package org.fcrepo.server.security.xacml.pep;

import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.fcrepo.server.security.Attribute;
import org.fcrepo.server.security.RequestCtx;
import org.fcrepo.server.security.xacml.MelcoeXacmlException;
import org.fcrepo.server.security.xacml.util.AttributeComparator;
import org.fcrepo.server.security.xacml.util.ContextUtil;
import org.fcrepo.server.security.xacml.util.SubjectComparator;
import org.jboss.security.xacml.sunxacml.ctx.ResponseCtx;
import org.jboss.security.xacml.sunxacml.ctx.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/fcrepo-security-pep-3.8.0.jar:org/fcrepo/server/security/xacml/pep/ResponseCacheImpl.class */
public class ResponseCacheImpl implements ResponseCache {
    private final ContextUtil m_contextUtil;
    private static final int DEFAULT_CACHE_SIZE = 1000;
    private static final long DEFAULT_TTL = 600000;
    private final int CACHE_SIZE;
    private long TTL;
    private Map<String, ResponseCtx> requestCache;
    private Map<String, Long> requestCacheTimeTracker;
    private List<String> requestCacheUsageTracker;
    private MessageDigest digest;
    private static final Logger logger = LoggerFactory.getLogger(ResponseCacheImpl.class);
    private static final Attribute[] ATTRIBUTE_TYPE = new Attribute[0];
    private static final AttributeComparator ATTRIBUTE_COMPARATOR = new AttributeComparator();
    private static final Subject[] SUBJECT_TYPE = new Subject[0];
    private static final SubjectComparator SUBJECT_COMPARATOR = new SubjectComparator();

    public ResponseCacheImpl(ContextUtil contextUtil) throws PEPException {
        this(contextUtil, new Integer(1000), new Long(DEFAULT_TTL));
    }

    public ResponseCacheImpl(ContextUtil contextUtil, Integer num, Long l) throws PEPException {
        this.requestCache = null;
        this.requestCacheTimeTracker = null;
        this.requestCacheUsageTracker = null;
        this.digest = null;
        this.m_contextUtil = contextUtil;
        this.TTL = l.longValue();
        this.CACHE_SIZE = num.intValue();
        String str = System.getenv("PEP_NOCACHE");
        String property = System.getProperty("fedora.fesl.pep_nocache");
        if (property != null && property.toLowerCase().startsWith("t")) {
            this.TTL = 0L;
        } else if ((property == null || property.length() == 0) && str != null && str.toLowerCase().startsWith("t")) {
            this.TTL = 0L;
        }
        this.requestCache = new HashMap(this.CACHE_SIZE);
        this.requestCacheTimeTracker = new HashMap(this.CACHE_SIZE);
        this.requestCacheUsageTracker = new ArrayList(this.CACHE_SIZE);
        try {
            this.digest = MessageDigest.getInstance("MD5");
        } catch (Exception e) {
            throw new PEPException("Could not initialize the ResponseCache", e);
        }
    }

    @Override // org.fcrepo.server.security.xacml.pep.ResponseCache
    public void setTTL(long j) {
        this.TTL = j;
    }

    @Override // org.fcrepo.server.security.xacml.pep.ResponseCache
    public void addCacheItem(String str, ResponseCtx responseCtx) {
        try {
            String makeHash = makeHash(str);
            synchronized (this.requestCache) {
                if (this.requestCache.size() >= this.CACHE_SIZE) {
                    this.requestCache.remove(this.requestCacheUsageTracker.remove(0));
                    if (logger.isDebugEnabled()) {
                        logger.debug("Purging cache element");
                    }
                }
                this.requestCache.put(makeHash, responseCtx);
                this.requestCacheUsageTracker.add(makeHash);
                this.requestCacheTimeTracker.put(makeHash, new Long(System.currentTimeMillis()));
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Adding Cache Item (" + this.requestCache.size() + "/" + this.requestCacheUsageTracker.size() + "/" + this.requestCacheTimeTracker.size() + "): " + makeHash);
            }
        } catch (Exception e) {
            logger.warn("Error adding cache item: " + e.getMessage(), (Throwable) e);
        }
    }

