package pl.edu.icm.unity.engine.authz;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import pl.edu.icm.unity.engine.attribute.AttributesHelper;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.exceptions.IllegalGroupValueException;
import pl.edu.icm.unity.exceptions.IllegalTypeException;
import pl.edu.icm.unity.exceptions.InternalException;
import pl.edu.icm.unity.store.api.GroupDAO;
import pl.edu.icm.unity.types.basic.Attribute;
import pl.edu.icm.unity.types.basic.AttributeExt;
import pl.edu.icm.unity.types.basic.Group;

/* loaded from: input_file:pl/edu/icm/unity/engine/authz/CachingRolesResolver.class */
class CachingRolesResolver {
    private final Map<String, AuthzRole> roles;
    private final AttributesHelper dbAttributes;
    private final Cache<CacheKey, Set<AuthzRole>> rolesCache;
    private final long cacheTTL;
    private final GroupDAO groupsDAO;

    /* loaded from: input_file:pl/edu/icm/unity/engine/authz/CachingRolesResolver$CacheKey.class */
    private static class CacheKey {
        private final Group group;
        private final long entityId;

        CacheKey(Group group, long j) {
            this.group = group;
            this.entityId = j;
        }

        public int hashCode() {
            return Objects.hash(Long.valueOf(this.entityId), this.group);
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            CacheKey cacheKey = (CacheKey) obj;
            return this.entityId == cacheKey.entityId && Objects.equals(this.group, cacheKey.group);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CachingRolesResolver(Map<String, AuthzRole> map, AttributesHelper attributesHelper, long j, GroupDAO groupDAO) {
        this.roles = map;
        this.dbAttributes = attributesHelper;
        this.cacheTTL = j;
        this.groupsDAO = groupDAO;
        this.rolesCache = CacheBuilder.newBuilder().expireAfterWrite(j, TimeUnit.MILLISECONDS).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<AuthzRole> establishRoles(long j, Group group) {
        if (this.cacheTTL <= 0) {
            return establishRolesNoCache(j, group);
        }
        CacheKey cacheKey = new CacheKey(group, j);
        Set<AuthzRole> set = (Set) this.rolesCache.getIfPresent(cacheKey);
        if (set != null) {
            return set;
        }
        Set<AuthzRole> establishRolesNoCache = establishRolesNoCache(j, group);
        this.rolesCache.put(cacheKey, establishRolesNoCache);
        return establishRolesNoCache;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void clearCache() {
        this.rolesCache.invalidateAll();
    }

    private Set<AuthzRole> establishRolesNoCache(long j, Group group) {
        try {
            Group group2 = group;
            HashSet hashSet = new HashSet();
            do {
                AttributeExt authzRoleAttribute = getAuthzRoleAttribute(j, group2);
                if (authzRoleAttribute != null) {
                    hashSet.addAll(getRolesFromAttribute(authzRoleAttribute));
                }
                String parentPath = group2.getParentPath();
                group2 = parentPath == null ? null : new Group(parentPath);
            } while (group2 != null);
            return hashSet;
        } catch (EngineException e) {
            throw new InternalException("Can't establish caller's roles", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<AuthzRole> getRolesFromAttribute(Attribute attribute) {
        HashSet hashSet = new HashSet();
        if (attribute != null) {
            for (Object obj : attribute.getValues()) {
                AuthzRole authzRole = this.roles.get(obj.toString());
                if (authzRole == null) {
                    throw new InternalException("Authorization attribute has unsupported role value: " + obj);
                }
                hashSet.add(authzRole);
            }
        }
        return hashSet;
    }

    private AttributeExt getAuthzRoleAttribute(long j, Group group) throws EngineException {
        String name = group.getName();
        if (!this.groupsDAO.exists(name)) {
            return null;
        }
        try {
            return this.dbAttributes.getAttributeOneGroup(j, name, RoleAttributeTypeProvider.AUTHORIZATION_ROLE);
        } catch (IllegalGroupValueException e) {
            throw new InternalException("Can't establish attributes for authorization pipeline - group problem", e);
        } catch (IllegalTypeException e2) {
            throw new InternalException("Can't establish attributes for authorization pipeline", e2);
        }
    }
}
