package io.confluent.rbacdb.orm;

import io.confluent.cloud.rbac.CloudRoleBinding;
import io.confluent.cloud.rbac.CloudScope;
import io.confluent.cloud.rbac.Cursor;
import io.confluent.rbacdb.jooq.tables.records.RoleBindingRecord;
import io.confluent.security.auth.cloud.CloudAuthCache;
import io.confluent.security.auth.store.data.RoleBindingKey;
import io.confluent.security.auth.store.data.RoleBindingValue;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.ResourcePatternFilter;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.rbac.RbacRoles;
import io.confluent.security.rbac.RoleBinding;
import io.confluent.security.rbac.RoleBindingFilter;
import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.kafka.common.security.auth.KafkaPrincipal;

/* loaded from: input_file:io/confluent/rbacdb/orm/RbacOrmStubService.class */
public class RbacOrmStubService implements RbacOrmService {
    private final CloudAuthCache authCache;

    public RbacOrmStubService() {
        this.authCache = new CloudAuthCache(RbacRoles.loadDefaultPolicy(true), Scope.ROOT_SCOPE);
    }

    public RbacOrmStubService(RbacRoles rbacRoles, Scope scope) {
        this.authCache = new CloudAuthCache(rbacRoles, scope);
    }

    @Override // java.lang.AutoCloseable
    public void close() throws Exception {
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public synchronized CloudRoleBinding addRoleBinding(KafkaPrincipal kafkaPrincipal, KafkaPrincipal kafkaPrincipal2, String str, Scope scope, String str2) {
        this.authCache.put(new RoleBindingKey(kafkaPrincipal2, str, scope), new RoleBindingValue(Collections.emptyList()));
        return new CloudRoleBinding((String) null, kafkaPrincipal2, str, scope, (ResourcePattern) null, (LocalDateTime) null, (LocalDateTime) null, false, 0L);
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public synchronized Optional<CloudRoleBinding> removeRoleBinding(KafkaPrincipal kafkaPrincipal, KafkaPrincipal kafkaPrincipal2, String str, Scope scope, String str2) {
        this.authCache.remove(new RoleBindingKey(kafkaPrincipal2, str, scope));
        return Optional.of(new CloudRoleBinding((String) null, kafkaPrincipal2, str, scope, (ResourcePattern) null, (LocalDateTime) null, (LocalDateTime) null, false, 0L));
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public synchronized Collection<CloudRoleBinding> addResourceRoleBindings(KafkaPrincipal kafkaPrincipal, KafkaPrincipal kafkaPrincipal2, String str, Scope scope, Collection<ResourcePattern> collection, String str2) {
        RoleBindingKey roleBindingKey = new RoleBindingKey(kafkaPrincipal2, str, scope);
        HashSet hashSet = new HashSet();
        Collection<ResourcePattern> rbacResources = rbacResources(kafkaPrincipal2, str, scope);
        if (rbacResources != null) {
            hashSet.addAll(rbacResources);
        }
        hashSet.addAll(collection);
        this.authCache.put(roleBindingKey, new RoleBindingValue(hashSet));
        return (Collection) hashSet.stream().map(resourcePattern -> {
            return new CloudRoleBinding((String) null, kafkaPrincipal2, str, scope, resourcePattern, (LocalDateTime) null, (LocalDateTime) null, false, 0L);
        }).collect(Collectors.toList());
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public CloudRoleBinding addRoleBindingForResourcePattern(KafkaPrincipal kafkaPrincipal, KafkaPrincipal kafkaPrincipal2, String str, Scope scope, ResourcePattern resourcePattern, String str2) {
        RoleBindingKey roleBindingKey = new RoleBindingKey(kafkaPrincipal2, str, scope);
        HashSet hashSet = new HashSet();
        Collection<ResourcePattern> rbacResources = rbacResources(kafkaPrincipal2, str, scope);
        if (rbacResources != null) {
            hashSet.addAll(rbacResources);
        }
        hashSet.add(resourcePattern);
        this.authCache.put(roleBindingKey, new RoleBindingValue(hashSet));
        return new CloudRoleBinding("1", kafkaPrincipal2, str, scope, resourcePattern, (LocalDateTime) null, (LocalDateTime) null, false, 1L);
    }

