package org.exist.security;

import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.Database;
import org.exist.EXistException;
import org.exist.collections.Collection;
import org.exist.collections.triggers.TriggerException;
import org.exist.config.Configurable;
import org.exist.config.Configuration;
import org.exist.config.ConfigurationException;
import org.exist.config.Configurator;
import org.exist.dom.persistent.DocumentImpl;
import org.exist.scheduler.JobConfig;
import org.exist.security.internal.AccountImpl;
import org.exist.security.internal.GroupImpl;
import org.exist.security.realm.Realm;
import org.exist.security.utils.Utils;
import org.exist.storage.DBBroker;
import org.exist.storage.txn.Txn;
import org.exist.util.ConcurrentValueWrapper;
import org.exist.util.LockException;
import org.exist.xmldb.XmldbURI;

/* loaded from: input_file:org/exist/security/AbstractRealm.class */
public abstract class AbstractRealm implements Realm, Configurable {
    private static final Logger LOG = LogManager.getLogger(AbstractRealm.class);
    private final SecurityManager sm;
    protected Configuration configuration;
    protected final PrincipalDbByName<Account> usersByName = new PrincipalDbByName<>();
    protected final PrincipalDbByName<Group> groupsByName = new PrincipalDbByName<>();
    protected Collection collectionRealm = null;
    protected Collection collectionAccounts = null;
    protected Collection collectionGroups = null;
    protected Collection collectionRemovedAccounts = null;
    protected Collection collectionRemovedGroups = null;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/exist/security/AbstractRealm$PrincipalDbByName.class */
    public static class PrincipalDbByName<V extends Principal> extends ConcurrentValueWrapper<Map<String, V>> {
        public PrincipalDbByName() {
            super(new HashMap(65));
        }
    }

    public AbstractRealm(SecurityManager securityManager, Configuration configuration) {
        this.sm = securityManager;
        this.configuration = Configurator.configure(this, configuration);
    }

    @Override // org.exist.security.realm.Realm
    public Database getDatabase() {
        return getSecurityManager().getDatabase();
    }

    @Override // org.exist.security.realm.Realm
    public SecurityManager getSecurityManager() {
        return this.sm;
    }

    private void initialiseRealmStorage(DBBroker dBBroker, Txn txn) throws EXistException {
        XmldbURI append = SecurityManager.SECURITY_COLLECTION_URI.append(getId());
        try {
            this.collectionRealm = Utils.getOrCreateCollection(dBBroker, txn, append);
            this.collectionAccounts = Utils.getOrCreateCollection(dBBroker, txn, append.append("accounts"));
            this.collectionGroups = Utils.getOrCreateCollection(dBBroker, txn, append.append("groups"));
            this.collectionRemovedAccounts = Utils.getOrCreateCollection(dBBroker, txn, append.append("accounts").append("removed"));
            this.collectionRemovedGroups = Utils.getOrCreateCollection(dBBroker, txn, append.append("groups").append("removed"));
        } catch (IOException | TriggerException | PermissionDeniedException | LockException e) {
            throw new EXistException(e);
        }
    }

    private void loadGroupsFromRealmStorage(DBBroker dBBroker) throws ConfigurationException, PermissionDeniedException, LockException {
        if (this.collectionGroups == null || this.collectionGroups.getDocumentCount(dBBroker) <= 0) {
            return;
        }
        Iterator<DocumentImpl> it = this.collectionGroups.iterator(dBBroker);
        while (it.hasNext()) {
            Configuration parse = Configurator.parse(dBBroker.getBrokerPool(), it.next());
            String property = parse.getProperty(JobConfig.JOB_NAME_ATTRIBUTE);
            this.groupsByName.writeE(map -> {
                if (property == null || map.containsKey(property)) {
                    return;
                }
                GroupImpl groupImpl = new GroupImpl(this, parse);
                getSecurityManager().registerGroup(groupImpl);
                map.put(groupImpl.getName(), groupImpl);
                if (groupImpl.getId() > 0) {
                    groupImpl.setCollection(dBBroker, this.collectionGroups);
                }
            });
        }
    }

