package fi.vm.sade.security;

import com.github.blemale.scaffeine.AsyncCache;
import com.github.blemale.scaffeine.Scaffeine$;
import fi.vm.sade.authorization.NotAuthorizedException;
import fi.vm.sade.utils.slf4j.Logging;
import fi.vm.sade.valintatulosservice.config.VtsAppConfig;
import fi.vm.sade.valintatulosservice.hakukohderyhmat.HakukohderyhmaService;
import fi.vm.sade.valintatulosservice.security.Role;
import fi.vm.sade.valintatulosservice.security.Session;
import fi.vm.sade.valintatulosservice.valintarekisteri.domain.HakukohdeOid;
import fi.vm.sade.valintatulosservice.valintarekisteri.domain.HakukohderyhmaOid;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import scala.Function0;
import scala.MatchError;
import scala.Predef$;
import scala.StringContext;
import scala.collection.Seq;
import scala.collection.Set;
import scala.collection.SetLike;
import scala.collection.TraversableOnce;
import scala.collection.generic.GenericTraversableTemplate;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.Set$;
import scala.concurrent.Await$;
import scala.concurrent.ExecutionContext$Implicits$;
import scala.concurrent.Future;
import scala.concurrent.Future$;
import scala.concurrent.duration.Duration$;
import scala.package$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.util.Either;
import scala.util.Failure;
import scala.util.Success;
import scala.util.Try;
import scala.util.Try$;

