package org.gridgain.internal.security.jwt.store;

import java.time.Instant;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.ignite3.internal.metastorage.Entry;
import org.apache.ignite3.internal.metastorage.MetaStorageManager;
import org.apache.ignite3.internal.metastorage.WatchEvent;
import org.apache.ignite3.internal.metastorage.WatchListener;
import org.apache.ignite3.internal.security.jwt.configuration.JwtConfiguration;
import org.apache.ignite3.internal.util.Cursor;
import org.apache.ignite3.internal.util.IgniteUtils;
import org.apache.ignite3.internal.worker.CriticalWorker;
import org.gridgain.internal.security.codec.MetastoreKeyCodec;
import org.gridgain.internal.security.jwt.store.serde.InstantSerDe;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:org/gridgain/internal/security/jwt/store/BlockListStore.class */
public class BlockListStore {
    static final String TOKEN_PREFIX = "gg9.security.jwt.blocklist.token";
    static final String USERNAME_PREFIX = "gg9.security.jwt.blocklist.username";
    private final MetaStorageManager metaStorage;
    private final long cleanerInterval;
    private final TimeUnit cleanerIntervalUnit;
    private final JwtConfiguration jwtConfiguration;
    private final Map<String, Instant> blockedTokensCache = new ConcurrentHashMap();
    private final Map<String, Instant> timestampCache = new ConcurrentHashMap();
    private final MetastoreKeyCodec keyTokenCodec = MetastoreKeyCodec.forPrefix(TOKEN_PREFIX);
    private final MetastoreKeyCodec keyUsernameCodec = MetastoreKeyCodec.forPrefix(USERNAME_PREFIX);
    private final ScheduledExecutorService cleaner = Executors.newScheduledThreadPool(1);

    /* loaded from: input_file:org/gridgain/internal/security/jwt/store/BlockListStore$BlockedTokensWatcher.class */
    private class BlockedTokensWatcher implements WatchListener {
        private BlockedTokensWatcher() {
        }

        @Override // org.apache.ignite3.internal.metastorage.WatchListener
        public CompletableFuture<Void> onUpdate(WatchEvent watchEvent) {
            watchEvent.entryEvents().stream().map((v0) -> {
                return v0.newEntry();
            }).forEach(entry -> {
                String deserialize = BlockListStore.this.keyTokenCodec.deserialize(entry.key());
                if (entry.empty() || entry.tombstone()) {
                    BlockListStore.this.blockedTokensCache.remove(deserialize);
                } else {
                    BlockListStore.this.blockedTokensCache.put(deserialize, InstantSerDe.deserialize(entry.value()));
                }
            });
            return CompletableFuture.completedFuture(null);
        }

        @Override // org.apache.ignite3.internal.metastorage.WatchListener
        public void onError(Throwable th) {
        }
    }

    /* loaded from: input_file:org/gridgain/internal/security/jwt/store/BlockListStore$BlockedUsernamesWatcher.class */
    private class BlockedUsernamesWatcher implements WatchListener {
        private BlockedUsernamesWatcher() {
        }

        @Override // org.apache.ignite3.internal.metastorage.WatchListener
        public CompletableFuture<Void> onUpdate(WatchEvent watchEvent) {
            watchEvent.entryEvents().stream().map((v0) -> {
                return v0.newEntry();
            }).forEach(entry -> {
                String deserialize = BlockListStore.this.keyUsernameCodec.deserialize(entry.key());
                if (entry.empty() || entry.tombstone()) {
                    BlockListStore.this.timestampCache.remove(deserialize);
                } else {
                    BlockListStore.this.timestampCache.put(deserialize, InstantSerDe.deserialize(entry.value()));
                }
            });
            return CompletableFuture.completedFuture(null);
        }

