package io.minio.policy;

import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.io.Reader;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY)
/* loaded from: input_file:io/minio/policy/BucketPolicy.class */
public class BucketPolicy {

    @JsonIgnore
    private String bucketName;

    @JsonProperty("Version")
    private String version;

    @JsonProperty("Statement")
    private List<Statement> statements;

    @JsonIgnore
    private static final ObjectMapper objectMapper = new ObjectMapper().enable(DeserializationFeature.ACCEPT_SINGLE_VALUE_AS_ARRAY).setSerializationInclusion(JsonInclude.Include.NON_NULL);

    public BucketPolicy() {
    }

    public BucketPolicy(String str) {
        this.bucketName = str;
        this.version = "2012-10-17";
    }

    public List<Statement> statements() {
        return this.statements;
    }

    public static BucketPolicy parseJson(Reader reader, String str) throws IOException {
        BucketPolicy bucketPolicy = (BucketPolicy) objectMapper.readValue(reader, BucketPolicy.class);
        bucketPolicy.bucketName = str;
        return bucketPolicy;
    }

    @JsonIgnore
    public String getJson() throws JsonProcessingException {
        return objectMapper.writeValueAsString(this);
    }

    private List<Statement> newBucketStatement(PolicyType policyType, String str) {
        ArrayList arrayList = new ArrayList();
        if (policyType == PolicyType.NONE || this.bucketName == null || this.bucketName.isEmpty()) {
            return arrayList;
        }
        Resources resources = new Resources(Constants.AWS_RESOURCE_PREFIX + this.bucketName);
        Statement statement = new Statement();
        statement.setActions(Constants.COMMON_BUCKET_ACTIONS);
        statement.setEffect("Allow");
        statement.setPrincipal(new Principal("*"));
        statement.setResources(resources);
        statement.setSid("");
        arrayList.add(statement);
        if (policyType == PolicyType.READ_ONLY || policyType == PolicyType.READ_WRITE) {
            Statement statement2 = new Statement();
            statement2.setActions(Constants.READ_ONLY_BUCKET_ACTIONS);
            statement2.setEffect("Allow");
            statement2.setPrincipal(new Principal("*"));
            statement2.setResources(resources);
            statement2.setSid("");
            if (str != null && !str.isEmpty()) {
                statement2.setConditions(new ConditionMap("StringEquals", new ConditionKeyMap("s3:prefix", str)));
            }
            arrayList.add(statement2);
        }
        if (policyType == PolicyType.WRITE_ONLY || policyType == PolicyType.READ_WRITE) {
            Statement statement3 = new Statement();
            statement3.setActions(Constants.WRITE_ONLY_BUCKET_ACTIONS);
            statement3.setEffect("Allow");
            statement3.setPrincipal(new Principal("*"));
            statement3.setResources(resources);
            statement3.setSid("");
            arrayList.add(statement3);
        }
        return arrayList;
    }

    private List<Statement> newObjectStatement(PolicyType policyType, String str) {
        ArrayList arrayList = new ArrayList();
        if (policyType == PolicyType.NONE || this.bucketName == null || this.bucketName.isEmpty()) {
            return arrayList;
        }
        Resources resources = new Resources(Constants.AWS_RESOURCE_PREFIX + this.bucketName + "/" + str + "*");
        Statement statement = new Statement();
        statement.setEffect("Allow");
        statement.setPrincipal(new Principal("*"));
        statement.setResources(resources);
        statement.setSid("");
        if (policyType == PolicyType.READ_ONLY) {
            statement.setActions(Constants.READ_ONLY_OBJECT_ACTIONS);
        } else if (policyType == PolicyType.WRITE_ONLY) {
            statement.setActions(Constants.WRITE_ONLY_OBJECT_ACTIONS);
        } else if (policyType == PolicyType.READ_WRITE) {
            statement.setActions(Constants.READ_WRITE_OBJECT_ACTIONS);
        }
        arrayList.add(statement);
        return arrayList;
    }

    private List<Statement> newStatements(PolicyType policyType, String str) {
        List<Statement> newBucketStatement = newBucketStatement(policyType, str);
        newBucketStatement.addAll(newObjectStatement(policyType, str));
        return newBucketStatement;
    }

