package org.graylog2.users;

import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.mongodb.BasicDBObject;
import com.mongodb.DBObject;
import com.mongodb.DuplicateKeyException;
import java.util.Locale;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.validation.ConstraintViolation;
import javax.validation.Validator;
import org.bson.types.ObjectId;
import org.graylog2.bindings.providers.MongoJackObjectMapperProvider;
import org.graylog2.database.MongoConnection;
import org.graylog2.database.MongoDBUpsertRetryer;
import org.graylog2.database.NotFoundException;
import org.graylog2.plugin.database.ValidationException;
import org.graylog2.shared.security.Permissions;
import org.graylog2.shared.users.Role;
import org.graylog2.shared.users.Roles;
import org.mongojack.DBCursor;
import org.mongojack.DBQuery;
import org.mongojack.JacksonDBCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog2/users/RoleServiceImpl.class */
public class RoleServiceImpl implements RoleService {
    private static final Logger log = LoggerFactory.getLogger(RoleServiceImpl.class);
    private static final String ROLES = "roles";
    private static final String NAME_LOWER = "name_lower";
    private static final String READ_ONLY = "read_only";
    private static final String ID = "_id";
    public static final String ADMIN_ROLENAME = "Admin";
    private static final String READER_ROLENAME = "Reader";
    private final JacksonDBCollection<RoleImpl, ObjectId> dbCollection;
    private final Validator validator;
    private final String adminRoleObjectId;
    private final String readerRoleObjectId;

    @Inject
    public RoleServiceImpl(MongoConnection mongoConnection, MongoJackObjectMapperProvider mongoJackObjectMapperProvider, Permissions permissions, Validator validator) {
        this.validator = validator;
        this.dbCollection = JacksonDBCollection.wrap(mongoConnection.getDatabase().getCollection("roles"), RoleImpl.class, ObjectId.class, mongoJackObjectMapperProvider.m302get());
        this.dbCollection.createIndex(new BasicDBObject(NAME_LOWER, 1), new BasicDBObject("unique", true));
        this.adminRoleObjectId = (String) Preconditions.checkNotNull(ensureBuiltinRole(ADMIN_ROLENAME, Sets.newHashSet(new String[]{"*"}), ADMIN_ROLENAME, "Grants all permissions for Graylog administrators (built-in)"));
        this.readerRoleObjectId = (String) Preconditions.checkNotNull(ensureBuiltinRole(READER_ROLENAME, permissions.readerBasePermissions(), READER_ROLENAME, "Grants basic permissions for every Graylog user (built-in)"));
    }

    @Nullable
    private String ensureBuiltinRole(String str, Set<String> set, String str2, String str3) {
        RoleImpl roleImpl = null;
        try {
            roleImpl = load(str);
            if (!roleImpl.isReadOnly() || !set.equals(roleImpl.getPermissions())) {
                String str4 = "Invalid role '" + str + "', fixing it.";
                log.error(str4);
                throw new IllegalArgumentException(str4);
            }
            if (roleImpl != null) {
                return roleImpl.getId();
            }
            log.error("Unable to access fixed " + str + " role, please restart Graylog to fix this.");
            return null;
        } catch (IllegalArgumentException | NoSuchElementException | NotFoundException e) {
            log.info("{} role is missing or invalid, re-adding it as a built-in role.", str);
            RoleImpl roleImpl2 = new RoleImpl();
            if (roleImpl != null) {
                roleImpl2._id = roleImpl._id;
            }
            roleImpl2.setReadOnly(true);
            roleImpl2.setName(str2);
            roleImpl2.setDescription(str3);
            roleImpl2.setPermissions(set);
            try {
                return save((Role) roleImpl2).getId();
            } catch (DuplicateKeyException | ValidationException e2) {
                log.error("Unable to save fixed " + str + " role, please restart Graylog to fix this.", e2);
            }
        }
    }

    @Override // org.graylog2.users.RoleService
    public Role loadById(String str) throws NotFoundException {
        Role role = (Role) this.dbCollection.findOneById(new ObjectId(str));
        if (role == null) {
            throw new NotFoundException("No role found with id " + str);
        }
        return role;
    }

