package com.hivemq.mqtt.handler.publish;

import com.hivemq.extension.sdk.api.annotations.NotNull;
import com.hivemq.extension.sdk.api.annotations.Nullable;
import com.hivemq.extension.sdk.api.auth.parameter.TopicPermission;
import com.hivemq.extension.sdk.api.packets.auth.DefaultAuthorizationBehaviour;
import com.hivemq.extension.sdk.api.packets.auth.ModifiableDefaultPermissions;
import com.hivemq.extensions.auth.parameter.InternalTopicPermission;
import com.hivemq.mqtt.message.QoS;
import com.hivemq.mqtt.message.connect.MqttWillPublish;
import com.hivemq.mqtt.message.publish.PUBLISH;
import com.hivemq.mqtt.message.subscribe.Topic;
import com.hivemq.mqtt.topic.InvalidTopicException;
import com.hivemq.mqtt.topic.PermissionTopicMatcher;
import com.hivemq.persistence.clientsession.SharedSubscriptionServiceImpl;
import com.hivemq.util.Topics;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/hivemq/mqtt/handler/publish/DefaultPermissionsEvaluator.class */
public class DefaultPermissionsEvaluator {

    @NotNull
    private static final PermissionTopicMatcher topicMatcher = new PermissionTopicMatcher();

    public static boolean checkWillPublish(@Nullable ModifiableDefaultPermissions modifiableDefaultPermissions, @NotNull MqttWillPublish mqttWillPublish) {
        return checkPublish(modifiableDefaultPermissions, mqttWillPublish.getTopic(), mqttWillPublish.getQos(), mqttWillPublish.isRetain());
    }

    public static boolean checkPublish(@Nullable ModifiableDefaultPermissions modifiableDefaultPermissions, @NotNull PUBLISH publish) {
        return checkPublish(modifiableDefaultPermissions, publish.getTopic(), publish.getQoS(), publish.isRetain());
    }

    private static boolean checkPublish(@Nullable ModifiableDefaultPermissions modifiableDefaultPermissions, @NotNull String str, @NotNull QoS qoS, boolean z) {
        if (modifiableDefaultPermissions == null) {
            return false;
        }
        if (modifiableDefaultPermissions.asList().size() < 1) {
            return modifiableDefaultPermissions.getDefaultBehaviour() == DefaultAuthorizationBehaviour.ALLOW;
        }
        String[] splitPreserveAllTokens = StringUtils.splitPreserveAllTokens(str, "/");
        String stripEnd = str.length() > 1 ? StringUtils.stripEnd(str, "/") : str;
        for (TopicPermission topicPermission : modifiableDefaultPermissions.asList()) {
            if (implied(topicPermission, stripEnd, splitPreserveAllTokens, qoS, TopicPermission.MqttActivity.PUBLISH, z)) {
                return topicPermission.getType() == TopicPermission.PermissionType.ALLOW;
            }
        }
        return modifiableDefaultPermissions.getDefaultBehaviour() == DefaultAuthorizationBehaviour.ALLOW;
    }

    public static boolean checkSubscription(@Nullable ModifiableDefaultPermissions modifiableDefaultPermissions, @NotNull Topic topic) {
        boolean z;
        if (modifiableDefaultPermissions == null) {
            return true;
        }
        if (modifiableDefaultPermissions.asList().size() < 1) {
            return modifiableDefaultPermissions.getDefaultBehaviour() == DefaultAuthorizationBehaviour.ALLOW;
        }
        String topic2 = topic.getTopic();
        String str = null;
        if (topic2.startsWith("$share/")) {
            SharedSubscriptionServiceImpl.SharedSubscription checkForSharedSubscription = Topics.checkForSharedSubscription(topic2);
            if (checkForSharedSubscription != null) {
                z = true;
                topic2 = checkForSharedSubscription.getTopicFilter();
                str = checkForSharedSubscription.getShareName();
            } else {
                z = false;
            }
        } else {
            z = false;
        }
        String[] splitPreserveAllTokens = StringUtils.splitPreserveAllTokens(topic2, "/");
        String stripEnd = topic2.length() > 1 ? StringUtils.stripEnd(topic2, "/") : topic2;
        for (TopicPermission topicPermission : modifiableDefaultPermissions.asList()) {
            if (implied(topicPermission, stripEnd, splitPreserveAllTokens, topic.getQoS(), TopicPermission.MqttActivity.SUBSCRIBE, z, str)) {
                return topicPermission.getType() == TopicPermission.PermissionType.ALLOW;
            }
        }
        return modifiableDefaultPermissions.getDefaultBehaviour() == DefaultAuthorizationBehaviour.ALLOW;
    }

