package com.uid2.shared.auth;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.uid2.shared.auth.IAuthorizable;
import com.uid2.shared.secret.KeyHasher;
import io.micrometer.core.instrument.Counter;
import io.micrometer.core.instrument.Metrics;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/uid2/shared/auth/AuthorizableStore.class */
public class AuthorizableStore<T extends IAuthorizable> {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizableStore.class);
    private static final Pattern KEY_PATTERN = Pattern.compile("(?:UID2|EUID)-[CO]-[LTIP]-([0-9]+)-.{6}\\..{38}");
    private static final KeyHasher KEY_HASHER = new KeyHasher();
    private static final int CACHE_MAX_SIZE = 100000;
    private final AtomicReference<AuthorizableStore<T>.AuthorizableStoreSnapshot> authorizables = new AtomicReference<>(new AuthorizableStoreSnapshot(new ArrayList()));
    private final Cache<String, String> keyToHashCache = createCache();
    private final Counter keyToHashTotalCounter;
    private final Counter keyToHashMissCounter;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/uid2/shared/auth/AuthorizableStore$AuthorizableStoreSnapshot.class */
    public class AuthorizableStoreSnapshot {
        private final Map<ByteBuffer, T> hashToAuthorizableMap;
        private final Map<Integer, List<byte[]>> siteIdToSaltsMap;
        private final List<byte[]> salts;

        public AuthorizableStoreSnapshot(Collection<T> collection) {
            this.hashToAuthorizableMap = (Map) collection.stream().collect(Collectors.toMap(iAuthorizable -> {
                return AuthorizableStore.this.wrapHashToByteBuffer(iAuthorizable.getKeyHash());
            }, iAuthorizable2 -> {
                return iAuthorizable2;
            }));
            this.siteIdToSaltsMap = (Map) collection.stream().filter(iAuthorizable3 -> {
                return iAuthorizable3.getSiteId() != null;
            }).collect(Collectors.groupingBy((v0) -> {
                return v0.getSiteId();
            }, Collectors.mapping(iAuthorizable4 -> {
                return AuthorizableStore.this.convertBase64StringToBytes(iAuthorizable4.getKeySalt());
            }, Collectors.toList())));
            this.salts = (List) collection.stream().map(iAuthorizable5 -> {
                return AuthorizableStore.this.convertBase64StringToBytes(iAuthorizable5.getKeySalt());
            }).collect(Collectors.toList());
        }

        public T getAuthorizableByHash(ByteBuffer byteBuffer) {
            return this.hashToAuthorizableMap.get(byteBuffer);
        }

        public List<byte[]> getSaltsBySiteId(int i) {
            return this.siteIdToSaltsMap.getOrDefault(Integer.valueOf(i), List.of());
        }

        public List<byte[]> getSalts() {
            return this.salts;
        }
    }

    public AuthorizableStore(Class<T> cls) {
        String lowerCase = cls.getName().toLowerCase();
        this.keyToHashTotalCounter = Counter.builder("uid2.cache.total_count").description("counter for " + lowerCase + " cache total count").tag("cache", lowerCase).register(Metrics.globalRegistry);
        this.keyToHashMissCounter = Counter.builder("uid2.cache.miss_count").description("counter for " + lowerCase + " cache miss count").tag("cache", lowerCase).register(Metrics.globalRegistry);
    }

    public void refresh(Collection<T> collection) {
        this.authorizables.set(new AuthorizableStoreSnapshot(collection));
        invalidateInvalidKeys();
    }

    public T getAuthorizableByKey(String str) {
        if (str == null) {
            return null;
        }
        AuthorizableStore<T>.AuthorizableStoreSnapshot authorizableStoreSnapshot = this.authorizables.get();
        String str2 = (String) this.keyToHashCache.getIfPresent(str);
        this.keyToHashTotalCounter.increment();
        if (str2 != null) {
            if (str2.isBlank()) {
                return null;
            }
            return (T) authorizableStoreSnapshot.getAuthorizableByHash(wrapHashToByteBuffer(str2));
        }
        this.keyToHashMissCounter.increment();
        Integer siteIdFromKey = getSiteIdFromKey(str);
        T authorizable = getAuthorizable(str, siteIdFromKey == null ? authorizableStoreSnapshot.getSalts() : authorizableStoreSnapshot.getSaltsBySiteId(siteIdFromKey.intValue()), authorizableStoreSnapshot);
        this.keyToHashCache.put(str, authorizable == null ? "" : authorizable.getKeyHash());
        return authorizable;
    }

    public T getAuthorizableByHash(String str) {
        ByteBuffer wrapHashToByteBuffer;
        if (str == null || (wrapHashToByteBuffer = wrapHashToByteBuffer(str)) == null) {
            return null;
        }
        return (T) this.authorizables.get().getAuthorizableByHash(wrapHashToByteBuffer);
    }

    private T getAuthorizable(String str, List<byte[]> list, AuthorizableStore<T>.AuthorizableStoreSnapshot authorizableStoreSnapshot) {
        Iterator<byte[]> it = list.iterator();
        while (it.hasNext()) {
            T t = (T) authorizableStoreSnapshot.getAuthorizableByHash(ByteBuffer.wrap(KEY_HASHER.hashKey(str, it.next())));
            if (t != null) {
                return t;
            }
        }
        return null;
    }

    private Cache<String, String> createCache() {
        return Caffeine.newBuilder().maximumSize(100000L).build();
    }

    private void invalidateInvalidKeys() {
        List list = (List) this.keyToHashCache.asMap().entrySet().stream().filter(entry -> {
            return ((String) entry.getValue()).isBlank();
        }).map((v0) -> {
            return v0.getKey();
        }).collect(Collectors.toList());
        Cache<String, String> cache = this.keyToHashCache;
        Objects.requireNonNull(cache);
        list.forEach((v1) -> {
            r1.invalidate(v1);
        });
    }

    private ByteBuffer wrapHashToByteBuffer(String str) {
        byte[] convertBase64StringToBytes = convertBase64StringToBytes(str);
        if (convertBase64StringToBytes == null) {
            return null;
        }
        return ByteBuffer.wrap(convertBase64StringToBytes);
    }

    private byte[] convertBase64StringToBytes(String str) {
        try {
            return Base64.getDecoder().decode(str);
        } catch (IllegalArgumentException e) {
            LOGGER.error("Invalid base64 string: {}", str);
            return null;
        }
    }

    private static Integer getSiteIdFromKey(String str) {
        Matcher matcher = KEY_PATTERN.matcher(str);
        if (matcher.find()) {
            return Integer.valueOf(matcher.group(1));
        }
        return null;
    }

    public Collection<T> getAuthorizables() {
        return ((AuthorizableStoreSnapshot) this.authorizables.get()).hashToAuthorizableMap.values();
    }
}