/* compiled from: organizationHierarchyAuthorizer.scala */
@ScalaSignature(bytes = "\u0006\u0001\u00055g\u0001B\u0001\u0003\u0001-\u0011qd\u0014:hC:L'0\u0019;j_:D\u0015.\u001a:be\u000eD\u00170Q;uQ>\u0014\u0018N_3s\u0015\t\u0019A!\u0001\u0005tK\u000e,(/\u001b;z\u0015\t)a!\u0001\u0003tC\u0012,'BA\u0004\t\u0003\t1XNC\u0001\n\u0003\t1\u0017n\u0001\u0001\u0014\u0007\u0001a\u0011\u0003\u0005\u0002\u000e!5\taB\u0003\u0002\u0010\t\u0005i\u0011-\u001e;i_JL'0\u0019;j_:L!!\u0001\b\u0011\u0005I9R\"A\n\u000b\u0005Q)\u0012!B:mMRR'B\u0001\f\u0005\u0003\u0015)H/\u001b7t\u0013\tA2CA\u0004M_\u001e<\u0017N\\4\t\u0011i\u0001!\u0011!Q\u0001\nm\t\u0011\"\u00199q\u0007>tg-[4\u0011\u0005q\u0001dBA\u000f.\u001d\tq\"F\u0004\u0002 Q9\u0011\u0001e\n\b\u0003C\u0019r!AI\u0013\u000e\u0003\rR!\u0001\n\u0006\u0002\rq\u0012xn\u001c;?\u0013\u0005I\u0011BA\u0004\t\u0013\t)a!\u0003\u0002*\t\u0005\u0019b/\u00197j]R\fG/\u001e7pgN,'O^5dK&\u00111\u0006L\u0001\u0007G>tg-[4\u000b\u0005%\"\u0011B\u0001\u00180\u000311Fo]!qa\u000e{gNZ5h\u0015\tYC&\u0003\u00022e\taa\u000b^:BaB\u001cuN\u001c4jO*\u0011af\f\u0005\ti\u0001\u0011\t\u0011)A\u0005k\u0005)\u0002.Y6vW>DG-\u001a:zQ6\f7+\u001a:wS\u000e,\u0007C\u0001\u001c:\u001b\u00059$B\u0001\u001d-\u0003=A\u0017m[;l_\"$WM]=i[\u0006$\u0018B\u0001\u001e8\u0005UA\u0015m[;l_\"$WM]=i[\u0006\u001cVM\u001d<jG\u0016DQ\u0001\u0010\u0001\u0005\u0002u\na\u0001P5oSRtDc\u0001 A\u0003B\u0011q\bA\u0007\u0002\u0005!)!d\u000fa\u00017!)Ag\u000fa\u0001k!A1\t\u0001EC\u0002\u0013%A)\u0001\biC.,8n\u001c5eK\u000e\u000b7\r[3\u0016\u0003\u0015\u0003BAR(R36\tqI\u0003\u0002I\u0013\u0006I1oY1gM\u0016Lg.\u001a\u0006\u0003\u0015.\u000bqA\u00197f[\u0006dWM\u0003\u0002M\u001b\u00061q-\u001b;ik\nT\u0011AT\u0001\u0004G>l\u0017B\u0001)H\u0005)\t5/\u001f8d\u0007\u0006\u001c\u0007.\u001a\t\u0003%^k\u0011a\u0015\u0006\u0003)V\u000ba\u0001Z8nC&t'B\u0001,-\u0003A1\u0018\r\\5oi\u0006\u0014Xm[5ti\u0016\u0014\u0018.\u0003\u0002Y'\n\t\u0002*Y6vW>DG-\u001a:zQ6\fw*\u001b3\u0011\u0007i\u000bGM\u0004\u0002\\=:\u0011!\u0005X\u0005\u0002;\u0006)1oY1mC&\u0011q\fY\u0001\ba\u0006\u001c7.Y4f\u0015\u0005i\u0016B\u00012d\u0005\r\u0019V-\u001d\u0006\u0003?\u0002\u0004\"AU3\n\u0005\u0019\u001c&\u0001\u0004%bWV\\w\u000e\u001b3f\u001f&$\u0007\u0002\u00035\u0001\u0011\u0003\u0005\u000b\u0015B#\u0002\u001f!\f7.^6pQ\u0012,7)Y2iK\u0002BQA\u001b\u0001\u0005\n-\f!fZ3u\u0003V$\bn\u001c:ju\u0016$\u0007*Y6vW>DG-\u001a:zQ6\fw*\u001b3t\rJ|WnU3tg&|g\u000eF\u0002mef\u00042!\u001c9R\u001b\u0005q'BA8a\u0003)\u0019w\u000e\u001c7fGRLwN\\\u0005\u0003c:\u00141aU3u\u0011\u0015\u0019\u0018\u000e1\u0001u\u0003\u001d\u0019Xm]:j_:\u0004\"!^<\u000e\u0003YT!a\u0001\u0017\n\u0005a4(aB*fgNLwN\u001c\u0005\u0006u&\u0004\ra_\u0001\u0010CV$\bn\u001c:ju\u0016$'k\u001c7fgB\u0019Q\u000e\u001d?\u0011\u0005Ul\u0018B\u0001@w\u0005\u0011\u0011v\u000e\\3\t\u000f\u0005\u0005\u0001\u0001\"\u0003\u0002\u0004\u0005i\u0013\r\u001e'fCN$xJ\\3IC.,8n\u001c5eK\u0006+H\u000f[8sSj,GMQ=IC.,8n\u001c5eKJL\b.\\1\u0015\u0011\u0005\u0015\u0011QBA\b\u0003+\u0001B!a\u0002\u0002\n5\t\u0001-C\u0002\u0002\f\u0001\u0014qAQ8pY\u0016\fg\u000eC\u0003t\u007f\u0002\u0007A\u000fC\u0004\u0002\u0012}\u0004\r!a\u0005\u0002\u0017!\f7.^6pQR,W\r\u001e\t\u0004[B$\u0007BBA\f\u007f\u0002\u000710A\u0003s_2,7\u000fC\u0004\u0002\u001c\u0001!I!!\b\u0002;%\u001c\u0018)\u001e;i_JL'0\u001a3Cs\"\u000b7.^6pQ\u0012,'/\u001f5nCR$\u0002\"!\u0002\u0002 \u0005\u0005\u0012Q\u0005\u0005\u0007g\u0006e\u0001\u0019\u0001;\t\u000f\u0005\r\u0012\u0011\u0004a\u0001I\u0006a\u0001.Y6vW>DG-Z(jI\"9\u0011qCA\r\u0001\u0004Y\bbBA\u0015\u0001\u0011\u0005\u00111F\u0001\fG\",7m[!dG\u0016\u001c8\u000f\u0006\u0005\u0002.\u0005}\u0012\u0011IA+!\u001dQ\u0016qFA\u001a\u0003sI1!!\rd\u0005\u0019)\u0015\u000e\u001e5feB\u0019!,!