package org.sonatype.nexus.security.internal;

import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.apache.shiro.authc.credential.PasswordService;
import org.sonatype.goodies.common.ComponentSupport;
import org.sonatype.nexus.common.event.EventBus;
import org.sonatype.nexus.common.text.Strings2;
import org.sonatype.nexus.security.authz.AuthorizationConfigurationChanged;
import org.sonatype.nexus.security.config.CPrivilege;
import org.sonatype.nexus.security.config.CRole;
import org.sonatype.nexus.security.config.CUser;
import org.sonatype.nexus.security.config.CUserRoleMapping;
import org.sonatype.nexus.security.config.DynamicSecurityConfigurationResource;
import org.sonatype.nexus.security.config.MemorySecurityConfiguration;
import org.sonatype.nexus.security.config.SecurityConfiguration;
import org.sonatype.nexus.security.config.SecurityConfigurationCleaner;
import org.sonatype.nexus.security.config.SecurityConfigurationManager;
import org.sonatype.nexus.security.config.SecurityConfigurationSource;
import org.sonatype.nexus.security.config.StaticSecurityConfigurationResource;
import org.sonatype.nexus.security.privilege.NoSuchPrivilegeException;
import org.sonatype.nexus.security.role.NoSuchRoleException;
import org.sonatype.nexus.security.user.NoSuchRoleMappingException;
import org.sonatype.nexus.security.user.UserNotFoundException;

@Singleton
@Named("default")
/* loaded from: input_file:org/sonatype/nexus/security/internal/SecurityConfigurationManagerImpl.class */
public class SecurityConfigurationManagerImpl extends ComponentSupport implements SecurityConfigurationManager {
    private final SecurityConfigurationSource configurationSource;
    private final SecurityConfigurationCleaner configCleaner;
    private final PasswordService passwordService;
    private final EventBus eventBus;
    private final List<StaticSecurityConfigurationResource> staticResources;
    private final List<DynamicSecurityConfigurationResource> dynamicResources;
    private volatile SecurityConfiguration defaultConfiguration;
    private volatile SecurityConfiguration mergedConfiguration;

