package org.apache.druid.security.basic.authentication.db.cache;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Preconditions;
import com.google.inject.Inject;
import com.google.inject.Injector;
import java.io.File;
import java.io.IOException;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ThreadLocalRandom;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nullable;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.druid.client.coordinator.Coordinator;
import org.apache.druid.concurrent.LifecycleLock;
import org.apache.druid.discovery.DruidLeaderClient;
import org.apache.druid.guice.ManageLifecycle;
import org.apache.druid.guice.annotations.Smile;
import org.apache.druid.java.util.common.FileUtils;
import org.apache.druid.java.util.common.ISE;
import org.apache.druid.java.util.common.RetryUtils;
import org.apache.druid.java.util.common.StringUtils;
import org.apache.druid.java.util.common.concurrent.Execs;
import org.apache.druid.java.util.common.concurrent.ScheduledExecutors;
import org.apache.druid.java.util.common.lifecycle.LifecycleStart;
import org.apache.druid.java.util.common.lifecycle.LifecycleStop;
import org.apache.druid.java.util.emitter.EmittingLogger;
import org.apache.druid.java.util.http.client.response.BytesFullResponseHandler;
import org.apache.druid.security.basic.BasicAuthCommonCacheConfig;
import org.apache.druid.security.basic.BasicAuthUtils;
import org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator;
import org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser;
import org.apache.druid.server.security.Authenticator;
import org.apache.druid.server.security.AuthenticatorMapper;
import org.jboss.netty.handler.codec.http.HttpMethod;
import org.joda.time.Duration;

@ManageLifecycle
/* loaded from: input_file:org/apache/druid/security/basic/authentication/db/cache/CoordinatorPollingBasicAuthenticatorCacheManager.class */
public class CoordinatorPollingBasicAuthenticatorCacheManager implements BasicAuthenticatorCacheManager {
    private static final EmittingLogger LOG = new EmittingLogger(CoordinatorPollingBasicAuthenticatorCacheManager.class);
    private final Injector injector;
    private final ObjectMapper objectMapper;
    private final DruidLeaderClient druidLeaderClient;
    private final BasicAuthCommonCacheConfig commonCacheConfig;
    private final LifecycleLock lifecycleLock = new LifecycleLock();
    private final ScheduledExecutorService exec = Execs.scheduledSingleThreaded("BasicAuthenticatorCacheManager-Exec--%d");
    private final ConcurrentHashMap<String, Map<String, BasicAuthenticatorUser>> cachedUserMaps = new ConcurrentHashMap<>();
    private final Set<String> authenticatorPrefixes = new HashSet();

    @Inject
    public CoordinatorPollingBasicAuthenticatorCacheManager(Injector injector, BasicAuthCommonCacheConfig basicAuthCommonCacheConfig, @Smile ObjectMapper objectMapper, @Coordinator DruidLeaderClient druidLeaderClient) {
        this.injector = injector;
        this.commonCacheConfig = basicAuthCommonCacheConfig;
        this.objectMapper = objectMapper;
        this.druidLeaderClient = druidLeaderClient;
    }

    @LifecycleStart
    public void start() {
        if (!this.lifecycleLock.canStart()) {
            throw new ISE("can't start.", new Object[0]);
        }
        LOG.info("Starting CoordinatorPollingBasicAuthenticatorCacheManager.", new Object[0]);
        try {
            initUserMaps();
            ScheduledExecutors.scheduleWithFixedDelay(this.exec, new Duration(this.commonCacheConfig.getPollingPeriod()), new Duration(this.commonCacheConfig.getPollingPeriod()), () -> {
                try {
                    long nextLong = ThreadLocalRandom.current().nextLong(0L, this.commonCacheConfig.getMaxRandomDelay());
                    LOG.debug("Inserting cachedUserMaps random polling delay of [%s] ms", new Object[]{Long.valueOf(nextLong)});
                    Thread.sleep(nextLong);
                    LOG.debug("Scheduled user cache poll is running", new Object[0]);
                    for (String str : this.authenticatorPrefixes) {
                        Map<String, BasicAuthenticatorUser> fetchUserMapFromCoordinator = fetchUserMapFromCoordinator(str, false);
                        if (fetchUserMapFromCoordinator != null) {
                            this.cachedUserMaps.put(str, fetchUserMapFromCoordinator);
                        }
                    }
                    LOG.debug("Scheduled user cache poll is done", new Object[0]);
                } catch (Throwable th) {
                    LOG.makeAlert(th, "Error occured while polling for cachedUserMaps.", new Object[0]).emit();
                }
            });
            this.lifecycleLock.started();
            LOG.info("Started CoordinatorPollingBasicAuthenticatorCacheManager.", new Object[0]);
        } finally {
            this.lifecycleLock.exitStart();
        }
    }

