package com.netflix.spinnaker.fiat.roles.github;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.util.concurrent.ListenableFuture;
import com.google.common.util.concurrent.ListenableFutureTask;
import com.netflix.spinnaker.fiat.model.resources.Role;
import com.netflix.spinnaker.fiat.permissions.ExternalUser;
import com.netflix.spinnaker.fiat.roles.UserRolesProvider;
import com.netflix.spinnaker.fiat.roles.github.client.GitHubClient;
import com.netflix.spinnaker.fiat.roles.github.model.Member;
import com.netflix.spinnaker.fiat.roles.github.model.Team;
import com.netflix.spinnaker.kork.retrofit.Retrofit2SyncCall;
import com.netflix.spinnaker.kork.retrofit.exceptions.SpinnakerHttpException;
import com.netflix.spinnaker.kork.retrofit.exceptions.SpinnakerNetworkException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;

@ConditionalOnProperty(value = {"auth.group-membership.service"}, havingValue = "github")
@Component
/* loaded from: input_file:com/netflix/spinnaker/fiat/roles/github/GithubTeamsUserRolesProvider.class */
public class GithubTeamsUserRolesProvider implements UserRolesProvider, InitializingBean {
    private static final Logger log = LoggerFactory.getLogger(GithubTeamsUserRolesProvider.class);
    private static List<String> RATE_LIMITING_HEADERS = Arrays.asList("X-RateLimit-Limit", "X-RateLimit-Remaining", "X-RateLimit-Reset");

    @Autowired
    private GitHubClient gitHubClient;

    @Autowired
    private GitHubProperties gitHubProperties;
    private ExecutorService executor = Executors.newSingleThreadExecutor();
    private LoadingCache<String, Set<String>> membersCache;
    private LoadingCache<String, List<Team>> teamsCache;
    private LoadingCache<String, Set<String>> teamMembershipCache;
    private static final String ACTIVE = "active";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.netflix.spinnaker.fiat.roles.github.GithubTeamsUserRolesProvider$1, reason: invalid class name */
    /* loaded from: input_file:com/netflix/spinnaker/fiat/roles/github/GithubTeamsUserRolesProvider$1.class */
    public class AnonymousClass1 extends CacheLoader<String, Set<String>> {
        AnonymousClass1() {
        }

        public Set<String> load(String str) {
            HashSet hashSet = new HashSet();
            int i = 1;
            boolean z = true;
            do {
                int i2 = i;
                i++;
                List<Member> membersInOrgPaginated = GithubTeamsUserRolesProvider.this.getMembersInOrgPaginated(str, i2);
                membersInOrgPaginated.forEach(member -> {
                    hashSet.add(member.getLogin().toLowerCase());
                });
                if (membersInOrgPaginated.size() != GithubTeamsUserRolesProvider.this.gitHubProperties.paginationValue.intValue()) {
                    z = false;
                }
                GithubTeamsUserRolesProvider.log.debug("Got " + membersInOrgPaginated.size() + " members back. hasMorePages: " + z);
            } while (z);
            return hashSet;
        }

        public ListenableFuture<Set<String>> reload(final String str, Set<String> set) {
            Runnable create = ListenableFutureTask.create(new Callable<Set<String>>() { // from class: com.netflix.spinnaker.fiat.roles.github.GithubTeamsUserRolesProvider.1.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Set<String> call() {
                    return AnonymousClass1.this.load(str);
                }
            });
            GithubTeamsUserRolesProvider.this.executor.execute(create);
            return create;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.netflix.spinnaker.fiat.roles.github.GithubTeamsUserRolesProvider$2, reason: invalid class name */
    /* loaded from: input_file:com/netflix/spinnaker/fiat/roles/github/GithubTeamsUserRolesProvider$2.class */
    public class AnonymousClass2 extends CacheLoader<String, List<Team>> {
        AnonymousClass2() {
        }

        public List<Team> load(String str) {
            ArrayList arrayList = new ArrayList();
            int i = 1;
            boolean z = true;
            do {
                int i2 = i;
                i++;
                List<Team> teamsInOrgPaginated = GithubTeamsUserRolesProvider.this.getTeamsInOrgPaginated(str, i2);
                arrayList.addAll(teamsInOrgPaginated);
                if (teamsInOrgPaginated.size() != GithubTeamsUserRolesProvider.this.gitHubProperties.paginationValue.intValue()) {
                    z = false;
                }
                GithubTeamsUserRolesProvider.log.debug("Got " + teamsInOrgPaginated.size() + " teams back. hasMorePages: " + z);
            } while (z);
            return arrayList;
        }