    private void loadRemovedGroupsFromRealmStorage(DBBroker dBBroker) throws ConfigurationException, PermissionDeniedException, LockException {
        if (this.collectionRemovedGroups == null || this.collectionRemovedGroups.getDocumentCount(dBBroker) <= 0) {
            return;
        }
        Iterator<DocumentImpl> it = this.collectionRemovedGroups.iterator(dBBroker);
        while (it.hasNext()) {
            Configuration parse = Configurator.parse(dBBroker.getBrokerPool(), it.next());
            Integer propertyInteger = parse.getPropertyInteger("id");
            if (propertyInteger != null && !getSecurityManager().hasGroup(propertyInteger.intValue())) {
                GroupImpl groupImpl = new GroupImpl(this, parse);
                groupImpl.removed = true;
                getSecurityManager().registerGroup(groupImpl);
            }
        }
    }

    private void loadAccountsFromRealmStorage(DBBroker dBBroker) throws ConfigurationException, PermissionDeniedException, LockException {
        if (this.collectionAccounts == null || this.collectionAccounts.getDocumentCount(dBBroker) <= 0) {
            return;
        }
        Iterator<DocumentImpl> it = this.collectionAccounts.iterator(dBBroker);
        while (it.hasNext()) {
            DocumentImpl next = it.next();
            Configuration parse = Configurator.parse(dBBroker.getBrokerPool(), next);
            String property = parse.getProperty(JobConfig.JOB_NAME_ATTRIBUTE);
            this.usersByName.writeE(map -> {
                if (property == null || map.containsKey(property)) {
                    return;
                }
                try {
                    AccountImpl accountImpl = new AccountImpl(this, parse);
                    if (accountImpl.getGroups().length == 0) {
                        try {
                            accountImpl.setPrimaryGroup(getGroup(SecurityManager.UNKNOWN_GROUP));
                        } catch (PermissionDeniedException e) {
                            throw new ConfigurationException("Account has no group, unable to default to nogroup: " + e.getMessage(), e);
                        }
                    }
                    getSecurityManager().registerAccount(accountImpl);
                    map.put(accountImpl.getName(), accountImpl);
                    if (accountImpl.getId() > 0) {
                        accountImpl.setCollection(dBBroker, this.collectionAccounts);
                        if (accountImpl.getGroups().length == 0) {
                            try {
                                accountImpl.setPrimaryGroup(getGroup(SecurityManager.UNKNOWN_GROUP));
                            } catch (PermissionDeniedException e2) {
                                throw new ConfigurationException("Account has no group, unable to default to nogroup: " + e2.getMessage(), e2);
                            }
                        }
                    }
                } catch (Throwable th) {
                    LOG.error("Account object can't be built from '" + next.getFileURI() + "'", th);
                }
            });
        }
    }

    private void loadRemovedAccountsFromRealmStorage(DBBroker dBBroker) throws ConfigurationException, PermissionDeniedException, LockException {
        if (this.collectionRemovedAccounts == null || this.collectionRemovedAccounts.getDocumentCount(dBBroker) <= 0) {
            return;
        }
        Iterator<DocumentImpl> it = this.collectionRemovedAccounts.iterator(dBBroker);
        while (it.hasNext()) {
            Configuration parse = Configurator.parse(dBBroker.getBrokerPool(), it.next());
            Integer propertyInteger = parse.getPropertyInteger("id");
            if (propertyInteger != null && !getSecurityManager().hasUser(propertyInteger.intValue())) {
                AccountImpl accountImpl = new AccountImpl(this, parse);
                accountImpl.removed = true;
                getSecurityManager().registerAccount(accountImpl);
            }
        }
    }

    @Override // org.exist.LifeCycle
    public void start(DBBroker dBBroker, Txn txn) throws EXistException {
        initialiseRealmStorage(dBBroker, txn);
        try {
            loadGroupsFromRealmStorage(dBBroker);
            loadRemovedGroupsFromRealmStorage(dBBroker);
            loadAccountsFromRealmStorage(dBBroker);
            loadRemovedAccountsFromRealmStorage(dBBroker);
        } catch (PermissionDeniedException | LockException e) {
            throw new EXistException(e);
        }
    }

