package net.bluemind.ysnp.impl;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.google.common.hash.HashFunction;
import com.google.common.hash.Hashing;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.TimeUnit;
import net.bluemind.config.Token;
import net.bluemind.core.caches.registry.CacheRegistry;
import net.bluemind.core.caches.registry.ICacheRegistration;
import net.bluemind.eclipse.common.RunnableExtensionLoader;
import net.bluemind.ysnp.AuthConfig;
import net.bluemind.ysnp.ICredentialValidator;
import net.bluemind.ysnp.ICredentialValidatorFactory;
import net.bluemind.ysnp.YSNPConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/ysnp/impl/ValidationPolicy.class */
public class ValidationPolicy {
    private final List<ICredentialValidatorFactory> validatorsFactories;
    private TokenCacheSync tokenSync;
    private static final Logger logger = LoggerFactory.getLogger(ValidationPolicy.class);
    private static final HashFunction hash = Hashing.goodFastHash(32);
    private static final Cache<String, String> tokenCache = Caffeine.newBuilder().recordStats().initialCapacity(1024).expireAfterAccess(10, TimeUnit.MINUTES).build();
    private static final Cache<String, String> pwCache = Caffeine.newBuilder().recordStats().initialCapacity(1024).expireAfterAccess(10, TimeUnit.MINUTES).build();

    /* loaded from: input_file:net/bluemind/ysnp/impl/ValidationPolicy$CacheRegistration.class */
    public static class CacheRegistration implements ICacheRegistration {
        public void registerCaches(CacheRegistry cacheRegistry) {
            cacheRegistry.register("ysnp-validationpolicy-token", ValidationPolicy.tokenCache);
            cacheRegistry.register("ysnp-validationpolicy-password", ValidationPolicy.pwCache);
        }
    }

    public ValidationPolicy(YSNPConfiguration ySNPConfiguration) {
        List<ICredentialValidatorFactory> loadExtensions = new RunnableExtensionLoader().loadExtensions("net.bluemind.ysnp", "credentialvalidatorfactory", "credential_validator_factory", "implementation");
        Collections.sort(loadExtensions, new ValidatorsComparator());
        this.validatorsFactories = loadExtensions;
        Iterator<ICredentialValidatorFactory> it = this.validatorsFactories.iterator();
        while (it.hasNext()) {
            it.next().init(ySNPConfiguration);
        }
        this.tokenSync = new TokenCacheSync();
        this.tokenSync.start(tokenCache, pwCache);
        new Timer().schedule(new TimerTask() { // from class: net.bluemind.ysnp.impl.ValidationPolicy.1
            @Override // java.util.TimerTask, java.lang.Runnable
            public void run() {
                if (ValidationPolicy.logger.isInfoEnabled()) {
                    ValidationPolicy.logger.info("tokens {}", ValidationPolicy.tokenCache.stats());
                    ValidationPolicy.logger.info("passwords {}", ValidationPolicy.pwCache.stats());
                }
            }
        }, 30000L, 30000L);
    }

    public boolean validate(String str, String str2, String str3, String str4, AuthConfig authConfig) {
        String str5 = str + "@" + str4;
        if (str2.equals(Token.admin0())) {
            return true;
        }
        String str6 = (String) tokenCache.getIfPresent(str2);
        if (str6 != null && str6.equals(str5)) {
            logger.debug("Access to {} granted from token cache for {}", str3, str5);
            return true;
        }
        String str7 = (String) pwCache.getIfPresent(str5);
        if (str7 != null && str7.equals(hash.hashString(str2, StandardCharsets.UTF_8).toString())) {
            logger.debug("Access to {} granted from pw cache for {}", str3, str5);
            return true;
        }
        boolean z = false;
        long currentTimeMillis = System.currentTimeMillis();
        Iterator<ICredentialValidatorFactory> it = this.validatorsFactories.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ICredentialValidatorFactory next = it.next();
            ICredentialValidator.Kind validate = next.getValidator().validate(str, str2, str4, str3, authConfig);
            if (validate != null && validate != ICredentialValidator.Kind.No) {
                logger.info("Access to service {} granted to {} with '{}' validator in {}ms.", new Object[]{str3, str, next.getName(), Long.valueOf(System.currentTimeMillis() - currentTimeMillis)});
                z = true;
                if (validate == ICredentialValidator.Kind.Token) {
                    tokenCache.put(str2, str5);
                } else {
                    pwCache.put(str5, hash.hashString(str2, StandardCharsets.UTF_8).toString());
                }
            }
        }
        if (!z) {
            logger.warn("all {} validator(s) rejected {} in {}ms.", new Object[]{Integer.valueOf(this.validatorsFactories.size()), str, Long.valueOf(System.currentTimeMillis() - currentTimeMillis)});
        }
        return z;
    }
}
