package org.sonatype.nexus.security;

import com.google.common.base.Throwables;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.codehaus.plexus.component.annotations.Component;
import org.codehaus.plexus.component.annotations.Requirement;
import org.sonatype.nexus.jsecurity.realms.TargetPrivilegeDescriptor;
import org.sonatype.nexus.jsecurity.realms.TargetPrivilegeGroupPropertyDescriptor;
import org.sonatype.nexus.jsecurity.realms.TargetPrivilegeRepositoryTargetPropertyDescriptor;
import org.sonatype.nexus.proxy.events.AbstractEventInspector;
import org.sonatype.nexus.proxy.events.EventInspector;
import org.sonatype.nexus.proxy.events.RepositoryRegistryEventRemove;
import org.sonatype.nexus.proxy.events.TargetRegistryEventRemove;
import org.sonatype.plexus.appevents.Event;
import org.sonatype.security.SecuritySystem;
import org.sonatype.security.authorization.NoSuchAuthorizationManagerException;
import org.sonatype.security.authorization.NoSuchPrivilegeException;
import org.sonatype.security.authorization.Privilege;
import org.sonatype.security.realms.tools.ConfigurationManager;
import org.sonatype.security.realms.tools.ConfigurationManagerAction;

@Component(role = EventInspector.class, hint = "SecurityCleanupEventInspector")
/* loaded from: input_file:org/sonatype/nexus/security/SecurityCleanupEventInspector.class */
public class SecurityCleanupEventInspector extends AbstractEventInspector {

    @Requirement(hint = "default")
    private ConfigurationManager configManager;

    @Requirement
    private SecuritySystem security;

    @Override // org.sonatype.nexus.proxy.events.EventInspector
    public boolean accepts(Event<?> event) {
        return (event instanceof RepositoryRegistryEventRemove) || (event instanceof TargetRegistryEventRemove);
    }

    @Override // org.sonatype.nexus.proxy.events.EventInspector
    public void inspect(Event<?> event) {
        if (event instanceof RepositoryRegistryEventRemove) {
            String id = ((RepositoryRegistryEventRemove) event).getRepository().getId();
            try {
                cleanupPrivileges("repositoryId", id);
                cleanupPrivileges(TargetPrivilegeGroupPropertyDescriptor.ID, id);
            } catch (NoSuchPrivilegeException e) {
                getLogger().error("Unable to clean privileges attached to repository", e);
            } catch (NoSuchAuthorizationManagerException e2) {
                getLogger().error("Unable to clean privileges attached to repository", e2);
            }
        }
        if (event instanceof TargetRegistryEventRemove) {
            String id2 = ((TargetRegistryEventRemove) event).getTarget().getId();
            try {
                cleanupPrivileges(TargetPrivilegeRepositoryTargetPropertyDescriptor.ID, id2);
            } catch (NoSuchPrivilegeException e3) {
                getLogger().error("Unable to clean privileges attached to target: " + id2, e3);
            } catch (NoSuchAuthorizationManagerException e4) {
                getLogger().error("Unable to clean privileges attached to target: " + id2, e4);
            }
        }
    }

    protected void cleanupPrivileges(String str, String str2) throws NoSuchPrivilegeException, NoSuchAuthorizationManagerException {
        Set<Privilege> listPrivileges = this.security.listPrivileges();
        final HashSet hashSet = new HashSet();
        for (Privilege privilege : listPrivileges) {
            if (!privilege.isReadOnly() && privilege.getType().equals(TargetPrivilegeDescriptor.TYPE) && str2.equals(privilege.getPrivilegeProperty(str))) {
                getLogger().debug("Removing Privilege " + privilege.getName() + " because repository was removed");
                this.security.getAuthorizationManager("default").deletePrivilege(privilege.getId());
                hashSet.add(privilege.getId());
            }
        }
        try {
            this.configManager.runWrite(new ConfigurationManagerAction() { // from class: org.sonatype.nexus.security.SecurityCleanupEventInspector.1
                public void run() throws Exception {
                    Iterator it = hashSet.iterator();
                    while (it.hasNext()) {
                        SecurityCleanupEventInspector.this.configManager.cleanRemovedPrivilege((String) it.next());
                    }
                    SecurityCleanupEventInspector.this.configManager.save();
                }
            });
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }
}
