package com.atlassian.bamboo.security.acegi.acls;

import com.atlassian.bamboo.cluster.atlassiancache.GrpcBackedCache;
import com.atlassian.bamboo.plan.cache.BambooCacheStats;
import com.atlassian.bamboo.security.GlobalApplicationSecureObject;
import com.atlassian.bamboo.security.acegi.acls.AclDao;
import com.atlassian.bamboo.util.Narrow;
import com.atlassian.bamboo.utils.BambooOptionals;
import com.atlassian.bamboo.utils.SystemProperty;
import com.atlassian.cache.Cache;
import com.atlassian.cache.CacheManager;
import com.atlassian.cache.CacheSettingsBuilder;
import com.google.common.base.Stopwatch;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import org.acegisecurity.acls.AccessControlEntry;
import org.acegisecurity.acls.Acl;
import org.acegisecurity.acls.AlreadyExistsException;
import org.acegisecurity.acls.ChildrenExistException;
import org.acegisecurity.acls.MutableAcl;
import org.acegisecurity.acls.NotFoundException;
import org.acegisecurity.acls.OwnershipAcl;
import org.acegisecurity.acls.objectidentity.ObjectIdentity;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.acegisecurity.acls.sid.Sid;
import org.acegisecurity.context.SecurityContextHolder;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.jetbrains.annotations.Nullable;
import org.springframework.util.Assert;

/* loaded from: input_file:com/atlassian/bamboo/security/acegi/acls/HibernateMutableAclServiceImpl.class */
public class HibernateMutableAclServiceImpl implements HibernateMutableAclService {
    private AclDao aclDao;
    private BambooAclUpdateHelper aclUpdateHelper;

    @Nullable
    private CacheManager cacheManager;
    private static final Logger log = LogManager.getLogger(HibernateMutableAclServiceImpl.class);
    private static final long CACHE_EXPIRY_AFTER_WRITE_SECONDS = new SystemProperty.IntegerSystemProperty(false, 86400, new String[]{"bamboo.cache.acl.expiry.seconds"}).getTypedValue();
    public static final String ACL_CACHE_NAME = "bamboo." + HibernateMutableAclServiceImpl.class.getSimpleName() + ".cache";
    private volatile Function<ObjectIdentity, Acl> aclSupplier = this::findAcl;
    private Optional<Cache<ObjectIdentity, Optional<ImmutableAcl>>> cache = Optional.empty();

    @PostConstruct
    public synchronized void init() {
        if (!this.cache.isEmpty() || this.cacheManager == null) {
            return;
        }
        this.cache = Optional.of(this.cacheManager.getCache(ACL_CACHE_NAME, objectIdentity -> {
            return Optional.ofNullable(ImmutableAcl.copyOf(this.aclSupplier.apply(objectIdentity)));
        }, new CacheSettingsBuilder().expireAfterWrite(CACHE_EXPIRY_AFTER_WRITE_SECONDS, TimeUnit.SECONDS).build()));
    }

    private Acl findAcl(ObjectIdentity objectIdentity) {
        return (Acl) this.aclDao.findAcls(objectIdentity).get(new AclDao.ObjectIdentityDto(objectIdentity));
    }

    public ObjectIdentity[] findChildren(ObjectIdentity objectIdentity) {
        return (ObjectIdentity[]) this.aclDao.findAclObjectWithParent(objectIdentity).toArray(new ObjectIdentity[0]);
    }

    public Acl readAclById(ObjectIdentity objectIdentity) throws NotFoundException {
        return readAclById(objectIdentity, null);
    }

    public Acl readAclById(ObjectIdentity objectIdentity, @Nullable Sid[] sidArr) throws NotFoundException {
        Acl acl = readAclsById(new ObjectIdentity[]{objectIdentity}, sidArr).get(objectIdentity);
        if (acl == null || acl == ImmutableAcl.NULL_ACL) {
            throw new NotFoundException("Could not find ACL for " + String.valueOf(objectIdentity));
        }
        return acl;
    }

    public Map<ObjectIdentity, Acl> readAclsById(ObjectIdentity[] objectIdentityArr) throws NotFoundException {
        return readAclsById(objectIdentityArr, null);
    }

    public Map<ObjectIdentity, Acl> readAclsById(ObjectIdentity[] objectIdentityArr, @Nullable Sid[] sidArr) throws NotFoundException {
        return (Map) Arrays.stream(objectIdentityArr).distinct().map(objectIdentity -> {
            return this.cache.map(cache -> {
                return ((Optional) Optional.ofNullable((Optional) cache.get(objectIdentity)).orElse(Optional.empty())).map(immutableAcl -> {
                    return Pair.of(objectIdentity, immutableAcl);
                });
            });
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).flatMap(BambooOptionals::stream).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
    }

    public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
        Assert.notNull(objectIdentity, "Object Identity required");
        if (!readAclsById(new ObjectIdentity[]{objectIdentity}).isEmpty()) {
            throw new AlreadyExistsException("Object identity '" + String.valueOf(objectIdentity) + "' already exists");
        }
        HibernateAclImpl hibernateAclImpl = new HibernateAclImpl(objectIdentity, null, true, new PrincipalSid(SecurityContextHolder.getContext().getAuthentication()));
        this.aclDao.save(hibernateAclImpl);
        removeFromCache(hibernateAclImpl);
        return hibernateAclImpl;
    }