        public ListenableFuture<List<Team>> reload(final String str, List<Team> list) {
            Runnable create = ListenableFutureTask.create(new Callable<List<Team>>() { // from class: com.netflix.spinnaker.fiat.roles.github.GithubTeamsUserRolesProvider.2.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public List<Team> call() {
                    return AnonymousClass2.this.load(str);
                }
            });
            GithubTeamsUserRolesProvider.this.executor.execute(create);
            return create;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.netflix.spinnaker.fiat.roles.github.GithubTeamsUserRolesProvider$3, reason: invalid class name */
    /* loaded from: input_file:com/netflix/spinnaker/fiat/roles/github/GithubTeamsUserRolesProvider$3.class */
    public class AnonymousClass3 extends CacheLoader<String, Set<String>> {
        AnonymousClass3() {
        }

        public Set<String> load(String str) {
            HashSet hashSet = new HashSet();
            int i = 1;
            boolean z = true;
            do {
                int i2 = i;
                i++;
                List<Member> membersInTeamPaginated = GithubTeamsUserRolesProvider.this.getMembersInTeamPaginated(GithubTeamsUserRolesProvider.this.gitHubProperties.getOrganization(), str, i2);
                membersInTeamPaginated.forEach(member -> {
                    hashSet.add(member.getLogin().toLowerCase());
                });
                if (membersInTeamPaginated.size() != GithubTeamsUserRolesProvider.this.gitHubProperties.paginationValue.intValue()) {
                    z = false;
                }
                GithubTeamsUserRolesProvider.log.debug("Got " + membersInTeamPaginated.size() + " teams back. hasMorePages: " + z);
            } while (z);
            return hashSet;
        }

        public ListenableFuture<Set<String>> reload(final String str, Set<String> set) {
            Runnable create = ListenableFutureTask.create(new Callable<Set<String>>() { // from class: com.netflix.spinnaker.fiat.roles.github.GithubTeamsUserRolesProvider.3.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Set<String> call() {
                    return AnonymousClass3.this.load(str);
                }
            });
            GithubTeamsUserRolesProvider.this.executor.execute(create);
            return create;
        }
    }

    /* loaded from: input_file:com/netflix/spinnaker/fiat/roles/github/GithubTeamsUserRolesProvider$OrgMembershipKey.class */
    private class OrgMembershipKey {
        private final String organization;
        private final String username;

        public OrgMembershipKey(String str, String str2) {
            this.organization = str;
            this.username = str2;
        }

        public String getOrganization() {
            return this.organization;
        }

        public String getUsername() {
            return this.username;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof OrgMembershipKey)) {
                return false;
            }
            OrgMembershipKey orgMembershipKey = (OrgMembershipKey) obj;
            if (!orgMembershipKey.canEqual(this)) {
                return false;
            }
            String organization = getOrganization();
            String organization2 = orgMembershipKey.getOrganization();
            if (organization == null) {
                if (organization2 != null) {
                    return false;
                }
            } else if (!organization.equals(organization2)) {
                return false;
            }
            String username = getUsername();
            String username2 = orgMembershipKey.getUsername();
            return username == null ? username2 == null : username.equals(username2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof OrgMembershipKey;
        }

        public int hashCode() {
            String organization = getOrganization();
            int hashCode = (1 * 59) + (organization == null ? 43 : organization.hashCode());
            String username = getUsername();
            return (hashCode * 59) + (username == null ? 43 : username.hashCode());
        }

        public String toString() {
            return "GithubTeamsUserRolesProvider.OrgMembershipKey(organization=" + getOrganization() + ", username=" + getUsername() + ")";
        }
    }

