package no.nav.common.abac;

import java.util.Optional;
import no.nav.common.abac.audit.AuditLogger;
import no.nav.common.abac.audit.AuditRequestInfoSupplier;
import no.nav.common.abac.audit.NimbusSubjectProvider;
import no.nav.common.abac.audit.SubjectProvider;
import no.nav.common.abac.cef.CefAbacEventContext;
import no.nav.common.abac.cef.CefAbacResponseMapper;
import no.nav.common.abac.constants.AbacDomain;
import no.nav.common.abac.domain.AbacPersonId;
import no.nav.common.abac.domain.request.ActionId;
import no.nav.common.abac.domain.request.Resource;
import no.nav.common.abac.domain.request.XacmlRequest;
import no.nav.common.abac.domain.response.XacmlResponse;
import no.nav.common.abac.exception.PepException;
import no.nav.common.utils.EnvironmentUtils;

/* loaded from: input_file:no/nav/common/abac/VeilarbPep.class */
public class VeilarbPep implements Pep {
    private final AbacClient abacClient;
    private final String srvUsername;
    private final AuditLogger auditLogger;
    private final SubjectProvider subjectProvider;
    private final AuditRequestInfoSupplier auditRequestInfoSupplier;

    public VeilarbPep(String str, String str2, String str3) {
        this(str, str2, str3, null);
    }

    public VeilarbPep(String str, String str2, String str3, AuditRequestInfoSupplier auditRequestInfoSupplier) {
        this.srvUsername = str2;
        this.auditLogger = new AuditLogger();
        this.abacClient = new AbacCachedClient(new AbacHttpClient(str, str2, str3));
        this.subjectProvider = new NimbusSubjectProvider();
        this.auditRequestInfoSupplier = auditRequestInfoSupplier;
    }

    public VeilarbPep(String str, AbacClient abacClient, AuditLogger auditLogger, SubjectProvider subjectProvider, AuditRequestInfoSupplier auditRequestInfoSupplier) {
        this.srvUsername = str;
        this.abacClient = abacClient;
        this.auditLogger = auditLogger;
        this.subjectProvider = subjectProvider;
        this.auditRequestInfoSupplier = auditRequestInfoSupplier;
    }

    @Override // no.nav.common.abac.Pep
    public void sjekkTilgangTilEnhet(String str, String str2) {
        ActionId actionId = ActionId.READ;
        Resource lagEnhetResource = XacmlRequestBuilder.lagEnhetResource(str2, AbacDomain.VEILARB_DOMAIN);
        if (!harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironment(this.srvUsername), XacmlRequestBuilder.lagAction(actionId), XacmlRequestBuilder.lagVeilederAccessSubject(str), lagEnhetResource), lagCefEventContext(CefAbacResponseMapper.enhetIdMapper(str2, actionId, lagEnhetResource), str))) {
            throw new PepException("Veileder har ikke tilgang til enhet");
        }
    }

    @Override // no.nav.common.abac.Pep
    public void sjekkVeilederTilgangTilPerson(String str, ActionId actionId, AbacPersonId abacPersonId) {
        Resource lagPersonResource = XacmlRequestBuilder.lagPersonResource(abacPersonId, AbacDomain.VEILARB_DOMAIN);
        if (!harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironment(this.srvUsername), XacmlRequestBuilder.lagAction(actionId), XacmlRequestBuilder.lagVeilederAccessSubject(str), lagPersonResource), lagCefEventContext(CefAbacResponseMapper.personIdMapper(abacPersonId, actionId, lagPersonResource), str))) {
            throw new PepException("Veileder har ikke tilgang til bruker");
        }
    }

    @Override // no.nav.common.abac.Pep
    public void sjekkTilgangTilPerson(String str, ActionId actionId, AbacPersonId abacPersonId) {
        String extractOidcTokenBody = AbacUtils.extractOidcTokenBody(str);
        Resource lagPersonResource = XacmlRequestBuilder.lagPersonResource(abacPersonId, AbacDomain.VEILARB_DOMAIN);
        if (!harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironmentMedOidcTokenBody(this.srvUsername, extractOidcTokenBody), XacmlRequestBuilder.lagAction(actionId), null, lagPersonResource), lagCefEventContext(CefAbacResponseMapper.personIdMapper(abacPersonId, actionId, lagPersonResource), this.subjectProvider.getSubjectFromToken(str)))) {
            throw new PepException("Innlogget bruker har ikke tilgang til person");
        }
    }