\u000e\n\u0007\u0005]2MA\u0005UQJ|w/\u00192mKB!\u0011qAA\u001e\u0013\r\ti\u0004\u0019\u0002\u0005+:LG\u000f\u0003\u0004t\u0003O\u0001\r\u0001\u001e\u0005\t\u0003\u0007\n9\u00031\u0001\u0002F\u0005\u0001rN]4b]&\u001c\u0018\r^5p]>KGm\u001d\t\u0005[B\f9\u0005\u0005\u0003\u0002J\u0005=c\u0002BA\u0004\u0003\u0017J1!!\u0014a\u0003\u0019\u0001&/\u001a3fM&!\u0011\u0011KA*\u0005\u0019\u0019FO]5oO*\u0019\u0011Q\n1\t\u000f\u0005]\u0011q\u0005a\u0001w\"9\u0011\u0011\u0006\u0001\u0005\u0002\u0005eC\u0003CA\u0017\u00037\ni&!\u0019\t\rM\f9\u00061\u0001u\u0011!\ty&a\u0016A\u0002\u0005\u001d\u0013aD8sO\u0006t\u0017n]1uS>tw*\u001b3\t\u000f\u0005]\u0011q\u000ba\u0001w\"9\u0011Q\r\u0001\u0005\u0002\u0005\u001d\u0014\u0001N2iK\u000e\\\u0017iY2fgN<\u0016\u000e\u001e5IC.,8n\u001c5eKJL\b.\\1u\r>\u0014\u0018\t\u001e'fCN$xJ\\3IC.,8n\u001c5eKRQ\u0011QFA5\u0003W\ni'a\u001c\t\rM\f\u0019\u00071\u0001u\u0011!\t\u0019%a\u0019A\u0002\u0005\u0015\u0003bBA\f\u0003G\u0002\ra\u001f\u0005\t\u0003c\n\u0019\u00071\u0001\u0002\u0014\u0005i\u0001.Y6vW>DG-Z(jINDq!!\u001e\u0001\t\u0003\t9(\u0001\u0010dQ\u0016\u001c7.Q2dKN\u001cx+\u001b;i\u0011\u0006\\Wo[8iI\u0016\u0014\u0018\u0010[7biRQ\u0011QFA=\u0003w\ni(a \t\rM\f\u0019\b1\u0001u\u0011!\t\u0019%a\u001dA\u0002\u0005\u0015\u0003bBA\f\u0003g\u0002\ra\u001f\u0005\b\u0003G\t\u0019\b1\u0001e\u0011\u001d\t\u0019\t\u0001C\u0001\u0003\u000b\u000babZ3u\u0011\u0006\\Wo[8ii\u0016,G\u000f\u0006\u0003\u0002\b\u0006M\u0005#BAE\u0003\u001fKVBAAF\u0015\r\ti\tY\u0001\u000bG>t7-\u001e:sK:$\u0018\u0002BAI\u0003\u0017\u0013aAR;ukJ,\u0007bBAK\u0003\u0003\u0003\r!U\u0001\u0004_&$\u0007BDAM\u0001A\u0005\u0019\u0011!A\u0005\n\u0005m\u0015\u0011Z\u0001.gV\u0004XM\u001d\u0013dQ\u0016\u001c7.Q2dKN\u001cHk\u001c+be\u001e,Go\u0014:QCJ,g\u000e^(sO\u0006t\u0017N_1uS>tG\u0003CA\u001d\u0003;\u000bY,a0\t\u0015\u0005}\u0015qSA\u0001\u0002\u0004\t\t+A\u0002yIE\u0002b!a)\u0002.\u0006EVBAAS\u0015\u0011\t9+!+\u0002\tU$\u0018\u000e\u001c\u0006\u0003\u0003W\u000bAA[1wC&!\u0011qVAS\u0005\u0011a\u0015n\u001d;\u0011\t\u0005M\u0016\u0011X\u0007\u0003\u0003kSA!a.\u0002*\u0006!A.\u00198h\u0013\u0011\t\t&!.\t\u0015\u0005u\u0016qSA\u0001\u0002\u0004\t\t,A\u0002yIIB!\"!1\u0002\u0018\u0006\u0005\t\u0019AAb\u0003\rAHe\r\t\u0007\u0003\u000f\t)-!-\n\u0007\u0005\u001d\u0007MA\u0003BeJ\f\u00170C\u0002\u0002LB\tqe\u00195fG.\f5mY3tgR{G+\u0019:hKR|%\u000fU1sK:$xJ]4b]&T\u0018\r^5p]\u0002")
/* loaded from: input_file:WEB-INF/classes/fi/vm/sade/security/OrganizationHierarchyAuthorizer.class */
public class OrganizationHierarchyAuthorizer extends fi.vm.sade.authorization.OrganizationHierarchyAuthorizer implements Logging {
    public final HakukohderyhmaService fi$vm$sade$security$OrganizationHierarchyAuthorizer$$hakukohderyhmaService;
    private AsyncCache<HakukohderyhmaOid, Seq<HakukohdeOid>> hakukohdeCache;
    private final Logger logger;
    private volatile byte bitmap$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    private AsyncCache hakukohdeCache$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 1)) == 0) {
                this.hakukohdeCache = Scaffeine$.MODULE$.apply().expireAfterWrite(Duration$.MODULE$.apply(10L, TimeUnit.MINUTES)).buildAsync();
                this.bitmap$0 = (byte) (this.bitmap$0 | 1);
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
            r0 = r0;
            return this.hakukohdeCache;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    private Logger logger$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 2)) == 0) {
                this.logger = Logging.Cclass.logger(this);
                this.bitmap$0 = (byte) (this.bitmap$0 | 2);
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
            r0 = r0;
            return this.logger;
        }
    }

