package org.openanzo.datasource.services;

import com.nimbusds.jose.Header;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.StampedLock;
import org.openanzo.cache.ICache;
import org.openanzo.cache.ICacheProvider;
import org.openanzo.exceptions.AnzoException;
import org.openanzo.exceptions.ExceptionConstants;
import org.openanzo.exceptions.LogUtils;
import org.openanzo.rdf.Constants;
import org.openanzo.rdf.URI;
import org.openanzo.rdf.utils.Pair;
import org.openanzo.rdf.utils.SerializationConstants;
import org.openanzo.services.AnzoPrincipal;
import org.openanzo.services.DynamicServiceStats;
import org.openanzo.services.IAuditEventListener;
import org.openanzo.services.IAuthenticationCache;
import org.openanzo.services.IAuthenticationService;
import org.openanzo.services.IOperationContext;
import org.osgi.service.event.Event;
import org.osgi.service.event.EventHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openanzo/datasource/services/AuthenticationCache.class */
public class AuthenticationCache implements EventHandler, IAuditEventListener, IAuthenticationCache {
    protected static final Logger log = LoggerFactory.getLogger((Class<?>) AuthenticationCache.class);
    private ICache<String, AnzoPrincipal> userIdToPrincipalCache;
    private ICache<URI, AnzoPrincipal> userUriToPrincipalCache;
    private ICache<URI, Set<URI>> rolesCache;
    private Map<URI, Long> loginTimeout;
    long TIMEOUT;
    AnzoPrincipal sysadminPrincipal;
    private final StampedLock lock = new StampedLock();
    private final CachedAuthenticationServiceStats stats = new CachedAuthenticationServiceStats(new String[0]);

    public AuthenticationCache(long j, ICacheProvider iCacheProvider) {
        this.TIMEOUT = 600000L;
        this.TIMEOUT = j;
        this.stats.setEnabled(true);
        if (iCacheProvider != null) {
            this.userUriToPrincipalCache = iCacheProvider.openCache("AuthenticationUriPrincipalCache", Header.MAX_HEADER_STRING_LENGTH);
            this.userIdToPrincipalCache = iCacheProvider.openCache("AuthenticationIdPrincipalCache", Header.MAX_HEADER_STRING_LENGTH);
            this.rolesCache = iCacheProvider.openCache("AuthenticationRolesCache", Header.MAX_HEADER_STRING_LENGTH);
            this.loginTimeout = new ConcurrentHashMap();
        }
    }

    @Override // org.openanzo.services.IAuditLog
    public boolean isEnabled() {
        return this.userIdToPrincipalCache != null;
    }

    public DynamicServiceStats getStatistics() {
        return this.stats;
    }

    public void cacheUser(String str, AnzoPrincipal anzoPrincipal) {
        long writeLock = this.lock.writeLock();
        try {
            this.userIdToPrincipalCache.put(str, anzoPrincipal);
            this.userUriToPrincipalCache.put(anzoPrincipal.getUserURI(), anzoPrincipal);
            this.loginTimeout.put(anzoPrincipal.getUserURI(), Long.valueOf(System.currentTimeMillis()));
        } finally {
            this.lock.unlockWrite(writeLock);
        }
    }

    public AnzoPrincipal getSysadminPrincipal() {
        return this.sysadminPrincipal;
    }

    public void setSysadminPrincipal(AnzoPrincipal anzoPrincipal) {
        this.sysadminPrincipal = anzoPrincipal;
    }

    public Pair<Boolean, AnzoPrincipal> getUserPrincipal(IOperationContext iOperationContext, String str) throws AnzoException {
        Long l;
        long j = 0;
        if (this.stats.isEnabled()) {
            j = System.currentTimeMillis();
        }
        try {
            long tryOptimisticRead = this.lock.tryOptimisticRead();
            AnzoPrincipal anzoPrincipal = this.userIdToPrincipalCache.get(str);
            if (!this.lock.validate(tryOptimisticRead)) {
                long readLock = this.lock.readLock();
                try {
                    anzoPrincipal = this.userIdToPrincipalCache.get(str);
                } finally {
                    this.lock.unlockRead(readLock);
                }
            }
            if (anzoPrincipal == null) {
                if (!this.stats.isEnabled()) {
                    return null;
                }
                this.stats.use(IAuthenticationService.GET_USER_PRINCIPAL, System.currentTimeMillis() - j);
                return null;
            }
            long readLock2 = this.lock.readLock();
            try {
                if (this.TIMEOUT > 0 && ((l = this.loginTimeout.get(anzoPrincipal.getUserURI())) == null || System.currentTimeMillis() - l.longValue() > this.TIMEOUT)) {
                    if (log.isDebugEnabled()) {
                        log.debug(LogUtils.SECURITY_MARKER, "Invalidating {} roles due to timeout.", anzoPrincipal.getUserURI().toString());
                    }
                    long tryConvertToWriteLock = this.lock.tryConvertToWriteLock(readLock2);
                    if (tryConvertToWriteLock != 0) {
                        try {
                            this.rolesCache.remove(anzoPrincipal.getUserURI());
                            return new Pair<>(Boolean.FALSE, anzoPrincipal);
                        } finally {
                            if (tryConvertToWriteLock != 0) {
                                this.lock.unlockWrite(tryConvertToWriteLock);
                            }
                        }
                    }
                    if (tryConvertToWriteLock != 0) {
                        this.lock.unlockWrite(tryConvertToWriteLock);
                    }
                }
                Pair<Boolean, AnzoPrincipal> pair = new Pair<>(Boolean.valueOf(this.rolesCache.hasKey(anzoPrincipal.getUserURI())), anzoPrincipal);
                if (this.stats.isEnabled()) {
                    this.stats.use(IAuthenticationService.GET_USER_PRINCIPAL, System.currentTimeMillis() - j);
                }
                return pair;
            } finally {
                this.lock.tryUnlockRead();
            }
        } finally {
            if (this.stats.isEnabled()) {
                this.stats.use(IAuthenticationService.GET_USER_PRINCIPAL, System.currentTimeMillis() - j);
            }
        }
    }

