package dev.galasa.framework.internal.rbac;

import dev.galasa.framework.spi.DynamicStatusStoreException;
import dev.galasa.framework.spi.IDynamicStatusStoreService;
import dev.galasa.framework.spi.auth.AuthStoreException;
import dev.galasa.framework.spi.auth.IAuthStoreService;
import dev.galasa.framework.spi.auth.IUser;
import dev.galasa.framework.spi.rbac.RBACException;
import dev.galasa.framework.spi.rbac.RBACService;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:dev/galasa/framework/internal/rbac/CacheRBACImpl.class */
public class CacheRBACImpl implements CacheRBAC {
    private static final long CACHED_ACTIONS_TIME_TO_LIVE_SECS = 86400;
    private static final String USER_PROPERTY_PREFIX = "user.";
    private static final String ACTIONS_PROPERTY_SUFFIX = ".actions";
    private IDynamicStatusStoreService dssService;
    private IAuthStoreService authStoreService;
    private RBACService rbacService;
    private final Log logger = LogFactory.getLog(getClass());

    public CacheRBACImpl(IDynamicStatusStoreService iDynamicStatusStoreService, IAuthStoreService iAuthStoreService, RBACService rBACService) {
        this.dssService = iDynamicStatusStoreService;
        this.authStoreService = iAuthStoreService;
        this.rbacService = rBACService;
    }

    @Override // dev.galasa.framework.internal.rbac.CacheRBAC
    public synchronized void addUser(String str, Set<String> set) throws RBACException {
        try {
            String join = String.join(",", set);
            this.dssService.put(getUserActionsPropertyKey(str), join, CACHED_ACTIONS_TIME_TO_LIVE_SECS);
        } catch (DynamicStatusStoreException e) {
            throw new RBACException("Failed to cache user actions", e);
        }
    }

    @Override // dev.galasa.framework.internal.rbac.CacheRBAC
    public synchronized boolean isActionPermitted(String str, String str2) throws RBACException {
        try {
            String str3 = this.dssService.get(getUserActionsPropertyKey(str));
            Set<String> hashSet = new HashSet();
            if (str3 == null) {
                IUser userFromAuthStore = getUserFromAuthStore(str);
                if (userFromAuthStore == null) {
                    this.logger.info("User does not have a user record. Permission denied.");
                } else {
                    hashSet = getUserActionsFromAuthStore(userFromAuthStore);
                    addUser(str, hashSet);
                }
            } else {
                hashSet = Set.of((Object[]) str3.split(","));
            }
            return hashSet.contains(str2);
        } catch (DynamicStatusStoreException e) {
            throw new RBACException("Error occurred when accessing the DSS", e);
        }
    }

    @Override // dev.galasa.framework.internal.rbac.CacheRBAC
    public synchronized void invalidateUser(String str) throws RBACException {
        try {
            this.dssService.delete(getUserActionsPropertyKey(str));
        } catch (DynamicStatusStoreException e) {
            throw new RBACException("Failed to delete cached user actions", e);
        }
    }

    private synchronized IUser getUserFromAuthStore(String str) throws RBACException {
        try {
            return this.authStoreService.getUserByLoginId(str);
        } catch (AuthStoreException e) {
            throw new RBACException("Internal Server Error: Authorisation store returned an unexpected failure when looking up a user record.", e);
        }
    }

    private Set<String> getUserActionsFromAuthStore(IUser iUser) throws RBACException {
        return new HashSet(this.rbacService.getRoleById(iUser.getRoleId()).getActionIds());
    }

    private String getUserActionsPropertyKey(String str) {
        return "user." + str + ".actions";
    }
}
