package com.atlassian.stash.internal.crowd;

import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.exception.CrowdException;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.exception.runtime.CrowdRuntimeException;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.stereotype.Component;

@Component("credentialCache")
@ConditionalOnExpression("${auth.cache.ttl} > 0")
/* loaded from: input_file:WEB-INF/lib/bitbucket-service-impl-6.0.0.jar:com/atlassian/stash/internal/crowd/GuavaCredentialCache.class */
public class GuavaCredentialCache implements CredentialCache {
    private static final long MAX_TTL = 300;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) GuavaCredentialCache.class);
    private final Cache<String, CachedUser> cache;
    private final DirectoryManager directoryManager;

    /* loaded from: input_file:WEB-INF/lib/bitbucket-service-impl-6.0.0.jar:com/atlassian/stash/internal/crowd/GuavaCredentialCache$CachedUser.class */
    private static class CachedUser {
        private final long directoryId;
        private final String username;

        public CachedUser(User user) {
            this.directoryId = user.getDirectoryId();
            this.username = user.getName();
        }
    }

    @Autowired
    public GuavaCredentialCache(DirectoryManager directoryManager, @Value("${auth.cache.concurrency:10}") int i, @Value("${auth.cache.tti}") long j, @Value("${auth.cache.ttl}") long j2) {
        if (j2 > 300) {
            log.warn("{} seconds is the maximum TTL allowed when caching credentials, for security reasons. The configured TTL ({}) will be reduced to {}.", 300L, Long.valueOf(j2), 300L);
            j2 = 300;
        }
        j = (j > j2 || j < 1) ? j2 : j;
        this.directoryManager = directoryManager;
        this.cache = CacheBuilder.newBuilder().concurrencyLevel(i).expireAfterAccess(j, TimeUnit.SECONDS).expireAfterWrite(j2, TimeUnit.SECONDS).build();
    }

    @Override // com.atlassian.stash.internal.crowd.CredentialCache
    public User get(@Nonnull String str) {
        Objects.requireNonNull(str, "credentials");
        CachedUser ifPresent = this.cache.getIfPresent(str);
        if (ifPresent == null) {
            return null;
        }
        try {
            com.atlassian.crowd.model.user.User findUserByName = this.directoryManager.findUserByName(ifPresent.directoryId, ifPresent.username);
            if (findUserByName.isActive()) {
                return findUserByName;
            }
            return null;
        } catch (DirectoryNotFoundException | UserNotFoundException e) {
            log.info("{} will be re-authenticated; the associated Crowd user was not found", ifPresent.username, log.isDebugEnabled() ? e : null);
            return null;
        } catch (CrowdException | CrowdRuntimeException e2) {
            log.warn("{} will be re-authenticated; retrieving user details failed", ifPresent.username, e2);
            return null;
        }
    }

    @Override // com.atlassian.stash.internal.crowd.CredentialCache
    public void put(@Nonnull String str, @Nonnull User user) {
        Objects.requireNonNull(str, "credentials");
        Objects.requireNonNull(user, "user");
        this.cache.put(str, new CachedUser(user));
    }

    @Override // com.atlassian.stash.internal.crowd.CredentialCache
    public void remove(@Nonnull String str) {
        Objects.requireNonNull(str, "credentials");
        this.cache.invalidate(str);
    }
}