    public void cacheRolesForUser(URI uri, Set<URI> set) {
        long writeLock = this.lock.writeLock();
        try {
            this.rolesCache.put(uri, set);
            this.loginTimeout.put(uri, Long.valueOf(System.currentTimeMillis()));
        } finally {
            this.lock.unlockWrite(writeLock);
        }
    }

    public Set<URI> getRolesForUser(URI uri) throws AnzoException {
        Long l;
        if (this.stats.isEnabled()) {
            System.currentTimeMillis();
        }
        if (uri == null) {
            throw new AnzoException(ExceptionConstants.SERVER.MISSING_ARG, "userUri", "GetRolesForUser");
        }
        long tryOptimisticRead = this.lock.tryOptimisticRead();
        Set<URI> set = this.rolesCache.get(uri);
        if (!this.lock.validate(tryOptimisticRead)) {
            long readLock = this.lock.readLock();
            try {
                set = this.rolesCache.get(uri);
            } finally {
                this.lock.unlockRead(readLock);
            }
        }
        if (set == null || this.TIMEOUT <= 0 || ((l = this.loginTimeout.get(uri)) != null && System.currentTimeMillis() - l.longValue() <= this.TIMEOUT)) {
            return set;
        }
        if (log.isDebugEnabled()) {
            log.debug(LogUtils.SECURITY_MARKER, "Invalidating {} roles due to timeout.", uri.toString());
        }
        this.loginTimeout.remove(uri);
        AnzoPrincipal remove = this.userUriToPrincipalCache.remove(uri);
        if (remove != null) {
            this.userIdToPrincipalCache.remove(remove.getName());
        }
        this.rolesCache.remove(uri);
        return null;
    }

    private void invalidateUser(AnzoPrincipal anzoPrincipal) {
        long writeLock = this.lock.writeLock();
        try {
            this.userUriToPrincipalCache.remove(anzoPrincipal.getUserURI());
            this.userIdToPrincipalCache.remove(anzoPrincipal.getName());
            this.rolesCache.remove(anzoPrincipal.getUserURI());
            this.loginTimeout.remove(anzoPrincipal.getUserURI());
        } finally {
            this.lock.unlockWrite(writeLock);
        }
    }

    @Override // org.openanzo.services.IAuditLog, org.openanzo.services.IAuthenticationCache
    public void userDisconnected(String str, AnzoPrincipal anzoPrincipal, Properties properties) {
        if (anzoPrincipal.isAnonymous()) {
            return;
        }
        invalidateUser(anzoPrincipal);
    }

    public void handleEvent(Event event) {
        long writeLock;
        if (event.getTopic().equals(Constants.TOPICS.USER_CACHE_CLEAR)) {
            clear();
            return;
        }
        if (!event.getTopic().equals(Constants.TOPICS.USER_ROLES_CHANGED_TOPIC)) {
            if (event.getTopic().equals(Constants.OSGI.RESET_TOPIC)) {
                writeLock = this.lock.writeLock();
                try {
                    this.userUriToPrincipalCache.clear();
                    this.userIdToPrincipalCache.clear();
                    this.rolesCache.clear();
                    return;
                } finally {
                }
            }
            return;
        }
        writeLock = this.lock.writeLock();
        try {
            String[] strArr = (String[]) event.getProperty("userId");
            String str = (String) event.getProperty(SerializationConstants.role);
            boolean booleanValue = ((Boolean) event.getProperty(SerializationConstants.operation)).booleanValue();
            URI createURI = Constants.valueFactory.createURI(str);
            for (String str2 : strArr) {
                URI createURI2 = Constants.valueFactory.createURI(str2);
                if (createURI2.equals(Constants.DEFAULT_SYSADMIN) && this.sysadminPrincipal != null) {
                    if (booleanValue) {
                        this.sysadminPrincipal.getRoles().add(createURI);
                    } else {
                        this.sysadminPrincipal.getRoles().remove(createURI);
                    }
                    Set<URI> set = this.rolesCache.get(createURI2);
                    if (set != null) {
                        if (booleanValue) {
                            set.add(createURI);
                        } else {
                            set.remove(createURI);
                        }
                    }
                }
                AnzoPrincipal anzoPrincipal = this.userUriToPrincipalCache.get(createURI2);
                if (anzoPrincipal != null) {
                    if (booleanValue) {
                        anzoPrincipal.getRoles().add(createURI);
                    } else {
                        anzoPrincipal.getRoles().remove(createURI);
                    }
                }
                Set<URI> set2 = this.rolesCache.get(createURI2);
                if (set2 != null) {
                    if (booleanValue) {
                        set2.add(createURI);
                    } else {
                        set2.remove(createURI);
                    }
                }
            }
        } finally {
        }
    }

    public void clear() {
        long writeLock = this.lock.writeLock();
        try {
            this.rolesCache.clear();
        } finally {
            this.lock.unlockWrite(writeLock);
        }
    }
}
