package com.huawei.es.security.author.cache;

import com.huawei.es.security.author.bean.IndicesPermission;
import com.huawei.es.security.author.bean.RolePermissionInfo;
import com.huawei.es.security.author.tool.AuthorityConstants;
import com.huawei.es.security.author.tool.IndexPermissionSerializer;
import com.huawei.es.security.index.IndexObserverBase;
import com.huawei.es.security.index.SecurityIndexManager;
import com.huawei.es.security.util.ZkAclUtil;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.solr.common.cloud.SolrZkClient;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.WatchedEvent;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.ZooKeeper;
import org.apache.zookeeper.data.Stat;
import org.elasticsearch.common.settings.Settings;

/* loaded from: input_file:com/huawei/es/security/author/cache/PermissionMappingCache.class */
public class PermissionMappingCache extends IndexObserverBase {
    private SolrZkClient zkClient;
    private String basePath;
    private final Watcher dataWatcher = new AuthorizationExistentWatcher();
    private final Watcher childrenWatcher = new AuthorizationChildrenWatcher();
    private boolean useSecurityIndex;
    private final SecurityIndexManager securityIndexManager;
    private final Settings settings;
    private static final Logger LOGGER = LogManager.getLogger(PermissionMappingCache.class);
    private static final Object CACHE_UPDATE_LOCK = new Object();
    private static volatile Map<String, List<IndicesPermission>> indexPermissionCache = new ConcurrentHashMap();

    /* loaded from: input_file:com/huawei/es/security/author/cache/PermissionMappingCache$AuthorizationChildrenWatcher.class */
    class AuthorizationChildrenWatcher implements Watcher {
        AuthorizationChildrenWatcher() {
        }

        public void process(WatchedEvent watchedEvent) {
            String path = watchedEvent.getPath();
            Watcher.Event.KeeperState state = watchedEvent.getState();
            Watcher.Event.EventType type = watchedEvent.getType();
            if (PermissionMappingCache.LOGGER.isDebugEnabled()) {
                PermissionMappingCache.LOGGER.debug("Children watcher event type:{} with state:{} for path:{}.", type, state, path);
            }
            if (Watcher.Event.EventType.NodeChildrenChanged != type) {
                return;
            }
            if (PermissionMappingCache.this.useSecurityIndex) {
                try {
                    Thread.sleep(2000L);
                } catch (InterruptedException e) {
                    PermissionMappingCache.LOGGER.error("Occur exception when update permission cache.", e);
                }
            }
            PermissionMappingCache.this.updatePermissionCache();
        }
    }

    /* loaded from: input_file:com/huawei/es/security/author/cache/PermissionMappingCache$AuthorizationExistentWatcher.class */
    class AuthorizationExistentWatcher implements Watcher {
        AuthorizationExistentWatcher() {
        }

        public void process(WatchedEvent watchedEvent) {
            List<IndicesPermission> deserialize;
            String path = watchedEvent.getPath();
            Watcher.Event.KeeperState state = watchedEvent.getState();
            Watcher.Event.EventType type = watchedEvent.getType();
            if (PermissionMappingCache.LOGGER.isDebugEnabled()) {
                PermissionMappingCache.LOGGER.debug("Exist watcher event type:{} with state:{} for path:{}", type, state, path);
            }
            if (Watcher.Event.EventType.NodeDataChanged != type) {
                return;
            }
            try {
                String[] split = path.split("/");
                String str = split[split.length - 1];
                if (PermissionMappingCache.this.zkClient.exists(path, this, true) == null) {
                    PermissionMappingCache.LOGGER.warn("Znode path:{} is not existent.", path);
                    PermissionMappingCache.indexPermissionCache.remove(str);
                    return;
                }
                if (PermissionMappingCache.this.useSecurityIndex) {
                    Thread.sleep(2000L);
                    deserialize = PermissionMappingCache.this.getIndicesPermissionByRoleName(str);
                    if (deserialize.isEmpty()) {
                        PermissionMappingCache.indexPermissionCache.remove(str);
                        return;
                    }
                } else {
                    deserialize = IndexPermissionSerializer.deserialize(PermissionMappingCache.this.zkClient.getData(path, (Watcher) null, (Stat) null, true));
                }
                PermissionMappingCache.LOGGER.debug("Update index:{} for role name:{}.", new Object[]{deserialize, str});
                PermissionMappingCache.indexPermissionCache.put(str, deserialize);
            } catch (KeeperException | InterruptedException e) {
                if (ZooKeeper.States.CLOSED != PermissionMappingCache.this.zkClient.getSolrZooKeeper().getState()) {
                    PermissionMappingCache.LOGGER.error("Zk operation failed.", e);
                } else {
                    PermissionMappingCache.LOGGER.error("Zk operation failed, because keeper was closed.", e);
                    PermissionMappingCache.this.zkClient = ZkAclUtil.getNewZkClient(PermissionMappingCache.this.zkClient);
                }
            }
        }
    }

    public PermissionMappingCache(SolrZkClient solrZkClient, Settings settings, SecurityIndexManager securityIndexManager) {
        if (solrZkClient == null) {
            throw new IllegalArgumentException("Zkclient is null.");
        }
        this.zkClient = solrZkClient;
        this.securityIndexManager = securityIndexManager;
        this.securityIndexManager.registerIndexObserver(this);
        this.settings = settings;
    }

    public void init() throws KeeperException, InterruptedException {
        this.useSecurityIndex = this.settings.getAsBoolean(AuthorityConstants.AUTH_WITH_SECURITY_INFO_INDEX, false).booleanValue();
        setType("index");
        updatePermissionCache();
    }

    public static List<IndicesPermission> getIndexPermission(String str) {
        return str == null ? new ArrayList() : indexPermissionCache.get(str);
    }

    public void updatePermissionCache() {
        makeZkPath();
        updatePermissionCacheFromZk();
        if (this.useSecurityIndex) {
            updatePermissionCacheFromIndex();
        }
    }