    /* loaded from: input_file:com/netflix/spinnaker/fiat/roles/github/GithubTeamsUserRolesProvider$TeamMembershipKey.class */
    private class TeamMembershipKey {
        private final Long teamId;
        private final String username;

        public TeamMembershipKey(Long l, String str) {
            this.teamId = l;
            this.username = str;
        }

        public Long getTeamId() {
            return this.teamId;
        }

        public String getUsername() {
            return this.username;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof TeamMembershipKey)) {
                return false;
            }
            TeamMembershipKey teamMembershipKey = (TeamMembershipKey) obj;
            if (!teamMembershipKey.canEqual(this)) {
                return false;
            }
            Long teamId = getTeamId();
            Long teamId2 = teamMembershipKey.getTeamId();
            if (teamId == null) {
                if (teamId2 != null) {
                    return false;
                }
            } else if (!teamId.equals(teamId2)) {
                return false;
            }
            String username = getUsername();
            String username2 = teamMembershipKey.getUsername();
            return username == null ? username2 == null : username.equals(username2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof TeamMembershipKey;
        }

        public int hashCode() {
            Long teamId = getTeamId();
            int hashCode = (1 * 59) + (teamId == null ? 43 : teamId.hashCode());
            String username = getUsername();
            return (hashCode * 59) + (username == null ? 43 : username.hashCode());
        }

        public String toString() {
            return "GithubTeamsUserRolesProvider.TeamMembershipKey(teamId=" + getTeamId() + ", username=" + getUsername() + ")";
        }
    }

    public void afterPropertiesSet() throws Exception {
        Assert.state(this.gitHubProperties.getOrganization() != null, "Supply an organization");
        Assert.state(this.gitHubProperties.getBaseUrl() != null, "Supply a base url");
        initializeMembersCache();
        initializeTeamsCache();
        initializeTeamMembershipCache();
    }

    private void initializeMembersCache() {
        this.membersCache = CacheBuilder.newBuilder().maximumSize(1L).refreshAfterWrite(this.gitHubProperties.getMembershipCacheTTLSeconds().intValue(), TimeUnit.SECONDS).build(new AnonymousClass1());
    }

    private void initializeTeamsCache() {
        this.teamsCache = CacheBuilder.newBuilder().maximumSize(1L).refreshAfterWrite(this.gitHubProperties.getMembershipCacheTTLSeconds().intValue(), TimeUnit.SECONDS).build(new AnonymousClass2());
    }

    private void initializeTeamMembershipCache() {
        this.teamMembershipCache = CacheBuilder.newBuilder().maximumSize(this.gitHubProperties.getMembershipCacheTeamsSize().intValue()).refreshAfterWrite(this.gitHubProperties.getMembershipCacheTTLSeconds().intValue(), TimeUnit.SECONDS).build(new AnonymousClass3());
    }

    public List<Role> loadRoles(ExternalUser externalUser) {
        String id = externalUser.getId();
        log.debug("loadRoles for user " + id);
        if (StringUtils.isEmpty(id) || StringUtils.isEmpty(this.gitHubProperties.getOrganization())) {
            return new ArrayList();
        }
        if (!isMemberOfOrg(id)) {
            log.debug(id + "is not a member of organization " + this.gitHubProperties.getOrganization());
            return new ArrayList();
        }
        log.debug(id + "is a member of organization " + this.gitHubProperties.getOrganization());
        ArrayList arrayList = new ArrayList();
        arrayList.add(toRole(this.gitHubProperties.getOrganization()));
        List<Team> teams = getTeams();
        log.debug("Found " + teams.size() + " teams in org.");
        teams.forEach(team -> {
            String str;
            String str2 = id + " is a member of team " + team.getName();
            if (isMemberOfTeam(team, id)) {
                arrayList.add(toRole(team.getSlug()));
                str = str2 + ": true";
            } else {
                str = str2 + ": false";
            }
            log.debug(str);
        });
        return arrayList;
    }

    private boolean isMemberOfOrg(String str) {
        boolean z = false;
        try {
            z = ((Set) this.membersCache.get(this.gitHubProperties.getOrganization())).contains(str.toLowerCase());
        } catch (ExecutionException e) {
            log.error("Failed to read from cache when getting org membership", e);
        }
        return z;
    }

