package org.graylog2.security;

import com.google.common.collect.ImmutableMap;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.inject.Singleton;
import java.util.Collection;
import java.util.Collections;
import java.util.Set;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.permission.AllPermission;
import org.apache.shiro.authz.permission.RolePermissionResolver;
import org.graylog.plugins.views.search.rest.scriptingapi.request.SearchRequestSpec;
import org.graylog.security.permissions.CaseSensitiveWildcardPermission;
import org.graylog2.shared.users.Role;
import org.graylog2.users.RoleService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:org/graylog2/security/InMemoryRolePermissionResolver.class */
public class InMemoryRolePermissionResolver implements RolePermissionResolver {
    private static final Logger log = LoggerFactory.getLogger(InMemoryRolePermissionResolver.class);
    private final RoleService roleService;
    private final AtomicReference<ImmutableMap<String, Role>> idToRoleIndex = new AtomicReference<>(ImmutableMap.of());

    /* loaded from: input_file:org/graylog2/security/InMemoryRolePermissionResolver$RoleUpdater.class */
    private class RoleUpdater implements Runnable {
        private RoleUpdater() {
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                InMemoryRolePermissionResolver.this.idToRoleIndex.set(ImmutableMap.copyOf(InMemoryRolePermissionResolver.this.roleService.loadAllIdMap()));
            } catch (Exception e) {
                InMemoryRolePermissionResolver.log.error("Could not find roles collection, no user roles updated.", e);
            }
        }
    }

    @Inject
    public InMemoryRolePermissionResolver(RoleService roleService, @Named("daemonScheduler") ScheduledExecutorService scheduledExecutorService) {
        this.roleService = roleService;
        RoleUpdater roleUpdater = new RoleUpdater();
        roleUpdater.run();
        scheduledExecutorService.scheduleAtFixedRate(roleUpdater, 1L, 1L, TimeUnit.SECONDS);
    }

    public Collection<Permission> resolvePermissionsInRole(String str) {
        return (Collection) resolveStringPermission(str).stream().map(str2 -> {
            return str2.equals(SearchRequestSpec.DEFAULT_QUERY_STRING) ? new AllPermission() : new CaseSensitiveWildcardPermission(str2);
        }).collect(Collectors.toList());
    }

    @Nonnull
    public Set<String> resolveStringPermission(String str) {
        Role role = (Role) this.idToRoleIndex.get().get(str);
        if (role == null) {
            log.debug("Unknown role {}, cannot resolve permissions.", str);
            return Collections.emptySet();
        }
        Set<String> permissions = role.getPermissions();
        if (permissions != null) {
            return permissions;
        }
        log.debug("Role {} has no permissions assigned, cannot resolve permissions.", str);
        return Collections.emptySet();
    }
}
