package org.exist.security.internal;

import com.evolvedbinary.j8fu.lazy.AtomicLazyVal;
import it.unimi.dsi.fastutil.ints.Int2ObjectMap;
import it.unimi.dsi.fastutil.ints.Int2ObjectOpenHashMap;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.function.BiFunction;
import java.util.stream.Collectors;
import net.jcip.annotations.ThreadSafe;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.Database;
import org.exist.EXistException;
import org.exist.collections.Collection;
import org.exist.config.Configuration;
import org.exist.config.ConfigurationException;
import org.exist.config.Configurator;
import org.exist.config.annotation.ConfigurationClass;
import org.exist.config.annotation.ConfigurationFieldAsAttribute;
import org.exist.config.annotation.ConfigurationFieldAsElement;
import org.exist.config.annotation.ConfigurationFieldClassMask;
import org.exist.dom.persistent.DocumentImpl;
import org.exist.scheduler.JobConfig;
import org.exist.scheduler.JobDescription;
import org.exist.security.AbstractRealm;
import org.exist.security.Account;
import org.exist.security.AuthenticationException;
import org.exist.security.Group;
import org.exist.security.PermissionDeniedException;
import org.exist.security.Principal;
import org.exist.security.SchemaType;
import org.exist.security.SecurityManager;
import org.exist.security.Session;
import org.exist.security.Subject;
import org.exist.security.internal.aider.GroupAider;
import org.exist.security.realm.Realm;
import org.exist.storage.BrokerPool;
import org.exist.storage.BrokerPoolService;
import org.exist.storage.BrokerPoolServiceException;
import org.exist.storage.DBBroker;
import org.exist.storage.lock.Lock;
import org.exist.storage.lock.ManagedLock;
import org.exist.storage.txn.Txn;
import org.exist.util.ConcurrentValueWrapper;
import org.exist.util.WeakLazyStripes;
import org.exist.xmldb.XmldbURI;
import org.quartz.Job;
import org.quartz.JobExecutionContext;

@ConfigurationClass("security-manager")
/* loaded from: input_file:org/exist/security/internal/SecurityManagerImpl.class */
public class SecurityManagerImpl implements SecurityManager, BrokerPoolService {
    private static final Logger LOG = LogManager.getLogger(SecurityManager.class);
    public static final int MAX_USER_ID = 1048571;
    public static final int MAX_GROUP_ID = 1048572;
    static final int INITIAL_LAST_ACCOUNT_ID = 10;
    static final int INITIAL_LAST_GROUP_ID = 10;
    private Database db;
    private AtomicLazyVal<Subject> systemSubject;
    private AtomicLazyVal<Subject> guestSubject;

    @ConfigurationFieldAsElement("authentication-entry-point")
    private static final String authenticationEntryPoint = "/authentication/login";
    private RealmImpl defaultRealm;
    private final PrincipalDbById<Group> groupsById = new PrincipalDbById<>(10);
    private final PrincipalDbById<Account> usersById = new PrincipalDbById<>(10);
    private final PrincipalLocks<Account> accountLocks = new PrincipalLocks<>(null);
    private final PrincipalLocks<Group> groupLocks = new PrincipalLocks<>(null);
    private final SessionDb sessions = new SessionDb();
    private final Map<XmldbURI, Integer> saving = new ConcurrentHashMap();

    @ConfigurationFieldAsAttribute("version")
    private String version = "2.1";

    @ConfigurationFieldAsElement("realm")
    @ConfigurationFieldClassMask("org.exist.security.realm.%1$s.%2$sRealm")
    private List<Realm> realms = new ArrayList();

    @ConfigurationFieldAsElement("events")
    private SMEvents events = null;
    private Collection collection = null;
    private Configuration configuration = null;

