package com.atlassian.confluence.security;

import com.atlassian.annotations.Internal;
import com.atlassian.cache.Cache;
import com.atlassian.cache.CacheFactory;
import com.atlassian.confluence.impl.security.access.SpacePermissionAccessMapper;
import com.atlassian.confluence.internal.accessmode.AccessModeManager;
import com.atlassian.confluence.internal.security.ThreadLocalPermissionsCacheInternal;
import com.atlassian.confluence.security.access.ConfluenceAccessManager;
import com.atlassian.confluence.security.persistence.dao.SpacePermissionDao;
import com.atlassian.confluence.spaces.Space;
import com.atlassian.confluence.user.UserAccessor;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.sal.api.user.UserKey;
import com.atlassian.user.User;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Supplier;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.google.common.collect.UnmodifiableIterator;
import java.io.Serializable;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import javax.annotation.Nullable;
import javax.annotation.ParametersAreNonnullByDefault;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Internal
@ParametersAreNonnullByDefault
/* loaded from: input_file:com/atlassian/confluence/security/CachingSpacePermissionManager.class */
public class CachingSpacePermissionManager extends DefaultSpacePermissionManager {
    public static final String CACHE_KEY = CachingSpacePermissionManager.class.getName() + ".permissions";
    private static final Logger log = LoggerFactory.getLogger(CachingSpacePermissionManager.class);
    private boolean lookAheadEnabled;
    private final Cache<SpacePermissionCacheKey, Boolean> spacePermissionCache;
    private final SpacePermissionGroupNamesCache spacePermissionGroupNamesCache;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/confluence/security/CachingSpacePermissionManager$CacheInvalidation.class */
    public class CacheInvalidation {
        private final ImmutableList<Runnable> tasks;

        private CacheInvalidation(CachingSpacePermissionManager cachingSpacePermissionManager, SpacePermission spacePermission) {
            this(Collections.singleton(spacePermission));
        }

        private CacheInvalidation(Iterable<SpacePermission> iterable) {
            this.tasks = ImmutableList.copyOf(Iterables.transform(iterable, this::task));
        }

        void perform() {
            UnmodifiableIterator it = this.tasks.iterator();
            while (it.hasNext()) {
                ((Runnable) it.next()).run();
            }
        }

        private Runnable task(SpacePermission spacePermission) {
            SpacePermissionCacheKey spacePermissionCacheKey = new SpacePermissionCacheKey(spacePermission);
            Space space = spacePermission.getSpace();
            return () -> {
                try {
                    CachingSpacePermissionManager.this.spacePermissionCache.remove(spacePermissionCacheKey);
                    if (spacePermission.isGroupPermission()) {
                        CachingSpacePermissionManager.this.spacePermissionGroupNamesCache.invalidate(spacePermission.getType(), space);
                    }
                } catch (Exception e) {
                    CachingSpacePermissionManager.log.error("There was a problem removing the permission '" + spacePermission + "' from the cache: ", e);
                    throw new RuntimeException(e);
                }
            };
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/confluence/security/CachingSpacePermissionManager$SpacePermissionCacheKey.class */
    public static class SpacePermissionCacheKey implements Serializable {
        private final String type;
        private final long spaceId;
        private final String groupname;
        private final UserKey userKey;
        private final String allUsersSubject;

        public SpacePermissionCacheKey(SpacePermission spacePermission) {
            this.type = spacePermission.getType();
            this.spaceId = spacePermission.getSpace() == null ? 0L : spacePermission.getSpaceId();
            this.groupname = spacePermission.getGroup();
            this.userKey = spacePermission.getUserSubject() == null ? null : spacePermission.getUserSubject().getKey();
            this.allUsersSubject = spacePermission.getAllUsersSubject();
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof SpacePermissionCacheKey)) {
                return false;
            }
            SpacePermissionCacheKey spacePermissionCacheKey = (SpacePermissionCacheKey) obj;
            return Objects.equals(this.type, spacePermissionCacheKey.type) && Objects.equals(Long.valueOf(this.spaceId), Long.valueOf(spacePermissionCacheKey.spaceId)) && Objects.equals(this.groupname, spacePermissionCacheKey.groupname) && Objects.equals(this.userKey, spacePermissionCacheKey.userKey) && Objects.equals(this.allUsersSubject, spacePermissionCacheKey.allUsersSubject);
        }

        public int hashCode() {
            return Objects.hash(this.type, Long.valueOf(this.spaceId), this.groupname, this.userKey, this.allUsersSubject);
        }
    }

    public CachingSpacePermissionManager(SpacePermissionDao spacePermissionDao, PermissionCheckExemptions permissionCheckExemptions, SpacePermissionDefaultsStoreFactory spacePermissionDefaultsStoreFactory, CacheFactory cacheFactory, EventPublisher eventPublisher, ConfluenceAccessManager confluenceAccessManager, SpacePermissionAccessMapper spacePermissionAccessMapper, CrowdService crowdService, Supplier<UserAccessor> supplier, AccessModeManager accessModeManager) {
        this(spacePermissionDao, permissionCheckExemptions, spacePermissionDefaultsStoreFactory, cacheFactory, eventPublisher, SpacePermissionGroupNamesCache.create(spacePermissionDao, cacheFactory), confluenceAccessManager, spacePermissionAccessMapper, crowdService, supplier, accessModeManager);
    }

