package org.sonatype.security.realms.tools;

import com.google.common.collect.Sets;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.enterprise.inject.Typed;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.apache.shiro.authc.credential.PasswordService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonatype.configuration.ConfigurationException;
import org.sonatype.configuration.validation.InvalidConfigurationException;
import org.sonatype.configuration.validation.ValidationMessage;
import org.sonatype.configuration.validation.ValidationResponse;
import org.sonatype.security.authorization.NoSuchPrivilegeException;
import org.sonatype.security.authorization.NoSuchRoleException;
import org.sonatype.security.model.CPrivilege;
import org.sonatype.security.model.CProperty;
import org.sonatype.security.model.CRole;
import org.sonatype.security.model.CUser;
import org.sonatype.security.model.CUserRoleMapping;
import org.sonatype.security.model.Configuration;
import org.sonatype.security.model.source.SecurityModelConfigurationSource;
import org.sonatype.security.realms.privileges.PrivilegeDescriptor;
import org.sonatype.security.realms.validator.SecurityConfigurationValidator;
import org.sonatype.security.realms.validator.SecurityValidationContext;
import org.sonatype.security.usermanagement.UserNotFoundException;

@Singleton
@Typed({ConfigurationManager.class})
@Named("legacydefault")
/* loaded from: input_file:org/sonatype/security/realms/tools/DefaultConfigurationManager.class */
public class DefaultConfigurationManager extends AbstractConfigurationManager {
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private final SecurityModelConfigurationSource configurationSource;
    private final SecurityConfigurationValidator validator;
    private final List<PrivilegeDescriptor> privilegeDescriptors;
    private final SecurityConfigurationCleaner configCleaner;
    private final List<SecurityConfigurationModifier> configurationModifiers;
    private final PasswordService passwordService;

    @Inject
    public DefaultConfigurationManager(List<SecurityConfigurationModifier> list, SecurityConfigurationCleaner securityConfigurationCleaner, SecurityConfigurationValidator securityConfigurationValidator, @Named("file") SecurityModelConfigurationSource securityModelConfigurationSource, List<PrivilegeDescriptor> list2, PasswordService passwordService) {
        this.configurationModifiers = list;
        this.configCleaner = securityConfigurationCleaner;
        this.validator = securityConfigurationValidator;
        this.configurationSource = securityModelConfigurationSource;
        this.privilegeDescriptors = list2;
        this.passwordService = passwordService;
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void runRead(ConfigurationManagerAction configurationManagerAction) throws Exception {
        throw new UnsupportedOperationException("Concurrent access not supported. ConcurrentConfigurationManager should be used instead");
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void runWrite(ConfigurationManagerAction configurationManagerAction) throws Exception {
        throw new UnsupportedOperationException("Concurrent access not supported. ConcurrentConfigurationManager should be used instead");
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public List<CPrivilege> listPrivileges() {
        return Collections.unmodifiableList(getConfiguration().getPrivileges());
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public List<CRole> listRoles() {
        return Collections.unmodifiableList(getConfiguration().getRoles());
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public List<CUser> listUsers() {
        return Collections.unmodifiableList(getConfiguration().getUsers());
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void createPrivilege(CPrivilege cPrivilege) throws InvalidConfigurationException {
        createPrivilege(cPrivilege, initializeContext());
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void createPrivilege(CPrivilege cPrivilege, SecurityValidationContext securityValidationContext) throws InvalidConfigurationException {
        if (securityValidationContext == null) {
            securityValidationContext = initializeContext();
        }
        ValidationResponse validatePrivilege = this.validator.validatePrivilege(securityValidationContext, cPrivilege, false);
        if (!validatePrivilege.isValid()) {
            throw new InvalidConfigurationException(validatePrivilege);
        }
        getConfiguration().addPrivilege(cPrivilege);
        logValidationWarnings(validatePrivilege);
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void createRole(CRole cRole) throws InvalidConfigurationException {
        createRole(cRole, initializeContext());
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void createRole(CRole cRole, SecurityValidationContext securityValidationContext) throws InvalidConfigurationException {
        if (securityValidationContext == null) {
            securityValidationContext = initializeContext();
        }
        ValidationResponse validateRole = this.validator.validateRole(securityValidationContext, cRole, false);
        if (!validateRole.isValid()) {
            throw new InvalidConfigurationException(validateRole);
        }
        getConfiguration().addRole(cRole);
        logValidationWarnings(validateRole);
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void createUser(CUser cUser, Set<String> set) throws InvalidConfigurationException {
        createUser(cUser, null, set, initializeContext());
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void createUser(CUser cUser, String str, Set<String> set) throws InvalidConfigurationException {
        createUser(cUser, str, set, initializeContext());
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void createUser(CUser cUser, Set<String> set, SecurityValidationContext securityValidationContext) throws InvalidConfigurationException {
        createUser(cUser, null, set, securityValidationContext);
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void createUser(CUser cUser, String str, Set<String> set, SecurityValidationContext securityValidationContext) throws InvalidConfigurationException {
        if (securityValidationContext == null) {
            securityValidationContext = initializeContext();
        }
        if (str != null && str.trim().length() > 0) {
            cUser.setPassword(this.passwordService.encryptPassword(str));
        }
        ValidationResponse validateUser = this.validator.validateUser(securityValidationContext, cUser, set, false);
        if (!validateUser.isValid()) {
            throw new InvalidConfigurationException(validateUser);
        }
        getConfiguration().addUser(cUser);
        createOrUpdateUserRoleMapping(buildUserRoleMapping(cUser.getId(), set));
        logValidationWarnings(validateUser);
    }

