package org.artifactory.storage.db.security.service.access;

import com.google.common.util.concurrent.RateLimiter;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import org.artifactory.common.ConstantValues;
import org.artifactory.event.CacheType;
import org.artifactory.event.InvalidateCacheEvent;
import org.artifactory.factory.InfoFactoryHolder;
import org.artifactory.security.Acl;
import org.artifactory.security.BuildAcl;
import org.artifactory.security.BuildPermissionTarget;
import org.artifactory.security.MutableAcl;
import org.artifactory.security.PermissionTarget;
import org.artifactory.security.PermissionTargetAcls;
import org.artifactory.security.PrincipalPermission;
import org.artifactory.security.ReleaseBundleAcl;
import org.artifactory.security.ReleaseBundlePermissionTarget;
import org.artifactory.security.RepoAcl;
import org.artifactory.security.RepoPermissionTarget;
import org.artifactory.security.access.AccessService;
import org.artifactory.storage.StorageException;
import org.artifactory.storage.db.security.service.AclCacheLoader;
import org.artifactory.storage.db.security.service.AllAclCacheLoader;
import org.artifactory.storage.db.security.service.AsyncVersioningCacheImpl;
import org.artifactory.storage.db.security.service.VersionCache;
import org.artifactory.storage.db.security.service.VersioningCacheImpl;
import org.artifactory.storage.security.service.AclCache;
import org.artifactory.storage.security.service.AclStoreService;
import org.artifactory.util.AlreadyExistsException;
import org.jfrog.access.client.AccessClientException;
import org.jfrog.access.client.AccessClientHttpException;
import org.jfrog.access.client.permission.PermissionsClient;
import org.jfrog.access.common.ResourceType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationListener;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:org/artifactory/storage/db/security/service/access/AclStoreServiceImpl.class */
public class AclStoreServiceImpl implements AclStoreService, ApplicationListener<InvalidateCacheEvent> {
    private VersionCache<AclCacheLoader.AclCacheItem<RepoPermissionTarget>> repoAclsCache;
    private VersionCache<AclCacheLoader.AclCacheItem<BuildPermissionTarget>> buildsAclsCache;
    private VersionCache<AclCacheLoader.AclCacheItem<ReleaseBundlePermissionTarget>> releaseBundlesAclsCache;
    private VersionCache<AllAclCacheLoader.AllAclCacheItem> allAclsCache;
    private AccessService accessService;
    private RateLimiter rateLimiter;
    private long accessPermissionLastUpdated;
    private final Supplier<Collection<Acl<RepoPermissionTarget>>> getRepoAcls = this::getDownstreamAllRepoAcls;
    private final Supplier<Collection<Acl<BuildPermissionTarget>>> getBuildAcls = this::getDownstreamAllBuildAcls;
    private final Supplier<Collection<Acl<ReleaseBundlePermissionTarget>>> getReleaseBundleAcls = this::getDownstreamAllReleaseBundlesAcls;
    private static final Function<RepoPermissionTarget, List<String>> getRepoKeysFunction = (v0) -> {
        return v0.getRepoKeys();
    };
    private static final Function<BuildPermissionTarget, List<String>> getBuildRepoKeysFunction = (v0) -> {
        return v0.getRepoKeys();
    };
    private static final Function<ReleaseBundlePermissionTarget, List<String>> getReleaseBundleRepoKeysFunction = (v0) -> {
        return v0.getRepoKeys();
    };

    @Autowired
    public void setAccessService(AccessService accessService) {
        this.accessService = accessService;
    }

