package com.greenhat.server.container.server.security.role;

import com.greenhat.server.container.server.security.AuthenticationService;
import com.greenhat.server.container.server.security.util.SecurityEnablementService;
import com.greenhat.server.container.shared.datamodel.DomainId;
import com.greenhat.server.container.shared.datamodel.Permission;
import com.greenhat.server.container.shared.datamodel.Role;
import com.greenhat.server.container.shared.datamodel.User;
import com.greenhat.server.container.shared.datamodel.UserRoles;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;

/* loaded from: input_file:security-config.jar:com/greenhat/server/container/server/security/role/RoleServiceImpl.class */
public class RoleServiceImpl implements RoleService {
    private final RoleStore roleStore;
    private final SecurityEnablementService securityService;
    private final AuthenticationService authenticationService;

    public RoleServiceImpl(RoleStore roleStore, SecurityEnablementService securityEnablementService, AuthenticationService authenticationService) {
        this.roleStore = roleStore;
        this.securityService = securityEnablementService;
        this.authenticationService = authenticationService;
    }

    @Override // com.greenhat.server.container.server.security.role.RoleService
    public Collection<UserRoles> getUserRoles(DomainId domainId) {
        return this.roleStore.getUserRoles(domainId);
    }

    @Override // com.greenhat.server.container.server.security.role.RoleService
    public Set<Role> getRoles(DomainId domainId, User user) {
        HashSet hashSet = new HashSet();
        if (user.hasRole(Role.SERVER_ADMIN)) {
            hashSet.add(Role.SERVER_ADMIN);
        }
        if (domainId != null) {
            hashSet.addAll(this.roleStore.getRoles(domainId, user));
        } else if (this.roleStore.hasRoleInAnyDomain(user, Role.API_USER) || this.roleStore.hasRoleInAnyDomain(user, Role.USER)) {
            hashSet.add(Role.API_USER);
        }
        return hashSet;
    }

    @Override // com.greenhat.server.container.server.security.role.RoleService
    public void setRoles(DomainId domainId, User user, Set<Role> set) {
        if (set.isEmpty()) {
            this.roleStore.removeUser(domainId, user);
        } else {
            this.roleStore.setRoles(domainId, user, set);
        }
    }

    @Override // com.greenhat.server.container.server.security.role.RoleService
    public void addRole(DomainId domainId, User user, Role role) {
        this.roleStore.addRole(domainId, user, role);
    }

    @Override // com.greenhat.server.container.server.security.role.RoleService
    public void removeRole(DomainId domainId, User user, Role role) {
        this.roleStore.removeRole(domainId, user, role);
    }

    @Override // com.greenhat.server.container.server.security.role.RoleService
    public Set<Permission> getPermissions(Set<Role> set) {
        HashSet hashSet = new HashSet();
        hashSet.addAll(getAllUserAllDomainPermissions());
        for (Role role : set) {
            if (role.equals(Role.DOMAIN_ADMIN)) {
                hashSet.addAll(getDomainAdminPermissions());
            } else if (role.equals(Role.SERVER_ADMIN)) {
                hashSet.addAll(getServerAdminPermissions());
            } else if (role.equals(Role.USER)) {
                hashSet.addAll(getUserPermissions());
                hashSet.addAll(getAPIUserPermissions());
            } else if (role.equals(Role.API_USER)) {
                hashSet.addAll(getAPIUserPermissions());
            }
        }
        return hashSet;
    }

    private Set<Permission> getAllUserAllDomainPermissions() {
        HashSet hashSet = new HashSet();
        hashSet.add(Permission.RTCP_VIEW);
        hashSet.add(Permission.USER_PROFILE_ALTER);
        if (this.authenticationService.canAlterUsers()) {
            hashSet.add(Permission.USER_PROFILE_ALTER_PASSWORD);
        }
        return hashSet;
    }

    private Set<Permission> getUserPermissions() {
        HashSet hashSet = new HashSet();
        hashSet.add(Permission.DOMAIN_VIEW);
        hashSet.add(Permission.LIBRARY_VIEW);
        hashSet.add(Permission.LIBRARY_ARTIFACTS_EDIT_OWN);
        hashSet.add(Permission.LIBRARY_ARTIFACTS_DELETE_OWN);
        hashSet.add(Permission.OSLC_MODULE_VIEW);
        hashSet.add(Permission.RESULTS_MODULE_VIEW);
        hashSet.add(Permission.SCHEDULING_MODULE_VIEW);
        hashSet.add(Permission.VIE_MODULE_VIEW);
        hashSet.add(Permission.LIBRARY_EXPORT);
        hashSet.add(Permission.LIBRARY_IMPORT);
        if (!this.securityService.isDomainSecurityEnabled()) {
            hashSet.add(Permission.LIBRARY_ARTIFACTS_EDIT_OTHERS);
            hashSet.add(Permission.LIBRARY_ARTIFACTS_DELETE_OTHERS);
        }
        return hashSet;
    }

