package org.xwiki.security.authorization.internal;

import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.XWikiException;
import com.xpn.xwiki.doc.XWikiDocument;
import com.xpn.xwiki.objects.BaseObject;
import com.xpn.xwiki.user.api.XWikiGroupService;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.slf4j.Logger;
import org.xwiki.bridge.event.DocumentCreatedEvent;
import org.xwiki.bridge.event.DocumentDeletedEvent;
import org.xwiki.bridge.event.DocumentUpdatedEvent;
import org.xwiki.component.annotation.Component;
import org.xwiki.context.Execution;
import org.xwiki.model.reference.DocumentReference;
import org.xwiki.model.reference.DocumentReferenceResolver;
import org.xwiki.model.reference.EntityReferenceSerializer;
import org.xwiki.model.reference.WikiReference;
import org.xwiki.observation.EventListener;
import org.xwiki.observation.event.Event;
import org.xwiki.security.SecurityReferenceFactory;
import org.xwiki.security.authorization.AuthorizationException;
import org.xwiki.security.authorization.cache.SecurityCache;
import org.xwiki.security.authorization.cache.SecurityCacheRulesInvalidator;
import org.xwiki.security.internal.XWikiConstants;

@Singleton
@Component
/* loaded from: input_file:WEB-INF/lib/xwiki-platform-security-bridge-5.4.4.jar:org/xwiki/security/authorization/internal/DefaultSecurityCacheRulesInvalidator.class */
public class DefaultSecurityCacheRulesInvalidator implements SecurityCacheRulesInvalidator, EventListener {
    private final ReadWriteLock readWriteLock = new ReentrantReadWriteLock(true);

    @Inject
    private Logger logger;

    @Inject
    private SecurityCache securityCache;

    @Inject
    private SecurityReferenceFactory securityReferenceFactory;

    @Inject
    private DocumentReferenceResolver<String> resolver;

    @Inject
    @Named("user")
    private DocumentReferenceResolver<String> userResolver;

    @Inject
    private EntityReferenceSerializer<String> serializer;

    @Inject
    private Execution execution;

    private XWikiContext getXWikiContext() {
        return (XWikiContext) this.execution.getContext().getProperty("xwikicontext");
    }

    @Override // org.xwiki.security.authorization.cache.SecurityCacheRulesInvalidator
    public void suspend() {
        this.readWriteLock.readLock().lock();
    }

    @Override // org.xwiki.security.authorization.cache.SecurityCacheRulesInvalidator
    public void resume() {
        this.readWriteLock.readLock().unlock();
    }

    @Override // org.xwiki.observation.EventListener
    public String getName() {
        return getClass().getName();
    }

    @Override // org.xwiki.observation.EventListener
    public List<Event> getEvents() {
        return Arrays.asList(new DocumentCreatedEvent(), new DocumentUpdatedEvent(), new DocumentDeletedEvent());
    }

    private static DocumentReference getDocumentReference(Object obj) {
        return ((XWikiDocument) obj).getDocumentReference();
    }

    private boolean isGroupDocument(Object obj) {
        XWikiDocument xWikiDocument = (XWikiDocument) obj;
        List<BaseObject> xObjects = xWikiDocument.getXObjects(this.resolver.resolve(XWikiConstants.GROUP_CLASS, xWikiDocument.getDocumentReference()));
        return xObjects != null && xObjects.size() > 0;
    }

    public void invalidateGroupMembers(DocumentReference documentReference, SecurityCache securityCache) throws AuthorizationException {
        Collection<String> allMembersNamesForGroup;
        try {
            XWikiContext xWikiContext = getXWikiContext();
            XWikiGroupService groupService = xWikiContext.getWiki().getGroupService(xWikiContext);
            String serialize = this.serializer.serialize(documentReference, new Object[0]);
            WikiReference wikiReference = documentReference.getWikiReference();
            int i = 0;
            do {
                allMembersNamesForGroup = groupService.getAllMembersNamesForGroup(serialize, 100, i * 100, xWikiContext);
                Iterator<String> it = allMembersNamesForGroup.iterator();
                while (it.hasNext()) {
                    DocumentReference resolve = this.userResolver.resolve(it.next(), wikiReference);
                    if (!resolve.equals(documentReference)) {
                        securityCache.remove(this.securityReferenceFactory.newUserReference(resolve));
                    }
                }
                i++;
            } while (allMembersNamesForGroup.size() == 100);
        } catch (XWikiException e) {
            throw new AuthorizationException("Failed to invalidate group member.", e);
        }
    }

    @Override // org.xwiki.observation.EventListener
    public void onEvent(Event event, Object obj, Object obj2) {
        DocumentReference documentReference = getDocumentReference(obj);
        this.readWriteLock.writeLock().lock();
        try {
            try {
                deliverUpdateEvent(documentReference);
                if (isGroupDocument(obj)) {
                    invalidateGroupMembers(documentReference, this.securityCache);
                }
            } catch (AuthorizationException e) {
                this.logger.error("Failed to invalidate group members on the document: {}", documentReference, e);
                this.readWriteLock.writeLock().unlock();
            }
        } finally {
            this.readWriteLock.writeLock().unlock();
        }
    }

    private void deliverUpdateEvent(DocumentReference documentReference) {
        if (documentReference.getName().equals(XWikiConstants.WIKI_DOC) && documentReference.getLastSpaceReference().getName().equals("XWiki")) {
            this.securityCache.remove(this.securityReferenceFactory.newEntityReference(documentReference.getWikiReference()));
            return;
        }
        if (documentReference.getName().equals(XWikiConstants.SPACE_DOC)) {
            this.securityCache.remove(this.securityReferenceFactory.newEntityReference(documentReference.getParent()));
            return;
        }
        this.securityCache.remove(this.securityReferenceFactory.newEntityReference(documentReference));
        if (documentReference.getName().startsWith(XWikiConstants.WIKI_DESCRIPTOR_PREFIX) && documentReference.getLastSpaceReference().getName().equals("XWiki") && documentReference.getWikiReference().getName().equals(getXWikiContext().getMainXWiki())) {
            this.securityCache.remove(this.securityReferenceFactory.newEntityReference(new WikiReference(documentReference.getName().substring(XWikiConstants.WIKI_DESCRIPTOR_PREFIX.length()).toLowerCase())));
        }
    }
}