    @PostConstruct
    public void init() {
        long j = ConstantValues.aclDirtyReadsTimeout.getLong();
        boolean z = ConstantValues.aclVersionCacheAsyncReload.getBoolean();
        AclCacheLoader aclCacheLoader = new AclCacheLoader(this.getRepoAcls, getRepoKeysFunction);
        AclCacheLoader aclCacheLoader2 = new AclCacheLoader(this.getBuildAcls, getBuildRepoKeysFunction);
        AclCacheLoader aclCacheLoader3 = new AclCacheLoader(this.getReleaseBundleAcls, getReleaseBundleRepoKeysFunction);
        AllAclCacheLoader allAclCacheLoader = new AllAclCacheLoader(this::getAllBuildAclsValues, this::getAllRepoAclsValues, this::getAllReleaseBundleAclsVaues);
        if (z) {
            long j2 = ConstantValues.aclVersionCacheAsyncWaitingTimeMillis.getLong();
            long j3 = ConstantValues.aclVersionCacheAsyncWaitOnErrorTimeMillis.getLong();
            this.repoAclsCache = new AsyncVersioningCacheImpl(j, aclCacheLoader, j2, j3, "repoAclsCache");
            this.buildsAclsCache = new AsyncVersioningCacheImpl(j, aclCacheLoader2, j2, j3, "buildAclsCache");
            this.releaseBundlesAclsCache = new AsyncVersioningCacheImpl(j, aclCacheLoader3, j2, j3, "releaseBundleAclCacheLoader");
            this.allAclsCache = new AsyncVersioningCacheImpl(j, allAclCacheLoader, j2, j3, "allAclsCache");
        } else {
            this.repoAclsCache = new VersioningCacheImpl(j, aclCacheLoader);
            this.buildsAclsCache = new VersioningCacheImpl(j, aclCacheLoader2);
            this.releaseBundlesAclsCache = new VersioningCacheImpl(j, aclCacheLoader3);
            this.allAclsCache = new VersioningCacheImpl(j, allAclCacheLoader);
        }
        this.rateLimiter = RateLimiter.create(getRefreshTime());
    }

    public Collection<RepoAcl> getAllRepoAcls() {
        return getReposAclsMap().values();
    }

    public Collection<BuildAcl> getAllBuildAcls() {
        return getBuildsAclsMap().values();
    }

    public Collection<ReleaseBundleAcl> getAllReleaseBundleAcls() {
        return getReleaseBundlesAclsMap().values();
    }

    public Map<Character, List<PermissionTargetAcls>> getMapPermissionTargetAcls(boolean z) {
        invalidCacheIfRequired();
        return z ? this.allAclsCache.get().getReverseAclInfosMap() : this.allAclsCache.get().getAclInfosMap();
    }

    private Collection<Acl<RepoPermissionTarget>> getDownstreamAllRepoAcls() {
        return (Collection) this.accessService.getAccessClient().permissions().findPermissionsByResourceType(ResourceType.REPO).getPermissions().stream().map(AclMapper::toArtifactoryRepoAcl).collect(Collectors.toSet());
    }

    private Collection<Acl<BuildPermissionTarget>> getDownstreamAllBuildAcls() {
        return (Collection) this.accessService.getAccessClient().permissions().findPermissionsByResourceType(ResourceType.BUILD).getPermissions().stream().map(AclMapper::toArtifactoryBuildAcl).collect(Collectors.toSet());
    }

    private Collection<Acl<ReleaseBundlePermissionTarget>> getDownstreamAllReleaseBundlesAcls() {
        return (Collection) this.accessService.getAccessClient().permissions().findPermissionsByResourceType(ResourceType.RELEASE_BUNDLE).getPermissions().stream().map(AclMapper::toArtifactoryReleaseBundleAcl).collect(Collectors.toSet());
    }

    public AclCache<RepoPermissionTarget> getAclCache() {
        invalidCacheIfRequired();
        AclCacheLoader.AclCacheItem<RepoPermissionTarget> aclCacheItem = this.repoAclsCache.get();
        return new AclCache<>(aclCacheItem.getGroupResultMap(), aclCacheItem.getUserResultMap());
    }

    public AclCache<BuildPermissionTarget> getBuildsAclCache() {
        invalidCacheIfRequired();
        AclCacheLoader.AclCacheItem<BuildPermissionTarget> aclCacheItem = this.buildsAclsCache.get();
        return new AclCache<>(aclCacheItem.getGroupResultMap(), aclCacheItem.getUserResultMap());
    }

    public AclCache<ReleaseBundlePermissionTarget> getReleaseBundlesAclCache() {
        invalidCacheIfRequired();
        AclCacheLoader.AclCacheItem<ReleaseBundlePermissionTarget> aclCacheItem = this.releaseBundlesAclsCache.get();
        return new AclCache<>(aclCacheItem.getGroupResultMap(), aclCacheItem.getUserResultMap());
    }

    private void invalidCacheIfRequired() {
        this.rateLimiter.setRate(getRefreshTime());
        if (this.rateLimiter.tryAcquire()) {
            long lastUpdated = this.accessService.getAccessClient().permissions().lastUpdated();
            if (lastUpdated > this.accessPermissionLastUpdated) {
                invalidateAclCache();
                this.accessPermissionLastUpdated = lastUpdated;
            }
        }
    }

