package org.springframework.vault.support;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonToken;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JavaType;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.SerializerProvider;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
import com.fasterxml.jackson.databind.type.TypeFactory;
import com.fasterxml.jackson.databind.util.Converter;
import java.io.IOException;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.springframework.lang.Nullable;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

@JsonSerialize(using = PolicySerializer.class)
@JsonDeserialize(using = PolicyDeserializer.class)
/* loaded from: input_file:org/springframework/vault/support/Policy.class */
public class Policy {
    private static final Policy EMPTY = new Policy(Collections.emptySet());
    private final Set<Rule> rules;

    /* loaded from: input_file:org/springframework/vault/support/Policy$BuiltinCapabilities.class */
    public enum BuiltinCapabilities implements Capability {
        CREATE,
        READ,
        UPDATE,
        WRITE,
        DELETE,
        LIST,
        SUDO,
        DENY;

        @Nullable
        public static Capability find(String str) {
            for (BuiltinCapabilities builtinCapabilities : values()) {
                if (builtinCapabilities.name().equalsIgnoreCase(str)) {
                    return builtinCapabilities;
                }
            }
            return null;
        }

        public static List<Capability> crud() {
            return Arrays.asList(CREATE, READ, UPDATE, DELETE, LIST);
        }

        public static List<Capability> crudAndSudo() {
            return Arrays.asList(CREATE, READ, UPDATE, DELETE, LIST, SUDO);
        }
    }

    /* loaded from: input_file:org/springframework/vault/support/Policy$Capability.class */
    public interface Capability {
        String name();
    }

    /* loaded from: input_file:org/springframework/vault/support/Policy$CapabilityToStringConverter.class */
    static class CapabilityToStringConverter implements Converter<Capability, String> {
        CapabilityToStringConverter() {
        }

        public String convert(Capability capability) {
            return capability.name().toLowerCase();
        }

        public JavaType getInputType(TypeFactory typeFactory) {
            return typeFactory.constructType(Capability.class);
        }

        public JavaType getOutputType(TypeFactory typeFactory) {
            return typeFactory.constructType(String.class);
        }
    }

    /* loaded from: input_file:org/springframework/vault/support/Policy$DurationToStringConverter.class */
    static class DurationToStringConverter implements Converter<Duration, String> {
        DurationToStringConverter() {
        }

        public String convert(Duration duration) {
            return "" + duration.getSeconds();
        }

        public JavaType getInputType(TypeFactory typeFactory) {
            return typeFactory.constructType(Duration.class);
        }

        public JavaType getOutputType(TypeFactory typeFactory) {
            return typeFactory.constructType(String.class);
        }
    }

    /* loaded from: input_file:org/springframework/vault/support/Policy$PolicyDeserializer.class */
    static class PolicyDeserializer extends JsonDeserializer<Policy> {
        PolicyDeserializer() {
        }

        /* renamed from: deserialize, reason: merged with bridge method [inline-methods] */
        public Policy m81deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException {
            Assert.isTrue(jsonParser.getCurrentToken() == JsonToken.START_OBJECT, "Expected START_OBJECT, got: " + jsonParser.getCurrentToken());
            String nextFieldName = jsonParser.nextFieldName();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            if ("path".equals(nextFieldName)) {
                jsonParser.nextToken();
                Assert.isTrue(jsonParser.getCurrentToken() == JsonToken.START_OBJECT, "Expected START_OBJECT, got: " + jsonParser.getCurrentToken());
                jsonParser.nextToken();
                while (jsonParser.currentToken() == JsonToken.FIELD_NAME) {
                    String currentName = jsonParser.getCurrentName();
                    jsonParser.nextToken();
                    Assert.isTrue(jsonParser.getCurrentToken() == JsonToken.START_OBJECT, "Expected START_OBJECT, got: " + jsonParser.getCurrentToken());
                    linkedHashSet.add(((Rule) jsonParser.getCodec().readValue(jsonParser, Rule.class)).withPath(currentName));
                    if (jsonParser.nextToken() == JsonToken.END_OBJECT) {
                        break;
                    }
                }
                Assert.isTrue(jsonParser.getCurrentToken() == JsonToken.END_OBJECT, "Expected END_OBJECT, got: " + jsonParser.getCurrentToken());
                jsonParser.nextToken();
            }
            Assert.isTrue(jsonParser.getCurrentToken() == JsonToken.END_OBJECT, "Expected END_OBJECT, got: " + jsonParser.getCurrentToken());
            return Policy.of(linkedHashSet);
        }
    }

    /* loaded from: input_file:org/springframework/vault/support/Policy$PolicySerializer.class */
    static class PolicySerializer extends JsonSerializer<Policy> {
        PolicySerializer() {
        }

        public void serialize(Policy policy, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException {
            jsonGenerator.writeStartObject();
            jsonGenerator.writeFieldName("path");
            jsonGenerator.writeStartObject();
            for (Rule rule : policy.getRules()) {
                jsonGenerator.writeObjectField(rule.path, rule);
            }
            jsonGenerator.writeEndObject();
            jsonGenerator.writeEndObject();
        }
    }