    public void deleteAcl(ObjectIdentity objectIdentity, boolean z) throws ChildrenExistException {
        ObjectIdentity[] findChildren = findChildren(objectIdentity);
        if (z) {
            for (ObjectIdentity objectIdentity2 : findChildren) {
                deleteAcl(objectIdentity2, true);
            }
        } else if (findChildren.length > 0) {
            throw new ChildrenExistException("Cannot delete '" + String.valueOf(objectIdentity) + "' (has " + findChildren.length + " children)");
        }
        removeFromCache(objectIdentity);
        this.aclDao.removeForIdentity(objectIdentity);
    }

    public MutableAcl updateAcl(MutableAcl mutableAcl) throws NotFoundException {
        this.aclDao.save(mutableAcl);
        removeFromCache((Acl) mutableAcl);
        return mutableAcl;
    }

    public void updateAclAces(MutableAcl mutableAcl, List<String> list) {
        this.aclUpdateHelper.modifyAclAces(mutableAcl, list);
        updateAcl(mutableAcl);
    }

    public MutableAcl readMutableAclById(ObjectIdentity objectIdentity) {
        Map findAcls = this.aclDao.findAcls(objectIdentity);
        if (findAcls.isEmpty()) {
            throw new NotFoundException("Could not find ACL");
        }
        return (MutableAcl) findAcls.get(new AclDao.ObjectIdentityDto(objectIdentity));
    }

    public MutableAcl readMutableAclById(long j) {
        MutableAcl findAcl = this.aclDao.findAcl(j);
        if (findAcl == null) {
            throw new NotFoundException("Could not find ACL");
        }
        return findAcl;
    }

    private void removeFromCache(Acl acl) {
        this.cache.ifPresentOrElse(cache -> {
            cache.remove(acl.getObjectIdentity());
        }, () -> {
            log.warn("Cache {} is not initialized", ACL_CACHE_NAME);
        });
    }

    private void removeFromCache(ObjectIdentity objectIdentity) {
        this.cache.ifPresentOrElse(cache -> {
            cache.remove(objectIdentity);
        }, () -> {
            log.warn("Cache {} is not initialized", ACL_CACHE_NAME);
        });
    }

    public BambooCacheStats getCacheStats() {
        return (BambooCacheStats) this.cache.flatMap(cache -> {
            return Optional.ofNullable((GrpcBackedCache) Narrow.to(cache, GrpcBackedCache.class)).map((v0) -> {
                return v0.getLocalStoreDelegate();
            });
        }).map(BambooCacheStats::new).orElse(null);
    }

    public void invalidateCache() {
        this.cache.ifPresentOrElse((v0) -> {
            v0.removeAll();
        }, () -> {
            log.warn("Cache {} is not initialized", ACL_CACHE_NAME);
        });
    }

    public void setAclDao(AclDao aclDao) {
        this.aclDao = aclDao;
    }

    public void setAclUpdateHelper(BambooAclUpdateHelper bambooAclUpdateHelper) {
        this.aclUpdateHelper = bambooAclUpdateHelper;
    }

    public void setCacheManager(CacheManager cacheManager) {
        this.cacheManager = cacheManager;
    }

    public void deleteAcesForSid(Sid sid) {
        for (AccessControlEntry accessControlEntry : this.aclDao.findAcesForSid(sid)) {
            MutableAcl acl = accessControlEntry.getAcl();
            acl.deleteAce(accessControlEntry.getId());
            removeFromCache((Acl) acl);
            this.aclDao.save(acl);
        }
    }

    public boolean hasAcesForSid(Sid sid) {
        return this.aclDao.hasAcesForSid(sid);
    }

    public void changeAlcOwnerForSid(Sid sid, Sid sid2) {
        for (OwnershipAcl ownershipAcl : this.aclDao.findAclsOwnedBySid(sid)) {
            ownershipAcl.setOwner(sid2);
            removeFromCache((Acl) ownershipAcl);
            this.aclDao.save(ownershipAcl);
        }
    }

    public MutableAcl getAclOfGlobalPermission() {
        return readMutableAclById(new HibernateObjectIdentityImpl(GlobalApplicationSecureObject.INSTANCE));
    }

    public void initialiseCache() {
        log.info("Acl cache initialising...");
        init();
        Stopwatch createStarted = Stopwatch.createStarted();
        log.info("looking for ACLs");
        Map findAllAcls = this.aclDao.findAllAcls();
        log.info("Found {} ACLs", Integer.valueOf(findAllAcls.size()));
        Objects.requireNonNull(findAllAcls);
        this.aclSupplier = (v1) -> {
            return r1.get(v1);
        };
        for (ObjectIdentity objectIdentity : findAllAcls.keySet()) {
            this.cache.ifPresentOrElse(cache -> {
                cache.get(objectIdentity);
            }, () -> {
                log.warn("Cache {} is not initialized", ACL_CACHE_NAME);
            });
        }
        log.info("Acl cache initialised in {}", createStarted);
        this.aclSupplier = this::findAcl;
    }
}
