package com.bazaarvoice.emodb.web.auth;

import com.bazaarvoice.emodb.auth.InternalAuthorizer;
import com.bazaarvoice.emodb.common.dropwizard.time.ClockTicker;
import com.bazaarvoice.emodb.databus.auth.ConstantDatabusAuthorizer;
import com.bazaarvoice.emodb.databus.auth.DatabusAuthorizer;
import com.bazaarvoice.emodb.databus.model.OwnedSubscription;
import com.bazaarvoice.emodb.web.auth.resource.NamedResource;
import com.codahale.metrics.Gauge;
import com.codahale.metrics.MetricRegistry;
import com.google.common.base.Objects;
import com.google.common.base.Preconditions;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.inject.Inject;
import java.time.Clock;
import java.util.concurrent.TimeUnit;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.permission.PermissionResolver;
import org.joda.time.Duration;

/* loaded from: input_file:com/bazaarvoice/emodb/web/auth/OwnerDatabusAuthorizer.class */
public class OwnerDatabusAuthorizer implements DatabusAuthorizer {
    private static final int DEFAULT_PERMISSION_CHECK_CACHE_SIZE = 1000;
    private static final Duration DEFAULT_PERMISSION_CHECK_CACHE_TIMEOUT = Duration.standardSeconds(2);
    private static final Duration MAX_PERMISSION_CHECK_CACHE_TIMEOUT = Duration.standardSeconds(5);
    private static final int DEFAULT_READ_PERMISSION_CACHE_SIZE = 200;
    private final InternalAuthorizer _internalAuthorizer;
    private final LoadingCache<OwnerTableCacheKey, Boolean> _permissionCheckCache;
    private final LoadingCache<String, Permission> _readPermissionCache;
    private final PermissionResolver _permissionResolver;

    /* loaded from: input_file:com/bazaarvoice/emodb/web/auth/OwnerDatabusAuthorizer$OwnerDatabusAuthorizerForOwner.class */
    private class OwnerDatabusAuthorizerForOwner implements DatabusAuthorizer.DatabusAuthorizerByOwner {
        private final String _ownerId;

        private OwnerDatabusAuthorizerForOwner(String str) {
            this._ownerId = str;
        }

        @Override // com.bazaarvoice.emodb.databus.auth.DatabusAuthorizer.DatabusAuthorizerByOwner
        public boolean canAccessSubscription(OwnedSubscription ownedSubscription) {
            return this._ownerId.equals(ownedSubscription.getOwnerId()) || OwnerDatabusAuthorizer.this._internalAuthorizer.hasPermissionByInternalId(this._ownerId, Permissions.assumeDatabusSubscriptionOwnership(new NamedResource(ownedSubscription.getName())));
        }

        @Override // com.bazaarvoice.emodb.databus.auth.DatabusAuthorizer.DatabusAuthorizerByOwner
        public boolean canReceiveEventsFromTable(String str) {
            return OwnerDatabusAuthorizer.this._permissionCheckCache != null ? ((Boolean) OwnerDatabusAuthorizer.this._permissionCheckCache.getUnchecked(new OwnerTableCacheKey(this._ownerId, str))).booleanValue() : OwnerDatabusAuthorizer.this.ownerCanReadTable(this._ownerId, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/bazaarvoice/emodb/web/auth/OwnerDatabusAuthorizer$OwnerTableCacheKey.class */
    public static class OwnerTableCacheKey {
        private final String _ownerId;
        private final String _table;
        private final int _hashCode;

        private OwnerTableCacheKey(String str, String str2) {
            this._ownerId = str;
            this._table = str2;
            this._hashCode = Objects.hashCode(str, str2);
        }

        public int hashCode() {
            return this._hashCode;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof OwnerTableCacheKey)) {
                return false;
            }
            OwnerTableCacheKey ownerTableCacheKey = (OwnerTableCacheKey) obj;
            return this._ownerId.equals(ownerTableCacheKey._ownerId) && this._table.equals(ownerTableCacheKey._table);
        }
    }