    public Optional<CloudRoleBinding> removeRoleBindingForResourcePattern(KafkaPrincipal kafkaPrincipal, KafkaPrincipal kafkaPrincipal2, String str, Scope scope, ResourcePattern resourcePattern, String str2) {
        RoleBindingKey roleBindingKey = new RoleBindingKey(kafkaPrincipal2, str, scope);
        HashSet hashSet = new HashSet();
        Collection<ResourcePattern> rbacResources = rbacResources(kafkaPrincipal2, str, scope);
        if (rbacResources != null) {
            hashSet.addAll(rbacResources);
        }
        hashSet.remove(resourcePattern);
        this.authCache.put(roleBindingKey, new RoleBindingValue(hashSet));
        return Optional.of(new CloudRoleBinding("1", kafkaPrincipal2, str, scope, resourcePattern, (LocalDateTime) null, (LocalDateTime) null, false, 1L));
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public List<CloudRoleBinding> rbacCloudRoleBindings(KafkaPrincipal kafkaPrincipal, Set<String> set, ResourcePattern resourcePattern, Set<Scope> set2, boolean z) {
        ArrayList arrayList = new ArrayList();
        for (RoleBinding roleBinding : this.authCache.rbacRoleBindings(kafkaPrincipal, set2)) {
            if (((List) roleBinding.resources().stream().collect(Collectors.toList())).size() == 0) {
                arrayList.add(new CloudRoleBinding("1", new KafkaPrincipal("User", roleBinding.principal().getName()), roleBinding.role(), roleBinding.scope(), (ResourcePattern) null, (LocalDateTime) null, (LocalDateTime) null, z, 0L));
            } else {
                Iterator it = roleBinding.resources().iterator();
                while (it.hasNext()) {
                    arrayList.add(new CloudRoleBinding("1", new KafkaPrincipal("User", roleBinding.principal().getName()), roleBinding.role(), roleBinding.scope(), (ResourcePattern) it.next(), (LocalDateTime) null, (LocalDateTime) null, z, 0L));
                }
            }
        }
        return arrayList;
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public List<CloudRoleBinding> rbacCloudRoleBindingsPaginated(KafkaPrincipal kafkaPrincipal, Set<String> set, ResourcePattern resourcePattern, Set<Scope> set2, Cursor cursor) {
        return Collections.emptyList();
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public long maxRoleBindingLastChangeId() {
        return 0L;
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public Optional<CloudRoleBinding> rbacCloudRoleBinding(String str) {
        return Optional.empty();
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public Optional<CloudRoleBinding> rbacCloudRoleBinding(String str, boolean z) {
        return Optional.empty();
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public int countOrganizationCloudRoleBindings(String str) {
        return this.authCache.rbacRoleBindings(CloudScope.organizationScope(str)).size();
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public int countOrgEnvCloudRoleBindings(String str) {
        return this.authCache.rbacRoleBindings(CloudScope.organizationScope(str)).size();
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public int countOrgEnvCloudClusterCloudRoleBindings(String str, String str2, String str3) {
        return this.authCache.rbacRoleBindings(CloudScope.cloudClusterScope(str, str2, str3)).size();
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public Set<Scope> allKnownScopes() {
        return this.authCache.knownScopes();
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public synchronized Collection<CloudRoleBinding> removeResourceRoleBindings(KafkaPrincipal kafkaPrincipal, KafkaPrincipal kafkaPrincipal2, String str, Scope scope, Collection<ResourcePatternFilter> collection, String str2) {
        Collection<ResourcePattern> rbacResources = rbacResources(kafkaPrincipal2, str, scope);
        if (rbacResources == null || rbacResources.isEmpty()) {
            return null;
        }
        Collection<?> collection2 = (Collection) rbacResources.stream().filter(resourcePattern -> {
            return collection.stream().anyMatch(resourcePatternFilter -> {
                return resourcePatternFilter.matches(resourcePattern);
            });
        }).collect(Collectors.toList());
        HashSet hashSet = new HashSet(rbacResources);
        hashSet.removeAll(collection2);
        if (hashSet.isEmpty()) {
            removeRoleBinding(kafkaPrincipal, kafkaPrincipal2, str, scope);
        } else {
            this.authCache.put(new RoleBindingKey(kafkaPrincipal2, str, scope), new RoleBindingValue(hashSet));
        }
        return (Collection) hashSet.stream().map(resourcePattern2 -> {
            return new CloudRoleBinding((String) null, kafkaPrincipal2, str, scope, resourcePattern2, (LocalDateTime) null, (LocalDateTime) null, false, 0L);
        }).collect(Collectors.toList());
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public synchronized Collection<CloudRoleBinding> replaceResourceRoleBindings(KafkaPrincipal kafkaPrincipal, KafkaPrincipal kafkaPrincipal2, String str, Scope scope, Collection<ResourcePattern> collection, String str2) {