        @Override // org.apache.ignite3.internal.metastorage.WatchListener
        public void onError(Throwable th) {
        }
    }

    public BlockListStore(MetaStorageManager metaStorageManager, long j, TimeUnit timeUnit, JwtConfiguration jwtConfiguration) {
        this.metaStorage = metaStorageManager;
        this.cleanerInterval = j;
        this.cleanerIntervalUnit = timeUnit;
        this.jwtConfiguration = jwtConfiguration;
    }

    public void start() {
        this.metaStorage.registerPrefixWatch(this.keyTokenCodec.prefix(), new BlockedTokensWatcher());
        this.metaStorage.registerPrefixWatch(this.keyUsernameCodec.prefix(), new BlockedUsernamesWatcher());
        Cursor<Entry> prefixLocally = this.metaStorage.prefixLocally(this.keyTokenCodec.prefix(), CriticalWorker.NOT_MONITORED);
        try {
            prefixLocally.forEach(entry -> {
                this.blockedTokensCache.put(this.keyTokenCodec.deserialize(entry.key()), InstantSerDe.deserialize(entry.value()));
            });
            if (prefixLocally != null) {
                prefixLocally.close();
            }
            prefixLocally = this.metaStorage.prefixLocally(this.keyUsernameCodec.prefix(), CriticalWorker.NOT_MONITORED);
            try {
                prefixLocally.forEach(entry2 -> {
                    this.timestampCache.put(this.keyUsernameCodec.deserialize(entry2.key()), InstantSerDe.deserialize(entry2.value()));
                });
                if (prefixLocally != null) {
                    prefixLocally.close();
                }
                this.cleaner.scheduleAtFixedRate(this::clean, 0L, this.cleanerInterval, this.cleanerIntervalUnit);
            } finally {
            }
        } finally {
        }
    }

    public void stop() {
        IgniteUtils.shutdownAndAwaitTermination(this.cleaner, 10L, this.cleanerIntervalUnit);
    }

    private void clean() {
        Instant now = Instant.now();
        HashSet hashSet = new HashSet();
        this.blockedTokensCache.forEach((str, instant) -> {
            if (instant.isBefore(now)) {
                hashSet.add(str);
            }
        });
        long longValue = this.jwtConfiguration.keyTtl().value().longValue() * 2;
        HashSet hashSet2 = new HashSet();
        this.timestampCache.forEach((str2, instant2) -> {
            if (instant2.plusMillis(longValue).isBefore(now)) {
                hashSet2.add(str2);
            }
        });
        removeTokens(hashSet).thenCompose(r5 -> {
            return removeTimestampsForUsers(hashSet2);
        });
    }

    public CompletableFuture<Void> saveToken(String str, Instant instant) {
        return this.metaStorage.put(this.keyTokenCodec.serialize(str), InstantSerDe.serialize(instant)).whenComplete((r7, th) -> {
            if (th == null) {
                this.blockedTokensCache.put(str, instant);
            }
        });
    }

    private CompletableFuture<Void> removeTokens(Set<String> set) {
        Stream<String> stream = set.stream();
        MetastoreKeyCodec metastoreKeyCodec = this.keyTokenCodec;
        Objects.requireNonNull(metastoreKeyCodec);
        return this.metaStorage.removeAll((Set) stream.map(metastoreKeyCodec::serialize).collect(Collectors.toSet())).whenComplete((r5, th) -> {
            if (th == null) {
                this.blockedTokensCache.keySet().removeAll(set);
            }
        });
    }

    public boolean isTokenBlocked(String str) {
        return this.blockedTokensCache.containsKey(str);
    }

    public CompletableFuture<Void> saveUsernameAndTimestamp(String str, Instant instant) {
        return this.metaStorage.put(this.keyUsernameCodec.serialize(str), InstantSerDe.serialize(instant)).whenComplete((r7, th) -> {
            if (th == null) {
                this.timestampCache.put(str, instant);
            }
        });
    }

    private CompletableFuture<Void> removeTimestampsForUsers(Set<String> set) {
        Stream<String> stream = set.stream();
        MetastoreKeyCodec metastoreKeyCodec = this.keyUsernameCodec;
        Objects.requireNonNull(metastoreKeyCodec);
        return this.metaStorage.removeAll((Set) stream.map(metastoreKeyCodec::serialize).collect(Collectors.toSet())).whenComplete((r5, th) -> {
            if (th == null) {
                this.timestampCache.keySet().removeAll(set);
            }
        });
    }

    @Nullable
    public Instant getTimestamp(String str) {
        return this.timestampCache.get(str);
    }
}