    @Override // org.exist.LifeCycle
    public void sync(DBBroker dBBroker) {
    }

    @Override // org.exist.LifeCycle
    public void stop(DBBroker dBBroker) {
    }

    public void save() throws PermissionDeniedException, EXistException {
        this.configuration.save();
    }

    public final Account registerAccount(Account account) {
        this.usersByName.write(map -> {
            if (map.containsKey(account.getName())) {
                throw new IllegalArgumentException("Account " + account.getName() + " exist.");
            }
            map.put(account.getName(), account);
        });
        return account;
    }

    public final Group registerGroup(Group group) {
        this.groupsByName.write(map -> {
            if (map.containsKey(group.getName())) {
                throw new IllegalArgumentException("Group " + group.getName() + " already exists.");
            }
            map.put(group.getName(), group);
        });
        return group;
    }

    @Override // org.exist.security.management.AccountsManagement
    public Account getAccount(String str) {
        return (Account) this.usersByName.read(map -> {
            return (Account) map.get(str);
        });
    }

    @Override // org.exist.security.management.AccountsManagement
    public boolean hasAccount(String str) {
        return hasAccountLocal(str);
    }

    @Override // org.exist.security.management.AccountsManagement
    public final boolean hasAccount(Account account) {
        return hasAccountLocal(account);
    }

    @Override // org.exist.security.management.AccountsManagement
    public boolean hasAccountLocal(Account account) {
        return hasAccountLocal(account.getName());
    }

    @Override // org.exist.security.management.AccountsManagement
    public boolean hasAccountLocal(String str) {
        return ((Boolean) this.usersByName.read(map -> {
            return Boolean.valueOf(map.containsKey(str));
        })).booleanValue();
    }

    @Override // org.exist.security.realm.Realm
    public final java.util.Collection<Account> getAccounts() {
        return (java.util.Collection) this.usersByName.read((v0) -> {
            return v0.values();
        });
    }

    @Override // org.exist.security.management.GroupsManagement
    public boolean hasGroup(Group group) {
        return hasGroupLocal(group);
    }

    @Override // org.exist.security.management.GroupsManagement
    public boolean hasGroup(String str) {
        return hasGroupLocal(str);
    }

    @Override // org.exist.security.management.GroupsManagement
    public boolean hasGroupLocal(String str) {
        return ((Boolean) this.groupsByName.read(map -> {
            return Boolean.valueOf(map.containsKey(str));
        })).booleanValue();
    }

    @Override // org.exist.security.management.GroupsManagement
    public final boolean hasGroupLocal(Group group) {
        return hasGroupLocal(group.getName());
    }

    @Override // org.exist.security.management.GroupsManagement
    public Group getGroup(String str) {
        return (Group) this.groupsByName.read(map -> {
            return (Group) map.get(str);
        });
    }

    @Override // org.exist.security.realm.Realm
    public final java.util.Collection<Group> getGroups() {
        return (java.util.Collection) this.groupsByName.read((v0) -> {
            return v0.values();
        });
    }

    protected Collection getCollection() {
        return this.collectionRealm;
    }

    @Override // org.exist.security.management.GroupsManagement
    public Group addGroup(DBBroker dBBroker, Group group) throws PermissionDeniedException, EXistException {
        if (group.getRealmId() == null) {
            throw new ConfigurationException("Group's realmId is null.");
        }
        if (getId().equals(group.getRealmId())) {
            return getSecurityManager().addGroup(dBBroker, group);
        }
        throw new ConfigurationException("Group from different realm");
    }

    @Override // org.exist.security.management.AccountsManagement
    public Account addAccount(Account account) throws PermissionDeniedException, EXistException {
        if (account.getRealmId() == null) {
            throw new ConfigurationException("Account's realmId is null.");
        }
        if (getId().equals(account.getRealmId())) {
            return getSecurityManager().addAccount(account);
        }
        throw new ConfigurationException("Account from different realm");
    }

