package org.cesecore.authorization;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.log4j.Logger;
import org.cesecore.authentication.AuthenticationFailedException;
import org.cesecore.authentication.tokens.AuthenticationToken;
import org.cesecore.authorization.access.AuthorizationCacheReload;
import org.cesecore.authorization.access.AuthorizationCacheReloadListener;
import org.cesecore.util.ValidityDate;

/* loaded from: input_file:org/cesecore/authorization/AuthorizationCache.class */
public enum AuthorizationCache {
    INSTANCE,
    RAINSTANCE;

    private final Logger log = Logger.getLogger(AuthorizationCache.class);
    private ConcurrentHashMap<String, AuthorizationCacheEntry> cacheMap = new ConcurrentHashMap<>();
    private AtomicInteger latestUpdateNumber = new AtomicInteger(0);
    private final AtomicBoolean authorizationCacheReloadListenerRegistered = new AtomicBoolean(false);
    private final AuthorizationCacheReloadListener authorizationCacheReloadListener = new AuthorizationCacheReloadListener() { // from class: org.cesecore.authorization.AuthorizationCache.1
        @Override // org.cesecore.authorization.access.AuthorizationCacheReloadListener
        public void onReload(AuthorizationCacheReload authorizationCacheReload) {
            AuthorizationCache.this.setUpdateNumberIfLower(authorizationCacheReload.getAccessTreeUpdateNumber());
        }

        @Override // org.cesecore.authorization.access.AuthorizationCacheReloadListener
        public String getListenerName() {
            return AuthorizationCache.class.getSimpleName();
        }
    };

    /* loaded from: input_file:org/cesecore/authorization/AuthorizationCache$AuthorizationCacheCallback.class */
    public interface AuthorizationCacheCallback {
        AuthorizationResult loadAuthorization(AuthenticationToken authenticationToken) throws AuthenticationFailedException;

        long getKeepUnusedEntriesFor();

        void subscribeToAuthorizationCacheReload(AuthorizationCacheReloadListener authorizationCacheReloadListener);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/cesecore/authorization/AuthorizationCache$AuthorizationCacheEntry.class */
    public class AuthorizationCacheEntry {
        HashMap<String, Boolean> accessRules;
        int updateNumber;
        long timeOfLastUse;
        AuthenticationToken authenticationToken;
        final CountDownLatch countDownLatch;

        private AuthorizationCacheEntry() {
            this.updateNumber = 0;
            this.timeOfLastUse = 0L;
            this.countDownLatch = new CountDownLatch(1);
        }
    }

    /* loaded from: input_file:org/cesecore/authorization/AuthorizationCache$AuthorizationResult.class */
    public static class AuthorizationResult {
        final HashMap<String, Boolean> accessRules;
        final int updateNumber;

        public AuthorizationResult(HashMap<String, Boolean> hashMap, int i) {
            this.accessRules = hashMap;
            this.updateNumber = i;
        }

        public HashMap<String, Boolean> getAccessRules() {
            return this.accessRules;
        }

        public int getUpdateNumeber() {
            return this.updateNumber;
        }
    }

    AuthorizationCache() {
    }

    public void clear(int i) {
        setUpdateNumberIfLower(i);
        this.cacheMap.clear();
    }

    public void clearWhenStale(int i) {
        if (setUpdateNumberIfLower(i)) {
            this.cacheMap.clear();
        }
    }

    protected void reset() {
        this.cacheMap.clear();
        this.latestUpdateNumber.set(0);
        this.authorizationCacheReloadListenerRegistered.set(false);
    }