    private Set<Permission> getDomainAdminPermissions() {
        Set<Permission> hashSet = new HashSet();
        hashSet.add(Permission.DOMAIN_ADMIN);
        hashSet.add(Permission.DOMAIN_EDIT);
        hashSet.add(Permission.DOMAIN_USER_ALTER);
        hashSet.add(Permission.LIBRARY_ADMIN);
        if (this.securityService.isDomainSecurityEnabled()) {
            hashSet = revertDomainToServerAdminPermissions(hashSet);
        }
        return hashSet;
    }

    private Set<Permission> getServerAdminPermissions() {
        Set<Permission> hashSet = new HashSet();
        hashSet.add(Permission.RTCP_VIEW);
        hashSet.add(Permission.ACTIVITY_LOG_SET_EXPIRY);
        hashSet.add(Permission.AUDIT_LOG_CLEAR);
        hashSet.add(Permission.DATABASE_DESCRIPTORS_EDIT);
        hashSet.add(Permission.ACTIVITY_LOG_VIEW);
        hashSet.add(Permission.AUDIT_LOG_VIEW);
        hashSet.add(Permission.DOMAIN_CREATE);
        hashSet.add(Permission.DOMAIN_DELETE);
        hashSet.add(Permission.DOMAIN_EDIT_RENAME);
        hashSet.add(Permission.SECURITY_ADMIN);
        hashSet.add(Permission.SECURITY_SET_CONFIG);
        hashSet.add(Permission.SECURITY_CREATE_TOKENS);
        hashSet.add(Permission.SECURITY_DELETE_TOKENS);
        hashSet.add(Permission.DIAGNOSTIC_LOG_VIEW);
        hashSet.add(Permission.DIAGNOSTIC_LOG_SET_EXPIRY);
        if (this.authenticationService.canAlterUsers()) {
            hashSet.add(Permission.USER_ADMIN_ALTER);
            hashSet.add(Permission.USER_ADMIN_PASSWORD);
            hashSet.add(Permission.USER_CREATE);
        }
        hashSet.add(Permission.DOMAIN_VIEW);
        hashSet.add(Permission.DOMAIN_ADMIN);
        hashSet.add(Permission.DOMAIN_EDIT);
        hashSet.add(Permission.DOMAIN_USER_ALTER);
        hashSet.add(Permission.API_DOMAIN_CREATE);
        if (!this.securityService.isDomainSecurityEnabled()) {
            hashSet = revertDomainToServerAdminPermissions(hashSet);
        }
        return hashSet;
    }

    private Set<Permission> revertDomainToServerAdminPermissions(Set<Permission> set) {
        set.add(Permission.SCENARIO_DELETE);
        return set;
    }

    private Set<Permission> getAPIUserPermissions() {
        HashSet hashSet = new HashSet();
        hashSet.add(Permission.API_ENV_QUERY);
        hashSet.add(Permission.API_GET_DOMAINS);
        hashSet.add(Permission.API_CREATE_DB_DESCRIPTORS);
        hashSet.add(Permission.API_QUERY_STUBS);
        hashSet.add(Permission.API_START_STUB);
        hashSet.add(Permission.API_STOP_STUB);
        hashSet.add(Permission.API_AGENT_REGISTER);
        hashSet.add(Permission.API_AGENT_QUERY);
        hashSet.add(Permission.API_AGENT_COMMAND);
        hashSet.add(Permission.API_AGENT_PROJECTS);
        hashSet.add(Permission.API_PUBLISH_STUBS);
        hashSet.add(Permission.API_SCENARIOS_QUERY);
        hashSet.add(Permission.API_SCENARIOS_START);
        hashSet.add(Permission.API_SCENARIOS_STOP);
        hashSet.add(Permission.API_PROXY_RULE_DELETE);
        hashSet.add(Permission.API_PROXY_REGISTER);
        hashSet.add(Permission.API_PROXY_CONFIG);
        hashSet.add(Permission.API_PROXY_QUERY);
        hashSet.add(Permission.API_PROXY_RULE_ADD);
        hashSet.add(Permission.API_PROXY_RULE_QUERY);
        hashSet.add(Permission.API_SCHEDULE_TEST);
        return hashSet;
    }
}
