package org.apache.rocketmq.auth.authorization.provider;

import com.alibaba.fastjson2.JSON;
import com.github.benmanes.caffeine.cache.CacheLoader;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.LoadingCache;
import java.io.File;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeUnit;
import java.util.function.Supplier;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.rocketmq.auth.authentication.model.Subject;
import org.apache.rocketmq.auth.authorization.exception.AuthorizationException;
import org.apache.rocketmq.auth.authorization.model.Acl;
import org.apache.rocketmq.auth.authorization.model.Policy;
import org.apache.rocketmq.auth.authorization.model.PolicyEntry;
import org.apache.rocketmq.auth.config.AuthConfig;
import org.apache.rocketmq.common.config.ConfigRocksDBStorage;
import org.apache.rocketmq.common.thread.ThreadPoolMonitor;
import org.rocksdb.RocksIterator;

/* loaded from: input_file:org/apache/rocketmq/auth/authorization/provider/LocalAuthorizationMetadataProvider.class */
public class LocalAuthorizationMetadataProvider implements AuthorizationMetadataProvider {
    private ConfigRocksDBStorage storage;
    private LoadingCache<String, Acl> aclCache;

    /* loaded from: input_file:org/apache/rocketmq/auth/authorization/provider/LocalAuthorizationMetadataProvider$AclCacheLoader.class */
    private static class AclCacheLoader implements CacheLoader<String, Acl> {
        private final ConfigRocksDBStorage storage;
        public static final Acl EMPTY_ACL = new Acl();

        public AclCacheLoader(ConfigRocksDBStorage configRocksDBStorage) {
            this.storage = configRocksDBStorage;
        }

        public Acl load(String str) {
            try {
                byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
                Subject of = Subject.of(str);
                byte[] bArr = this.storage.get(bytes);
                return ArrayUtils.isEmpty(bArr) ? EMPTY_ACL : Acl.of(of, ((Acl) JSON.parseObject(bArr, Acl.class)).getPolicies());
            } catch (Exception e) {
                throw new AuthorizationException("get Acl from RocksDB failed.", e);
            }
        }
    }

    @Override // org.apache.rocketmq.auth.authorization.provider.AuthorizationMetadataProvider
    public void initialize(AuthConfig authConfig, Supplier<?> supplier) {
        this.storage = new ConfigRocksDBStorage(authConfig.getAuthConfigPath() + File.separator + "acls");
        if (!this.storage.start()) {
            throw new RuntimeException("Failed to load rocksdb for auth_acl, please check whether it is occupied.");
        }
        this.aclCache = Caffeine.newBuilder().maximumSize(authConfig.getAclCacheMaxNum()).expireAfterAccess(authConfig.getAclCacheExpiredSecond(), TimeUnit.SECONDS).refreshAfterWrite(authConfig.getAclCacheRefreshSecond(), TimeUnit.SECONDS).executor(ThreadPoolMonitor.createAndMonitor(1, 1, 60000L, TimeUnit.MILLISECONDS, "AclCacheRefresh", 100000)).build(new AclCacheLoader(this.storage));
    }

    @Override // org.apache.rocketmq.auth.authorization.provider.AuthorizationMetadataProvider
    public CompletableFuture<Void> createAcl(Acl acl) {
        try {
            Subject subject = acl.getSubject();
            byte[] bytes = subject.getSubjectKey().getBytes(StandardCharsets.UTF_8);
            this.storage.put(bytes, bytes.length, JSON.toJSONBytes(acl));
            this.storage.flushWAL();
            this.aclCache.invalidate(subject.getSubjectKey());
            return CompletableFuture.completedFuture(null);
        } catch (Exception e) {
            throw new AuthorizationException("create Acl to RocksDB failed.", e);
        }
    }

    @Override // org.apache.rocketmq.auth.authorization.provider.AuthorizationMetadataProvider
    public CompletableFuture<Void> deleteAcl(Subject subject) {
        try {
            this.storage.delete(subject.getSubjectKey().getBytes(StandardCharsets.UTF_8));
            this.storage.flushWAL();
            this.aclCache.invalidate(subject.getSubjectKey());
            return CompletableFuture.completedFuture(null);
        } catch (Exception e) {
            throw new AuthorizationException("delete Acl from RocksDB failed.", e);
        }
    }

    @Override // org.apache.rocketmq.auth.authorization.provider.AuthorizationMetadataProvider
    public CompletableFuture<Void> updateAcl(Acl acl) {
        try {
            Subject subject = acl.getSubject();
            byte[] bytes = subject.getSubjectKey().getBytes(StandardCharsets.UTF_8);
            this.storage.put(bytes, bytes.length, JSON.toJSONBytes(acl));
            this.storage.flushWAL();
            this.aclCache.invalidate(subject.getSubjectKey());
            return CompletableFuture.completedFuture(null);
        } catch (Exception e) {
            throw new AuthorizationException("update Acl to RocksDB failed.", e);
        }
    }

    @Override // org.apache.rocketmq.auth.authorization.provider.AuthorizationMetadataProvider
    public CompletableFuture<Acl> getAcl(Subject subject) {
        Acl acl = (Acl) this.aclCache.get(subject.getSubjectKey());
        return acl == AclCacheLoader.EMPTY_ACL ? CompletableFuture.completedFuture(null) : CompletableFuture.completedFuture(acl);
    }

    @Override // org.apache.rocketmq.auth.authorization.provider.AuthorizationMetadataProvider
    public CompletableFuture<List<Acl>> listAcl(String str, String str2) {
        ArrayList arrayList = new ArrayList();
        RocksIterator it = this.storage.iterator();
        Throwable th = null;
        try {
            try {
                it.seekToFirst();
                while (it.isValid()) {
                    String str3 = new String(it.key(), StandardCharsets.UTF_8);
                    if (!StringUtils.isNotBlank(str) || str3.contains(str)) {
                        Subject of = Subject.of(str3);
                        List<Policy> policies = ((Acl) JSON.parseObject(new String(it.value(), StandardCharsets.UTF_8), Acl.class)).getPolicies();
                        if (CollectionUtils.isNotEmpty(policies)) {
                            Iterator<Policy> it2 = policies.iterator();
                            while (it2.hasNext()) {
                                List<PolicyEntry> entries = it2.next().getEntries();
                                if (!CollectionUtils.isEmpty(entries)) {
                                    if (StringUtils.isNotBlank(str2) && !str3.contains(str2)) {
                                        entries.removeIf(policyEntry -> {
                                            return !policyEntry.toResourceStr().contains(str2);
                                        });
                                    }
                                    if (CollectionUtils.isEmpty(entries)) {
                                        it2.remove();
                                    }
                                }
                            }
                            if (CollectionUtils.isNotEmpty(policies)) {
                                arrayList.add(Acl.of(of, policies));
                            }
                            it.next();
                        } else {
                            it.next();
                        }
                    } else {
                        it.next();
                    }
                }
                if (it != null) {
                    if (0 != 0) {
                        try {
                            it.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        it.close();
                    }
                }
                return CompletableFuture.completedFuture(arrayList);
            } finally {
            }
        } catch (Throwable th3) {
            if (it != null) {
                if (th != null) {
                    try {
                        it.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    it.close();
                }
            }
            throw th3;
        }
    }

    @Override // org.apache.rocketmq.auth.authorization.provider.AuthorizationMetadataProvider
    public void shutdown() {
        if (this.storage != null) {
            this.storage.shutdown();
        }
    }
}