    /* JADX INFO: Access modifiers changed from: private */
    @ThreadSafe
    /* loaded from: input_file:org/exist/security/internal/SecurityManagerImpl$PrincipalDbById.class */
    public static class PrincipalDbById<V extends Principal> extends ConcurrentValueWrapper<Int2ObjectMap<V>> {
        private int principalId;

        public PrincipalDbById(int i) {
            super(new Int2ObjectOpenHashMap(65));
            this.principalId = i;
        }

        public int getNextPrincipalId() {
            return ((Integer) writeAndReturn(int2ObjectMap -> {
                if (this.principalId + 1 >= 1048572) {
                    throw new RuntimeException("System has no more ids available for principal type");
                }
                int i = this.principalId + 1;
                this.principalId = i;
                return Integer.valueOf(i);
            })).intValue();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int getCurrentPrincipalId() {
            return ((Integer) read(int2ObjectMap -> {
                return Integer.valueOf(this.principalId);
            })).intValue();
        }

        public void update(BiFunction<Int2ObjectMap<V>, Integer, Integer> biFunction) {
            write(int2ObjectMap -> {
                this.principalId = ((Integer) biFunction.apply(int2ObjectMap, Integer.valueOf(this.principalId))).intValue();
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @ThreadSafe
    /* loaded from: input_file:org/exist/security/internal/SecurityManagerImpl$PrincipalLocks.class */
    public static class PrincipalLocks<T extends Principal> {
        private final WeakLazyStripes<Integer, ReadWriteLock> lockStripes;

        private PrincipalLocks() {
            this.lockStripes = new WeakLazyStripes<>(num -> {
                return new ReentrantReadWriteLock();
            });
        }

        public ReadWriteLock getLock(T t) {
            return this.lockStripes.get(Integer.valueOf(t.getId()));
        }

        /* synthetic */ PrincipalLocks(PrincipalLocks principalLocks) {
            this();
        }
    }

    @ThreadSafe
    /* loaded from: input_file:org/exist/security/internal/SecurityManagerImpl$SessionDb.class */
    private static class SessionDb extends ConcurrentValueWrapper<Map<String, Session>> {
        public SessionDb() {
            super(new HashMap());
        }
    }

    /* loaded from: input_file:org/exist/security/internal/SecurityManagerImpl$SessionsCheck.class */
    public static class SessionsCheck implements JobDescription, Job {
        public static final long TIMEOUT_CHECK_PERIOD = 20000;

        @Override // org.exist.scheduler.JobDescription
        public String getGroup() {
            return "eXist.Security";
        }

        @Override // org.exist.scheduler.JobDescription
        public String getName() {
            return "Sessions.Check";
        }

        @Override // org.exist.scheduler.JobDescription
        public void setName(String str) {
        }

        public final void execute(JobExecutionContext jobExecutionContext) {
            SecurityManagerImpl securityManagerImpl;
            Properties properties = (Properties) jobExecutionContext.getJobDetail().getJobDataMap().get(JobDescription.PARAMS);
            if (properties == null || (securityManagerImpl = (SecurityManagerImpl) properties.get(SecurityManagerImpl.class.getName())) == null) {
                return;
            }
            securityManagerImpl.sessions.write(map -> {
                map.entrySet().removeIf(entry -> {
                    return entry == null || !((Session) entry.getValue()).isValid();
                });
            });
        }
    }

    public SecurityManagerImpl(Database database) {
        this.db = database;
    }

    @Override // org.exist.storage.BrokerPoolService
    public void prepare(BrokerPool brokerPool) throws BrokerPoolServiceException {
        try {
            this.defaultRealm = new RealmImpl(null, this, null);
            this.realms.add(this.defaultRealm);
            this.systemSubject = new AtomicLazyVal<>(() -> {
                return new SubjectAccreditedImpl(this.defaultRealm.ACCOUNT_SYSTEM, this);
            });
            this.guestSubject = new AtomicLazyVal<>(() -> {
                return new SubjectAccreditedImpl((AccountImpl) this.defaultRealm.getAccount("guest"), this);
            });
        } catch (EXistException e) {
            throw new BrokerPoolServiceException(e);
        }
    }

    @Override // org.exist.storage.BrokerPoolService
    public void startSystem(DBBroker dBBroker, Txn txn) throws BrokerPoolServiceException {
        try {
            attach(dBBroker, txn);
        } catch (EXistException e) {
            throw new BrokerPoolServiceException(e);
        }
    }

    @Override // org.exist.storage.BrokerPoolService
    public void startPreMultiUserSystem(DBBroker dBBroker, Txn txn) {
        Properties properties = new Properties();
        properties.put(getClass().getName(), this);
        this.db.getScheduler().createPeriodicJob(SessionsCheck.TIMEOUT_CHECK_PERIOD, new SessionsCheck(), SessionsCheck.TIMEOUT_CHECK_PERIOD, properties, -1, false);
    }

