package io.bosonnetwork.access.impl;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import io.bosonnetwork.Id;
import io.bosonnetwork.Node;
import io.bosonnetwork.NodeStatusListener;
import io.bosonnetwork.utils.ThreadLocals;
import java.io.File;
import java.io.IOException;
import java.nio.file.FileSystems;
import java.nio.file.Path;
import java.nio.file.StandardWatchEventKinds;
import java.nio.file.WatchEvent;
import java.nio.file.WatchKey;
import java.nio.file.WatchService;
import java.util.Collections;
import java.util.EnumMap;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.CancellationException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/bosonnetwork/access/impl/AccessManager.class */
public class AccessManager implements io.bosonnetwork.access.AccessManager {
    private Path repo;
    private Path defaults;
    private Path acls;
    private WatchService watchService;
    private WatchKey keyDefaults;
    private WatchKey keyAcls;
    private Map<Subscription, AccessControlList> defaultACLs;
    private LoadingCache<Id, AccessControlList> cache;
    public static AccessControlList DEFAULT = new AccessControlList(Subscription.Free, Collections.emptyMap());
    private static final Logger log = LoggerFactory.getLogger(AccessManager.class);

    public AccessManager(Path path) {
        this.repo = path.toAbsolutePath();
        this.defaults = this.repo.resolve("defaults");
        this.acls = this.repo.resolve("acls");
    }

    public AccessManager(File file) throws IOException {
        this(file.toPath());
    }

    public AccessManager(String str) throws IOException {
        this(Path.of(str, new String[0]));
    }

    public void init(final Node node) throws IOException {
        if (node == null) {
            return;
        }
        this.watchService = FileSystems.getDefault().newWatchService();
        this.keyDefaults = this.defaults.register(this.watchService, StandardWatchEventKinds.ENTRY_CREATE, StandardWatchEventKinds.ENTRY_DELETE, StandardWatchEventKinds.ENTRY_MODIFY);
        this.keyAcls = this.acls.register(this.watchService, StandardWatchEventKinds.ENTRY_CREATE, StandardWatchEventKinds.ENTRY_DELETE, StandardWatchEventKinds.ENTRY_MODIFY);
        log.debug("Registered the watcher for the access control repo");
        this.cache = CacheBuilder.newBuilder().initialCapacity(32).maximumSize(256L).build(new CacheLoader<Id, AccessControlList>() { // from class: io.bosonnetwork.access.impl.AccessManager.1
            public AccessControlList load(Id id) {
                return AccessManager.this.loadNodeACL(id);
            }
        });
        log.debug("Initialized the access control list cache");
        loadDefaults();
        node.addStatusListener(new NodeStatusListener() { // from class: io.bosonnetwork.access.impl.AccessManager.2
            ScheduledFuture<?> future;

            public void started() {
                this.future = node.getScheduler().scheduleWithFixedDelay(() -> {
                    AccessManager.this.processRepoChanges();
                }, 60L, 60L, TimeUnit.SECONDS);
            }

            public void stopping() {
                this.future.cancel(false);
                try {
                    this.future.get();
                } catch (InterruptedException | CancellationException | ExecutionException e) {
                }
                AccessManager.this.keyDefaults.cancel();
                AccessManager.this.keyAcls.cancel();
                try {
                    AccessManager.this.watchService.close();
                } catch (IOException e2) {
                }
                AccessManager.this.cache.invalidateAll();
                AccessManager.this.cache.cleanUp();
                AccessManager.log.info("Finished the cleanup");
            }
        });
        log.info("Initialized @ {}", this.repo);
    }

    private AccessControlList loadACL(File file) throws IOException {
        log.trace("Loading the access control list from: {}", file);
        return (AccessControlList) ThreadLocals.ObjectMapper().readValue(file, AccessControlList.class);
    }

    private void saveACL(File file, AccessControlList accessControlList) throws IOException {
        ThreadLocals.ObjectMapper().writeValue(file, accessControlList);
    }

