package no.nav.apiapp.security.veilarbabac;

import java.util.Optional;
import java.util.function.Consumer;
import java.util.function.Supplier;
import javax.ws.rs.client.WebTarget;
import no.nav.apiapp.security.PepClient;
import no.nav.apiapp.selftest.Helsesjekk;
import no.nav.apiapp.selftest.HelsesjekkMetadata;
import no.nav.apiapp.util.UrlUtils;
import no.nav.common.auth.SsoToken;
import no.nav.common.auth.SubjectHandler;
import no.nav.sbl.dialogarena.common.abac.pep.Pep;
import no.nav.sbl.dialogarena.common.abac.pep.domain.ResourceType;
import no.nav.sbl.dialogarena.common.abac.pep.exception.PepException;
import no.nav.sbl.rest.RestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:no/nav/apiapp/security/veilarbabac/VeilarbAbacPepClient.class */
public class VeilarbAbacPepClient implements Helsesjekk {
    private static final String PATH_PERSON = "person";
    private static final String PATH_ENHET = "veilarbenhet";
    private static final String PATH_PING = "ping";
    private static final String ACTION_READ = "read";
    private static final String ACTION_UPDATE = "update";
    private static final String IDTYPE_FNR = "fnr";
    private static final String IDTYPE_AKTOR_ID = "aktorId";
    private static final String IDTYPE_ENHET_ID = "enhetId";
    private Logger logger;
    private Supplier<Boolean> brukAktoerIdSupplier;
    private Supplier<Boolean> sammenliknTilgangSupplier;
    private Supplier<Boolean> foretrekkVeilarbAbacSupplier;
    private Supplier<String> systemUserTokenProvider;
    private Supplier<Optional<String>> oidcTokenSupplier;
    private String abacTargetUrl;
    private PepClient pepClient;
    private String veilarbacOverstyrtRessurs;
    private Builder kopiBygger;

    /* loaded from: input_file:no/nav/apiapp/security/veilarbabac/VeilarbAbacPepClient$Builder.class */
    public static class Builder {
        private VeilarbAbacPepClient veilarbAbacPepClient;
        private String veilarbAbacUrl;
        private ResourceType resourceType;
        private Pep pep;
        private final Builder kopiBuilder;

        private Builder() {
            this(true);
        }

        private Builder(boolean z) {
            this.veilarbAbacPepClient = new VeilarbAbacPepClient();
            this.veilarbAbacUrl = null;
            this.resourceType = ResourceType.VeilArbPerson;
            this.kopiBuilder = z ? new Builder(false) : null;
        }

        public Builder brukAktoerId(Supplier<Boolean> supplier) {
            this.veilarbAbacPepClient.brukAktoerIdSupplier = supplier;
            hvisKopiBuilder(builder -> {
                builder.brukAktoerId(supplier);
            });
            return this;
        }

        public Builder sammenlikneTilgang(Supplier<Boolean> supplier) {
            this.veilarbAbacPepClient.sammenliknTilgangSupplier = supplier;
            hvisKopiBuilder(builder -> {
                builder.sammenlikneTilgang(supplier);
            });
            return this;
        }

        public Builder foretrekkVeilarbAbacResultat(Supplier<Boolean> supplier) {
            this.veilarbAbacPepClient.foretrekkVeilarbAbacSupplier = supplier;
            hvisKopiBuilder(builder -> {
                builder.foretrekkVeilarbAbacResultat(supplier);
            });
            return this;
        }

        public Builder medPep(Pep pep) {
            this.pep = pep;
            hvisKopiBuilder(builder -> {
                builder.pep = pep;
            });
            return this;
        }

        public Builder medVeilarbAbacUrl(String str) {
            this.veilarbAbacUrl = str;
            hvisKopiBuilder(builder -> {
                builder.veilarbAbacUrl = str;
            });
            return this;
        }

        public Builder medLogger(Logger logger) {
            this.veilarbAbacPepClient.logger = logger;
            hvisKopiBuilder(builder -> {
                builder.medLogger(logger);
            });
            return this;
        }