    @Override // org.exist.security.SecurityManager
    public void attach(DBBroker dBBroker, Txn txn) throws EXistException {
        this.db = dBBroker.getDatabase();
        try {
            if (dBBroker.getCollection(XmldbURI.SYSTEM_COLLECTION_URI) == null) {
                Collection orCreateCollection = dBBroker.getOrCreateCollection(txn, XmldbURI.SYSTEM_COLLECTION_URI);
                if (orCreateCollection == null) {
                    return;
                }
                orCreateCollection.setPermissions(dBBroker, 493);
                dBBroker.saveCollection(txn, orCreateCollection);
            }
        } catch (Exception e) {
            LOG.error("Setting /db/system permissions failed: " + e.getMessage(), e);
        }
        try {
            this.collection = dBBroker.getCollection(SecurityManager.SECURITY_COLLECTION_URI);
            if (this.collection == null) {
                this.collection = dBBroker.getOrCreateCollection(txn, SecurityManager.SECURITY_COLLECTION_URI);
                if (this.collection == null) {
                    LOG.error("Collection '/db/system/security' can't be created. Database may be corrupt!");
                    return;
                } else {
                    this.collection.setPermissions(dBBroker, 504);
                    dBBroker.saveCollection(txn, this.collection);
                }
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            LOG.error("Loading security configuration failed: " + e2.getMessage(), e2);
        }
        this.configuration = Configurator.configure(this, Configurator.parse(this, dBBroker, this.collection, SecurityManager.CONFIG_FILE_URI));
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            it.next().start(dBBroker, txn);
        }
    }

    @Override // org.exist.security.SecurityManager
    public boolean updateAccount(Account account) throws PermissionDeniedException, EXistException {
        if (account == null) {
            return false;
        }
        if (account.getRealmId() == null) {
            throw new ConfigurationException("Account must have realm id.");
        }
        Throwable th = null;
        try {
            ManagedLock<ReadWriteLock> acquire = ManagedLock.acquire(this.accountLocks.getLock(account), Lock.LockMode.WRITE_LOCK);
            try {
                boolean updateAccount = findRealmForRealmId(account.getRealmId()).updateAccount(account);
                if (acquire != null) {
                    acquire.close();
                }
                return updateAccount;
            } catch (Throwable th2) {
                if (acquire != null) {
                    acquire.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public boolean updateGroup(Group group) throws PermissionDeniedException, EXistException {
        if (group == null) {
            return false;
        }
        if (group.getRealmId() == null) {
            throw new ConfigurationException("Group must have realm id.");
        }
        Throwable th = null;
        try {
            ManagedLock<ReadWriteLock> acquire = ManagedLock.acquire(this.groupLocks.getLock(group), Lock.LockMode.WRITE_LOCK);
            try {
                boolean updateGroup = findRealmForRealmId(group.getRealmId()).updateGroup(group);
                if (acquire != null) {
                    acquire.close();
                }
                return updateGroup;
            } catch (Throwable th2) {
                if (acquire != null) {
                    acquire.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public boolean deleteGroup(String str) throws PermissionDeniedException, EXistException {
        Group group = getGroup(str);
        if (group == null) {
            return false;
        }
        if (group.getRealmId() == null) {
            throw new ConfigurationException("Group must have realm id.");
        }
        Throwable th = null;
        try {
            ManagedLock<ReadWriteLock> acquire = ManagedLock.acquire(this.groupLocks.getLock(group), Lock.LockMode.WRITE_LOCK);
            try {
                boolean deleteGroup = findRealmForRealmId(group.getRealmId()).deleteGroup(group);
                if (acquire != null) {
                    acquire.close();
                }
                return deleteGroup;
            } catch (Throwable th2) {
                if (acquire != null) {
                    acquire.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public boolean deleteAccount(String str) throws PermissionDeniedException, EXistException {
        return deleteAccount(getAccount(str));
    }

