package com.nazdaq.noms.acls;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.cache.RemovalListener;
import io.ebean.DB;
import io.ebean.cache.ServerCacheManager;
import java.util.concurrent.TimeUnit;
import models.acl.ACLContainer;
import models.acl.ACLMapper;
import models.acl.ACLPermCache;
import models.acl.ACLPermission;
import models.acl.UserGroup;
import models.acl.defines.ACLObjectType;
import models.acl.defines.ACLSubject;
import models.users.User;
import org.jetbrains.annotations.Contract;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import play.Logger;
import play.libs.Json;

/* loaded from: input_file:com/nazdaq/noms/acls/ACLPermissionCheck.class */
public class ACLPermissionCheck {
    private static final Logger.ALogger logger = Logger.of(ACLMapper.class);
    private static ACLContainer systemContainer = null;
    private static final CacheLoader<PermCheckCache, PermCheckResult> loader = new CacheLoader<PermCheckCache, PermCheckResult>() { // from class: com.nazdaq.noms.acls.ACLPermissionCheck.1
        @Contract("_ -> new")
        @NotNull
        public PermCheckResult load(@NotNull PermCheckCache permCheckCache) throws ACLUserPermNotFound {
            try {
                ACLPermissionCheck.logger.trace("ACLPermCache - Loading up the cache: " + permCheckCache);
                return new PermCheckResult(permCheckCache.getAcl().getUserPermissionCache(permCheckCache.getSubject(), permCheckCache.getUser()));
            } catch (Exception e) {
                throw new ACLUserPermNotFound(permCheckCache + " not found!");
            }
        }
    };
    private static final RemovalListener<PermCheckCache, PermCheckResult> removalListener = removalNotification -> {
        logger.trace("ACLPermCache - Removing " + removalNotification.getKey());
    };
    private static final LoadingCache<PermCheckCache, PermCheckResult> cachedPermissions = CacheBuilder.newBuilder().concurrencyLevel(4).maximumSize(5000).expireAfterWrite(3, TimeUnit.DAYS).removalListener(removalListener).build(loader);

    @NotNull
    private static String originCode() {
        StackTraceElement stackTraceElement = Thread.currentThread().getStackTrace()[3];
        String className = stackTraceElement.getClassName();
        return className.substring(className.lastIndexOf(".") + 1) + "." + stackTraceElement.getMethodName() + "()";
    }

    @NotNull
    public static String displayPermissionLine(@NotNull ACLContainer aCLContainer, @NotNull ACLSubject aCLSubject) {
        return aCLContainer.getType() + " #" + aCLContainer.getObjectId() + " -> " + aCLSubject.getValue();
    }

    public static boolean permSystemCheck(User user, ACLSubject aCLSubject, boolean z) throws ACLNoPermissionException {
        if (systemContainer == null) {
            systemContainer = ACLContainer.getSystemDefault();
        }
        return permCheck(systemContainer, systemContainer.getClass().getName(), user, aCLSubject, z);
    }

    public static boolean permCheck(@NotNull ACLMapper<?> aCLMapper, User user, @NotNull ACLSubject aCLSubject) throws ACLNoPermissionException {
        if (aCLSubject.getObjectType().equals(ACLObjectType.SYSTEM)) {
            throw new ACLNoPermissionException(aCLSubject + " a SYSTEM permission, can't be checked with a specific object, use permSystemCheck() instead.");
        }
        return permCheck(aCLMapper.getAcl(), aCLMapper.getClass().getName(), user, aCLSubject, false);
    }

    public static boolean permCheck(ACLContainer aCLContainer, String str, User user, ACLSubject aCLSubject, boolean z) throws ACLNoPermissionException {
        String originCode = originCode();
        if (aCLSubject == null) {
            if (z) {
                return false;
            }
            throw new ACLNoPermissionException("Subject is null!");
        }
        if (aCLContainer == null) {
            if (z) {
                return false;
            }
            ACLNoPermissionException aCLNoPermissionException = new ACLNoPermissionException(null, user, aCLSubject, null);
            logger.warn(originCode + " " + aCLNoPermissionException.getMessage() + ", Subject: " + aCLSubject);
            throw aCLNoPermissionException;
        }
        String displayPermissionLine = displayPermissionLine(aCLContainer, aCLSubject);
        if (user == null) {
            throw new ACLNoPermissionException("User not logged in.");
        }
        logger.trace(originCode + " Checking User {} permission {} (Current: {}) ...", new Object[]{user.getUsername(), displayPermissionLine, str});
        ACLPermCache permCached = getPermCached(aCLContainer, user, aCLSubject);
        if (permCached != null) {
            if (permCached.isAllow()) {
                logger.trace(originCode + " User {} access granted permission {}", new Object[]{user.getUsername(), displayPermissionLine});
                return true;
            }
            if (z) {
                return false;
            }
            ACLNoPermissionException aCLNoPermissionException2 = new ACLNoPermissionException(aCLContainer, user, aCLSubject, permCached);
            logger.warn(aCLNoPermissionException2.getMessage());
            throw aCLNoPermissionException2;
        }
        if (z) {
            return false;
        }
        String str2 = "User " + user.getUsername() + " doesn't have access to " + aCLContainer.getType() + "\\" + aCLContainer.getObjectId() + "\\" + aCLSubject;
        if (!aCLSubject.getDependencies().isEmpty()) {
            str2 = str2 + ", Or to: " + Json.stringify(Json.toJson(aCLSubject.getDependencies()));
        }
        ACLNoPermissionException aCLNoPermissionException3 = new ACLNoPermissionException(str2);
        logger.error(aCLNoPermissionException3.getMessage() + ", Container: " + aCLContainer.getId());
        throw aCLNoPermissionException3;
    }

    @Nullable
    public static ACLPermCache getPermCached(ACLContainer aCLContainer, User user, ACLSubject aCLSubject) {
        try {
            return ((PermCheckResult) cachedPermissions.get(new PermCheckCache(aCLContainer, user, aCLSubject))).getPermCache();
        } catch (Exception e) {
            return null;
        }
    }

    public static boolean isAllowed(ACLContainer aCLContainer, User user, ACLSubject aCLSubject) {
        ACLPermCache permCached = getPermCached(aCLContainer, user, aCLSubject);
        return permCached != null && permCached.isAllow();
    }

    public static void cleanUp() {
        long size = cachedPermissions.size();
        if (size > 0) {
            cachedPermissions.invalidateAll();
            cachedPermissions.cleanUp();
            systemContainer = null;
            logger.info("ACLPermCache - Cleaning up all cached, Total: {} Items", new Object[]{Long.valueOf(size)});
        }
        ServerCacheManager cacheManager = DB.cacheManager();
        cacheManager.clear(User.class);
        cacheManager.clear(UserGroup.class);
        cacheManager.clear(ACLPermission.class);
        cacheManager.clear(ACLPermCache.class);
    }
}