    private static boolean implied(@NotNull TopicPermission topicPermission, @NotNull String str, @NotNull String[] strArr, @NotNull QoS qoS, @NotNull TopicPermission.MqttActivity mqttActivity, boolean z) {
        if (mqttActivity == TopicPermission.MqttActivity.PUBLISH) {
            if (z && topicPermission.getPublishRetain() == TopicPermission.Retain.NOT_RETAINED) {
                return false;
            }
            if (!z && topicPermission.getPublishRetain() == TopicPermission.Retain.RETAINED) {
                return false;
            }
        }
        return implied(topicPermission, str, strArr, qoS, mqttActivity);
    }

    private static boolean implied(@NotNull TopicPermission topicPermission, @NotNull String str, @NotNull String[] strArr, @NotNull QoS qoS, @NotNull TopicPermission.MqttActivity mqttActivity, @NotNull boolean z, @Nullable String str2) {
        if (topicPermission.getSharedSubscription() == TopicPermission.SharedSubscription.NOT_SHARED && z) {
            return false;
        }
        if (topicPermission.getSharedSubscription() == TopicPermission.SharedSubscription.SHARED && !z) {
            return false;
        }
        if (str2 == null || "#".equals(topicPermission.getSharedGroup()) || str2.equals(topicPermission.getSharedGroup())) {
            return implied(topicPermission, str, strArr, qoS, mqttActivity);
        }
        return false;
    }

    private static boolean implied(@NotNull TopicPermission topicPermission, @NotNull String str, @NotNull String[] strArr, @NotNull QoS qoS, @NotNull TopicPermission.MqttActivity mqttActivity) {
        if ((topicPermission.getActivity() == TopicPermission.MqttActivity.ALL || topicPermission.getActivity() == mqttActivity) && qosImplied(topicPermission, qoS)) {
            return topicImplied(topicPermission, str, strArr);
        }
        return false;
    }

    private static boolean qosImplied(@NotNull TopicPermission topicPermission, @NotNull QoS qoS) {
        TopicPermission.Qos qos = topicPermission.getQos();
        if (qos == TopicPermission.Qos.ALL) {
            return true;
        }
        switch (qoS) {
            case AT_MOST_ONCE:
                return qos == TopicPermission.Qos.ZERO || qos == TopicPermission.Qos.ZERO_ONE || qos == TopicPermission.Qos.ZERO_TWO;
            case AT_LEAST_ONCE:
                return qos == TopicPermission.Qos.ONE || qos == TopicPermission.Qos.ZERO_ONE || qos == TopicPermission.Qos.ONE_TWO;
            case EXACTLY_ONCE:
                return qos == TopicPermission.Qos.TWO || qos == TopicPermission.Qos.ZERO_TWO || qos == TopicPermission.Qos.ONE_TWO;
            default:
                return false;
        }
    }

    private static boolean topicImplied(@NotNull TopicPermission topicPermission, @NotNull String str, @NotNull String[] strArr) {
        try {
            if (!(topicPermission instanceof InternalTopicPermission)) {
                return topicMatcher.matches(topicPermission.getTopicFilter(), str);
            }
            InternalTopicPermission internalTopicPermission = (InternalTopicPermission) topicPermission;
            return topicMatcher.matches(StringUtils.stripEnd(topicPermission.getTopicFilter(), "/"), ((InternalTopicPermission) topicPermission).getSplitTopic(), !internalTopicPermission.containsWildcardCharacter(), internalTopicPermission.endsWithWildcard(), internalTopicPermission.isRootWildcard(), str, strArr);
        } catch (InvalidTopicException e) {
            return false;
        }
    }
}