    @Override // org.graylog2.users.RoleService
    public RoleImpl load(String str) throws NotFoundException {
        RoleImpl roleImpl = (RoleImpl) this.dbCollection.findOne(DBQuery.is(NAME_LOWER, str.toLowerCase(Locale.ENGLISH)));
        if (roleImpl == null) {
            throw new NotFoundException("No role found with name " + str);
        }
        return roleImpl;
    }

    @Override // org.graylog2.users.RoleService
    public boolean exists(String str) {
        return this.dbCollection.getCount(DBQuery.is(NAME_LOWER, str.toLowerCase(Locale.ENGLISH))) == 1;
    }

    @Override // org.graylog2.users.RoleService
    public Set<Role> loadAll() {
        DBCursor find = this.dbCollection.find();
        Throwable th = null;
        try {
            try {
                ImmutableSet copyOf = ImmutableSet.copyOf(find);
                if (find != null) {
                    $closeResource(null, find);
                }
                return copyOf;
            } finally {
            }
        } catch (Throwable th2) {
            if (find != null) {
                $closeResource(th, find);
            }
            throw th2;
        }
    }

    @Override // org.graylog2.users.RoleService
    public Map<String, Role> findIdMap(Set<String> set) throws NotFoundException {
        DBCursor find = this.dbCollection.find(DBQuery.in("_id", set));
        Throwable th = null;
        try {
            try {
                ImmutableMap uniqueIndex = Maps.uniqueIndex(ImmutableSet.copyOf(find), new Function<Role, String>() { // from class: org.graylog2.users.RoleServiceImpl.1
                    @Nullable
                    public String apply(Role role) {
                        return role.getId();
                    }
                });
                if (find != null) {
                    $closeResource(null, find);
                }
                return uniqueIndex;
            } finally {
            }
        } catch (Throwable th2) {
            if (find != null) {
                $closeResource(th, find);
            }
            throw th2;
        }
    }

    @Override // org.graylog2.users.RoleService
    public Map<String, Role> loadAllIdMap() throws NotFoundException {
        return Maps.uniqueIndex(loadAll(), new Function<Role, String>() { // from class: org.graylog2.users.RoleServiceImpl.2
            @Nullable
            public String apply(Role role) {
                return role.getId();
            }
        });
    }

    @Override // org.graylog2.users.RoleService
    public Map<String, Role> loadAllLowercaseNameMap() throws NotFoundException {
        return Maps.uniqueIndex(loadAll(), Roles.roleToNameFunction(true));
    }

    @Override // org.graylog2.users.RoleService
    public RoleImpl save(Role role) throws ValidationException {
        if (!(role instanceof RoleImpl)) {
            throw new IllegalArgumentException("invalid Role implementation class");
        }
        RoleImpl roleImpl = (RoleImpl) role;
        Set<ConstraintViolation<Role>> validate = validate(roleImpl);
        if (validate.isEmpty()) {
            return (RoleImpl) MongoDBUpsertRetryer.run(() -> {
                return (RoleImpl) this.dbCollection.findAndModify(DBQuery.is(NAME_LOWER, roleImpl.nameLower()), (DBObject) null, (DBObject) null, false, roleImpl, true, true);
            });
        }
        throw new ValidationException("Validation failed.", validate.toString());
    }

    @Override // org.graylog2.users.RoleService
    public Set<ConstraintViolation<Role>> validate(Role role) {
        return this.validator.validate(role, new Class[0]);
    }

    @Override // org.graylog2.users.RoleService
    public int delete(String str) {
        return this.dbCollection.remove(DBQuery.and(new DBQuery.Query[]{DBQuery.is(READ_ONLY, false), DBQuery.is(NAME_LOWER, str.toLowerCase(Locale.ENGLISH))})).getN();
    }

    @Override // org.graylog2.users.RoleService
    public String getAdminRoleObjectId() {
        return this.adminRoleObjectId;
    }

    @Override // org.graylog2.users.RoleService
    public String getReaderRoleObjectId() {
        return this.readerRoleObjectId;
    }

    private static /* synthetic */ void $closeResource(Throwable th, AutoCloseable autoCloseable) {
        if (th == null) {
            autoCloseable.close();
            return;
        }
        try {
            autoCloseable.close();
        } catch (Throwable th2) {
            th.addSuppressed(th2);
        }
    }
}