    @Inject
    public OwnerDatabusAuthorizer(InternalAuthorizer internalAuthorizer, PermissionResolver permissionResolver, MetricRegistry metricRegistry, Clock clock) {
        this(internalAuthorizer, permissionResolver, metricRegistry, clock, 1000, DEFAULT_PERMISSION_CHECK_CACHE_TIMEOUT, 200);
    }

    public OwnerDatabusAuthorizer(InternalAuthorizer internalAuthorizer, PermissionResolver permissionResolver, MetricRegistry metricRegistry, Clock clock, int i, Duration duration, int i2) {
        this._internalAuthorizer = (InternalAuthorizer) Preconditions.checkNotNull(internalAuthorizer, "internalAuthorizer");
        this._permissionResolver = (PermissionResolver) Preconditions.checkNotNull(permissionResolver, "permissionResolver");
        if (i > 0) {
            Preconditions.checkNotNull(duration, "permissionCheckCacheTimeout");
            Preconditions.checkArgument(!duration.isLongerThan(MAX_PERMISSION_CHECK_CACHE_TIMEOUT), "Permission check cache timeout is too long");
            this._permissionCheckCache = CacheBuilder.newBuilder().maximumSize(i).expireAfterWrite(duration.getMillis(), TimeUnit.MILLISECONDS).recordStats().ticker(ClockTicker.getTicker(clock)).build(new CacheLoader<OwnerTableCacheKey, Boolean>() { // from class: com.bazaarvoice.emodb.web.auth.OwnerDatabusAuthorizer.1
                @Override // com.google.common.cache.CacheLoader
                public Boolean load(OwnerTableCacheKey ownerTableCacheKey) throws Exception {
                    return Boolean.valueOf(OwnerDatabusAuthorizer.this.ownerCanReadTable(ownerTableCacheKey._ownerId, ownerTableCacheKey._table));
                }
            });
            if (metricRegistry != null) {
                metricRegistry.register(MetricRegistry.name("bv.emodb.databus", "authorizer", "read-permission-cache", "hits"), new Gauge<Long>() { // from class: com.bazaarvoice.emodb.web.auth.OwnerDatabusAuthorizer.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // com.codahale.metrics.Gauge
                    public Long getValue() {
                        return Long.valueOf(OwnerDatabusAuthorizer.this._permissionCheckCache.stats().hitCount());
                    }
                });
                metricRegistry.register(MetricRegistry.name("bv.emodb.databus", "authorizer", "read-permission-cache", "misses"), new Gauge<Long>() { // from class: com.bazaarvoice.emodb.web.auth.OwnerDatabusAuthorizer.3
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // com.codahale.metrics.Gauge
                    public Long getValue() {
                        return Long.valueOf(OwnerDatabusAuthorizer.this._permissionCheckCache.stats().missCount());
                    }
                });
            }
        } else {
            this._permissionCheckCache = null;
        }
        if (i2 > 0) {
            this._readPermissionCache = CacheBuilder.newBuilder().maximumSize(i2).ticker(ClockTicker.getTicker(clock)).build(new CacheLoader<String, Permission>() { // from class: com.bazaarvoice.emodb.web.auth.OwnerDatabusAuthorizer.4
                @Override // com.google.common.cache.CacheLoader
                public Permission load(String str) throws Exception {
                    return OwnerDatabusAuthorizer.this.createReadPermission(str);
                }
            });
        } else {
            this._readPermissionCache = null;
        }
    }

    @Override // com.bazaarvoice.emodb.databus.auth.DatabusAuthorizer
    public DatabusAuthorizer.DatabusAuthorizerByOwner owner(String str) {
        return str != null ? new OwnerDatabusAuthorizerForOwner(str) : ConstantDatabusAuthorizer.ALLOW_ALL.owner(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean ownerCanReadTable(String str, String str2) {
        return this._internalAuthorizer.hasPermissionByInternalId(str, getReadPermission(str2));
    }

    private Permission getReadPermission(String str) {
        return this._readPermissionCache != null ? this._readPermissionCache.getUnchecked(str) : createReadPermission(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Permission createReadPermission(String str) {
        return this._permissionResolver.resolvePermission(Permissions.readSorTable(new NamedResource(str)));
    }
}