    private void loadDefaults() {
        AccessControlList accessControlList;
        log.debug("Loading the default access control lists...");
        EnumSet allOf = EnumSet.allOf(Subscription.class);
        this.defaultACLs = new EnumMap(Subscription.class);
        Iterator it = allOf.iterator();
        while (it.hasNext()) {
            Subscription subscription = (Subscription) it.next();
            File file = this.defaults.resolve(subscription.name()).toFile();
            if (!file.exists() || file.isDirectory()) {
                log.debug("No access control list defined for: {}, using default", subscription);
                accessControlList = new AccessControlList(subscription);
            } else {
                log.debug("Loading access control list for: {}", subscription);
                try {
                    accessControlList = loadACL(file);
                } catch (IOException e) {
                    log.error("Load access control list from " + file + " failed. using default", e);
                    accessControlList = new AccessControlList(subscription);
                }
            }
            this.defaultACLs.put(accessControlList.getSubscription(), accessControlList);
        }
    }

    private AccessControlList loadNodeACL(Id id) {
        AccessControlList accessControlList;
        log.debug("Loading the access control list for: {}", id);
        File file = this.acls.resolve(id.toString()).toFile();
        if (!file.exists() || file.isDirectory()) {
            log.debug("No access control list file for: {}, using default", id);
            return DEFAULT;
        }
        try {
            accessControlList = loadACL(file);
            accessControlList.seal();
        } catch (IOException e) {
            log.error("Load access control list from " + file + " failed. using default", e);
            accessControlList = DEFAULT;
        }
        return accessControlList;
    }

    private void processRepoChanges() {
        log.debug("Checking the repo changes...");
        while (true) {
            WatchKey poll = this.watchService.poll();
            if (poll == null) {
                return;
            }
            for (WatchEvent<?> watchEvent : poll.pollEvents()) {
                WatchEvent.Kind<?> kind = watchEvent.kind();
                if (kind == StandardWatchEventKinds.ENTRY_CREATE || kind == StandardWatchEventKinds.ENTRY_MODIFY || kind == StandardWatchEventKinds.ENTRY_DELETE) {
                    Path path = (Path) watchEvent.context();
                    if (poll == this.keyAcls) {
                        Id of = Id.of(path.getFileName().toString());
                        log.debug("Access control list for {} changed, invalidate the cached entry", of);
                        this.cache.invalidate(of);
                    } else if (poll == this.keyDefaults) {
                        try {
                            AccessControlList loadACL = loadACL(this.defaults.resolve(path).toFile());
                            log.debug("Default access control list for {} changed, reload", loadACL.getSubscription());
                            this.defaultACLs.put(loadACL.getSubscription(), loadACL);
                        } catch (IOException e) {
                            log.error("Load default access control list from " + path + " failed, ignore changes!", e);
                        }
                    }
                }
            }
            poll.reset();
        }
    }

    public io.bosonnetwork.access.Permission getPermission(Id id, String str) {
        AccessControlList accessControlList;
        try {
            accessControlList = (AccessControlList) this.cache.get(id);
        } catch (ExecutionException e) {
            accessControlList = DEFAULT;
        }
        Permission permission = accessControlList.getPermission(str);
        if (permission == null) {
            permission = this.defaultACLs.get(accessControlList.getSubscription()).getPermission(str);
        }
        return permission;
    }

    public boolean allow(Id id, String str) {
        return getPermission(id, str).isAllow();
    }

    public AccessControlList getDefault(Subscription subscription) throws IOException {
        File file = this.defaults.resolve(subscription.name()).toFile();
        if (file.exists()) {
            return loadACL(file);
        }
        throw new IOException("ACL for " + subscription + " not exists");
    }

    public AccessControlList allow(Id id, Subscription subscription) throws IOException {
        File file = this.acls.resolve(id.toString()).toFile();
        AccessControlList accessControlList = new AccessControlList(subscription);
        saveACL(file, accessControlList);
        return accessControlList;
    }

    public AccessControlList deny(Id id) throws IOException {
        File file = this.acls.resolve(id.toString()).toFile();
        AccessControlList accessControlList = new AccessControlList(Subscription.Blocked);
        saveACL(file, accessControlList);
        return accessControlList;
    }

    public void remove(Id id) throws IOException {
        File file = this.acls.resolve(id.toString()).toFile();
        if (file.exists() && !file.delete()) {
            throw new IOException("ACL for " + id + " can not be delete");
        }
    }

    public AccessControlList get(Id id) throws IOException {
        File file = this.acls.resolve(id.toString()).toFile();
        if (!file.exists()) {
            return null;
        }
        AccessControlList loadACL = loadACL(file);
        loadACL.seal();
        return loadACL;
    }
}