        public Builder medSystemUserTokenProvider(Supplier<String> supplier) {
            this.veilarbAbacPepClient.systemUserTokenProvider = supplier;
            hvisKopiBuilder(builder -> {
                builder.medSystemUserTokenProvider(supplier);
            });
            return this;
        }

        public Builder medOidcTokenProvider(Supplier<Optional<String>> supplier) {
            this.veilarbAbacPepClient.oidcTokenSupplier = supplier;
            hvisKopiBuilder(builder -> {
                builder.medOidcTokenProvider(supplier);
            });
            return this;
        }

        public Builder medResourceTypePerson() {
            this.resourceType = ResourceType.Person;
            this.veilarbAbacPepClient.veilarbacOverstyrtRessurs = "no.nav.abac.attributter.resource.felles.person";
            hvisKopiBuilder((v0) -> {
                v0.medResourceTypePerson();
            });
            return this;
        }

        public Builder medResourceTypeUnderOppfolgingNiva3() {
            this.resourceType = ResourceType.VeilArbUnderOppfolging;
            this.veilarbAbacPepClient.veilarbacOverstyrtRessurs = "no.nav.abac.attributter.resource.veilarb.under_oppfoelging";
            hvisKopiBuilder((v0) -> {
                v0.medResourceTypeUnderOppfolgingNiva3();
            });
            return this;
        }

        public VeilarbAbacPepClient bygg() {
            if (this.veilarbAbacPepClient.systemUserTokenProvider == null) {
                throw new IllegalStateException("SystemUserTokenProvider er ikke satt");
            }
            if (this.pep == null) {
                throw new IllegalStateException("Pep er ikke satt");
            }
            this.veilarbAbacPepClient.pepClient = new PepClient(this.pep, "veilarb", this.resourceType);
            this.veilarbAbacPepClient.abacTargetUrl = this.veilarbAbacUrl == null ? UrlUtils.clusterUrlForApplication("veilarbabac") : this.veilarbAbacUrl;
            hvisKopiBuilder(builder -> {
                this.veilarbAbacPepClient.kopiBygger = builder;
            });
            return this.veilarbAbacPepClient;
        }

        private void hvisKopiBuilder(Consumer<Builder> consumer) {
            if (this.kopiBuilder != null) {
                consumer.accept(this.kopiBuilder);
            }
        }
    }

    private VeilarbAbacPepClient() {
        this.logger = LoggerFactory.getLogger(VeilarbAbacPepClient.class);
        this.brukAktoerIdSupplier = () -> {
            return false;
        };
        this.sammenliknTilgangSupplier = () -> {
            return false;
        };
        this.foretrekkVeilarbAbacSupplier = () -> {
            return false;
        };
        this.oidcTokenSupplier = () -> {
            return SubjectHandler.getSsoToken(SsoToken.Type.OIDC);
        };
    }

    public static Builder ny() {
        return new Builder();
    }

    public Builder endre() {
        return this.kopiBygger;
    }

    public void sjekkLesetilgangTilBruker(Bruker bruker) {
        TilgangssjekkBruker tilgangssjekkBruker = new TilgangssjekkBruker();
        Logger logger = this.logger;
        bruker.getClass();
        tilgangssjekkBruker.metrikkLogger(logger, ACTION_READ, bruker::getAktoerId).veilarbAbacFnrSjekker(() -> {
            return Boolean.valueOf(harVeilarbAbacTilgang(PATH_PERSON, ACTION_READ, IDTYPE_FNR, bruker.getFoedselsnummer()));
        }).veilarbAbacAktoerIdSjekker(() -> {
            return Boolean.valueOf(harVeilarbAbacTilgang(PATH_PERSON, ACTION_READ, IDTYPE_AKTOR_ID, bruker.getAktoerId()));
        }).abacFnrSjekker(() -> {
            this.pepClient.sjekkLesetilgangTilFnr(bruker.getFoedselsnummer());
        }).foretrekkVeilarbAbac(this.foretrekkVeilarbAbacSupplier.get().booleanValue()).brukAktoerId(this.brukAktoerIdSupplier.get().booleanValue()).sammenliknTilgang(this.sammenliknTilgangSupplier.get().booleanValue()).sjekkTilgangTilBruker();
    }

