package org.molgenis.security.acl;

import com.github.benmanes.caffeine.cache.Caffeine;
import java.util.Objects;
import javax.sql.DataSource;
import org.molgenis.data.config.DataSourceConfig;
import org.molgenis.data.security.permission.EntityHelper;
import org.molgenis.data.transaction.TransactionManager;
import org.molgenis.security.NoOpAuditLogger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.caffeine.CaffeineCache;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.core.convert.ConversionService;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.acls.AclPermissionEvaluator;
import org.springframework.security.acls.domain.AclAuthorizationStrategy;
import org.springframework.security.acls.domain.AclAuthorizationStrategyImpl;
import org.springframework.security.acls.domain.AuditLogger;
import org.springframework.security.acls.domain.SidRetrievalStrategyImpl;
import org.springframework.security.acls.domain.SpringCacheBasedAclCache;
import org.springframework.security.acls.jdbc.BasicLookupStrategy;
import org.springframework.security.acls.jdbc.LookupStrategy;
import org.springframework.security.acls.model.AclCache;
import org.springframework.security.acls.model.MutableAclService;
import org.springframework.security.acls.model.PermissionGrantingStrategy;
import org.springframework.security.acls.model.SidRetrievalStrategy;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

@Configuration
@Import({DataSourceConfig.class})
/* loaded from: input_file:org/molgenis/security/acl/AclConfig.class */
public class AclConfig {
    private final DataSource dataSource;
    private final TransactionManager transactionManager;
    private final RoleHierarchy roleHierarchy;
    private final ConversionService conversionService;
    private final EntityHelper entityHelper;

    @Autowired
    JdbcTemplate jdbcTemplate;

    public AclConfig(DataSource dataSource, TransactionManager transactionManager, RoleHierarchy roleHierarchy, ConversionService conversionService, EntityHelper entityHelper) {
        this.dataSource = (DataSource) Objects.requireNonNull(dataSource);
        this.transactionManager = (TransactionManager) Objects.requireNonNull(transactionManager);
        this.roleHierarchy = (RoleHierarchy) Objects.requireNonNull(roleHierarchy);
        this.conversionService = (ConversionService) Objects.requireNonNull(conversionService);
        this.entityHelper = (EntityHelper) Objects.requireNonNull(entityHelper);
    }

    @Bean
    public SidRetrievalStrategy sidRetrievalStrategy() {
        return new SidRetrievalStrategyImpl(this.roleHierarchy);
    }

    @Bean
    public AuditLogger auditLogger() {
        return new NoOpAuditLogger();
    }

    @Bean
    public PermissionGrantingStrategy permissionGrantingStrategy() {
        return new BitMaskPermissionGrantingStrategy(auditLogger());
    }

    @Bean
    public AclAuthorizationStrategy aclAuthorizationStrategy() {
        AclAuthorizationStrategyImpl aclAuthorizationStrategyImpl = new AclAuthorizationStrategyImpl(new GrantedAuthority[]{new SimpleGrantedAuthority("ROLE_ACL_TAKE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_ACL_MODIFY_AUDITING"), new SimpleGrantedAuthority("ROLE_ACL_GENERAL_CHANGES")});
        aclAuthorizationStrategyImpl.setSidRetrievalStrategy(sidRetrievalStrategy());
        return aclAuthorizationStrategyImpl;
    }

    @Bean
    public AclCache aclCache() {
        return new SpringCacheBasedAclCache(new CaffeineCache("aclCache", Caffeine.newBuilder().maximumSize(10000L).build()), permissionGrantingStrategy(), aclAuthorizationStrategy());
    }

    @Bean
    public AclCacheTransactionListener aclCacheTransactionListener() {
        AclCacheTransactionListener aclCacheTransactionListener = new AclCacheTransactionListener(aclCache(), mutableAclClassService());
        this.transactionManager.addTransactionListener(aclCacheTransactionListener);
        return aclCacheTransactionListener;
    }

    @Bean
    public MutableAclClassService mutableAclClassService() {
        return new MutableAclClassServiceImpl(this.jdbcTemplate, aclCache());
    }

    @Bean
    public ObjectIdentityService objectIdentityService() {
        return new ObjectIdentityServiceImpl(this.jdbcTemplate, this.entityHelper);
    }

    @Bean
    public LookupStrategy lookupStrategy() {
        BasicLookupStrategy basicLookupStrategy = new BasicLookupStrategy(this.dataSource, aclCache(), aclAuthorizationStrategy(), permissionGrantingStrategy());
        basicLookupStrategy.setAclClassIdSupported(true);
        basicLookupStrategy.setConversionService(this.conversionService);
        return basicLookupStrategy;
    }

    @Bean
    public MutableAclService aclService() {
        TransactionalJdbcMutableAclService transactionalJdbcMutableAclService = new TransactionalJdbcMutableAclService(this.dataSource, lookupStrategy(), aclCache());
        transactionalJdbcMutableAclService.setAclClassIdSupported(true);
        transactionalJdbcMutableAclService.setConversionService(this.conversionService);
        transactionalJdbcMutableAclService.setClassIdentityQuery("select currval(pg_get_serial_sequence('acl_class', 'id'))");
        transactionalJdbcMutableAclService.setSidIdentityQuery("select currval(pg_get_serial_sequence('acl_sid', 'id'))");
        transactionalJdbcMutableAclService.setObjectIdentityPrimaryKeyQuery("select acl_object_identity.id from acl_object_identity, acl_class where acl_object_identity.object_id_class = acl_class.id and acl_class.class=? and acl_object_identity.object_id_identity = ?::varchar");
        transactionalJdbcMutableAclService.setFindChildrenQuery("select obj.object_id_identity as obj_id, class.class as class, class.class_id_type as class_id_type from acl_object_identity obj, acl_object_identity parent, acl_class class where obj.parent_object = parent.id and obj.object_id_class = class.id and parent.object_id_identity = ?::varchar and parent.object_id_class = (select id FROM acl_class where acl_class.class = ?)");
        return transactionalJdbcMutableAclService;
    }

    @Bean
    public AclPermissionEvaluator aclPermissionEvaluator() {
        AclPermissionEvaluator aclPermissionEvaluator = new AclPermissionEvaluator(aclService());
        aclPermissionEvaluator.setSidRetrievalStrategy(sidRetrievalStrategy());
        return aclPermissionEvaluator;
    }
}