    @JsonIgnore
    private boolean[] getInUsePolicy(String str) {
        String str2 = Constants.AWS_RESOURCE_PREFIX + this.bucketName + "/";
        String str3 = Constants.AWS_RESOURCE_PREFIX + this.bucketName + "/" + str + "*";
        boolean z = false;
        boolean z2 = false;
        for (Statement statement : this.statements) {
            if (!statement.resources().contains(str3) && !statement.resources().startsWith(str2).isEmpty()) {
                if (statement.actions().containsAll(Constants.READ_ONLY_OBJECT_ACTIONS)) {
                    z = true;
                }
                if (statement.actions().containsAll(Constants.WRITE_ONLY_OBJECT_ACTIONS)) {
                    z2 = true;
                }
            }
            if (z && z2) {
                break;
            }
        }
        return new boolean[]{z, z2};
    }

    private void removeStatements(String str) {
        Set<String> set;
        String str2 = Constants.AWS_RESOURCE_PREFIX + this.bucketName;
        String str3 = Constants.AWS_RESOURCE_PREFIX + this.bucketName + "/" + str + "*";
        boolean[] inUsePolicy = getInUsePolicy(str);
        boolean z = inUsePolicy[0];
        boolean z2 = inUsePolicy[1];
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        ArrayList<Statement> arrayList2 = new ArrayList();
        for (Statement statement : this.statements) {
            if (statement.isValid(this.bucketName)) {
                if (statement.resources().contains(str2)) {
                    if (statement.conditions() != null) {
                        statement.removeBucketActions(str, str2, false, false);
                    } else {
                        statement.removeBucketActions(str, str2, z, z2);
                    }
                } else if (statement.resources().contains(str3)) {
                    statement.removeObjectActions(str3);
                }
                if (!statement.actions().isEmpty()) {
                    if (statement.resources().contains(str2) && statement.actions().containsAll(Constants.READ_ONLY_BUCKET_ACTIONS) && statement.effect().equals("Allow") && statement.principal().aws().contains("*")) {
                        if (statement.conditions() != null) {
                            ConditionKeyMap conditionKeyMap = statement.conditions().get("StringEquals");
                            if (conditionKeyMap != null && (set = conditionKeyMap.get("s3:prefix")) != null) {
                                Iterator<String> it = set.iterator();
                                while (it.hasNext()) {
                                    hashSet.add(str2 + "/" + it.next() + "*");
                                }
                            }
                        } else if (!hashSet.isEmpty()) {
                            arrayList2.add(statement);
                        }
                    }
                    arrayList.add(statement);
                }
            } else {
                arrayList.add(statement);
            }
        }
        boolean z3 = true;
        String str4 = Constants.AWS_RESOURCE_PREFIX + this.bucketName + "/";
        Iterator it2 = arrayList.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            Statement statement2 = (Statement) it2.next();
            HashSet hashSet2 = new HashSet(hashSet);
            hashSet2.retainAll(statement2.resources());
            if (!statement2.resources().startsWith(str4).isEmpty() && hashSet2.isEmpty()) {
                z3 = false;
                break;
            }
        }
        for (Statement statement3 : arrayList2) {
            Set<String> aws = statement3.principal().aws();
            if (!z3 || !statement3.resources().contains(str2) || !statement3.effect().equals("Allow") || aws == null || !aws.contains("*") || statement3.conditions() != null) {
                arrayList.add(statement3);
            }
        }
        if (arrayList.size() == 1) {
            Statement statement4 = (Statement) arrayList.get(0);
            Set<String> aws2 = statement4.principal().aws();
            if (statement4.resources().contains(str2) && statement4.actions().containsAll(Constants.COMMON_BUCKET_ACTIONS) && statement4.effect().equals("Allow") && aws2 != null && aws2.contains("*") && statement4.conditions() == null) {
                arrayList = new ArrayList();
            }
        }
        this.statements = arrayList;
    }