    @Inject
    public SecurityConfigurationManagerImpl(SecurityConfigurationSource securityConfigurationSource, List<StaticSecurityConfigurationResource> list, List<DynamicSecurityConfigurationResource> list2, SecurityConfigurationCleaner securityConfigurationCleaner, PasswordService passwordService, EventBus eventBus) {
        this.configurationSource = securityConfigurationSource;
        this.dynamicResources = list2;
        this.staticResources = list;
        this.eventBus = eventBus;
        this.configCleaner = securityConfigurationCleaner;
        this.passwordService = passwordService;
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public List<CPrivilege> listPrivileges() {
        ArrayList newArrayList = Lists.newArrayList();
        newArrayList.addAll(getDefaultConfiguration().getPrivileges());
        newArrayList.addAll(getMergedConfiguration().getPrivileges());
        return Collections.unmodifiableList(newArrayList);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public List<CRole> listRoles() {
        ArrayList newArrayList = Lists.newArrayList();
        newArrayList.addAll(getDefaultConfiguration().getRoles());
        newArrayList.addAll(getMergedConfiguration().getRoles());
        return Collections.unmodifiableList(newArrayList);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public List<CUser> listUsers() {
        return Collections.unmodifiableList(getDefaultConfiguration().getUsers());
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public List<CUserRoleMapping> listUserRoleMappings() {
        return Collections.unmodifiableList(getDefaultConfiguration().getUserRoleMappings());
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public void createPrivilege(CPrivilege cPrivilege) {
        getDefaultConfiguration().addPrivilege(cPrivilege);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public void createRole(CRole cRole) {
        getDefaultConfiguration().addRole(cRole);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public void createUser(CUser cUser, Set<String> set) {
        createUser(cUser, null, set);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public void createUser(CUser cUser, String str, Set<String> set) {
        if (!Strings2.isBlank(str)) {
            cUser.setPassword(this.passwordService.encryptPassword(str));
        }
        getDefaultConfiguration().addUser(cUser, set);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public void deletePrivilege(String str) throws NoSuchPrivilegeException {
        if (!getDefaultConfiguration().removePrivilege(str)) {
            throw new NoSuchPrivilegeException(str);
        }
        cleanRemovedPrivilege(str);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public void deleteRole(String str) throws NoSuchRoleException {
        if (!getDefaultConfiguration().removeRole(str)) {
            throw new NoSuchRoleException(str);
        }
        cleanRemovedRole(str);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public void deleteUser(String str) throws UserNotFoundException {
        if (!getDefaultConfiguration().removeUser(str)) {
            throw new UserNotFoundException(str);
        }
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public CPrivilege readPrivilege(String str) throws NoSuchPrivilegeException {
        CPrivilege privilege = getMergedConfiguration().getPrivilege(str);
        if (privilege != null) {
            return privilege;
        }
        CPrivilege privilege2 = getDefaultConfiguration().getPrivilege(str);
        if (privilege2 != null) {
            return privilege2;
        }
        throw new NoSuchPrivilegeException(str);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public CRole readRole(String str) throws NoSuchRoleException {
        CRole role = getMergedConfiguration().getRole(str);
        if (role != null) {
            return role;
        }
        CRole role2 = getDefaultConfiguration().getRole(str);
        if (role2 != null) {
            return role2;
        }
        throw new NoSuchRoleException(str);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public CUser readUser(String str) throws UserNotFoundException {
        CUser user = getDefaultConfiguration().getUser(str);
        if (user != null) {
            return user;
        }
        throw new UserNotFoundException(str);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public void updatePrivilege(CPrivilege cPrivilege) throws NoSuchPrivilegeException {
        getDefaultConfiguration().updatePrivilege(cPrivilege);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public void updateRole(CRole cRole) throws NoSuchRoleException {
        getDefaultConfiguration().updateRole(cRole);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public void updateUser(CUser cUser) throws UserNotFoundException {
        Set<String> emptySet = Collections.emptySet();
        try {
            emptySet = readUserRoleMapping(cUser.getId(), "default").getRoles();
        } catch (NoSuchRoleMappingException unused) {
            this.log.debug("User: {} has no roles", cUser.getId());
        }
        updateUser(cUser, emptySet);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public void updateUser(CUser cUser, Set<String> set) throws UserNotFoundException {
        getDefaultConfiguration().updateUser(cUser, set);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public void createUserRoleMapping(CUserRoleMapping cUserRoleMapping) {
        getDefaultConfiguration().addUserRoleMapping(cUserRoleMapping);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public CUserRoleMapping readUserRoleMapping(String str, String str2) throws NoSuchRoleMappingException {
        CUserRoleMapping userRoleMapping = getDefaultConfiguration().getUserRoleMapping(str, str2);
        if (userRoleMapping != null) {
            return userRoleMapping;
        }
        throw new NoSuchRoleMappingException(str);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public void updateUserRoleMapping(CUserRoleMapping cUserRoleMapping) throws NoSuchRoleMappingException {
        getDefaultConfiguration().updateUserRoleMapping(cUserRoleMapping);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public void deleteUserRoleMapping(String str, String str2) throws NoSuchRoleMappingException {
        if (!getDefaultConfiguration().removeUserRoleMapping(str, str2)) {
            throw new NoSuchRoleMappingException(str);
        }
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public void cleanRemovedPrivilege(String str) {
        this.configCleaner.privilegeRemoved(getDefaultConfiguration(), str);
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationManager
    public void cleanRemovedRole(String str) {
        this.configCleaner.roleRemoved(getDefaultConfiguration(), str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v4 */
    /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v9 */
    private SecurityConfiguration getDefaultConfiguration() {
        SecurityConfiguration securityConfiguration = this.defaultConfiguration;
        if (securityConfiguration == null) {
            ?? r0 = this;
            synchronized (r0) {
                securityConfiguration = this.defaultConfiguration;
                if (securityConfiguration == null) {
                    SecurityConfiguration doGetDefaultConfiguration = doGetDefaultConfiguration();
                    securityConfiguration = doGetDefaultConfiguration;
                    this.defaultConfiguration = doGetDefaultConfiguration;
                }
                r0 = r0;
            }
        }
        return securityConfiguration;
    }

    private SecurityConfiguration doGetDefaultConfiguration() {
        this.configurationSource.loadConfiguration();
        return this.configurationSource.getConfiguration();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [org.sonatype.nexus.security.config.SecurityConfiguration] */
    /* JADX WARN: Type inference failed for: r0v14 */
    /* JADX WARN: Type inference failed for: r0v4 */
    /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7, types: [org.sonatype.nexus.security.config.SecurityConfiguration] */
    private SecurityConfiguration getMergedConfiguration() {
        MemorySecurityConfiguration memorySecurityConfiguration = this.mergedConfiguration;
        if (memorySecurityConfiguration == null || shouldRebuildMergedConfiguration()) {
            boolean z = false;
            ?? r0 = this;
            synchronized (r0) {
                memorySecurityConfiguration = this.mergedConfiguration;
                if (memorySecurityConfiguration == null || shouldRebuildMergedConfiguration()) {
                    z = memorySecurityConfiguration != null;
                    MemorySecurityConfiguration doGetMergedConfiguration = doGetMergedConfiguration();
                    memorySecurityConfiguration = doGetMergedConfiguration;
                    this.mergedConfiguration = doGetMergedConfiguration;
                }
                r0 = r0;
                if (z) {
                    this.eventBus.post(new AuthorizationConfigurationChanged());
                }
            }
        }
        return memorySecurityConfiguration;
    }

