package org.sonatype.nexus.repository.security.internal;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import java.util.Arrays;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.apache.shiro.authz.Permission;
import org.sonatype.goodies.common.ComponentSupport;
import org.sonatype.nexus.repository.security.ContentPermissionChecker;
import org.sonatype.nexus.repository.security.RepositoryContentSelectorPermission;
import org.sonatype.nexus.repository.security.RepositoryViewPermission;
import org.sonatype.nexus.security.SecurityHelper;
import org.sonatype.nexus.selector.SelectorConfiguration;
import org.sonatype.nexus.selector.SelectorEvaluationException;
import org.sonatype.nexus.selector.SelectorManager;
import org.sonatype.nexus.selector.VariableSource;

@Singleton
@Named
/* loaded from: input_file:org/sonatype/nexus/repository/security/internal/ContentPermissionCheckerImpl.class */
public class ContentPermissionCheckerImpl extends ComponentSupport implements ContentPermissionChecker {
    private final SecurityHelper securityHelper;
    private final SelectorManager selectorManager;

    @Inject
    public ContentPermissionCheckerImpl(SecurityHelper securityHelper, SelectorManager selectorManager) {
        this.securityHelper = (SecurityHelper) Preconditions.checkNotNull(securityHelper);
        this.selectorManager = (SelectorManager) Preconditions.checkNotNull(selectorManager);
    }

    @VisibleForTesting
    public boolean isViewPermitted(String str, String str2, String str3) {
        return this.securityHelper.anyPermitted(new Permission[]{new RepositoryViewPermission(str2, str, str3)});
    }

    @VisibleForTesting
    public boolean isContentPermitted(String str, String str2, String str3, SelectorConfiguration selectorConfiguration, VariableSource variableSource) {
        try {
            if (this.securityHelper.anyPermitted(new Permission[]{new RepositoryContentSelectorPermission(selectorConfiguration.getName(), str2, str, Arrays.asList(str3))})) {
                return this.selectorManager.evaluate(selectorConfiguration, variableSource);
            }
            return false;
        } catch (SelectorEvaluationException e) {
            if (this.log.isTraceEnabled()) {
                this.log.debug(e.getMessage(), e);
                return false;
            }
            this.log.debug(e.getMessage());
            return false;
        }
    }

    @Override // org.sonatype.nexus.repository.security.ContentPermissionChecker
    public boolean isPermitted(String str, String str2, String str3, VariableSource variableSource) {
        if (isViewPermitted(str, str2, str3)) {
            return true;
        }
        return this.selectorManager.browse().stream().anyMatch(selectorConfiguration -> {
            return isContentPermitted(str, str2, str3, selectorConfiguration, variableSource);
        });
    }
}