    @Override // org.exist.security.SecurityManager
    public boolean deleteAccount(Account account) throws PermissionDeniedException, EXistException {
        if (account == null) {
            return false;
        }
        if (account.getRealmId() == null) {
            throw new ConfigurationException("Account must have realm id.");
        }
        Throwable th = null;
        try {
            ManagedLock<ReadWriteLock> acquire = ManagedLock.acquire(this.accountLocks.getLock(account), Lock.LockMode.WRITE_LOCK);
            try {
                boolean deleteAccount = findRealmForRealmId(account.getRealmId()).deleteAccount(account);
                if (acquire != null) {
                    acquire.close();
                }
                return deleteAccount;
            } catch (Throwable th2) {
                if (acquire != null) {
                    acquire.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public Account getAccount(String str) {
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            Account account = it.next().getAccount(str);
            if (account != null) {
                return account;
            }
        }
        if (!LOG.isDebugEnabled()) {
            return null;
        }
        LOG.debug("Account for '" + str + "' not found!");
        return null;
    }

    @Override // org.exist.security.SecurityManager
    public final Account getAccount(int i) {
        return (Account) this.usersById.read(int2ObjectMap -> {
            return (Account) int2ObjectMap.get(i);
        });
    }

    @Override // org.exist.security.SecurityManager
    public boolean hasGroup(String str) {
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            if (it.next().hasGroup(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.exist.security.SecurityManager
    public boolean hasGroup(Group group) {
        return hasGroup(group.getName());
    }

    @Override // org.exist.security.SecurityManager
    public Group getGroup(String str) {
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            Group group = it.next().getGroup(str);
            if (group != null) {
                return group;
            }
        }
        return null;
    }

    @Override // org.exist.security.SecurityManager
    public final Group getGroup(int i) {
        return (Group) this.groupsById.read(int2ObjectMap -> {
            return (Group) int2ObjectMap.get(i);
        });
    }

    @Override // org.exist.security.SecurityManager
    public boolean hasAdminPrivileges(Account account) {
        Throwable th = null;
        try {
            ManagedLock<ReadWriteLock> acquire = ManagedLock.acquire(this.accountLocks.getLock(account), Lock.LockMode.READ_LOCK);
            try {
                boolean hasDbaRole = account.hasDbaRole();
                if (acquire != null) {
                    acquire.close();
                }
                return hasDbaRole;
            } catch (Throwable th2) {
                if (acquire != null) {
                    acquire.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public boolean hasAccount(String str) {
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            if (it.next().hasAccount(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.exist.security.SecurityManager
    public Subject authenticate(String str, Object obj) throws AuthenticationException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Authentication try for '" + str + "'.");
        }
        if (str == null) {
            throw new AuthenticationException(0, "Account NULL not found");
        }
        if ("jsessionid".equals(str)) {
            if (getSystemSubject().getSessionId().equals(obj)) {
                return getSystemSubject();
            }
            if (getGuestSubject().getSessionId().equals(obj)) {
                return getGuestSubject();
            }
            Subject subject = (Subject) this.sessions.read(map -> {
                Session session = (Session) map.get(obj.toString());
                if (session != null && session.isValid()) {
                    return session.getSubject();
                }
                return null;
            });
            if (subject == null) {
                throw new AuthenticationException(3, "Session [" + obj + "] not found");
            }
            if (this.events != null) {
                this.events.authenticated(subject);
            }
            return subject;
        }
        for (Realm realm : this.realms) {
            try {
                Subject authenticate = realm.authenticate(str, obj);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Authenticated by '" + realm.getId() + "' as '" + authenticate + "'.");
                }
                if (this.events != null) {
                    this.events.authenticated(authenticate);
                }
                return authenticate;
            } catch (AuthenticationException e) {
                if (e.getType() != 0) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Realm '" + realm.getId() + "' threw exception for account '" + str + "'. [" + e.getMessage() + "]");
                    }
                    throw e;
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Account '" + str + "' not found, throw error");
        }
        throw new AuthenticationException(0, "Account [" + str + "] not found");
    }

    @Override // org.exist.security.SecurityManager
    public Subject getSystemSubject() {
        return (Subject) this.systemSubject.get();
    }

    @Override // org.exist.security.SecurityManager
    public Subject getGuestSubject() {
        return (Subject) this.guestSubject.get();
    }

    @Override // org.exist.security.SecurityManager
    public Group getDBAGroup() {
        return this.defaultRealm.GROUP_DBA;
    }