    @LifecycleStop
    public void stop() {
        if (!this.lifecycleLock.canStop()) {
            throw new ISE("can't stop.", new Object[0]);
        }
        LOG.info("CoordinatorPollingBasicAuthenticatorCacheManager is stopping.", new Object[0]);
        this.exec.shutdown();
        LOG.info("CoordinatorPollingBasicAuthenticatorCacheManager is stopped.", new Object[0]);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.druid.security.basic.authentication.db.cache.BasicAuthenticatorCacheManager
    public void handleAuthenticatorUserMapUpdate(String str, byte[] bArr) {
        LOG.debug("Received user cache update for authenticator [%s].", new Object[]{str});
        Preconditions.checkState(this.lifecycleLock.awaitStarted(1L, TimeUnit.MILLISECONDS));
        try {
            this.cachedUserMaps.put(str, this.objectMapper.readValue(bArr, BasicAuthUtils.AUTHENTICATOR_USER_MAP_TYPE_REFERENCE));
            if (this.commonCacheConfig.getCacheDirectory() != null) {
                writeUserMapToDisk(str, bArr);
            }
        } catch (Exception e) {
            LOG.makeAlert(e, "Could not deserialize user map received from coordinator.", new Object[0]).emit();
        }
    }

    @Override // org.apache.druid.security.basic.authentication.db.cache.BasicAuthenticatorCacheManager
    public Map<String, BasicAuthenticatorUser> getUserMap(String str) {
        Preconditions.checkState(this.lifecycleLock.awaitStarted(1L, TimeUnit.MILLISECONDS));
        return this.cachedUserMaps.get(str);
    }

    @Nullable
    private Map<String, BasicAuthenticatorUser> fetchUserMapFromCoordinator(String str, boolean z) {
        try {
            return (Map) RetryUtils.retry(() -> {
                return tryFetchUserMapFromCoordinator(str);
            }, th -> {
                return true;
            }, this.commonCacheConfig.getMaxSyncRetries());
        } catch (Exception e) {
            LOG.makeAlert(e, "Encountered exception while fetching user map for authenticator [%s]", new Object[]{str}).emit();
            if (!z || this.commonCacheConfig.getCacheDirectory() == null) {
                return null;
            }
            try {
                LOG.info("Attempting to load user map snapshot from disk.", new Object[0]);
                return loadUserMapFromDisk(str);
            } catch (Exception e2) {
                e2.addSuppressed(e);
                LOG.makeAlert(e2, "Encountered exception while loading user map snapshot for authenticator [%s]", new Object[]{str}).emit();
                return null;
            }
        }
    }

    private String getUserMapFilename(String str) {
        return StringUtils.format("%s.authenticator.cache", new Object[]{str});
    }

    @Nullable
    private Map<String, BasicAuthenticatorUser> loadUserMapFromDisk(String str) throws IOException {
        File file = new File(this.commonCacheConfig.getCacheDirectory(), getUserMapFilename(str));
        if (file.exists()) {
            return (Map) this.objectMapper.readValue(file, BasicAuthUtils.AUTHENTICATOR_USER_MAP_TYPE_REFERENCE);
        }
        return null;
    }

    private void writeUserMapToDisk(String str, byte[] bArr) throws IOException {
        new File(this.commonCacheConfig.getCacheDirectory()).mkdirs();
        FileUtils.writeAtomically(new File(this.commonCacheConfig.getCacheDirectory(), getUserMapFilename(str)), outputStream -> {
            outputStream.write(bArr);
            return null;
        });
    }

    private Map<String, BasicAuthenticatorUser> tryFetchUserMapFromCoordinator(String str) throws Exception {
        Map<String, BasicAuthenticatorUser> map = null;
        byte[] content = this.druidLeaderClient.go(this.druidLeaderClient.makeRequest(HttpMethod.GET, StringUtils.format("/druid-ext/basic-security/authentication/db/%s/cachedSerializedUserMap", new Object[]{str})), new BytesFullResponseHandler()).getContent();
        if (ArrayUtils.isNotEmpty(content)) {
            map = (Map) this.objectMapper.readValue(content, BasicAuthUtils.AUTHENTICATOR_USER_MAP_TYPE_REFERENCE);
            if (map != null && this.commonCacheConfig.getCacheDirectory() != null) {
                writeUserMapToDisk(str, content);
            }
        } else {
            LOG.info("Empty cached serialized user map retrieved, authenticator - %s", new Object[]{str});
        }
        return map;
    }

    private void initUserMaps() {
        AuthenticatorMapper authenticatorMapper = (AuthenticatorMapper) this.injector.getInstance(AuthenticatorMapper.class);
        if (authenticatorMapper == null || authenticatorMapper.getAuthenticatorMap() == null) {
            return;
        }
        for (Map.Entry entry : authenticatorMapper.getAuthenticatorMap().entrySet()) {
            if (((Authenticator) entry.getValue()) instanceof BasicHTTPAuthenticator) {
                String str = (String) entry.getKey();
                this.authenticatorPrefixes.add(str);
                Map<String, BasicAuthenticatorUser> fetchUserMapFromCoordinator = fetchUserMapFromCoordinator(str, true);
                if (fetchUserMapFromCoordinator != null) {
                    this.cachedUserMaps.put(str, fetchUserMapFromCoordinator);
                }
            }
        }
    }
}