    private void appendStatement(Statement statement) {
        for (Statement statement2 : this.statements) {
            Set<String> aws = statement2.principal().aws();
            ConditionMap conditions = statement2.conditions();
            if (statement2.actions().containsAll(statement.actions()) && statement2.effect().equals(statement.effect()) && aws != null && aws.containsAll(statement.principal().aws()) && conditions != null && conditions.equals(statement.conditions())) {
                statement2.resources().addAll(statement.resources());
                return;
            }
            if (statement2.resources().containsAll(statement.resources()) && statement2.effect().equals(statement.effect()) && aws != null && aws.containsAll(statement.principal().aws()) && conditions != null && conditions.equals(statement.conditions())) {
                statement2.actions().addAll(statement.actions());
                return;
            }
            if (statement2.resources().containsAll(statement.resources()) && statement2.actions().containsAll(statement.actions()) && statement2.effect().equals(statement.effect()) && aws != null && aws.containsAll(statement.principal().aws())) {
                if (conditions != null && conditions.equals(statement.conditions())) {
                    return;
                }
                if (conditions != null && statement.conditions() != null) {
                    conditions.putAll(statement.conditions());
                    return;
                }
            }
        }
        if (statement.actions().isEmpty() && statement.resources().isEmpty()) {
            return;
        }
        this.statements.add(statement);
    }

    private void appendStatements(PolicyType policyType, String str) {
        Iterator<Statement> it = newStatements(policyType, str).iterator();
        while (it.hasNext()) {
            appendStatement(it.next());
        }
    }

    @JsonIgnore
    public PolicyType getPolicy(String str) {
        String str2 = Constants.AWS_RESOURCE_PREFIX + this.bucketName;
        String str3 = Constants.AWS_RESOURCE_PREFIX + this.bucketName + "/" + str + "*";
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        String str4 = "";
        boolean z4 = false;
        boolean z5 = false;
        for (Statement statement : this.statements) {
            Set<String> hashSet = new HashSet();
            if (statement.resources().contains(str3)) {
                hashSet.add(str3);
            } else {
                hashSet = statement.resources().match(str3);
            }
            if (!hashSet.isEmpty()) {
                boolean[] objectPolicy = statement.getObjectPolicy();
                boolean z6 = objectPolicy[0];
                boolean z7 = objectPolicy[1];
                for (String str5 : hashSet) {
                    if (str4.length() < str5.length()) {
                        z4 = z6;
                        z5 = z7;
                        str4 = str5;
                    } else if (str4.length() == str5.length()) {
                        z4 = z4 || z6;
                        z5 = z5 || z7;
                        str4 = str5;
                    }
                }
            } else if (statement.resources().contains(str2)) {
                boolean[] bucketPolicy = statement.getBucketPolicy(str);
                boolean z8 = bucketPolicy[0];
                boolean z9 = bucketPolicy[1];
                boolean z10 = bucketPolicy[2];
                z = z || z8;
                z2 = z2 || z9;
                z3 = z3 || z10;
            }
        }
        if (z) {
            if (z2 && z3 && z4 && z5) {
                return PolicyType.READ_WRITE;
            }
            if (z2 && z4) {
                return PolicyType.READ_ONLY;
            }
            if (z3 && z5) {
                return PolicyType.WRITE_ONLY;
            }
        }
        return PolicyType.NONE;
    }

    @JsonIgnore
    public Map<String, PolicyType> getPolicies() {
        Hashtable hashtable = new Hashtable();
        HashSet<String> hashSet = new HashSet();
        String str = Constants.AWS_RESOURCE_PREFIX + this.bucketName;
        Iterator<Statement> it = this.statements.iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().resources().startsWith(str + "/"));
        }
        for (String str2 : hashSet) {
            String str3 = "";
            if (str2.endsWith("*")) {
                str2 = str2.substring(0, str2.length() - 1);
                str3 = "*";
            }
            String substring = str2.substring(str.length() + 1, str2.length());
            hashtable.put(this.bucketName + "/" + substring + str3, getPolicy(substring));
        }
        return hashtable;
    }

    @JsonIgnore
    public void setPolicy(PolicyType policyType, String str) {
        if (this.statements == null) {
            this.statements = new ArrayList();
        }
        removeStatements(str);
        appendStatements(policyType, str);
    }
}