    @Override // org.exist.security.SecurityManager
    public Database getDatabase() {
        return this.db;
    }

    @Override // org.exist.security.SecurityManager
    public Database database() {
        return this.db;
    }

    int getLastGroupId() {
        return this.groupsById.getCurrentPrincipalId();
    }

    int getLastAccountId() {
        return this.usersById.getCurrentPrincipalId();
    }

    @Override // org.exist.security.SecurityManager
    public List<Account> getGroupMembers(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll((java.util.Collection) it.next().getAccounts().stream().filter(account -> {
                return account.hasGroup(str);
            }).collect(Collectors.toList()));
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    public List<String> findAllGroupMembers(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().findAllGroupMembers(str));
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    @Deprecated
    public java.util.Collection<Account> getUsers() {
        return this.defaultRealm.getAccounts();
    }

    @Override // org.exist.security.SecurityManager
    @Deprecated
    public java.util.Collection<Group> getGroups() {
        return this.defaultRealm.getGroups();
    }

    @Override // org.exist.security.SecurityManager
    public void addGroup(DBBroker dBBroker, String str) throws PermissionDeniedException, EXistException {
        addGroup(dBBroker, new GroupAider(str));
    }

    @Override // org.exist.security.SecurityManager
    public Group addGroup(DBBroker dBBroker, Group group) throws PermissionDeniedException, EXistException {
        if (group.getRealmId() == null) {
            throw new ConfigurationException("Group must have realm id.");
        }
        if (group.getName() == null || group.getName().isEmpty()) {
            throw new ConfigurationException("Group must have name.");
        }
        int id = group.getId() != -1 ? group.getId() : this.groupsById.getNextPrincipalId();
        AbstractRealm abstractRealm = (AbstractRealm) findRealmForRealmId(group.getRealmId());
        if (abstractRealm.hasGroup(group.getName())) {
            throw new ConfigurationException("The group '" + group.getName() + "' at realm '" + group.getRealmId() + "' already exist.");
        }
        GroupImpl groupImpl = new GroupImpl(dBBroker, abstractRealm, id, group.getName(), group.getManagers());
        for (SchemaType schemaType : group.getMetadataKeys()) {
            groupImpl.setMetadataValue(schemaType, group.getMetadataValue(schemaType));
        }
        Throwable th = null;
        try {
            ManagedLock<ReadWriteLock> acquire = ManagedLock.acquire(this.groupLocks.getLock(groupImpl), Lock.LockMode.WRITE_LOCK);
            try {
                registerGroup(groupImpl);
                abstractRealm.registerGroup(groupImpl);
                groupImpl.save(dBBroker);
                if (acquire != null) {
                    acquire.close();
                }
                return groupImpl;
            } catch (Throwable th2) {
                if (acquire != null) {
                    acquire.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public final Account addAccount(Account account) throws PermissionDeniedException, EXistException {
        Throwable th = null;
        try {
            DBBroker broker = this.db.getBroker();
            try {
                Account addAccount = addAccount(broker, account);
                if (broker != null) {
                    broker.close();
                }
                return addAccount;
            } catch (Throwable th2) {
                if (broker != null) {
                    broker.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public final Account addAccount(DBBroker dBBroker, Account account) throws PermissionDeniedException, EXistException {
        if (account.getRealmId() == null) {
            throw new ConfigurationException("Account must have realm id.");
        }
        if (account.getName() == null || account.getName().isEmpty()) {
            throw new ConfigurationException("Account must have name.");
        }
        int id = account.getId() != -1 ? account.getId() : this.usersById.getNextPrincipalId();
        AbstractRealm abstractRealm = (AbstractRealm) findRealmForRealmId(account.getRealmId());
        AccountImpl accountImpl = new AccountImpl(dBBroker, abstractRealm, id, account);
        Throwable th = null;
        try {
            ManagedLock<ReadWriteLock> acquire = ManagedLock.acquire(this.accountLocks.getLock(accountImpl), Lock.LockMode.WRITE_LOCK);
            try {
                registerAccount(accountImpl);
                abstractRealm.registerAccount(accountImpl);
                accountImpl.save(dBBroker);
                if (acquire != null) {
                    acquire.close();
                }
                return accountImpl;
            } catch (Throwable th2) {
                if (acquire != null) {
                    acquire.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Override // org.exist.config.Configurable
    public boolean isConfigured() {
        return this.configuration != null;
    }