    @VisibleForTesting
    CachingSpacePermissionManager(SpacePermissionDao spacePermissionDao, PermissionCheckExemptions permissionCheckExemptions, SpacePermissionDefaultsStoreFactory spacePermissionDefaultsStoreFactory, CacheFactory cacheFactory, EventPublisher eventPublisher, SpacePermissionGroupNamesCache spacePermissionGroupNamesCache, ConfluenceAccessManager confluenceAccessManager, SpacePermissionAccessMapper spacePermissionAccessMapper, CrowdService crowdService, Supplier<UserAccessor> supplier, AccessModeManager accessModeManager) {
        super(spacePermissionDao, permissionCheckExemptions, spacePermissionDefaultsStoreFactory, eventPublisher, confluenceAccessManager, spacePermissionAccessMapper, crowdService, supplier, accessModeManager);
        this.lookAheadEnabled = false;
        this.spacePermissionGroupNamesCache = (SpacePermissionGroupNamesCache) Preconditions.checkNotNull(spacePermissionGroupNamesCache);
        this.spacePermissionCache = cacheFactory.getCache(CACHE_KEY);
    }

    @Override // com.atlassian.confluence.security.DefaultSpacePermissionManager, com.atlassian.confluence.security.SpacePermissionManager, com.atlassian.confluence.security.access.DefaultConfluenceAccessManager.AccessManagerPermissionChecker
    public boolean permissionExists(SpacePermission spacePermission) {
        return findCachedPermissionOrFetchFromDao(spacePermission);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.confluence.security.DefaultSpacePermissionManager
    public void savePermissionToDao(SpacePermission spacePermission) {
        executeAndInvalidate(new CacheInvalidation(spacePermission), () -> {
            super.savePermissionToDao(spacePermission);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.confluence.security.DefaultSpacePermissionManager
    public void removePermissionFromDao(SpacePermission spacePermission) {
        executeAndInvalidate(new CacheInvalidation(spacePermission), () -> {
            super.removePermissionFromDao(spacePermission);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.confluence.security.DefaultSpacePermissionManager
    public void removeAllPermissionsFromDao(Space space) {
        executeAndInvalidate(new CacheInvalidation(getAllSpacePermissions(space)), () -> {
            log.debug("remove all permissions for space: {}", space.getName());
            super.removeAllPermissionsFromDao(space);
        });
    }

    private List<SpacePermission> getAllSpacePermissions(Space space) {
        this.spacePermissionDao.refresh(space);
        return Lists.newArrayList(space.getPermissions());
    }

    private void addPermissionsToCache(List list, boolean z) {
        Iterator it = list.iterator();
        while (it.hasNext()) {
            this.spacePermissionCache.put(new SpacePermissionCacheKey((SpacePermission) it.next()), Boolean.valueOf(z));
        }
    }

    private boolean findCachedPermissionOrFetchFromDao(SpacePermission spacePermission) {
        Boolean bool = (Boolean) this.spacePermissionCache.get(new SpacePermissionCacheKey(spacePermission));
        if (bool != null) {
            log.trace("HIT retrieving '{}' from the cache", spacePermission);
            return bool.booleanValue();
        }
        log.debug("MISS retrieving '{}' from the cache", spacePermission);
        boolean hasPermission = this.spacePermissionDao.hasPermission(spacePermission);
        addPermissionsToCache(Collections.singletonList(spacePermission), hasPermission);
        if (isLookAheadEnabled()) {
            doLookAheadCache(spacePermission);
        }
        return hasPermission;
    }

    private void doLookAheadCache(SpacePermission spacePermission) {
        List findPermissionTypes = this.spacePermissionDao.findPermissionTypes(spacePermission);
        log.debug("Permissions Look Ahead - found {} permissions for {}", Integer.valueOf(findPermissionTypes.size()), spacePermission);
        addPermissionsToCache(findPermissionTypes, true);
    }

    @Override // com.atlassian.confluence.security.DefaultSpacePermissionManager, com.atlassian.confluence.security.SpacePermissionManager
    public void flushCaches() {
        super.flushCaches();
        try {
            this.spacePermissionCache.removeAll();
            this.spacePermissionGroupNamesCache.invalidateAll();
        } catch (Exception e) {
            log.error("Exception while flushing permissions cache", e);
            throw new RuntimeException("Exception while flushing permissions cache", e);
        }
    }

    public boolean isLookAheadEnabled() {
        return this.lookAheadEnabled;
    }

    public void setLookAheadEnabled(boolean z) {
        this.lookAheadEnabled = z;
    }

    @Override // com.atlassian.confluence.security.AbstractSpacePermissionManager, com.atlassian.confluence.security.SpacePermissionManager
    public boolean hasPermissionNoExemptions(String str, @Nullable Space space, @Nullable User user) {
        Boolean hasSpacePermission = ThreadLocalPermissionsCacheInternal.hasSpacePermission(str, space, user);
        if (hasSpacePermission == null) {
            hasSpacePermission = Boolean.valueOf(super.hasPermissionNoExemptions(str, space, user));
            ThreadLocalPermissionsCacheInternal.cacheSpacePermission(user, str, space, hasSpacePermission.booleanValue());
        }
        return hasSpacePermission.booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.confluence.security.DefaultSpacePermissionManager, com.atlassian.confluence.security.AbstractSpacePermissionManager
    public Set<String> getGroupNamesWithPermission(@Nullable Space space, String str) {
        return this.spacePermissionGroupNamesCache.getGroupNamesWithPermission(space, str);
    }

    private void executeAndInvalidate(CacheInvalidation cacheInvalidation, Runnable runnable) {
        try {
            runnable.run();
        } finally {
            cacheInvalidation.perform();
        }
    }
}
