package org.eclipse.scout.rt.security;

import java.security.AccessController;
import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.PostConstruct;
import javax.security.auth.Subject;
import org.eclipse.scout.rt.platform.BEANS;
import org.eclipse.scout.rt.platform.cache.AllCacheEntryFilter;
import org.eclipse.scout.rt.platform.cache.ICache;
import org.eclipse.scout.rt.platform.cache.ICacheBuilder;
import org.eclipse.scout.rt.platform.cache.ICacheValueResolver;
import org.eclipse.scout.rt.platform.cache.KeyCacheEntryFilter;

/* loaded from: input_file:org/eclipse/scout/rt/security/AbstractAccessControlService.class */
public abstract class AbstractAccessControlService<K> implements IAccessControlService {
    public static final String ACCESS_CONTROL_SERVICE_CACHE_ID = AbstractAccessControlService.class.getName();
    private volatile Pattern[] m_userIdSearchPatterns = {Pattern.compile(".*\\\\([^/@]+)"), Pattern.compile(".*\\\\([^/@]+)[/@].*"), Pattern.compile("([^/@]+)"), Pattern.compile("([^/@]+)[/@].*")};
    private volatile ICache<K, IPermissionCollection> m_cache;

    @PostConstruct
    protected void initCache() {
        this.m_cache = createCacheBuilder().build();
    }

    protected Pattern[] getUserIdSearchPatterns() {
        return this.m_userIdSearchPatterns;
    }

    protected void setUserIdSearchPatterns(Pattern... patternArr) {
        if (patternArr == null) {
            this.m_userIdSearchPatterns = new Pattern[0];
        } else {
            this.m_userIdSearchPatterns = patternArr;
        }
    }

    protected void setUserIdSearchPatterns(String... strArr) {
        Pattern[] patternArr = new Pattern[strArr.length];
        for (int i = 0; i < patternArr.length; i++) {
            patternArr[i] = Pattern.compile(strArr[i]);
        }
        setUserIdSearchPatterns(patternArr);
    }

    protected ICacheBuilder<K, IPermissionCollection> createCacheBuilder() {
        return ((ICacheBuilder) BEANS.get(ICacheBuilder.class)).withCacheId(ACCESS_CONTROL_SERVICE_CACHE_ID).withValueResolver(createCacheValueResolver()).withShared(true).withClusterEnabled(true).withTransactional(true).withTransactionalFastForward(true).withTimeToLive(1L, TimeUnit.HOURS, false);
    }

    protected ICacheValueResolver<K, IPermissionCollection> createCacheValueResolver() {
        return this::execLoadPermissions;
    }

    protected ICache<K, IPermissionCollection> getCache() {
        return this.m_cache;
    }

    protected abstract K getCurrentUserCacheKey();

    protected abstract IPermissionCollection execLoadPermissions(K k);

    @Override // org.eclipse.scout.rt.security.IAccessControlService
    public String getUserIdOfCurrentSubject() {
        return getUserId(Subject.getSubject(AccessController.getContext()));
    }

    @Override // org.eclipse.scout.rt.security.IAccessControlService
    public String getUserId(Subject subject) {
        if (subject == null) {
            return null;
        }
        Iterator<Principal> it = subject.getPrincipals().iterator();
        while (it.hasNext()) {
            String lowerCase = it.next().getName().toLowerCase();
            for (Pattern pattern : this.m_userIdSearchPatterns) {
                Matcher matcher = pattern.matcher(lowerCase);
                if (matcher.matches()) {
                    return matcher.group(1);
                }
            }
        }
        return null;
    }

    @Override // org.eclipse.scout.rt.security.IAccessControlService
    public IPermissionCollection getPermissions() {
        IPermissionCollection iPermissionCollection = (IPermissionCollection) getCache().get(getCurrentUserCacheKey());
        return iPermissionCollection == null ? (IPermissionCollection) BEANS.get(NonePermissionCollection.class) : iPermissionCollection;
    }

    @Override // org.eclipse.scout.rt.security.IAccessControlService
    public void clearCache() {
        getCache().invalidate(new AllCacheEntryFilter(), true);
    }

    @Override // org.eclipse.scout.rt.security.IAccessControlService
    public void clearCacheOfCurrentUser() {
        clearCache(Collections.singleton(getCurrentUserCacheKey()));
    }

    protected void clearCache(Collection<? extends K> collection) {
        if (collection == null) {
            return;
        }
        KeyCacheEntryFilter keyCacheEntryFilter = new KeyCacheEntryFilter(collection);
        if (keyCacheEntryFilter.getKeys().isEmpty()) {
            return;
        }
        getCache().invalidate(keyCacheEntryFilter, true);
    }
}