    public void sjekkSkrivetilgangTilBruker(Bruker bruker) {
        TilgangssjekkBruker tilgangssjekkBruker = new TilgangssjekkBruker();
        Logger logger = this.logger;
        bruker.getClass();
        tilgangssjekkBruker.metrikkLogger(logger, ACTION_UPDATE, bruker::getAktoerId).veilarbAbacFnrSjekker(() -> {
            return Boolean.valueOf(harVeilarbAbacTilgang(PATH_PERSON, ACTION_UPDATE, IDTYPE_FNR, bruker.getFoedselsnummer()));
        }).veilarbAbacAktoerIdSjekker(() -> {
            return Boolean.valueOf(harVeilarbAbacTilgang(PATH_PERSON, ACTION_UPDATE, IDTYPE_AKTOR_ID, bruker.getAktoerId()));
        }).abacFnrSjekker(() -> {
            this.pepClient.sjekkSkrivetilgangTilFnr(bruker.getFoedselsnummer());
        }).foretrekkVeilarbAbac(this.foretrekkVeilarbAbacSupplier.get().booleanValue()).brukAktoerId(this.brukAktoerIdSupplier.get().booleanValue()).sammenliknTilgang(this.sammenliknTilgangSupplier.get().booleanValue()).sjekkTilgangTilBruker();
    }

    public boolean harTilgangTilEnhet(String str) {
        return new TilgangssjekkEnhet().metrikkLogger(this.logger, ACTION_READ, () -> {
            return str;
        }).veilarbAbacSjekker(() -> {
            return Boolean.valueOf(harVeilarbAbacTilgang(PATH_ENHET, ACTION_READ, IDTYPE_ENHET_ID, str));
        }).abacSjekker(() -> {
            return Boolean.valueOf(harAbacTilgangTilEnhet(str));
        }).foretrekkVeilarbAbac(this.foretrekkVeilarbAbacSupplier.get().booleanValue()).sammenliknTilgang(this.sammenliknTilgangSupplier.get().booleanValue()).sjekkTilgangTilEnhet();
    }

    @Override // no.nav.apiapp.selftest.Helsesjekk
    public void helsesjekk() {
        if (((Integer) RestUtils.withClient(client -> {
            return Integer.valueOf(client.target(this.abacTargetUrl).path(PATH_PING).request().get().getStatus());
        })).intValue() != 200) {
            throw new IllegalStateException("Rest kall mot veilarbabac feilet");
        }
    }

    @Override // no.nav.apiapp.selftest.Helsesjekk
    public HelsesjekkMetadata getMetadata() {
        return new HelsesjekkMetadata("veilarbabac helsesjekk", this.abacTargetUrl, "Sjekker om veilarbabac endepunkt svarer", true);
    }

    private boolean harAbacTilgangTilEnhet(String str) {
        try {
            return this.pepClient.harTilgangTilEnhet(str);
        } catch (PepException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private boolean harVeilarbAbacTilgang(String str, String str2, String str3, String str4) {
        return "permit".equals(RestUtils.withClient(client -> {
            return (String) overstyrRessurs(client.target(this.abacTargetUrl).path(str).queryParam(str3, new Object[]{str4}).queryParam("action", new Object[]{str2})).request().header("Authorization", "Bearer " + this.systemUserTokenProvider.get()).header("subject", this.oidcTokenSupplier.get().orElseThrow(() -> {
                return new IllegalStateException("Mangler OIDC-token");
            })).get(String.class);
        }));
    }

    private WebTarget overstyrRessurs(WebTarget webTarget) {
        return this.veilarbacOverstyrtRessurs != null ? webTarget.queryParam("resource", new Object[]{this.veilarbacOverstyrtRessurs}) : webTarget;
    }
}