    @Override // org.exist.config.Configurable
    public Configuration getConfiguration() {
        return this.configuration;
    }

    @Override // org.exist.security.SecurityManager
    public void registerSession(Session session) {
        this.sessions.write(map -> {
            map.put(session.getId(), session);
        });
    }

    @Override // org.exist.security.SecurityManager
    public Subject getSubjectBySessionId(String str) {
        return (Subject) this.sessions.read(map -> {
            Session session = (Session) map.get(str);
            if (session != null) {
                return session.getSubject();
            }
            return null;
        });
    }

    private Realm findRealmForRealmId(String str) throws ConfigurationException {
        for (Realm realm : this.realms) {
            if (realm.getId().equals(str)) {
                return realm;
            }
        }
        throw new ConfigurationException("Realm id = '" + str + "' not found.");
    }

    @Override // org.exist.security.SecurityManager
    public void registerGroup(Group group) {
        this.groupsById.update((int2ObjectMap, num) -> {
            int id = group.getId();
            int2ObjectMap.put(id, group);
            return id < 1048572 ? Integer.valueOf(Math.max(num.intValue(), id)) : num;
        });
    }

    @Override // org.exist.security.SecurityManager
    public void registerAccount(Account account) {
        this.usersById.update((int2ObjectMap, num) -> {
            int id = account.getId();
            int2ObjectMap.put(id, account);
            return id < 1048571 ? Integer.valueOf(Math.max(num.intValue(), id)) : num;
        });
    }

    @Override // org.exist.security.SecurityManager
    public boolean hasGroup(int i) {
        return ((Boolean) this.groupsById.read(int2ObjectMap -> {
            return Boolean.valueOf(int2ObjectMap.containsKey(i));
        })).booleanValue();
    }

    @Override // org.exist.security.SecurityManager
    public boolean hasUser(int i) {
        return ((Boolean) this.usersById.read(int2ObjectMap -> {
            return Boolean.valueOf(int2ObjectMap.containsKey(i));
        })).booleanValue();
    }

    @Override // org.exist.security.SecurityManager
    public List<String> findUsernamesWhereNameStarts(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().findUsernamesWhereNameStarts(str));
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    public List<String> findUsernamesWhereUsernameStarts(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().findUsernamesWhereUsernameStarts(str));
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    public List<String> findUsernamesWhereNamePartStarts(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().findUsernamesWhereNamePartStarts(str));
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    public List<String> findGroupnamesWhereGroupnameContains(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().findGroupnamesWhereGroupnameContains(str));
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    public List<String> findGroupnamesWhereGroupnameStarts(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().findGroupnamesWhereGroupnameStarts(str));
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    public List<String> findAllGroupNames() {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().findAllGroupNames());
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    public List<String> findAllUserNames() {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().findAllUserNames());
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    public void processParameterBeforeSave(DBBroker dBBroker, DocumentImpl documentImpl) {
        XmldbURI uri = documentImpl.getCollection().getURI();
        if (uri.endsWith(SecurityManager.REMOVED_COLLECTION_URI)) {
            uri = uri.removeLastSegment();
        }
        boolean endsWith = uri.endsWith(SecurityManager.ACCOUNTS_COLLECTION_URI);
        boolean endsWith2 = uri.endsWith(SecurityManager.GROUPS_COLLECTION_URI);
        if (endsWith || endsWith2) {
            this.saving.put(documentImpl.getURI(), Configurator.parse(dBBroker.getBrokerPool(), documentImpl).getPropertyInteger("id"));
        }
    }