    @JsonInclude(JsonInclude.Include.NON_EMPTY)
    /* loaded from: input_file:org/springframework/vault/support/Policy$Rule.class */
    public static class Rule {

        @JsonIgnore
        private final String path;

        @JsonSerialize(contentConverter = CapabilityToStringConverter.class)
        @JsonDeserialize(contentConverter = StringToCapabilityConverter.class)
        private final List<Capability> capabilities;

        @Nullable
        @JsonProperty("min_wrapping_ttl")
        @JsonSerialize(converter = DurationToStringConverter.class)
        private final Duration minWrappingTtl;

        @Nullable
        @JsonProperty("max_wrapping_ttl")
        @JsonSerialize(converter = DurationToStringConverter.class)
        private final Duration maxWrappingTtl;

        @JsonProperty("allowed_parameters")
        private final Map<String, List<String>> allowedParameters;

        @JsonProperty("denied_parameters")
        private final Map<String, List<String>> deniedParameters;

        /* loaded from: input_file:org/springframework/vault/support/Policy$Rule$RuleBuilder.class */
        public static class RuleBuilder {

            @Nullable
            private String path;

            @Nullable
            private Duration minWrappingTtl;

            @Nullable
            private Duration maxWrappingTtl;
            private Set<Capability> capabilities = new LinkedHashSet();
            private Map<String, List<String>> allowedParameters = new LinkedHashMap();
            private Map<String, List<String>> deniedParameters = new LinkedHashMap();

            public RuleBuilder path(String str) {
                Assert.hasText(str, "Path must not be empty");
                this.path = str;
                return this;
            }

            public RuleBuilder capability(Capability capability) {
                Assert.notNull(capability, "Capability must not be null");
                this.capabilities.add(capability);
                return this;
            }

            public RuleBuilder capabilities(Capability... capabilityArr) {
                Assert.notNull(capabilityArr, "Capabilities must not be null");
                Assert.noNullElements(capabilityArr, "Capabilities must not contain null elements");
                return capabilities(Arrays.asList(capabilityArr));
            }

            public RuleBuilder capabilities(String... strArr) {
                Assert.notNull(strArr, "Capabilities must not be null");
                Assert.noNullElements(strArr, "Capabilities must not contain null elements");
                return capabilities((List) Arrays.stream(strArr).map(str -> {
                    Capability find = BuiltinCapabilities.find(str);
                    if (find == null) {
                        throw new IllegalArgumentException("Cannot resolve " + str + " to a capability");
                    }
                    return find;
                }).collect(Collectors.toList()));
            }

            private RuleBuilder capabilities(Iterable<Capability> iterable) {
                Iterator<Capability> it = iterable.iterator();
                while (it.hasNext()) {
                    this.capabilities.add(it.next());
                }
                return this;
            }

            public RuleBuilder minWrappingTtl(Duration duration) {
                Assert.notNull(duration, "TTL must not be null");
                this.minWrappingTtl = duration;
                return this;
            }

            public RuleBuilder maxWrappingTtl(Duration duration) {
                Assert.notNull(duration, "TTL must not be null");
                this.maxWrappingTtl = duration;
                return this;
            }

            public RuleBuilder allowedParameter(String str, String... strArr) {
                Assert.hasText(str, "Allowed parameter name must not be empty");
                Assert.notNull(strArr, "Values must not be null");
                this.allowedParameters.put(str, Arrays.asList(strArr));
                return this;
            }

            public RuleBuilder deniedParameter(String str, String... strArr) {
                Assert.hasText(str, "Denied parameter name must not be empty");
                Assert.notNull(strArr, "Values must not be null");
                this.deniedParameters.put(str, Arrays.asList(strArr));
                return this;
            }

            public Rule build() {
                List unmodifiableList;
                Assert.state(StringUtils.hasText(this.path), "Path must not be empty");
                Assert.state(!this.capabilities.isEmpty(), "Rule must define one or more capabilities");
                switch (this.capabilities.size()) {
                    case 0:
                        unmodifiableList = Collections.emptyList();
                        break;
                    case 1:
                        unmodifiableList = Collections.singletonList(this.capabilities.iterator().next());
                        break;
                    default:
                        unmodifiableList = Collections.unmodifiableList(new ArrayList(this.capabilities));
                        break;
                }
                return new Rule(this.path, unmodifiableList, this.minWrappingTtl, this.maxWrappingTtl, createMap(this.allowedParameters), createMap(this.deniedParameters));
            }

            private Map<String, List<String>> createMap(Map<String, List<String>> map) {
                return map.isEmpty() ? Collections.emptyMap() : Collections.unmodifiableMap(new LinkedHashMap(map));
            }
        }

