package org.elasticsearch.xpack.idp.privileges;

import java.io.IOException;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.client.internal.Client;
import org.elasticsearch.client.internal.OriginSettingClient;
import org.elasticsearch.common.cache.Cache;
import org.elasticsearch.common.cache.CacheBuilder;
import org.elasticsearch.common.component.AbstractLifecycleComponent;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.core.Strings;
import org.elasticsearch.core.TimeValue;
import org.elasticsearch.xpack.core.security.action.privilege.GetPrivilegesAction;
import org.elasticsearch.xpack.core.security.action.privilege.GetPrivilegesRequest;
import org.elasticsearch.xpack.idp.saml.sp.ServiceProviderDefaults;

/* loaded from: input_file:org/elasticsearch/xpack/idp/privileges/ApplicationActionsResolver.class */
public class ApplicationActionsResolver extends AbstractLifecycleComponent {
    private final ServiceProviderDefaults defaults;
    private final Client client;
    private final Cache<String, Set<String>> cache;
    private static final TimeValue CACHE_TTL_DEFAULT = TimeValue.timeValueMinutes(90);
    private static final int CACHE_SIZE_DEFAULT = 100;
    public static final Setting<Integer> CACHE_SIZE = Setting.intSetting("xpack.idp.privileges.cache.size", CACHE_SIZE_DEFAULT, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<TimeValue> CACHE_TTL = Setting.timeSetting("xpack.idp.privileges.cache.ttl", CACHE_TTL_DEFAULT, new Setting.Property[]{Setting.Property.NodeScope});
    private static final Logger logger = LogManager.getLogger(ApplicationActionsResolver.class);

    public ApplicationActionsResolver(Settings settings, ServiceProviderDefaults serviceProviderDefaults, Client client) {
        this.defaults = serviceProviderDefaults;
        this.client = new OriginSettingClient(client, "idp");
        TimeValue timeValue = (TimeValue) CACHE_TTL.get(settings);
        this.cache = CacheBuilder.builder().setMaximumWeight(((Integer) CACHE_SIZE.get(settings)).intValue()).setExpireAfterWrite(timeValue).build();
        client.threadPool().scheduleWithFixedDelay(this::loadPrivilegesForDefaultApplication, TimeValue.timeValueMillis((timeValue.millis() * 2) / 3), client.threadPool().generic());
    }

    public static Collection<? extends Setting<?>> getSettings() {
        return List.of(CACHE_SIZE, CACHE_TTL);
    }

    protected void doStart() {
        loadPrivilegesForDefaultApplication();
    }

    private void loadPrivilegesForDefaultApplication() {
        loadActions(this.defaults.applicationName, ActionListener.wrap(set -> {
            logger.info("Found actions [{}] defined within application privileges for [{}]", set, this.defaults.applicationName);
        }, exc -> {
            logger.warn(() -> {
                return Strings.format("Failed to load application privileges actions for application [%s]", new Object[]{this.defaults.applicationName});
            }, exc);
        }));
    }

    protected void doStop() {
    }

    protected void doClose() throws IOException {
    }

    public void getActions(String str, ActionListener<Set<String>> actionListener) {
        Set set = (Set) this.cache.get(str);
        if (set == null || set.isEmpty()) {
            loadActions(str, actionListener);
        } else {
            actionListener.onResponse(set);
        }
    }

    private void loadActions(String str, ActionListener<Set<String>> actionListener) {
        GetPrivilegesRequest getPrivilegesRequest = new GetPrivilegesRequest();
        getPrivilegesRequest.application(str);
        this.client.execute(GetPrivilegesAction.INSTANCE, getPrivilegesRequest, actionListener.delegateFailureAndWrap((actionListener2, getPrivilegesResponse) -> {
            Set set = (Set) Stream.of((Object[]) getPrivilegesResponse.privileges()).map(applicationPrivilegeDescriptor -> {
                return applicationPrivilegeDescriptor.getActions();
            }).flatMap((v0) -> {
                return v0.stream();
            }).filter(str2 -> {
                return str2.indexOf(42) == -1;
            }).collect(Collectors.toUnmodifiableSet());
            this.cache.put(str, set);
            actionListener2.onResponse(set);
        }));
    }
}
