package no.nav.common.abac;

import java.util.Optional;
import java.util.function.Supplier;
import no.nav.common.abac.audit.AuditConfig;
import no.nav.common.abac.audit.AuditLogFilter;
import no.nav.common.abac.audit.AuditLogger;
import no.nav.common.abac.audit.AuditRequestInfoSupplier;
import no.nav.common.abac.audit.SubjectProvider;
import no.nav.common.abac.cef.CefAbacEventContext;
import no.nav.common.abac.cef.CefAbacResponseMapper;
import no.nav.common.abac.constants.AbacDomain;
import no.nav.common.abac.domain.request.ActionId;
import no.nav.common.abac.domain.request.Resource;
import no.nav.common.abac.domain.request.XacmlRequest;
import no.nav.common.abac.domain.response.XacmlResponse;
import no.nav.common.types.identer.EksternBrukerId;
import no.nav.common.types.identer.EnhetId;
import no.nav.common.types.identer.NavIdent;
import no.nav.common.utils.EnvironmentUtils;

/* loaded from: input_file:no/nav/common/abac/VeilarbPep.class */
public class VeilarbPep implements Pep {
    private final AbacClient abacClient;
    private final String srvUsername;
    private final SubjectProvider subjectProvider;
    private final AuditConfig auditConfig;

    public VeilarbPep(String str, AbacClient abacClient, SubjectProvider subjectProvider, AuditConfig auditConfig) {
        this.srvUsername = str;
        this.abacClient = abacClient;
        this.subjectProvider = subjectProvider;
        this.auditConfig = auditConfig;
    }

    @Override // no.nav.common.abac.Pep
    public boolean harVeilederTilgangTilEnhet(NavIdent navIdent, EnhetId enhetId) {
        ActionId actionId = ActionId.READ;
        Resource lagEnhetResource = XacmlRequestBuilder.lagEnhetResource(enhetId, AbacDomain.VEILARB_DOMAIN);
        return harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironment(this.srvUsername), XacmlRequestBuilder.lagAction(actionId), XacmlRequestBuilder.lagVeilederAccessSubject(navIdent), lagEnhetResource), () -> {
            return lagCefEventContext(CefAbacResponseMapper.enhetIdMapper(enhetId, actionId, lagEnhetResource), navIdent.get());
        });
    }

    @Override // no.nav.common.abac.Pep
    public boolean harTilgangTilEnhet(String str, EnhetId enhetId) {
        String extractOidcTokenBody = AbacUtils.extractOidcTokenBody(str);
        Resource lagEnhetResource = XacmlRequestBuilder.lagEnhetResource(enhetId, AbacDomain.VEILARB_DOMAIN);
        ActionId actionId = ActionId.READ;
        return harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironmentMedOidcTokenBody(this.srvUsername, extractOidcTokenBody), XacmlRequestBuilder.lagAction(actionId), null, lagEnhetResource), () -> {
            return lagCefEventContext(CefAbacResponseMapper.enhetIdMapper(enhetId, actionId, lagEnhetResource), this.subjectProvider.getSubjectFromToken(str));
        });
    }

    @Override // no.nav.common.abac.Pep
    public boolean harTilgangTilEnhetMedSperre(String str, EnhetId enhetId) {
        String extractOidcTokenBody = AbacUtils.extractOidcTokenBody(str);
        Resource lagEnhetMedSperreResource = XacmlRequestBuilder.lagEnhetMedSperreResource(enhetId, AbacDomain.VEILARB_DOMAIN);
        ActionId actionId = ActionId.READ;
        return harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironmentMedOidcTokenBody(this.srvUsername, extractOidcTokenBody), XacmlRequestBuilder.lagAction(actionId), null, lagEnhetMedSperreResource), () -> {
            return lagCefEventContext(CefAbacResponseMapper.enhetIdMapper(enhetId, actionId, lagEnhetMedSperreResource), this.subjectProvider.getSubjectFromToken(str));
        });
    }

    @Override // no.nav.common.abac.Pep
    public boolean harVeilederTilgangTilPerson(NavIdent navIdent, ActionId actionId, EksternBrukerId eksternBrukerId) {
        Resource lagPersonResource = XacmlRequestBuilder.lagPersonResource(eksternBrukerId, AbacDomain.VEILARB_DOMAIN);
        return harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironment(this.srvUsername), XacmlRequestBuilder.lagAction(actionId), XacmlRequestBuilder.lagVeilederAccessSubject(navIdent), lagPersonResource), () -> {
            return lagCefEventContext(CefAbacResponseMapper.personIdMapper(eksternBrukerId, actionId, lagPersonResource), navIdent.get());
        });
    }

    @Override // no.nav.common.abac.Pep
    public boolean harTilgangTilPerson(String str, ActionId actionId, EksternBrukerId eksternBrukerId) {
        String extractOidcTokenBody = AbacUtils.extractOidcTokenBody(str);
        Resource lagPersonResource = XacmlRequestBuilder.lagPersonResource(eksternBrukerId, AbacDomain.VEILARB_DOMAIN);
        return harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironmentMedOidcTokenBody(this.srvUsername, extractOidcTokenBody), XacmlRequestBuilder.lagAction(actionId), null, lagPersonResource), () -> {
            return lagCefEventContext(CefAbacResponseMapper.personIdMapper(eksternBrukerId, actionId, lagPersonResource), this.subjectProvider.getSubjectFromToken(str));
        });
    }

