse.common.Util.equalsWithNull(r9, r10)
            if (r9 == 0) goto L5f
        L4e:
            if (r3 == 0) goto L37
            com.sap.sse.security.shared.UserReference r9 = r5.getQualifiedForUser()
            com.sap.sse.security.shared.UserReference r7 = r7.getUserOwner()
            boolean r7 = isSameUser(r9, r7)
            if (r7 == 0) goto L5f
            goto L37
        L5f:
            r7 = 0
        L60:
            if (r7 == 0) goto L85
            java.util.Set r5 = r5.getPermissions()
            java.util.Iterator r5 = r5.iterator()
        L6a:
            boolean r7 = r5.hasNext()
            if (r7 == 0) goto L83
            java.lang.Object r7 = r5.next()
            com.sap.sse.security.shared.WildcardPermission r7 = (com.sap.sse.security.shared.WildcardPermission) r7
            java.lang.Object r7 = r8.apply(r7, r6)
            java.lang.Boolean r7 = (java.lang.Boolean) r7
            boolean r7 = r7.booleanValue()
            if (r7 == 0) goto L6a
            goto L84
        L83:
            r1 = 0
        L84:
            r2 = r1
        L85:
            return r2
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sap.sse.security.shared.PermissionChecker.implies(com.sap.sse.security.shared.AbstractRole, com.sap.sse.security.shared.WildcardPermission, com.sap.sse.security.shared.AbstractOwnership, java.util.function.BiFunction, boolean, boolean):boolean");
    }

    private static <RD extends RoleDefinition, U extends SecurityUser<RD, ?, G>, G extends SecurityUserGroup<RD>> boolean isPermissionGrantedByGroup(WildcardPermission wildcardPermission, G g, boolean z, BiFunction<WildcardPermission, WildcardPermission, Boolean> biFunction) {
        for (Map.Entry<RD, Boolean> entry : g.getRoleDefinitionMap().entrySet()) {
            if (Boolean.TRUE.equals(entry.getValue()) || z) {
                Iterator<WildcardPermission> it = entry.getKey().getPermissions().iterator();
                while (it.hasNext()) {
                    if (biFunction.apply(it.next(), wildcardPermission).booleanValue()) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    public static <RD extends RoleDefinition, R extends AbstractRole<RD, G, UR>, O extends AbstractOwnership<G, UR>, UR extends UserReference, U extends SecurityUser<RD, R, G>, G extends SecurityUserGroup<RD>, A extends SecurityAccessControlList<G>> boolean isPermitted(WildcardPermission wildcardPermission, U u, U u2, O o, A a) {
        return isPermitted(wildcardPermission, u, getGroupsOfUser(u), u2, getGroupsOfUser(u2), o, a, null);
    }

    public static <RD extends RoleDefinition, R extends AbstractRole<RD, G, UR>, O extends AbstractOwnership<G, UR>, UR extends UserReference, U extends SecurityUser<RD, R, G>, G extends SecurityUserGroup<RD>, A extends SecurityAccessControlList<G>> boolean isPermitted(WildcardPermission wildcardPermission, U u, U u2, O o, A a, Iterable<R> iterable) {
        return isPermitted(wildcardPermission, u, getGroupsOfUser(u), u2, getGroupsOfUser(u2), o, a, iterable);
    }

    public static <RD extends RoleDefinition, R extends AbstractRole<RD, G, UR>, O extends AbstractOwnership<G, UR>, UR extends UserReference, U extends SecurityUser<RD, R, G>, G extends SecurityUserGroup<RD>, A extends SecurityAccessControlList<G>> boolean isPermitted(WildcardPermission wildcardPermission, U u, Iterable<G> iterable, U u2, Iterable<G> iterable2, O o, A a, Iterable<R> iterable3) {
        PermissionState checkUserPermissions;
        PermissionState checkAcl = checkAcl(wildcardPermission, iterable, iterable2, a);
        if (checkAcl == PermissionState.NONE && (checkUserPermissions = checkUserPermissions(wildcardPermission, u2, iterable2, o, impliesChecker, iterable3, true, false)) == PermissionState.GRANTED) {
            checkAcl = checkUserPermissions;
        }
        if (checkAcl == PermissionState.NONE) {
            checkAcl = checkUserPermissions(wildcardPermission, u, iterable, o, impliesChecker, iterable3, true, false);
        }
        return checkAcl == PermissionState.GRANTED;
    }

    public static boolean isSameUser(UserReference userReference, UserReference userReference2) {
        if (userReference == userReference2) {
            return true;
        }
        if (userReference == null || userReference2 == null) {
            return false;
        }
        return userReference.getName().equals(userReference2.getName());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ AbstractOwnership lambda$checkMetaPermission$0(AbstractOwnership abstractOwnership, WildcardPermission wildcardPermission) {
        return abstractOwnership;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ boolean lambda$checkMetaPermissionInternal$2(WildcardPermission wildcardPermission, Iterable iterable, Iterable iterable2, SecurityAccessControlList securityAccessControlList) {
        return checkAcl(wildcardPermission, iterable, iterable2, securityAccessControlList) == PermissionState.REVOKED;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ AbstractOwnership lambda$checkMetaPermissionWithOwnershipResolution$1(Function function, WildcardPermission wildcardPermission) {
        Iterator<QualifiedObjectIdentifier> it = wildcardPermission.getQualifiedObjectIdentifiers().iterator();
        if (!it.hasNext()) {
            return null;
        }
        QualifiedObjectIdentifier next = it.next();
        if (it.hasNext() || next == null) {
            return null;
        }
        return (AbstractOwnership) function.apply(next);
    }

    private static <RD extends RoleDefinition, R extends AbstractRole<RD, G, U>, O extends AbstractOwnership<G, U>, U extends SecurityUser<RD, R, G>, G extends SecurityUserGroup<RD>, A extends SecurityAccessControlList<G>> boolean ownsUserASpecificRole(U u, O o, String str) {
        if (u == null) {
            return false;
        }
        for (AbstractRole abstractRole : u.getRoles()) {
            if (abstractRole.getName().equals(str)) {
                if (abstractRole.getQualifiedForTenant() == null && abstractRole.getQualifiedForUser() == null) {
                    return true;
                }
                if (o != null && (o.getTenantOwner() != null || o.getUserOwner() != null)) {
                    if (abstractRole.getQualifiedForTenant() != null && abstractRole.getQualifiedForTenant().equals(o.getTenantOwner())) {
                        return true;
                    }
                    if (abstractRole.getQualifiedForUser() != null && ((SecurityUser) abstractRole.getQualifiedForUser()).equals(o.getUserOwner())) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    public static <RD extends RoleDefinition, R extends AbstractRole<RD, G, U>, O extends AbstractOwnership<G, U>, U extends SecurityUser<RD, R, G>, G extends SecurityUserGroup<RD>, A extends SecurityAccessControlList<G>> boolean ownsUserASpecificRole(U u, U u2, O o, String str) {
        return ownsUserASpecificRole(u, o, str) || ownsUserASpecificRole(u2, o, str);
    }
}