        removeRoleBinding(kafkaPrincipal, kafkaPrincipal2, str, scope);
        return addResourceRoleBindings(kafkaPrincipal, kafkaPrincipal2, str, scope, collection);
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public void removeAllRoleBindingsForPrincipal(KafkaPrincipal kafkaPrincipal, KafkaPrincipal kafkaPrincipal2, String str) {
        this.authCache.rbacRoleBindings(kafkaPrincipal2).forEach(roleBinding -> {
            removeRoleBinding(kafkaPrincipal, kafkaPrincipal2, roleBinding.role(), roleBinding.scope(), str);
        });
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public void removeAllRoleBindingsForScope(KafkaPrincipal kafkaPrincipal, Scope scope, String str) {
        this.authCache.rbacRoleBindings(scope).forEach(roleBinding -> {
            removeRoleBinding(kafkaPrincipal, roleBinding.principal(), roleBinding.role(), roleBinding.scope(), str);
        });
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public void duplicateRoleBindingsForOrganization(KafkaPrincipal kafkaPrincipal, String str, String str2, String str3) {
        Scope build = new Scope.Builder(new String[]{"organization=" + str}).build();
        Stream stream = this.authCache.knownScopes().stream();
        build.getClass();
        this.authCache.rbacRoleBindings((Set) stream.filter(build::containsScope).collect(Collectors.toSet())).forEach(roleBinding -> {
            ArrayList arrayList = new ArrayList(roleBinding.scope().path());
            arrayList.set(0, "organization=" + str2);
            Scope.Builder builder = new Scope.Builder(new String[0]);
            builder.getClass();
            arrayList.forEach(builder::addPath);
            Map clusters = roleBinding.scope().clusters();
            builder.getClass();
            clusters.forEach(builder::withCluster);
            Scope build2 = builder.build();
            if (roleBinding.resources().isEmpty()) {
                addRoleBinding(kafkaPrincipal, roleBinding.principal(), roleBinding.role(), build2, str3);
            } else {
                addResourceRoleBindings(kafkaPrincipal, roleBinding.principal(), roleBinding.role(), build2, roleBinding.resources(), str3);
            }
        });
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public List<CloudRoleBinding> undeleteRoleBindingsForUser(KafkaPrincipal kafkaPrincipal, String str, String str2, String str3, String str4) {
        return null;
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public List<CloudRoleBinding> undeleteRoleBindingsForScope(KafkaPrincipal kafkaPrincipal, Scope scope, String str, String str2) {
        return null;
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public Collection<CloudRoleBinding> deleteUndeleteRoleBindingsByIds(List<String> list, List<String> list2, String str, KafkaPrincipal kafkaPrincipal) {
        return Collections.emptyList();
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public synchronized Set<RoleBinding> rbacRoleBindings(RoleBindingFilter roleBindingFilter) {
        return this.authCache.rbacRoleBindings(roleBindingFilter);
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public synchronized Set<RoleBinding> rbacRoleBindings(Set<Scope> set) {
        return this.authCache.rbacRoleBindings(set);
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public synchronized Set<RoleBinding> rbacRoleBindings(KafkaPrincipal kafkaPrincipal) {
        return this.authCache.rbacRoleBindings(kafkaPrincipal);
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public synchronized Set<RoleBinding> rbacRoleBindings(KafkaPrincipal kafkaPrincipal, Set<Scope> set) {
        return this.authCache.rbacRoleBindings(kafkaPrincipal, set);
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public List<RoleBindingRecord> rbacRoleBindingRecordsIncludingDeleted(String str) {
        return Collections.emptyList();
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public synchronized Collection<ResourcePattern> rbacResources(KafkaPrincipal kafkaPrincipal, String str, Scope scope) {
        RoleBindingValue roleBindingValue = this.authCache.get(new RoleBindingKey(kafkaPrincipal, str, scope));
        if (roleBindingValue == null) {
            return null;
        }
        return roleBindingValue.resources();
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public synchronized Set<Scope> knownScopes() {
        return this.authCache.knownScopes();
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public int getActiveConnections() {
        return -1;
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public int getTotalConnections() {
        return -1;
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public int getThreadsAwaitingConnection() {
        return -1;
    }

    @Override // io.confluent.rbacdb.orm.RbacOrmService
    public void healthcheck() {
    }

    public Collection<CloudRoleBinding> deleteRoleBindingsByIds(KafkaPrincipal kafkaPrincipal, Collection<String> collection, String str) {
        return Collections.emptyList();
    }
}