    @Override // org.exist.security.SecurityManager
    public void processParameter(DBBroker dBBroker, DocumentImpl documentImpl) throws ConfigurationException {
        XmldbURI uri = documentImpl.getCollection().getURI();
        boolean endsWith = uri.endsWith(SecurityManager.REMOVED_COLLECTION_URI);
        if (endsWith) {
            uri = uri.removeLastSegment();
        }
        boolean endsWith2 = uri.endsWith(SecurityManager.ACCOUNTS_COLLECTION_URI);
        boolean endsWith3 = uri.endsWith(SecurityManager.GROUPS_COLLECTION_URI);
        if (endsWith2 || endsWith3) {
            String xmldbURI = uri.removeLastSegment().lastSegment().toString();
            AbstractRealm abstractRealm = (AbstractRealm) findRealmForRealmId(xmldbURI);
            Configuration parse = Configurator.parse(dBBroker.getBrokerPool(), documentImpl);
            Integer num = -1;
            if (endsWith) {
                num = parse.getPropertyInteger("id");
            }
            String property = parse.getProperty(JobConfig.JOB_NAME_ATTRIBUTE);
            if (endsWith2) {
                if (endsWith && num.intValue() > 2 && !hasUser(num.intValue())) {
                    AccountImpl accountImpl = new AccountImpl(abstractRealm, parse);
                    accountImpl.removed = true;
                    registerAccount(accountImpl);
                } else if (property == null) {
                    LOG.error("Account '" + property + "' already exists in realm: '" + xmldbURI + "', but received notification that a new one was created.");
                } else if (abstractRealm.hasAccount(property)) {
                    Integer num2 = this.saving.get(documentImpl.getURI());
                    Integer propertyInteger = parse.getPropertyInteger("id");
                    if (!propertyInteger.equals(num2)) {
                        Account account = abstractRealm.getAccount(property);
                        Throwable th = null;
                        try {
                            ManagedLock<ReadWriteLock> acquire = ManagedLock.acquire(this.accountLocks.getLock(account), Lock.LockMode.WRITE_LOCK);
                            try {
                                this.usersById.write(int2ObjectMap -> {
                                    int2ObjectMap.remove(num2);
                                    int2ObjectMap.put(propertyInteger, account);
                                });
                                if (acquire != null) {
                                    acquire.close();
                                }
                            } catch (Throwable th2) {
                                if (acquire != null) {
                                    acquire.close();
                                }
                                throw th2;
                            }
                        } catch (Throwable th3) {
                            if (0 == 0) {
                                th = th3;
                            } else if (null != th3) {
                                th.addSuppressed(th3);
                            }
                            throw th;
                        }
                    }
                } else {
                    Account accountImpl2 = new AccountImpl(abstractRealm, parse);
                    if (accountImpl2.getGroups().length == 0) {
                        try {
                            accountImpl2.setPrimaryGroup(abstractRealm.getGroup(SecurityManager.UNKNOWN_GROUP));
                        } catch (PermissionDeniedException e) {
                            throw new ConfigurationException("Account has no group, unable to default to nogroup: " + e.getMessage(), e);
                        }
                    }
                    registerAccount(accountImpl2);
                    abstractRealm.registerAccount(accountImpl2);
                }
            } else if (endsWith3) {
                if (endsWith && num.intValue() > 2 && !hasGroup(num.intValue())) {
                    GroupImpl groupImpl = new GroupImpl(abstractRealm, parse);
                    groupImpl.removed = true;
                    registerGroup(groupImpl);
                } else if (property == null || abstractRealm.hasGroup(property)) {
                    LOG.error("Group '" + property + "' already exists in realm: '" + xmldbURI + "', but received notification that a new one was created.");
                } else {
                    Group groupImpl2 = new GroupImpl(abstractRealm, parse);
                    registerGroup(groupImpl2);
                    abstractRealm.registerGroup(groupImpl2);
                }
            }
            this.saving.remove(documentImpl.getURI());
        }
    }

    @Override // org.exist.security.SecurityManager
    public String getAuthenticationEntryPoint() {
        return authenticationEntryPoint;
    }

    @Override // org.exist.security.SecurityManager
    public Subject getCurrentSubject() {
        return this.db.getActiveBroker().getCurrentSubject();
    }

    @Override // org.exist.security.SecurityManager
    public final void preAllocateAccountId(SecurityManager.PrincipalIdReceiver principalIdReceiver) {
        principalIdReceiver.allocate(this.usersById.getNextPrincipalId());
    }

    @Override // org.exist.security.SecurityManager
    public final void preAllocateGroupId(SecurityManager.PrincipalIdReceiver principalIdReceiver) {
        principalIdReceiver.allocate(this.groupsById.getNextPrincipalId());
    }
}