    @Override // org.exist.security.management.AccountsManagement
    public boolean updateAccount(Account account) throws PermissionDeniedException, EXistException {
        account.assertCanModifyAccount(getDatabase().getActiveBroker().getCurrentSubject());
        Account account2 = getAccount(account.getName());
        if (account2 == null) {
            throw new PermissionDeniedException("account " + account.getName() + " does not exist");
        }
        for (String str : account.getGroups()) {
            if (!account2.hasGroup(str)) {
                account2.addGroup(str);
            }
        }
        for (String str2 : account2.getGroups()) {
            if (!account.hasGroup(str2)) {
                account2.remGroup(str2);
            }
        }
        if (account.getPrimaryGroup() != null && !account.getPrimaryGroup().equals(account2.getPrimaryGroup())) {
            account2.setPrimaryGroup(getGroup(account.getPrimaryGroup()));
        }
        if (account.getPassword() != null) {
            account2.setPassword(account.getPassword());
        }
        account2.setUserMask(account.getUserMask());
        if (account.hashCode() != account2.hashCode()) {
            account2.clearMetadata();
            for (SchemaType schemaType : account.getMetadataKeys()) {
                account2.setMetadataValue(schemaType, account.getMetadataValue(schemaType));
            }
        }
        account2.save();
        return true;
    }

    @Override // org.exist.security.management.GroupsManagement
    public boolean updateGroup(Group group) throws PermissionDeniedException, EXistException {
        group.assertCanModifyGroup(getDatabase().getActiveBroker().getCurrentSubject());
        Group group2 = getGroup(group.getName());
        if (group2 == null) {
            throw new PermissionDeniedException("group " + group.getName() + " does not exist");
        }
        for (Account account : group.getManagers()) {
            if (!group2.isManager(account)) {
                group2.addManager(account);
            }
        }
        for (Account account2 : group2.getManagers()) {
            if (!group.isManager(account2)) {
                group2.removeManager(account2);
            }
        }
        if (group.hashCode() != group2.hashCode()) {
            group2.clearMetadata();
            for (SchemaType schemaType : group.getMetadataKeys()) {
                group2.setMetadataValue(schemaType, group.getMetadataValue(schemaType));
            }
        }
        group2.save();
        return true;
    }

    @Override // org.exist.security.realm.Realm
    public Group getExternalGroup(String str) {
        return getSecurityManager().getGroup(str);
    }

    @Override // org.exist.config.Configurable
    public boolean isConfigured() {
        return this.configuration != null;
    }

    @Override // org.exist.config.Configurable
    public Configuration getConfiguration() {
        return this.configuration;
    }

    @Override // org.exist.security.realm.Realm
    public List<String> findUsernamesWhereNameStarts(String str) {
        return Collections.emptyList();
    }

    @Override // org.exist.security.realm.Realm
    public List<String> findUsernamesWhereUsernameStarts(String str) {
        return Collections.emptyList();
    }

    @Override // org.exist.security.realm.Realm
    public List<String> findAllGroupNames() {
        return Collections.emptyList();
    }

    @Override // org.exist.security.realm.Realm
    public List<String> findAllUserNames() {
        return Collections.emptyList();
    }

    @Override // org.exist.security.realm.Realm
    public List<String> findAllGroupMembers(String str) {
        return Collections.emptyList();
    }

    @Override // org.exist.security.realm.Realm
    public List<String> findUsernamesWhereNamePartStarts(String str) {
        return Collections.emptyList();
    }

    @Override // org.exist.security.realm.Realm
    public java.util.Collection<? extends String> findGroupnamesWhereGroupnameStarts(String str) {
        return Collections.emptyList();
    }

    @Override // org.exist.security.realm.Realm
    public java.util.Collection<? extends String> findGroupnamesWhereGroupnameContains(String str) {
        return Collections.emptyList();
    }
}
