package io.confluent.security.policyapi.cel;

import io.confluent.security.policyapi.exception.PolicyEngineException;
import io.confluent.security.policyapi.exception.SyntaxException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;
import org.projectnessie.cel.Env;
import org.projectnessie.cel.EnvOption;
import org.projectnessie.cel.Program;
import org.projectnessie.cel.ProgramOption;
import org.projectnessie.cel.checker.Decls;
import org.projectnessie.cel.common.types.Err;
import org.projectnessie.cel.common.types.ref.TypeEnum;
import org.projectnessie.cel.common.types.ref.Val;

/* loaded from: input_file:io/confluent/security/policyapi/cel/TrustPolicyCelParser.class */
public class TrustPolicyCelParser {
    public static final String CLAIM_PREFIX = "claims";

    public static Env getTrustPolicyEnv() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(Decls.newVar(CLAIM_PREFIX, Decls.newMapType(Decls.String, Decls.Dyn)));
        return Env.newCustomEnv(EnvOption.declarations(arrayList), TrustPolicyCelLibrary.customEnvOption());
    }

    public static Program compilePolicy(Env env, String str) throws PolicyEngineException {
        try {
            Env.AstIssuesTuple compile = env.compile(str);
            if (compile.hasIssues()) {
                throw new SyntaxException(compile.getIssues().toString());
            }
            return env.program(compile.getAst(), new ProgramOption[0]);
        } catch (Throwable th) {
            throw new PolicyEngineException(String.format("Failed to load policy %s", str), th);
        }
    }

    public static boolean evaluatePolicy(Program program, Map<String, Object> map) throws PolicyEngineException {
        Program.EvalResult eval = program.eval(Collections.singletonMap(CLAIM_PREFIX, map));
        if (Err.isError(eval.getVal())) {
            return false;
        }
        Val val = eval.getVal();
        if (val.type().typeEnum() != TypeEnum.Bool) {
            throw new PolicyEngineException(String.format("Policy fails to evaluate as boolean: %s", program));
        }
        return val.booleanValue();
    }
}
