package io.unitycatalog.server.auth.decorator;

import io.unitycatalog.server.auth.UnityCatalogAuthorizer;
import io.unitycatalog.server.model.SecurableType;
import io.unitycatalog.server.persist.model.Privileges;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.function.Function;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.expression.ExpressionParser;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext;

/* loaded from: input_file:io/unitycatalog/server/auth/decorator/UnityAccessEvaluator.class */
public class UnityAccessEvaluator {
    private static final Logger LOGGER = LoggerFactory.getLogger(UnityAccessEvaluator.class);
    private final UnityCatalogAuthorizer authorizer;
    private final ExpressionParser parser = new SpelExpressionParser();
    private final MethodHandle authorizeHandle;
    private final MethodHandle authorizeAnyHandle;
    private final MethodHandle authorizeAllHandle;

    public UnityAccessEvaluator(UnityCatalogAuthorizer unityCatalogAuthorizer) throws NoSuchMethodException, IllegalAccessException {
        this.authorizer = unityCatalogAuthorizer;
        MethodHandles.Lookup lookup = MethodHandles.lookup();
        this.authorizeHandle = lookup.findVirtual(unityCatalogAuthorizer.getClass(), "authorize", MethodType.methodType(Boolean.TYPE, UUID.class, UUID.class, Privileges.class)).bindTo(this.authorizer);
        this.authorizeAnyHandle = lookup.findVirtual(getClass(), "authorizeAny", MethodType.methodType((Class<?>) Boolean.TYPE, (Class<?>) Object[].class)).bindTo(this);
        this.authorizeAllHandle = lookup.findVirtual(getClass(), "authorizeAll", MethodType.methodType((Class<?>) Boolean.TYPE, (Class<?>) Object[].class)).bindTo(this);
    }

    protected boolean authorizeAny(Object... objArr) {
        UUID uuid = (UUID) objArr[0];
        UUID uuid2 = (UUID) objArr[1];
        Privileges[] privilegesArr = new Privileges[objArr.length - 2];
        System.arraycopy(objArr, 2, privilegesArr, 0, privilegesArr.length);
        return this.authorizer.authorizeAny(uuid, uuid2, privilegesArr);
    }

    protected boolean authorizeAll(Object... objArr) {
        UUID uuid = (UUID) objArr[0];
        UUID uuid2 = (UUID) objArr[1];
        Privileges[] privilegesArr = new Privileges[objArr.length - 2];
        System.arraycopy(objArr, 2, privilegesArr, 0, privilegesArr.length);
        return this.authorizer.authorizeAll(uuid, uuid2, privilegesArr);
    }

    public boolean evaluate(UUID uuid, String str, Map<SecurableType, Object> map) {
        StandardEvaluationContext standardEvaluationContext = new StandardEvaluationContext(Privileges.class);
        standardEvaluationContext.registerFunction("authorize", this.authorizeHandle);
        standardEvaluationContext.registerFunction("authorizeAny", this.authorizeAnyHandle);
        standardEvaluationContext.registerFunction("authorizeAll", this.authorizeAllHandle);
        standardEvaluationContext.setVariable("deny", Boolean.FALSE);
        standardEvaluationContext.setVariable("permit", Boolean.TRUE);
        standardEvaluationContext.setVariable("defer", Boolean.TRUE);
        standardEvaluationContext.setVariable("principal", uuid);
        map.forEach((securableType, obj) -> {
            standardEvaluationContext.setVariable(securableType.name().toLowerCase(), obj);
        });
        Boolean bool = (Boolean) this.parser.parseExpression(str).getValue(standardEvaluationContext, Boolean.class);
        LOGGER.debug("evaluating {} = {}", str, bool);
        if (bool != null) {
            return bool.booleanValue();
        }
        return false;
    }

    public <T> void filter(UUID uuid, String str, List<T> list, Function<T, Map<SecurableType, Object>> function) {
        list.removeIf(obj -> {
            return !evaluate(uuid, str, (Map) function.apply(obj));
        });
    }
}
