package org.molgenis.data.security.auth;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.Objects;
import org.molgenis.data.security.DataserviceRoleHierarchy;
import org.molgenis.data.transaction.TransactionListener;
import org.molgenis.data.transaction.TransactionManager;
import org.molgenis.security.core.runas.RunAsSystemAspect;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;

/* loaded from: input_file:org/molgenis/data/security/auth/CachedRoleHierarchyImpl.class */
public class CachedRoleHierarchyImpl implements TransactionListener, CachedRoleHierarchy {
    private final DataserviceRoleHierarchy dataserviceRoleHierarchy;
    private ImmutableMap<GrantedAuthority, ImmutableSet<GrantedAuthority>> cachedReachableAuthoritiesMap;
    private final ThreadLocal<Boolean> cacheDirty;

    public CachedRoleHierarchyImpl(DataserviceRoleHierarchy dataserviceRoleHierarchy, TransactionManager transactionManager) {
        this.dataserviceRoleHierarchy = (DataserviceRoleHierarchy) Objects.requireNonNull(dataserviceRoleHierarchy);
        ((TransactionManager) Objects.requireNonNull(transactionManager)).addTransactionListener(this);
        this.cacheDirty = new ThreadLocal<>();
    }

    public Collection<? extends GrantedAuthority> getReachableGrantedAuthorities(Collection<? extends GrantedAuthority> collection) {
        Collection<? extends GrantedAuthority> collection2;
        if (collection == null || collection.isEmpty()) {
            collection2 = AuthorityUtils.NO_AUTHORITIES;
        } else {
            Boolean bool = this.cacheDirty.get();
            collection2 = (bool == null || !bool.booleanValue()) ? getCachedReachableAuthorities(collection) : getPersistedReachableGrantedAuthorities(collection);
        }
        return collection2;
    }

    private Collection<GrantedAuthority> getCachedReachableAuthorities(Collection<? extends GrantedAuthority> collection) {
        Collection<GrantedAuthority> build;
        if (this.cachedReachableAuthoritiesMap == null) {
            this.cachedReachableAuthoritiesMap = createReachableAuthoritiesMap();
        }
        if (collection.size() == 1) {
            build = getCachedReachableAuthorities(collection.iterator().next());
        } else {
            ImmutableSet.Builder builder = ImmutableSet.builder();
            Iterator<? extends GrantedAuthority> it = collection.iterator();
            while (it.hasNext()) {
                builder.addAll(getCachedReachableAuthorities(it.next()));
            }
            build = builder.build();
        }
        return build;
    }

    private Collection<GrantedAuthority> getCachedReachableAuthorities(GrantedAuthority grantedAuthority) {
        Collection<GrantedAuthority> collection = (Collection) this.cachedReachableAuthoritiesMap.get(grantedAuthority);
        return collection == null ? Collections.singleton(grantedAuthority) : collection;
    }

    private Collection<? extends GrantedAuthority> getPersistedReachableGrantedAuthorities(Collection<? extends GrantedAuthority> collection) {
        return (Collection) RunAsSystemAspect.runAsSystem(() -> {
            return this.dataserviceRoleHierarchy.getReachableGrantedAuthorities(collection);
        });
    }

    private synchronized ImmutableMap<GrantedAuthority, ImmutableSet<GrantedAuthority>> createReachableAuthoritiesMap() {
        DataserviceRoleHierarchy dataserviceRoleHierarchy = this.dataserviceRoleHierarchy;
        Objects.requireNonNull(dataserviceRoleHierarchy);
        ImmutableMap immutableMap = (ImmutableMap) RunAsSystemAspect.runAsSystem(dataserviceRoleHierarchy::getAllGrantedAuthorityInclusions);
        ImmutableMap.Builder builder = ImmutableMap.builder();
        immutableMap.keySet().forEach(grantedAuthority -> {
            builder.put(grantedAuthority, getReachableAuthorities(grantedAuthority, immutableMap));
        });
        return builder.build();
    }

    private ImmutableSet<GrantedAuthority> getReachableAuthorities(GrantedAuthority grantedAuthority, ImmutableMap<GrantedAuthority, ImmutableSet<GrantedAuthority>> immutableMap) {
        ImmutableSet.Builder builder = ImmutableSet.builder();
        Collection collection = (Collection) immutableMap.get(grantedAuthority);
        builder.add(grantedAuthority);
        builder.addAll(collection);
        collection.forEach(grantedAuthority2 -> {
            builder.addAll(getReachableAuthorities(grantedAuthority2, immutableMap));
        });
        return builder.build();
    }

    @Override // org.molgenis.data.security.auth.CachedRoleHierarchy
    public void markRoleHierarchyCacheDirty() {
        this.cacheDirty.set(true);
    }

    public void transactionStarted(String str) {
        this.cacheDirty.set(false);
    }

    public void afterCommitTransaction(String str) {
        Boolean bool = this.cacheDirty.get();
        if (bool == null || !bool.booleanValue()) {
            return;
        }
        this.cachedReachableAuthoritiesMap = null;
    }

    public void rollbackTransaction(String str) {
        this.cacheDirty.set(false);
    }

    public void doCleanupAfterCompletion(String str) {
        this.cacheDirty.remove();
    }
}