        @JsonCreator
        private Rule(@JsonProperty("capabilities") List<Capability> list, @JsonProperty("min_wrapping_ttl") @JsonDeserialize(converter = StringToDurationConverter.class) Duration duration, @JsonProperty("max_wrapping_ttl") @JsonDeserialize(converter = StringToDurationConverter.class) Duration duration2, @JsonProperty("allowed_parameters") Map<String, List<String>> map, @JsonProperty("denied_parameters") Map<String, List<String>> map2) {
            this.path = "";
            this.capabilities = list;
            this.minWrappingTtl = duration;
            this.maxWrappingTtl = duration2;
            this.allowedParameters = map;
            this.deniedParameters = map2;
        }

        private Rule(String str, List<Capability> list, @Nullable Duration duration, @Nullable Duration duration2, Map<String, List<String>> map, Map<String, List<String>> map2) {
            this.path = str;
            this.capabilities = list;
            this.minWrappingTtl = duration;
            this.maxWrappingTtl = duration2;
            this.allowedParameters = map;
            this.deniedParameters = map2;
        }

        public static RuleBuilder builder() {
            return new RuleBuilder();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Rule withPath(String str) {
            return new Rule(str, this.capabilities, this.minWrappingTtl, this.maxWrappingTtl, this.allowedParameters, this.deniedParameters);
        }

        public String getPath() {
            return this.path;
        }

        public List<Capability> getCapabilities() {
            return this.capabilities;
        }

        @Nullable
        public Duration getMinWrappingTtl() {
            return this.minWrappingTtl;
        }

        @Nullable
        public Duration getMaxWrappingTtl() {
            return this.maxWrappingTtl;
        }

        public Map<String, List<String>> getAllowedParameters() {
            return this.allowedParameters;
        }

        public Map<String, List<String>> getDeniedParameters() {
            return this.deniedParameters;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj instanceof Rule) {
                return this.path.equals(((Rule) obj).path);
            }
            return false;
        }

        public int hashCode() {
            return Objects.hash(this.path);
        }
    }

    /* loaded from: input_file:org/springframework/vault/support/Policy$StringToCapabilityConverter.class */
    static class StringToCapabilityConverter implements Converter<String, Capability> {
        StringToCapabilityConverter() {
        }

        public Capability convert(String str) {
            Capability find = BuiltinCapabilities.find(str);
            return find != null ? find : () -> {
                return str;
            };
        }

        public JavaType getInputType(TypeFactory typeFactory) {
            return typeFactory.constructType(String.class);
        }

        public JavaType getOutputType(TypeFactory typeFactory) {
            return typeFactory.constructType(Capability.class);
        }
    }

    /* loaded from: input_file:org/springframework/vault/support/Policy$StringToDurationConverter.class */
    static class StringToDurationConverter implements Converter<String, Duration> {
        static Pattern SECONDS = Pattern.compile("(\\d+)s");
        static Pattern MINUTES = Pattern.compile("(\\d+)m");
        static Pattern HOURS = Pattern.compile("(\\d+)h");

        StringToDurationConverter() {
        }

        public Duration convert(String str) {
            try {
                return Duration.ofSeconds(Long.parseLong(str));
            } catch (NumberFormatException e) {
                Matcher matcher = SECONDS.matcher(str);
                if (matcher.matches()) {
                    return Duration.ofSeconds(Long.parseLong(matcher.group(1)));
                }
                Matcher matcher2 = MINUTES.matcher(str);
                if (matcher2.matches()) {
                    return Duration.ofMinutes(Long.parseLong(matcher2.group(1)));
                }
                Matcher matcher3 = HOURS.matcher(str);
                if (matcher3.matches()) {
                    return Duration.ofHours(Long.parseLong(matcher3.group(1)));
                }
                throw new IllegalArgumentException("Unsupported duration value: " + str);
            }
        }

        public JavaType getInputType(TypeFactory typeFactory) {
            return typeFactory.constructType(String.class);
        }

        public JavaType getOutputType(TypeFactory typeFactory) {
            return typeFactory.constructType(Capability.class);
        }
    }

    private Policy(Set<Rule> set) {
        this.rules = set;
    }

    public static Policy empty() {
        return EMPTY;
    }

    public static Policy of(Rule... ruleArr) {
        Assert.notNull(ruleArr, "Rules must not be null");
        Assert.noNullElements(ruleArr, "Rules must not contain null elements");
        return new Policy(new LinkedHashSet(Arrays.asList(ruleArr)));
    }

    public static Policy of(Set<Rule> set) {
        Assert.notNull(set, "Rules must not be null");
        return new Policy(new LinkedHashSet(set));
    }

    public Policy with(Rule rule) {
        Assert.notNull(rule, "Rule must not be null");
        LinkedHashSet linkedHashSet = new LinkedHashSet(this.rules.size() + 1);
        linkedHashSet.addAll(this.rules);
        linkedHashSet.add(rule);
        return new Policy(linkedHashSet);
    }

    public Set<Rule> getRules() {
        return this.rules;
    }

    @Nullable
    public Rule getRule(String str) {
        Assert.notNull(str, "Path must not be null");
        for (Rule rule : this.rules) {
            if (rule.getPath().equals(str)) {
                return rule;
            }
        }
        return null;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj instanceof Policy) {
            return this.rules.equals(((Policy) obj).rules);
        }
        return false;
    }

    public int hashCode() {
        return Objects.hash(this.rules);
    }
}