    private double getRefreshTime() {
        return 1.0d / ConstantValues.aclMinimumWaitRefreshDataSeconds.getLong();
    }

    public RepoAcl getRepoAcl(String str) {
        return getReposAclsMap().get(str);
    }

    public BuildAcl getBuildAcl(String str) {
        return getBuildsAclsMap().get(str);
    }

    public ReleaseBundleAcl getReleaseBundleAcl(String str) {
        return getReleaseBundlesAclsMap().get(str);
    }

    public void createAcl(Acl acl) {
        cudOperation(permissionsClient -> {
            permissionsClient.createPermission(AclMapper.aclToAccessPermission(acl, getServiceId()));
        }, "Could not create " + getAclDetailsForErrorLog(acl));
    }

    public void updateAcl(Acl acl) {
        cudOperation(permissionsClient -> {
            permissionsClient.replacePermission(AclMapper.aclToAccessPermission(acl, getServiceId()));
        }, "Could not update " + getAclDetailsForErrorLog(acl));
    }

    public void deleteAcl(Acl acl) {
        String accessIdentifier = acl.getAccessIdentifier();
        if (accessIdentifier == null) {
            throw new IllegalStateException("Can't delete ACL without unique Access identifier");
        }
        cudOperation(permissionsClient -> {
            permissionsClient.deletePermissionById(accessIdentifier);
        }, "Could not delete " + getAclDetailsForErrorLog(acl));
    }

    private String getAclDetailsForErrorLog(Acl acl) {
        return "permission " + acl.getPermissionTarget().getName() + " with identifier " + acl.getAccessIdentifier();
    }

    private void cudOperation(Consumer<PermissionsClient> consumer, String str) {
        try {
            try {
                consumer.accept(this.accessService.getAccessClient().permissions());
                invalidateAclCache();
            } catch (IllegalArgumentException | AccessClientException e) {
                throw new StorageException(str, e);
            } catch (AccessClientHttpException e2) {
                if (409 != e2.getStatusCode()) {
                    throw new StorageException(str, e2);
                }
                throw new AlreadyExistsException(str, e2);
            }
        } catch (Throwable th) {
            invalidateAclCache();
            throw th;
        }
    }

    public void removeAllUserAces(String str) {
        removeAllGeneric(str, this.repoAclsCache, false);
        removeAllGeneric(str, this.buildsAclsCache, false);
        removeAllGeneric(str, this.releaseBundlesAclsCache, false);
    }

    public void removeAllGroupAces(String str) {
        removeAllGeneric(str, this.repoAclsCache, true);
        removeAllGeneric(str, this.buildsAclsCache, true);
        removeAllGeneric(str, this.releaseBundlesAclsCache, true);
    }

    private <T extends PermissionTarget> void removeAllGeneric(String str, VersionCache<AclCacheLoader.AclCacheItem<T>> versionCache, boolean z) {
        Map<String, Set<PrincipalPermission<T>>> pricinpalPermission = getPricinpalPermission(str, versionCache, z);
        if (pricinpalPermission == null) {
            return;
        }
        Map<String, Acl<T>> aclInfoMap = versionCache.get().getAclInfoMap();
        cudOperation(permissionsClient -> {
            pricinpalPermission.values().stream().flatMap((v0) -> {
                return v0.stream();
            }).map(principalPermission -> {
                return (Acl) aclInfoMap.get(principalPermission.getPermissionTarget().getName());
            }).map(acl -> {
                return removeAceFromAcl(acl, str, z);
            }).forEach((v1) -> {
                updateAcl(v1);
            });
        }, "Could not delete ACE for " + (z ? "group" : "user") + str);
    }

    private <T extends PermissionTarget> Map<String, Set<PrincipalPermission<T>>> getPricinpalPermission(String str, VersionCache<AclCacheLoader.AclCacheItem<T>> versionCache, boolean z) {
        return z ? versionCache.get().getGroupResultMap().get(str) : versionCache.get().getUserResultMap().get(str);
    }

    private <T extends PermissionTarget> MutableAcl removeAceFromAcl(Acl<T> acl, String str, boolean z) {
        MutableAcl copyAclByType = copyAclByType(acl);
        copyAclByType.setAces((Set) acl.getAces().stream().filter(aceInfo -> {
            return aceInfo.isGroup() != z || (aceInfo.isGroup() == z && !aceInfo.getPrincipal().equals(str));
        }).collect(Collectors.toSet()));
        return copyAclByType;
    }