    private boolean shouldRebuildMergedConfiguration() {
        Iterator<DynamicSecurityConfigurationResource> it = this.dynamicResources.iterator();
        while (it.hasNext()) {
            if (it.next().isDirty()) {
                return true;
            }
        }
        return false;
    }

    private MemorySecurityConfiguration doGetMergedConfiguration() {
        MemorySecurityConfiguration memorySecurityConfiguration = new MemorySecurityConfiguration();
        Iterator<StaticSecurityConfigurationResource> it = this.staticResources.iterator();
        while (it.hasNext()) {
            SecurityConfiguration configuration = it.next().getConfiguration();
            if (configuration != null) {
                Preconditions.checkState(configuration.getUsers() == null || configuration.getUsers().isEmpty(), "Static resources cannot have users");
                Preconditions.checkState(configuration.getUserRoleMappings() == null || configuration.getUserRoleMappings().isEmpty(), "Static resources cannot have user/role mappings");
                appendConfig(memorySecurityConfiguration, configuration);
            }
        }
        Iterator<DynamicSecurityConfigurationResource> it2 = this.dynamicResources.iterator();
        while (it2.hasNext()) {
            SecurityConfiguration configuration2 = it2.next().getConfiguration();
            if (configuration2 != null) {
                Preconditions.checkState(configuration2.getUsers() == null || configuration2.getUsers().isEmpty(), "Dynamic resources cannot have users");
                Preconditions.checkState(configuration2.getUserRoleMappings() == null || configuration2.getUserRoleMappings().isEmpty(), "Dynamic resources cannot have user/role mappings");
                appendConfig(memorySecurityConfiguration, configuration2);
            }
        }
        return memorySecurityConfiguration;
    }

    private SecurityConfiguration appendConfig(SecurityConfiguration securityConfiguration, SecurityConfiguration securityConfiguration2) {
        for (CPrivilege cPrivilege : securityConfiguration2.getPrivileges()) {
            cPrivilege.setReadOnly(true);
            securityConfiguration.addPrivilege(cPrivilege);
        }
        HashMap hashMap = new HashMap();
        for (CRole cRole : securityConfiguration.getRoles()) {
            hashMap.put(cRole.getId(), cRole);
        }
        for (CRole cRole2 : securityConfiguration2.getRoles()) {
            CRole cRole3 = (CRole) hashMap.get(cRole2.getId());
            if (cRole3 != null) {
                cRole2 = mergeRolesContents(cRole2, cRole3);
                securityConfiguration.removeRole(cRole2.getId());
            }
            cRole2.setReadOnly(true);
            securityConfiguration.addRole(cRole2);
            hashMap.put(cRole2.getId(), cRole2);
        }
        return securityConfiguration;
    }

    private CRole mergeRolesContents(CRole cRole, CRole cRole2) {
        HashSet hashSet = new HashSet();
        if (cRole.getRoles() != null) {
            hashSet.addAll(cRole.getRoles());
        }
        if (cRole2.getRoles() != null) {
            hashSet.addAll(cRole2.getRoles());
        }
        HashSet hashSet2 = new HashSet();
        if (cRole.getPrivileges() != null) {
            hashSet2.addAll(cRole.getPrivileges());
        }
        if (cRole2.getPrivileges() != null) {
            hashSet2.addAll(cRole2.getPrivileges());
        }
        CRole cRole3 = new CRole();
        cRole3.setId(cRole.getId());
        cRole3.setRoles(Sets.newHashSet(hashSet));
        cRole3.setPrivileges(Sets.newHashSet(hashSet2));
        if (Strings2.isBlank(cRole.getName())) {
            cRole3.setName(cRole2.getName());
        } else {
            cRole3.setName(cRole.getName());
        }
        if (Strings2.isBlank(cRole.getDescription())) {
            cRole3.setDescription(cRole2.getDescription());
        } else {
            cRole3.setDescription(cRole.getDescription());
        }
        return cRole3;
    }
}
