package io.confluent.security.roledefinitions;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;

/* loaded from: input_file:io/confluent/security/roledefinitions/RbacResourcesLoader.class */
public class RbacResourcesLoader {

    /* loaded from: input_file:io/confluent/security/roledefinitions/RbacResourcesLoader$VisibleForTesting.class */
    public @interface VisibleForTesting {
    }

    public static RbacRoles loadFilteredRoles(String str) {
        RolePermissionsFilter rolePermissionsFilterByFilterName = getRolePermissionsFilterByFilterName(str);
        return filterAccessPolicies(filterRoles(rolePermissionsFilterByFilterName), rolePermissionsFilterByFilterName);
    }

    private static RolePermissionsFilter getRolePermissionsFilterByFilterName(String str) {
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(RbacResourcesLoader.class.getClassLoader().getResourceAsStream(RbacRoles.ROLE_PERMISSION_FILTERS_FOLDER + str + ".yaml"), StandardCharsets.UTF_8));
            Throwable th = null;
            try {
                RolePermissionsFilter rolePermissionsFilter = (RolePermissionsFilter) RbacRoles.yamlObjectMapper().readValue(bufferedReader, RolePermissionsFilter.class);
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                return rolePermissionsFilter;
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException("Error reading filter file: " + str, e);
        } catch (NullPointerException e2) {
            throw new RuntimeException("Filter not found: " + str, e2);
        }
    }

    private static RbacRoles filterRoles(RolePermissionsFilter rolePermissionsFilter) {
        return RbacRoles.mergedRbacRoles(RbacResourcesLoader.class.getClassLoader(), (List) rolePermissionsFilter.getRolesInFilter().stream().map(str -> {
            return str + ".yaml";
        }).collect(Collectors.toList()));
    }

    private static RbacRoles filterAccessPolicies(RbacRoles rbacRoles, RolePermissionsFilter rolePermissionsFilter) {
        RbacRoles rbacRoles2 = new RbacRoles(new ArrayList(), rbacRoles.bindingScopes());
        for (Role role : rbacRoles.roles()) {
            ArrayList<AccessPolicy> filter = rolePermissionsFilter.filter(role);
            if (filter.isEmpty()) {
                throw new InvalidRoleDefinitionException("Role " + role.name() + " has no allowed operations for the given filter.");
            }
            rbacRoles2.addRole(new Role(role.name(), role.displayName(), role.namespace(), role.internal(), role.rbacQuota(), null, filter));
        }
        return rbacRoles2;
    }

    @VisibleForTesting
    public static RbacRoles test_loadFilteredRoles(String str) {
        RolePermissionsFilter test_getRolePermissionsFilter = test_getRolePermissionsFilter(str);
        return filterAccessPolicies(filterRoles(test_getRolePermissionsFilter), test_getRolePermissionsFilter);
    }

    @VisibleForTesting
    public static RbacRoles test_loadTestingRoles(List<String> list) {
        return test_mergedRbacRoles(list);
    }

    private static RolePermissionsFilter test_getRolePermissionsFilter(String str) {
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(RbacResourcesLoader.class.getClassLoader().getResourceAsStream("test-role-permission-filters/" + str + ".yaml"), StandardCharsets.UTF_8));
            Throwable th = null;
            try {
                RolePermissionsFilter rolePermissionsFilter = (RolePermissionsFilter) RbacRoles.yamlObjectMapper().readValue(bufferedReader, RolePermissionsFilter.class);
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                return rolePermissionsFilter;
            } finally {
            }
        } catch (IOException e) {
            throw new InvalidRoleDefinitionException("Filter not found: " + str, e);
        }
    }

    private static RbacRoles test_mergedRbacRoles(List<String> list) {
        List list2 = (List) list.stream().map(RbacResourcesLoader::test_parseRbacRoles).collect(Collectors.toList());
        RbacRoles rbacRoles = (RbacRoles) list2.remove(0);
        Iterator it = list2.iterator();
        while (it.hasNext()) {
            rbacRoles = RbacRoles.mergeYaml(rbacRoles, (RbacRoles) it.next());
        }
        return rbacRoles;
    }

    private static RbacRoles test_parseRbacRoles(String str) {
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(RbacResourcesLoader.class.getClassLoader().getResourceAsStream("test-role-definitions/" + str), StandardCharsets.UTF_8));
            Throwable th = null;
            try {
                RbacRoles rbacRoles = new RbacRoles(new ArrayList(Collections.singletonList((Role) RbacRoles.yamlObjectMapper().readValue(bufferedReader, Role.class))), str.startsWith("cp") ? RbacRoles.CP_BINDING_SCOPES : RbacRoles.CLOUD_BINDING_SCOPES);
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                return rbacRoles;
            } finally {
            }
        } catch (IOException e) {
            throw new InvalidRoleDefinitionException("Could not find test role definition", e);
        }
    }
}