    @Override // fi.vm.sade.utils.slf4j.Logging
    public Logger logger() {
        return ((byte) (this.bitmap$0 & 2)) == 0 ? logger$lzycompute() : this.logger;
    }

    @Override // fi.vm.sade.utils.slf4j.Logging
    public <T> T withErrorLogging(Function0<T> function0, String str) {
        return (T) Logging.Cclass.withErrorLogging(this, function0, str);
    }

    @Override // fi.vm.sade.utils.slf4j.Logging
    public <T> T withWarnLogging(Function0<T> function0, String str, T t) {
        return (T) Logging.Cclass.withWarnLogging(this, function0, str, t);
    }

    public /* synthetic */ void fi$vm$sade$security$OrganizationHierarchyAuthorizer$$super$checkAccessToTargetOrParentOrganization(List list, String str, String[] strArr) {
        super.checkAccessToTargetOrParentOrganization(list, str, strArr);
    }

    private AsyncCache<HakukohderyhmaOid, Seq<HakukohdeOid>> hakukohdeCache() {
        return ((byte) (this.bitmap$0 & 1)) == 0 ? hakukohdeCache$lzycompute() : this.hakukohdeCache;
    }

    private Set<HakukohderyhmaOid> getAuthorizedHakukohderyhmaOidsFromSession(Session session, Set<Role> set) {
        return (Set) ((SetLike) session.roles().filter(new OrganizationHierarchyAuthorizer$$anonfun$getAuthorizedHakukohderyhmaOidsFromSession$1(this, set))).map(new OrganizationHierarchyAuthorizer$$anonfun$getAuthorizedHakukohderyhmaOidsFromSession$2(this), Set$.MODULE$.canBuildFrom());
    }

    private boolean atLeastOneHakukohdeAuthorizedByHakukohderyhma(Session session, Set<HakukohdeOid> set, Set<Role> set2) {
        logger().warn(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"*** User ", " had no rights from ordinary checkAccess for hakukohtees ", ", checking with hakukohderyhmat"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{session.personOid(), set})));
        Set<HakukohderyhmaOid> authorizedHakukohderyhmaOidsFromSession = getAuthorizedHakukohderyhmaOidsFromSession(session, set2);
        return ((TraversableOnce) set.intersect((authorizedHakukohderyhmaOidsFromSession == null || !authorizedHakukohderyhmaOidsFromSession.isEmpty()) ? (Set) ((GenericTraversableTemplate) Await$.MODULE$.result(Future$.MODULE$.sequence((TraversableOnce) authorizedHakukohderyhmaOidsFromSession.map(new OrganizationHierarchyAuthorizer$$anonfun$2(this), scala.collection.Set$.MODULE$.canBuildFrom()), scala.collection.Set$.MODULE$.canBuildFrom(), ExecutionContext$Implicits$.MODULE$.global()), Duration$.MODULE$.apply(10L, TimeUnit.SECONDS))).flatten2(Predef$.MODULE$.$conforms()) : (Set) scala.collection.Set$.MODULE$.apply(Nil$.MODULE$))).nonEmpty();
    }

    private boolean isAuthorizedByHakukohderyhmat(Session session, HakukohdeOid hakukohdeOid, Set<Role> set) {
        logger().warn(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"User ", " had no rights from ordinary checkAccess for hakukohde ", ", checking with hakukohderyhmat"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{session.personOid(), hakukohdeOid})));
        Set<HakukohderyhmaOid> authorizedHakukohderyhmaOidsFromSession = getAuthorizedHakukohderyhmaOidsFromSession(session, set);
        return ((authorizedHakukohderyhmaOidsFromSession == null || !authorizedHakukohderyhmaOidsFromSession.isEmpty()) ? (Set) ((GenericTraversableTemplate) Await$.MODULE$.result(Future$.MODULE$.sequence((TraversableOnce) authorizedHakukohderyhmaOidsFromSession.map(new OrganizationHierarchyAuthorizer$$anonfun$3(this), scala.collection.Set$.MODULE$.canBuildFrom()), scala.collection.Set$.MODULE$.canBuildFrom(), ExecutionContext$Implicits$.MODULE$.global()), Duration$.MODULE$.apply(10L, TimeUnit.SECONDS))).flatten2(Predef$.MODULE$.$conforms()) : (Set) scala.collection.Set$.MODULE$.apply(Nil$.MODULE$)).contains(hakukohdeOid);
    }