    @Override // no.nav.common.abac.Pep
    public boolean harTilgangTilOppfolging(String str) {
        String extractOidcTokenBody = AbacUtils.extractOidcTokenBody(str);
        Resource lagOppfolgingDomeneResource = XacmlRequestBuilder.lagOppfolgingDomeneResource();
        String subjectFromToken = this.subjectProvider.getSubjectFromToken(str);
        return harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironmentMedOidcTokenBody(this.srvUsername, extractOidcTokenBody), null, null, lagOppfolgingDomeneResource), () -> {
            return lagCefEventContext(CefAbacResponseMapper.resourceMapper(lagOppfolgingDomeneResource), subjectFromToken);
        });
    }

    @Override // no.nav.common.abac.Pep
    public boolean harVeilederTilgangTilModia(String str) {
        String extractOidcTokenBody = AbacUtils.extractOidcTokenBody(str);
        Resource lagModiaDomeneResource = XacmlRequestBuilder.lagModiaDomeneResource();
        String subjectFromToken = this.subjectProvider.getSubjectFromToken(str);
        return harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironmentMedOidcTokenBody(this.srvUsername, extractOidcTokenBody), null, null, lagModiaDomeneResource), () -> {
            return lagCefEventContext(CefAbacResponseMapper.resourceMapper(lagModiaDomeneResource), subjectFromToken);
        });
    }

    @Override // no.nav.common.abac.Pep
    public boolean harVeilederTilgangTilKode6(NavIdent navIdent) {
        Resource lagKode6Resource = XacmlRequestBuilder.lagKode6Resource(AbacDomain.VEILARB_DOMAIN);
        return harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironment(this.srvUsername), null, XacmlRequestBuilder.lagVeilederAccessSubject(navIdent), lagKode6Resource), () -> {
            return lagCefEventContext(CefAbacResponseMapper.resourceMapper(lagKode6Resource), navIdent.get());
        });
    }

    @Override // no.nav.common.abac.Pep
    public boolean harVeilederTilgangTilKode7(NavIdent navIdent) {
        Resource lagKode7Resource = XacmlRequestBuilder.lagKode7Resource(AbacDomain.VEILARB_DOMAIN);
        return harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironment(this.srvUsername), null, XacmlRequestBuilder.lagVeilederAccessSubject(navIdent), lagKode7Resource), () -> {
            return lagCefEventContext(CefAbacResponseMapper.resourceMapper(lagKode7Resource), navIdent.get());
        });
    }

    @Override // no.nav.common.abac.Pep
    public boolean harVeilederTilgangTilEgenAnsatt(NavIdent navIdent) {
        Resource lagEgenAnsattResource = XacmlRequestBuilder.lagEgenAnsattResource(AbacDomain.VEILARB_DOMAIN);
        return harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironment(this.srvUsername), null, XacmlRequestBuilder.lagVeilederAccessSubject(navIdent), lagEgenAnsattResource), () -> {
            return lagCefEventContext(CefAbacResponseMapper.resourceMapper(lagEgenAnsattResource), navIdent.get());
        });
    }

    @Override // no.nav.common.abac.Pep
    public AbacClient getAbacClient() {
        return this.abacClient;
    }

    private boolean harTilgang(XacmlRequest xacmlRequest, Supplier<CefAbacEventContext> supplier) {
        XacmlResponse sendRequest = this.abacClient.sendRequest(xacmlRequest);
        if (supplier != null && skalLogges(xacmlRequest, sendRequest)) {
            getAuditLogger().ifPresent(auditLogger -> {
                auditLogger.logCef(xacmlRequest, sendRequest, (CefAbacEventContext) supplier.get());
            });
        }
        return XacmlResponseParser.harTilgang(sendRequest);
    }

    private boolean skalLogges(XacmlRequest xacmlRequest, XacmlResponse xacmlResponse) {
        return ((Boolean) getAuditRequestInfoSupplier().map((v0) -> {
            return v0.get();
        }).map(auditRequestInfo -> {
            return (Boolean) getAuditLogFilter().map(auditLogFilter -> {
                return Boolean.valueOf(auditLogFilter.isEnabled(auditRequestInfo, xacmlRequest, xacmlResponse));
            }).orElse(true);
        }).orElse(false)).booleanValue();
    }

    private Optional<AuditLogger> getAuditLogger() {
        return this.auditConfig != null ? Optional.ofNullable(this.auditConfig.getAuditLogger()) : Optional.empty();
    }

    private Optional<AuditRequestInfoSupplier> getAuditRequestInfoSupplier() {
        return this.auditConfig != null ? Optional.ofNullable(this.auditConfig.getAuditRequestInfoSupplier()) : Optional.empty();
    }

    private Optional<AuditLogFilter> getAuditLogFilter() {
        return this.auditConfig != null ? Optional.ofNullable(this.auditConfig.getAuditLogFilter()) : Optional.empty();
    }

    private CefAbacEventContext lagCefEventContext(CefAbacResponseMapper cefAbacResponseMapper, String str) {
        Optional<U> map = getAuditRequestInfoSupplier().map((v0) -> {
            return v0.get();
        });
        return CefAbacEventContext.builder().applicationName(EnvironmentUtils.requireApplicationName()).callId((String) map.map((v0) -> {
            return v0.getCallId();
        }).orElse(null)).consumerId((String) map.map((v0) -> {
            return v0.getConsumerId();
        }).orElse(null)).requestMethod((String) map.map((v0) -> {
            return v0.getRequestMethod();
        }).orElse(null)).requestPath((String) map.map((v0) -> {
            return v0.getRequestPath();
        }).orElse(null)).subjectId(str).mapper(cefAbacResponseMapper).build();
    }
}