    private <T extends PermissionTarget> MutableAcl copyAclByType(Acl<T> acl) {
        if (acl instanceof RepoAcl) {
            return InfoFactoryHolder.get().copyRepoAcl((RepoAcl) acl);
        }
        if (acl instanceof BuildAcl) {
            return InfoFactoryHolder.get().copyBuildAcl((BuildAcl) acl);
        }
        if (acl instanceof ReleaseBundleAcl) {
            return InfoFactoryHolder.get().copyReleaseBundleAcl((ReleaseBundleAcl) acl);
        }
        throw new IllegalStateException("Acl is not of a known type. Must be of type repo/build");
    }

    public void deleteAllAcls() {
        cudOperation(permissionsClient -> {
            getAllRepoAcls().forEach((v1) -> {
                deleteAcl(v1);
            });
        }, "Could not delete all ACLs");
    }

    public String invalidateAclCache() {
        return "Repo cache version: " + this.repoAclsCache.promoteVersion() + "; Builds cache version: " + this.buildsAclsCache.promoteVersion() + "; Release Bundles cache version: " + this.releaseBundlesAclsCache.promoteVersion() + "; All acls cache version" + this.allAclsCache.promoteVersion();
    }

    public void destroy() {
        this.repoAclsCache.destroy();
        this.buildsAclsCache.destroy();
        this.releaseBundlesAclsCache.destroy();
        this.allAclsCache.destroy();
    }

    private String getServiceId() {
        return this.accessService.getArtifactoryServiceId().getFormattedName();
    }

    private Map<String, RepoAcl> getReposAclsMap() {
        return getReposAclsMap(false);
    }

    private Map<String, RepoAcl> getReposAclsMap(boolean z) {
        if (!z) {
            invalidCacheIfRequired();
        }
        return (Map) this.repoAclsCache.get().getAclInfoMap().entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return toRepoAcl((Acl) entry.getValue());
        }));
    }

    private RepoAcl toRepoAcl(Acl<RepoPermissionTarget> acl) {
        if (acl instanceof RepoAcl) {
            return (RepoAcl) acl;
        }
        throw new IllegalStateException("Acl is not of type RepoAcl. Must be of type repo");
    }

    private Map<String, BuildAcl> getBuildsAclsMap() {
        return getBuildsAclsMap(false);
    }

    private Map<String, BuildAcl> getBuildsAclsMap(boolean z) {
        if (!z) {
            invalidCacheIfRequired();
        }
        return (Map) this.buildsAclsCache.get().getAclInfoMap().entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return toBuildAcl((Acl) entry.getValue());
        }));
    }

    private BuildAcl toBuildAcl(Acl<BuildPermissionTarget> acl) {
        if (acl instanceof BuildAcl) {
            return (BuildAcl) acl;
        }
        throw new IllegalStateException("Acl is not of type BuildAcl. Must be of type build");
    }

    private Map<String, ReleaseBundleAcl> getReleaseBundlesAclsMap() {
        return getReleaseBundlesAclsMap(false);
    }

    private Map<String, ReleaseBundleAcl> getReleaseBundlesAclsMap(boolean z) {
        if (!z) {
            invalidCacheIfRequired();
        }
        return (Map) this.releaseBundlesAclsCache.get().getAclInfoMap().entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return toReleaseBundleAcl((Acl) entry.getValue());
        }));
    }

    private ReleaseBundleAcl toReleaseBundleAcl(Acl<ReleaseBundlePermissionTarget> acl) {
        if (acl instanceof ReleaseBundleAcl) {
            return (ReleaseBundleAcl) acl;
        }
        throw new IllegalStateException("Acl is not of type ReleaseBundleAcl. Must be of type release bundle");
    }

    private Collection<RepoAcl> getAllRepoAclsValues() {
        return getReposAclsMap(true).values();
    }

    private Collection<BuildAcl> getAllBuildAclsValues() {
        return getBuildsAclsMap(true).values();
    }

    private Collection<ReleaseBundleAcl> getAllReleaseBundleAclsVaues() {
        return getReleaseBundlesAclsMap(true).values();
    }

    public void onApplicationEvent(InvalidateCacheEvent invalidateCacheEvent) {
        if (CacheType.ACL.equals(invalidateCacheEvent.getCacheType())) {
            invalidateAclCache();
        }
    }
}