    @Override // com.huawei.es.security.index.IndexObserverBase
    public void securityIndexAvailableNotify() {
        if (this.useSecurityIndex) {
            updatePermissionCacheFromIndex();
        }
    }

    private void makeZkPath() {
        this.basePath = this.settings.get(AuthorityConstants.ES_AUTHORIZATION_ZK_PATH_KEY, AuthorityConstants.ES_AUTHORIZATION_ZK_PATH_DEFAULT);
        if (this.basePath == null) {
            this.basePath = AuthorityConstants.ES_AUTHORIZATION_ZK_PATH_DEFAULT;
        }
        try {
            if (!this.zkClient.exists(this.basePath, true).booleanValue()) {
                LOGGER.info("create base path:{}", this.basePath);
                try {
                    this.zkClient.makePath(this.basePath, true);
                } catch (KeeperException.NodeExistsException e) {
                    LOGGER.warn("The path {} already exists in ZK.", this.basePath);
                }
            }
        } catch (KeeperException | InterruptedException e2) {
            LOGGER.warn("The path {} already exists in ZK.", this.basePath);
        }
    }

    private void updatePermissionCacheFromZk() {
        ConcurrentHashMap concurrentHashMap;
        List<String> children;
        synchronized (CACHE_UPDATE_LOCK) {
            try {
                concurrentHashMap = new ConcurrentHashMap();
                children = this.zkClient.getChildren(this.basePath, this.childrenWatcher, true);
            } catch (KeeperException | InterruptedException e) {
                if (this.zkClient.getSolrZooKeeper().getState() == ZooKeeper.States.CLOSED) {
                    LOGGER.error("Update permission cache failed, because keeper was closed.", e);
                    this.zkClient = ZkAclUtil.getNewZkClient(this.zkClient);
                } else {
                    LOGGER.error("Update permission cache failed.", e);
                }
            }
            if (children == null || children.isEmpty()) {
                indexPermissionCache.clear();
                return;
            }
            for (String str : children) {
                String str2 = this.basePath + "/" + str;
                if (!indexPermissionCache.containsKey(str)) {
                    this.zkClient.exists(str2, this.dataWatcher, true);
                }
                List<IndicesPermission> deserialize = IndexPermissionSerializer.deserialize(this.zkClient.getData(str2, (Watcher) null, (Stat) null, true));
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Read index:{} for role:{}.", new Object[]{deserialize, str});
                }
                concurrentHashMap.put(str, deserialize);
            }
            LOGGER.debug("The latest  map:{}", concurrentHashMap);
            indexPermissionCache = concurrentHashMap;
        }
    }

    private void updatePermissionCacheFromIndex() {
        synchronized (CACHE_UPDATE_LOCK) {
            List<RolePermissionInfo> searchHits2RolePermissionInfoList = this.securityIndexManager.searchHits2RolePermissionInfoList(this.securityIndexManager.getHits(AuthorityConstants.TYPE_ROLE));
            ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
            if (!searchHits2RolePermissionInfoList.isEmpty()) {
                LOGGER.debug("Start to update role permission, the count is {}.", Integer.valueOf(searchHits2RolePermissionInfoList.size()));
                for (RolePermissionInfo rolePermissionInfo : searchHits2RolePermissionInfoList) {
                    String docId = rolePermissionInfo.getDocId();
                    String str = docId.split(AuthorityConstants.SEPARATOR_FOR_SECURITY_INDEX_DOC_ID)[0];
                    List<String> permissionList = rolePermissionInfo.getPermissionList();
                    if (permissionList == null || permissionList.isEmpty()) {
                        LOGGER.debug("Role {} permission list is empty, skip this role.", docId);
                    } else {
                        List<IndicesPermission> deserialize = IndexPermissionSerializer.deserialize(permissionList);
                        if (!deserialize.isEmpty()) {
                            concurrentHashMap.put(str, deserialize);
                        }
                    }
                }
            }
            indexPermissionCache = concurrentHashMap;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<IndicesPermission> getIndicesPermissionByRoleName(String str) {
        ArrayList arrayList = new ArrayList();
        List<RolePermissionInfo> searchHits2RolePermissionInfoList = this.securityIndexManager.searchHits2RolePermissionInfoList(this.securityIndexManager.getHits(AuthorityConstants.TYPE_ROLE));
        String str2 = str + AuthorityConstants.SEPARATOR_FOR_SECURITY_INDEX_DOC_ID;
        searchHits2RolePermissionInfoList.forEach(rolePermissionInfo -> {
            List<String> permissionList;
            if (!rolePermissionInfo.getDocId().startsWith(str2) || (permissionList = rolePermissionInfo.getPermissionList()) == null || permissionList.isEmpty()) {
                return;
            }
            arrayList.addAll(IndexPermissionSerializer.deserialize(permissionList));
        });
        return arrayList;
    }

    public void clear() {
        if (indexPermissionCache != null) {
            LOGGER.warn("Start to clear index permission cache map {}.", indexPermissionCache);
            indexPermissionCache.clear();
        }
    }
}