    public void refresh(AuthorizationCacheCallback authorizationCacheCallback, int i) {
        if (this.log.isTraceEnabled()) {
            this.log.trace("Starting cache refresh when update number was " + i + ".");
        }
        setUpdateNumberIfLower(i);
        long keepUnusedEntriesFor = authorizationCacheCallback.getKeepUnusedEntriesFor();
        long currentTimeMillis = System.currentTimeMillis();
        Iterator it = new HashSet(this.cacheMap.keySet()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            AuthorizationCacheEntry authorizationCacheEntry = this.cacheMap.get(str);
            if (authorizationCacheEntry != null) {
                if (authorizationCacheEntry.updateNumber < this.latestUpdateNumber.get()) {
                    if (this.cacheMap.remove(str, authorizationCacheEntry)) {
                        if (this.log.isDebugEnabled()) {
                            this.log.debug("Removed entry for key '" + str + "' since its updateNumber was " + authorizationCacheEntry.updateNumber + ".");
                        }
                        if (authorizationCacheEntry.timeOfLastUse + keepUnusedEntriesFor < currentTimeMillis) {
                            try {
                                get(authorizationCacheEntry.authenticationToken, authorizationCacheCallback);
                            } catch (AuthenticationFailedException e) {
                                this.log.debug("Unexpected failure during refresh if authroization cache: " + e.getMessage());
                            }
                        }
                    }
                } else if (authorizationCacheEntry.timeOfLastUse + keepUnusedEntriesFor < currentTimeMillis && this.cacheMap.remove(str, authorizationCacheEntry) && this.log.isDebugEnabled()) {
                    this.log.debug("Removed entry for key '" + str + "' since it was last seen " + ValidityDate.formatAsUTC(authorizationCacheEntry.timeOfLastUse) + ".");
                }
            }
        }
    }

    public HashMap<String, Boolean> get(AuthenticationToken authenticationToken, AuthorizationCacheCallback authorizationCacheCallback) throws AuthenticationFailedException {
        return getAuthorizationResult(authenticationToken, authorizationCacheCallback).accessRules;
    }

    public AuthorizationResult getAuthorizationResult(AuthenticationToken authenticationToken, AuthorizationCacheCallback authorizationCacheCallback) throws AuthenticationFailedException {
        if (authenticationToken == null || authorizationCacheCallback == null) {
            return new AuthorizationResult(new HashMap(), 0);
        }
        String uniqueId = authenticationToken.getUniqueId();
        AuthorizationCacheEntry authorizationCacheEntry = new AuthorizationCacheEntry();
        AuthorizationCacheEntry putIfAbsent = this.cacheMap.putIfAbsent(uniqueId, authorizationCacheEntry);
        if (putIfAbsent == null) {
            if (!this.authorizationCacheReloadListenerRegistered.getAndSet(true)) {
                authorizationCacheCallback.subscribeToAuthorizationCacheReload(this.authorizationCacheReloadListener);
            }
            putIfAbsent = authorizationCacheEntry;
            try {
                putIfAbsent.authenticationToken = authenticationToken;
                AuthorizationResult loadAuthorization = authorizationCacheCallback.loadAuthorization(authenticationToken);
                putIfAbsent.updateNumber = loadAuthorization.updateNumber;
                setUpdateNumberIfLower(putIfAbsent.updateNumber);
                putIfAbsent.accessRules = new HashMap<>();
                if (loadAuthorization.accessRules != null) {
                    putIfAbsent.accessRules.putAll(loadAuthorization.accessRules);
                }
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Added entry for key '" + uniqueId + "'.");
                }
            } finally {
                putIfAbsent.countDownLatch.countDown();
            }
        } else {
            if (this.log.isTraceEnabled()) {
                this.log.trace("Cache hit for key '" + uniqueId + "'.");
            }
            try {
                putIfAbsent.countDownLatch.await();
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
            }
            if (putIfAbsent.updateNumber < this.latestUpdateNumber.get()) {
                if (this.cacheMap.remove(uniqueId, putIfAbsent) && this.log.isDebugEnabled()) {
                    this.log.debug("Removed entry for key '" + uniqueId + "' since its updateNumber was " + putIfAbsent.updateNumber + ".");
                }
                return getAuthorizationResult(authenticationToken, authorizationCacheCallback);
            }
        }
        putIfAbsent.timeOfLastUse = System.currentTimeMillis();
        return new AuthorizationResult(putIfAbsent.accessRules, putIfAbsent.updateNumber);
    }

    public int getLastUpdateNumber() {
        return this.latestUpdateNumber.get();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean setUpdateNumberIfLower(int i) {
        int i2;
        do {
            i2 = this.latestUpdateNumber.get();
            if (i2 >= i) {
                return false;
            }
        } while (!this.latestUpdateNumber.compareAndSet(i2, i));
        if (!this.log.isDebugEnabled()) {
            return true;
        }
        this.log.debug("latestUpdateNumber is now " + i + ".");
        return true;
    }
}
