package eu.openanalytics.containerproxy.service;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.Scheduler;
import eu.openanalytics.containerproxy.model.spec.ProxySpec;
import eu.openanalytics.containerproxy.spec.IProxySpecProvider;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
import org.springframework.stereotype.Service;
import org.springframework.web.context.request.RequestContextHolder;

@Service
/* loaded from: input_file:BOOT-INF/lib/containerproxy-1.2.0.jar:eu/openanalytics/containerproxy/service/ProxyAccessControlService.class */
public class ProxyAccessControlService {
    private final ProxyService proxyService;
    private final IProxySpecProvider specProvider;
    private final AccessControlEvaluationService accessControlEvaluationService;
    private final Cache<SessionIdAndSpecId, Boolean> authorizationCache = Caffeine.newBuilder().scheduler(Scheduler.systemScheduler()).expireAfterAccess(60, TimeUnit.MINUTES).build();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/containerproxy-1.2.0.jar:eu/openanalytics/containerproxy/service/ProxyAccessControlService$SessionIdAndSpecId.class */
    public static final class SessionIdAndSpecId extends Record {
        private final String userId;
        private final String specId;

        private SessionIdAndSpecId(String str, String str2) {
            this.userId = str;
            this.specId = str2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, SessionIdAndSpecId.class), SessionIdAndSpecId.class, "userId;specId", "FIELD:Leu/openanalytics/containerproxy/service/ProxyAccessControlService$SessionIdAndSpecId;->userId:Ljava/lang/String;", "FIELD:Leu/openanalytics/containerproxy/service/ProxyAccessControlService$SessionIdAndSpecId;->specId:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, SessionIdAndSpecId.class), SessionIdAndSpecId.class, "userId;specId", "FIELD:Leu/openanalytics/containerproxy/service/ProxyAccessControlService$SessionIdAndSpecId;->userId:Ljava/lang/String;", "FIELD:Leu/openanalytics/containerproxy/service/ProxyAccessControlService$SessionIdAndSpecId;->specId:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, SessionIdAndSpecId.class, Object.class), SessionIdAndSpecId.class, "userId;specId", "FIELD:Leu/openanalytics/containerproxy/service/ProxyAccessControlService$SessionIdAndSpecId;->userId:Ljava/lang/String;", "FIELD:Leu/openanalytics/containerproxy/service/ProxyAccessControlService$SessionIdAndSpecId;->specId:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String userId() {
            return this.userId;
        }

        public String specId() {
            return this.specId;
        }
    }

    public ProxyAccessControlService(ProxyService proxyService, IProxySpecProvider iProxySpecProvider, AccessControlEvaluationService accessControlEvaluationService) {
        this.proxyService = proxyService;
        this.specProvider = iProxySpecProvider;
        this.accessControlEvaluationService = accessControlEvaluationService;
    }

    public boolean canAccess(Authentication authentication, String str) {
        return canAccess(authentication, this.specProvider.getSpec(str));
    }

    public boolean canAccessOrHasExistingProxy(Authentication authentication, RequestAuthorizationContext requestAuthorizationContext) {
        if (!requestAuthorizationContext.getVariables().containsKey("specId")) {
            return false;
        }
        String str = requestAuthorizationContext.getVariables().get("specId");
        ProxySpec spec = this.specProvider.getSpec(str);
        return spec != null ? canAccess(authentication, spec) : this.proxyService.getUserProxiesBySpecId(str).findAny().isPresent();
    }

    public boolean canAccess(Authentication authentication, ProxySpec proxySpec) {
        if (authentication == null || proxySpec == null) {
            return false;
        }
        Optional<String> sessionId = getSessionId();
        return sessionId.isEmpty() ? checkAccess(authentication, proxySpec) : this.authorizationCache.get(new SessionIdAndSpecId(sessionId.get(), proxySpec.getId()), sessionIdAndSpecId -> {
            return Boolean.valueOf(checkAccess(authentication, proxySpec));
        }).booleanValue();
    }

    private Optional<String> getSessionId() {
        return Optional.ofNullable(RequestContextHolder.getRequestAttributes()).map((v0) -> {
            return v0.getSessionId();
        });
    }

    private boolean checkAccess(Authentication authentication, ProxySpec proxySpec) {
        return this.accessControlEvaluationService.checkAccess(authentication, proxySpec, proxySpec.getAccessControl(), new Object[0]);
    }
}