    private List<Team> getTeams() {
        try {
            return (List) this.teamsCache.get(this.gitHubProperties.getOrganization());
        } catch (ExecutionException e) {
            log.error("Failed to read from cache when getting teams", e);
            return Collections.emptyList();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v13, types: [java.util.List] */
    private List<Team> getTeamsInOrgPaginated(String str, int i) {
        ArrayList arrayList = new ArrayList();
        try {
            log.debug("Requesting page " + i + " of teams.");
            arrayList = (List) Retrofit2SyncCall.execute(this.gitHubClient.getOrgTeams(str, i, this.gitHubProperties.paginationValue.intValue()));
        } catch (SpinnakerHttpException e) {
            if (e.getResponseCode() != HttpStatus.NOT_FOUND.value()) {
                handleNon404s(e);
                throw e;
            }
            log.error("404 when getting teams", e);
        } catch (SpinnakerNetworkException e2) {
            log.error(String.format("Could not find the server %s", this.gitHubProperties.getBaseUrl()), e2);
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v13, types: [java.util.List] */
    private List<Member> getMembersInOrgPaginated(String str, int i) {
        ArrayList arrayList = new ArrayList();
        try {
            log.debug("Requesting page " + i + " of members.");
            arrayList = (List) Retrofit2SyncCall.execute(this.gitHubClient.getOrgMembers(str, i, this.gitHubProperties.paginationValue.intValue()));
        } catch (SpinnakerHttpException e) {
            if (e.getResponseCode() != HttpStatus.NOT_FOUND.value()) {
                handleNon404s(e);
                throw e;
            }
            log.error("404 when getting members", e);
        } catch (SpinnakerNetworkException e2) {
            log.error(String.format("Could not find the server %s", this.gitHubProperties.getBaseUrl()), e2);
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v13, types: [java.util.List] */
    private List<Member> getMembersInTeamPaginated(String str, String str2, int i) {
        ArrayList arrayList = new ArrayList();
        try {
            log.debug("Requesting page " + i + " of members team " + str2 + ".");
            arrayList = (List) Retrofit2SyncCall.execute(this.gitHubClient.getMembersOfTeam(str, str2, i, this.gitHubProperties.paginationValue.intValue()));
        } catch (SpinnakerNetworkException e) {
            log.error(String.format("Could not find the server %s", this.gitHubProperties.getBaseUrl()), e);
        } catch (SpinnakerHttpException e2) {
            if (e2.getResponseCode() != HttpStatus.NOT_FOUND.value()) {
                handleNon404s(e2);
                throw e2;
            }
            log.error("404 when getting members of team", e2);
        }
        return arrayList;
    }

    private boolean isMemberOfTeam(Team team, String str) {
        try {
            return ((Set) this.teamMembershipCache.get(team.getSlug())).contains(str.toLowerCase());
        } catch (ExecutionException e) {
            log.error("Failed to read from cache when getting team membership", e);
            return false;
        }
    }

    private void handleNon404s(SpinnakerHttpException spinnakerHttpException) {
        String str = "";
        if (spinnakerHttpException.getResponseCode() == HttpStatus.UNAUTHORIZED.value()) {
            str = "HTTP 401 Unauthorized.";
        } else if (spinnakerHttpException.getResponseCode() == HttpStatus.FORBIDDEN.value()) {
            HttpHeaders headers = spinnakerHttpException.getHeaders();
            Stream<String> stream = RATE_LIMITING_HEADERS.stream();
            Objects.requireNonNull(headers);
            Stream<String> filter = stream.filter((v1) -> {
                return r1.containsKey(v1);
            });
            Objects.requireNonNull(headers);
            str = "HTTP 403 Forbidden. Rate limit info: " + StringUtils.join((List) filter.map(headers::getFirst).collect(Collectors.toList()), ", ");
        }
        log.error(str, spinnakerHttpException);
    }

    private static Role toRole(String str) {
        return new Role().setName(str.toLowerCase()).setSource(Role.Source.GITHUB_TEAMS);
    }

    public Map<String, Collection<Role>> multiLoadRoles(Collection<ExternalUser> collection) {
        if (collection == null || collection.isEmpty()) {
            return new HashMap();
        }
        HashMap hashMap = new HashMap();
        collection.forEach(externalUser -> {
            hashMap.put(externalUser.getId(), loadRoles(externalUser));
        });
        return hashMap;
    }

    public GithubTeamsUserRolesProvider setGitHubClient(GitHubClient gitHubClient) {
        this.gitHubClient = gitHubClient;
        return this;
    }

    public GithubTeamsUserRolesProvider setGitHubProperties(GitHubProperties gitHubProperties) {
        this.gitHubProperties = gitHubProperties;
        return this;
    }
}
