package com.netflix.spinnaker.fiat.providers;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.collect.ImmutableSet;
import com.google.common.util.concurrent.UncheckedExecutionException;
import com.netflix.spinnaker.fiat.config.ProviderCacheConfig;
import com.netflix.spinnaker.fiat.model.resources.Resource;
import com.netflix.spinnaker.fiat.model.resources.Role;
import java.util.Collection;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.scheduling.annotation.Scheduled;

/* loaded from: input_file:com/netflix/spinnaker/fiat/providers/BaseResourceProvider.class */
public abstract class BaseResourceProvider<R extends Resource> implements ResourceProvider<R> {
    private static final Logger log = LoggerFactory.getLogger(BaseResourceProvider.class);
    private static final Integer CACHE_KEY = 0;
    private Cache<Integer, Set<R>> cache = buildCache(20);

    @Override // com.netflix.spinnaker.fiat.providers.ResourceProvider
    public Set<R> getAllRestricted(@NonNull String str, @NonNull Set<Role> set, boolean z) throws ProviderException {
        if (str == null) {
            throw new IllegalArgumentException("userId is marked non-null but is null");
        }
        if (set == null) {
            throw new IllegalArgumentException("userRoles is marked non-null but is null");
        }
        return (Set) getAll().stream().filter(resource -> {
            return resource instanceof Resource.AccessControlled;
        }).map(resource2 -> {
            return (Resource.AccessControlled) resource2;
        }).filter(accessControlled -> {
            return accessControlled.getPermissions().isRestricted();
        }).filter(accessControlled2 -> {
            return accessControlled2.getPermissions().isAuthorized(set) || z;
        }).collect(Collectors.toSet());
    }

    @Override // com.netflix.spinnaker.fiat.providers.ResourceProvider
    public Set<R> getAllUnrestricted() throws ProviderException {
        return (Set) getAll().stream().filter(resource -> {
            return resource instanceof Resource.AccessControlled;
        }).map(resource2 -> {
            return (Resource.AccessControlled) resource2;
        }).filter(accessControlled -> {
            return !accessControlled.getPermissions().isRestricted();
        }).collect(Collectors.toSet());
    }

    @Override // com.netflix.spinnaker.fiat.providers.ResourceProvider
    public Set<R> getAll() throws ProviderException {
        try {
            return ImmutableSet.copyOf((Collection) this.cache.get(CACHE_KEY, this::loadAll));
        } catch (ExecutionException | UncheckedExecutionException e) {
            if (e.getCause() instanceof ProviderException) {
                throw ((ProviderException) e.getCause());
            }
            throw new ProviderException(getClass(), e.getCause());
        }
    }

    @Autowired
    public void setProviderCacheConfig(ProviderCacheConfig providerCacheConfig) {
        this.cache = buildCache(providerCacheConfig.getExpiresAfterWriteSeconds());
    }

    private Cache<Integer, Set<R>> buildCache(int i) {
        return CacheBuilder.newBuilder().expireAfterWrite(i, TimeUnit.SECONDS).maximumSize(1L).build();
    }

    @Scheduled(fixedRateString = "${fiat.cache.refresh-interval:PT15S}")
    public void reloadCache() {
        this.cache.put(CACHE_KEY, loadAll());
    }

    @Override // com.netflix.spinnaker.fiat.providers.ResourceProvider
    public void clearCache() {
        this.cache.invalidate(CACHE_KEY);
    }

    protected abstract Set<R> loadAll() throws ProviderException;
}