    @Override // no.nav.common.abac.Pep
    public void sjekkTilgangTilOppfolging(String str) {
        String extractOidcTokenBody = AbacUtils.extractOidcTokenBody(str);
        Resource lagOppfolgingDomeneResource = XacmlRequestBuilder.lagOppfolgingDomeneResource();
        if (!harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironmentMedOidcTokenBody(this.srvUsername, extractOidcTokenBody), null, null, lagOppfolgingDomeneResource), lagCefEventContext(CefAbacResponseMapper.resourceMapper(lagOppfolgingDomeneResource), this.subjectProvider.getSubjectFromToken(str)))) {
            throw new PepException("Veileder har ikke tilgang til oppfolging");
        }
    }

    @Override // no.nav.common.abac.Pep
    public void sjekkTilgangTilModia(String str) {
        String extractOidcTokenBody = AbacUtils.extractOidcTokenBody(str);
        Resource lagModiaDomeneResource = XacmlRequestBuilder.lagModiaDomeneResource();
        if (!harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironmentMedOidcTokenBody(this.srvUsername, extractOidcTokenBody), null, null, lagModiaDomeneResource), lagCefEventContext(CefAbacResponseMapper.resourceMapper(lagModiaDomeneResource), this.subjectProvider.getSubjectFromToken(str)))) {
            throw new PepException("Veileder har ikke tilgang til modia");
        }
    }

    @Override // no.nav.common.abac.Pep
    public void sjekkTilgangTilKode6(String str) {
        Resource lagKode6Resource = XacmlRequestBuilder.lagKode6Resource(AbacDomain.VEILARB_DOMAIN);
        if (!harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironment(this.srvUsername), null, XacmlRequestBuilder.lagVeilederAccessSubject(str), lagKode6Resource), lagCefEventContext(CefAbacResponseMapper.resourceMapper(lagKode6Resource), str))) {
            throw new PepException("Veileder har ikke tilgang til kode 6");
        }
    }

    @Override // no.nav.common.abac.Pep
    public void sjekkTilgangTilKode7(String str) {
        Resource lagKode7Resource = XacmlRequestBuilder.lagKode7Resource(AbacDomain.VEILARB_DOMAIN);
        if (!harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironment(this.srvUsername), null, XacmlRequestBuilder.lagVeilederAccessSubject(str), lagKode7Resource), lagCefEventContext(CefAbacResponseMapper.resourceMapper(lagKode7Resource), str))) {
            throw new PepException("Veileder har ikke tilgang til kode 7");
        }
    }

    @Override // no.nav.common.abac.Pep
    public void sjekkTilgangTilEgenAnsatt(String str) {
        Resource lagEgenAnsattResource = XacmlRequestBuilder.lagEgenAnsattResource(AbacDomain.VEILARB_DOMAIN);
        if (!harTilgang(XacmlRequestBuilder.buildRequest(XacmlRequestBuilder.lagEnvironment(this.srvUsername), null, XacmlRequestBuilder.lagVeilederAccessSubject(str), lagEgenAnsattResource), lagCefEventContext(CefAbacResponseMapper.resourceMapper(lagEgenAnsattResource), str))) {
            throw new PepException("Veileder har ikke tilgang til egen ansatt");
        }
    }

    @Override // no.nav.common.abac.Pep
    public AbacClient getAbacClient() {
        return this.abacClient;
    }

    private boolean harTilgang(XacmlRequest xacmlRequest, CefAbacEventContext cefAbacEventContext) {
        XacmlResponse sendRequest = this.abacClient.sendRequest(xacmlRequest);
        this.auditLogger.logCef(xacmlRequest, sendRequest, cefAbacEventContext);
        return XacmlResponseParser.harTilgang(sendRequest);
    }

    private CefAbacEventContext lagCefEventContext(CefAbacResponseMapper cefAbacResponseMapper, String str) {
        Optional map = Optional.ofNullable(this.auditRequestInfoSupplier).map((v0) -> {
            return v0.get();
        });
        return CefAbacEventContext.builder().applicationName(EnvironmentUtils.requireApplicationName()).callId((String) map.map((v0) -> {
            return v0.getCallId();
        }).orElse(null)).consumerId((String) map.map((v0) -> {
            return v0.getConsumerId();
        }).orElse(null)).requestMethod((String) map.map((v0) -> {
            return v0.getRequestMethod();
        }).orElse(null)).requestPath((String) map.map((v0) -> {
            return v0.getRequestPath();
        }).orElse(null)).subjectId(str).mapper(cefAbacResponseMapper).build();
    }
}