    public Either<Throwable, BoxedUnit> checkAccess(Session session, Set<String> set, Set<Role> set2) {
        return set.exists(new OrganizationHierarchyAuthorizer$$anonfun$checkAccess$1(this, session, set2)) ? package$.MODULE$.Right().apply(BoxedUnit.UNIT) : package$.MODULE$.Left().apply(new AuthorizationFailedException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"User ", " has none of the roles ", " in none of the organizations ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{session.personOid(), set2, set}))));
    }

    public Either<Throwable, BoxedUnit> checkAccess(Session session, String str, Set<Role> set) {
        Either apply;
        boolean z = false;
        Failure failure = null;
        Try apply2 = Try$.MODULE$.apply(new OrganizationHierarchyAuthorizer$$anonfun$1(this, session, str, set));
        if (!(apply2 instanceof Success)) {
            if (apply2 instanceof Failure) {
                z = true;
                failure = (Failure) apply2;
                Throwable exception = failure.exception();
                if (exception instanceof NotAuthorizedException) {
                    apply = package$.MODULE$.Left().apply(new AuthorizationFailedException("Organization authentication failed", (NotAuthorizedException) exception));
                }
            }
            if (z) {
                throw failure.exception();
            }
            throw new MatchError(apply2);
        }
        apply = package$.MODULE$.Right().apply(BoxedUnit.UNIT);
        return apply;
    }

    public Either<Throwable, BoxedUnit> checkAccessWithHakukohderyhmatForAtLeastOneHakukohde(Session session, Set<String> set, Set<Role> set2, Set<HakukohdeOid> set3) {
        if (!set.exists(new OrganizationHierarchyAuthorizer$$anonfun$checkAccessWithHakukohderyhmatForAtLeastOneHakukohde$1(this, session, set2)) && !atLeastOneHakukohdeAuthorizedByHakukohderyhma(session, set3, set2)) {
            logger().warn(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"User ", " has none of the roles ", " in none of the organizations ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{session.personOid(), set2, set})));
            return package$.MODULE$.Left().apply(new AuthorizationFailedException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"User ", " has none of the roles ", " in none of the organizations ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{session.personOid(), set2, set}))));
        }
        return package$.MODULE$.Right().apply(BoxedUnit.UNIT);
    }

    public Either<Throwable, BoxedUnit> checkAccessWithHakukohderyhmat(Session session, Set<String> set, Set<Role> set2, HakukohdeOid hakukohdeOid) {
        if (!set.exists(new OrganizationHierarchyAuthorizer$$anonfun$checkAccessWithHakukohderyhmat$1(this, session, set2)) && !isAuthorizedByHakukohderyhmat(session, hakukohdeOid, set2)) {
            logger().warn(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"User ", " has none of the roles ", " in none of the organizations ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{session.personOid(), set2, set})));
            return package$.MODULE$.Left().apply(new AuthorizationFailedException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"User ", " has none of the roles ", " in none of the organizations ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{session.personOid(), set2, set}))));
        }
        return package$.MODULE$.Right().apply(BoxedUnit.UNIT);
    }

    public Future<Seq<HakukohdeOid>> getHakukohteet(HakukohderyhmaOid hakukohderyhmaOid) {
        return hakukohdeCache().getFuture(hakukohderyhmaOid, new OrganizationHierarchyAuthorizer$$anonfun$getHakukohteet$1(this));
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public OrganizationHierarchyAuthorizer(VtsAppConfig.InterfaceC0046VtsAppConfig interfaceC0046VtsAppConfig, HakukohderyhmaService hakukohderyhmaService) {
        super(new OrganizationOidProvider(interfaceC0046VtsAppConfig));
        this.fi$vm$sade$security$OrganizationHierarchyAuthorizer$$hakukohderyhmaService = hakukohderyhmaService;
        Logging.Cclass.$init$(this);
    }
}
