package io.unitycatalog.server.auth;

import io.unitycatalog.server.persist.model.Privileges;
import io.unitycatalog.server.persist.utils.HibernateUtils;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.UUID;
import java.util.stream.Collectors;
import org.apache.commons.io.IOUtils;
import org.casbin.adapter.JDBCAdapter;
import org.casbin.jcasbin.main.Enforcer;
import org.casbin.jcasbin.model.Model;

/* loaded from: input_file:io/unitycatalog/server/auth/JCasbinAuthorizer.class */
public class JCasbinAuthorizer implements UnityCatalogAuthorizer {
    private final Enforcer enforcer;
    private static final int PRINCIPAL_INDEX = 0;
    private static final int RESOURCE_INDEX = 1;
    private static final int PRIVILEGE_INDEX = 2;
    private static final String HIERARCHY_POLICY = "g2";
    private static final int HIERARCHY_PARENT_INDEX = 0;
    private static final int HIERARCHY_CHILD_INDEX = 1;

    public JCasbinAuthorizer() throws Exception {
        Properties hibernateProperties = HibernateUtils.getHibernateProperties();
        JDBCAdapter jDBCAdapter = new JDBCAdapter(hibernateProperties.getProperty("hibernate.connection.driver_class"), hibernateProperties.getProperty("hibernate.connection.url"), hibernateProperties.getProperty("hibernate.connection.user"), hibernateProperties.getProperty("hibernate.connection.password"));
        String iOUtils = IOUtils.toString(getClass().getResourceAsStream("/jcasbin_auth_model.conf"), StandardCharsets.UTF_8);
        Model model = new Model();
        model.loadModelFromText(iOUtils);
        this.enforcer = new Enforcer(model, jDBCAdapter);
        this.enforcer.enableAutoSave(true);
    }

    @Override // io.unitycatalog.server.auth.UnityCatalogAuthorizer
    public boolean grantAuthorization(UUID uuid, UUID uuid2, Privileges privileges) {
        return this.enforcer.addPolicy(new String[]{uuid.toString(), uuid2.toString(), privileges.toString()});
    }

    @Override // io.unitycatalog.server.auth.UnityCatalogAuthorizer
    public boolean revokeAuthorization(UUID uuid, UUID uuid2, Privileges privileges) {
        return this.enforcer.removePolicy(new String[]{uuid.toString(), uuid2.toString(), privileges.toString()});
    }

    @Override // io.unitycatalog.server.auth.UnityCatalogAuthorizer
    public boolean clearAuthorizationsForPrincipal(UUID uuid) {
        return this.enforcer.removeFilteredPolicy(0, new String[]{uuid.toString()});
    }

    @Override // io.unitycatalog.server.auth.UnityCatalogAuthorizer
    public boolean clearAuthorizationsForResource(UUID uuid) {
        return this.enforcer.removeFilteredPolicy(1, new String[]{uuid.toString()});
    }

    @Override // io.unitycatalog.server.auth.UnityCatalogAuthorizer
    public boolean addHierarchyChild(UUID uuid, UUID uuid2) {
        return this.enforcer.addNamedGroupingPolicy(HIERARCHY_POLICY, new String[]{uuid.toString(), uuid2.toString()});
    }

    @Override // io.unitycatalog.server.auth.UnityCatalogAuthorizer
    public boolean removeHierarchyChild(UUID uuid, UUID uuid2) {
        return this.enforcer.removeNamedGroupingPolicy(HIERARCHY_POLICY, new String[]{uuid.toString(), uuid2.toString()});
    }

    @Override // io.unitycatalog.server.auth.UnityCatalogAuthorizer
    public boolean removeHierarchyChildren(UUID uuid) {
        return this.enforcer.removeFilteredNamedGroupingPolicy(HIERARCHY_POLICY, 0, new String[]{uuid.toString()});
    }

    @Override // io.unitycatalog.server.auth.UnityCatalogAuthorizer
    public UUID getHierarchyParent(UUID uuid) {
        List filteredNamedGroupingPolicy = this.enforcer.getFilteredNamedGroupingPolicy(HIERARCHY_POLICY, 1, new String[]{uuid.toString()});
        if (filteredNamedGroupingPolicy.isEmpty() || ((List) filteredNamedGroupingPolicy.get(0)).isEmpty()) {
            return null;
        }
        return UUID.fromString((String) ((List) filteredNamedGroupingPolicy.get(0)).get(0));
    }

    @Override // io.unitycatalog.server.auth.UnityCatalogAuthorizer
    public boolean authorize(UUID uuid, UUID uuid2, Privileges privileges) {
        return this.enforcer.enforce(new Object[]{uuid.toString(), uuid2.toString(), privileges.toString()});
    }

    @Override // io.unitycatalog.server.auth.UnityCatalogAuthorizer
    public boolean authorizeAny(UUID uuid, UUID uuid2, Privileges... privilegesArr) {
        return Arrays.stream(privilegesArr).anyMatch(privileges -> {
            return this.enforcer.enforce(new Object[]{uuid.toString(), uuid2.toString(), privileges.toString()});
        });
    }

    @Override // io.unitycatalog.server.auth.UnityCatalogAuthorizer
    public boolean authorizeAll(UUID uuid, UUID uuid2, Privileges... privilegesArr) {
        return Arrays.stream(privilegesArr).allMatch(privileges -> {
            return this.enforcer.enforce(new Object[]{uuid.toString(), uuid2.toString(), privileges.toString()});
        });
    }

    @Override // io.unitycatalog.server.auth.UnityCatalogAuthorizer
    public List<Privileges> listAuthorizations(UUID uuid, UUID uuid2) {
        return (List) this.enforcer.getPermissionsForUserInDomain(uuid.toString(), uuid2.toString()).stream().map(list -> {
            return (String) list.get(PRIVILEGE_INDEX);
        }).map(Privileges::fromValue).collect(Collectors.toList());
    }

    @Override // io.unitycatalog.server.auth.UnityCatalogAuthorizer
    public Map<UUID, List<Privileges>> listAuthorizations(UUID uuid) {
        return (Map) this.enforcer.getFilteredPolicy(1, new String[]{uuid.toString()}).stream().collect(Collectors.groupingBy(list -> {
            return UUID.fromString((String) list.get(0));
        }, Collectors.mapping(list2 -> {
            return Privileges.fromValue((String) list2.get(PRIVILEGE_INDEX));
        }, Collectors.toList())));
    }
}