    @Override // org.fcrepo.server.security.xacml.pep.ResponseCache
    public ResponseCtx getCacheItem(String str) {
        ResponseCtx responseCtx;
        String makeHash;
        try {
            makeHash = makeHash(str);
        } catch (Exception e) {
            logger.warn("Error getting cache item: " + e.getMessage(), (Throwable) e);
            responseCtx = null;
        }
        synchronized (this.requestCache) {
            if (logger.isDebugEnabled()) {
                logger.debug("Getting Cache Item (" + this.requestCache.size() + "/" + this.requestCacheUsageTracker.size() + "/" + this.requestCacheTimeTracker.size() + "): " + makeHash);
            }
            responseCtx = this.requestCache.get(makeHash);
            if (responseCtx == null) {
                return null;
            }
            if (System.currentTimeMillis() - this.requestCacheTimeTracker.get(makeHash).longValue() <= this.TTL) {
                this.requestCacheUsageTracker.add(this.requestCacheUsageTracker.remove(this.requestCacheUsageTracker.indexOf(makeHash)));
                return responseCtx;
            }
            this.requestCache.remove(makeHash);
            this.requestCacheUsageTracker.remove(makeHash);
            this.requestCacheTimeTracker.remove(makeHash);
            if (logger.isDebugEnabled()) {
                logger.debug("CACHE_ITEM_TTL exceeded: " + makeHash);
            }
            return null;
        }
    }

    @Override // org.fcrepo.server.security.xacml.pep.ResponseCache
    public void invalidate() {
        synchronized (this.requestCache) {
            this.requestCache = new HashMap(this.CACHE_SIZE);
            this.requestCacheTimeTracker = new HashMap(this.CACHE_SIZE);
            this.requestCacheUsageTracker = new ArrayList(this.CACHE_SIZE);
        }
    }

    private String makeHash(String str) throws CacheException {
        byte[] digest;
        try {
            RequestCtx makeRequestCtx = this.m_contextUtil.makeRequestCtx(str);
            synchronized (this.digest) {
                this.digest.reset();
                hashSubjectList(makeRequestCtx.getSubjectsAsList(), this.digest);
                hashAttributeList(makeRequestCtx.getResourceAsList(), this.digest);
                hashAttributeList(makeRequestCtx.getActionAsList(), this.digest);
                hashAttributeList(makeRequestCtx.getEnvironmentAttributesAsList(), this.digest);
                digest = this.digest.digest();
            }
            return byte2hex(digest);
        } catch (MelcoeXacmlException e) {
            throw new CacheException("Error converting request", e);
        }
    }

    private static void hashSubjectList(List<Subject> list, MessageDigest messageDigest) {
        Subject[] subjectArr = (Subject[]) list.toArray(SUBJECT_TYPE);
        Arrays.sort(subjectArr, SUBJECT_COMPARATOR);
        for (Subject subject : subjectArr) {
            hashAttributeList(subject.getAttributesAsList(), messageDigest);
        }
    }

    private static void hashAttributeList(List<Attribute> list, MessageDigest messageDigest) {
        Attribute[] attributeArr = (Attribute[]) list.toArray(ATTRIBUTE_TYPE);
        Arrays.sort(attributeArr, ATTRIBUTE_COMPARATOR);
        for (Attribute attribute : attributeArr) {
            hashAttribute(attribute, messageDigest);
        }
    }

    private static void hashAttribute(Attribute attribute, MessageDigest messageDigest) {
        messageDigest.update(attribute.getId().toString().getBytes());
        messageDigest.update(attribute.getType().toString().getBytes());
        messageDigest.update(attribute.getValue().encode().getBytes());
        if (attribute.getIssuer() != null) {
            messageDigest.update(attribute.getIssuer().getBytes());
        }
        if (attribute.getIssueInstant() != null) {
            messageDigest.update(attribute.getIssueInstant().encode().getBytes());
        }
    }

    private String byte2hex(byte[] bArr) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        StringBuffer stringBuffer = new StringBuffer();
        for (byte b : bArr) {
            stringBuffer.append(cArr[(b >> 4) & 15]);
            stringBuffer.append(cArr[b & 15]);
        }
        return new String(stringBuffer);
    }
}