    private void createOrUpdateUserRoleMapping(CUserRoleMapping cUserRoleMapping) {
        try {
            deleteUserRoleMapping(cUserRoleMapping.getUserId(), cUserRoleMapping.getSource());
        } catch (NoSuchRoleMappingException e) {
        }
        getConfiguration().addUserRoleMapping(cUserRoleMapping);
    }

    private CUserRoleMapping buildUserRoleMapping(String str, Set<String> set) {
        CUserRoleMapping cUserRoleMapping = new CUserRoleMapping();
        cUserRoleMapping.setUserId(str);
        cUserRoleMapping.setSource("default");
        cUserRoleMapping.setRoles(new ArrayList(set));
        return cUserRoleMapping;
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void deletePrivilege(String str) throws NoSuchPrivilegeException {
        deletePrivilege(str, true);
    }

    public void deletePrivilege(String str, boolean z) throws NoSuchPrivilegeException {
        if (!getConfiguration().removePrivilegeById(str)) {
            throw new NoSuchPrivilegeException(str);
        }
        if (z) {
            cleanRemovedPrivilege(str);
        }
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void deleteRole(String str) throws NoSuchRoleException {
        deleteRole(str, true);
    }

    protected void deleteRole(String str, boolean z) throws NoSuchRoleException {
        if (!getConfiguration().removeRoleById(str)) {
            throw new NoSuchRoleException(str);
        }
        if (z) {
            cleanRemovedRole(str);
        }
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void deleteUser(String str) throws UserNotFoundException {
        if (!getConfiguration().removeUserById(str)) {
            throw new UserNotFoundException(str);
        }
        try {
            deleteUserRoleMapping(str, "default");
        } catch (NoSuchRoleMappingException e) {
            getLogger().debug("User role mapping for user: " + str + " source: default could not be deleted because it does not exist.");
        }
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public CPrivilege readPrivilege(String str) throws NoSuchPrivilegeException {
        CPrivilege privilegeById = getConfiguration().getPrivilegeById(str);
        if (privilegeById != null) {
            return privilegeById;
        }
        throw new NoSuchPrivilegeException(str);
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public CRole readRole(String str) throws NoSuchRoleException {
        CRole roleById = getConfiguration().getRoleById(str);
        if (roleById != null) {
            return roleById;
        }
        throw new NoSuchRoleException(str);
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public CUser readUser(String str) throws UserNotFoundException {
        CUser userById = getConfiguration().getUserById(str);
        if (userById != null) {
            return userById;
        }
        throw new UserNotFoundException(str);
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void updatePrivilege(CPrivilege cPrivilege) throws InvalidConfigurationException, NoSuchPrivilegeException {
        updatePrivilege(cPrivilege, initializeContext());
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void updatePrivilege(CPrivilege cPrivilege, SecurityValidationContext securityValidationContext) throws InvalidConfigurationException, NoSuchPrivilegeException {
        if (securityValidationContext == null) {
            securityValidationContext = initializeContext();
        }
        ValidationResponse validatePrivilege = this.validator.validatePrivilege(securityValidationContext, cPrivilege, true);
        if (!validatePrivilege.isValid()) {
            throw new InvalidConfigurationException(validatePrivilege);
        }
        deletePrivilege(cPrivilege.getId(), false);
        getConfiguration().addPrivilege(cPrivilege);
        logValidationWarnings(validatePrivilege);
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void updateRole(CRole cRole) throws InvalidConfigurationException, NoSuchRoleException {
        updateRole(cRole, initializeContext());
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void updateRole(CRole cRole, SecurityValidationContext securityValidationContext) throws InvalidConfigurationException, NoSuchRoleException {
        if (securityValidationContext == null) {
            securityValidationContext = initializeContext();
        }
        ValidationResponse validateRole = this.validator.validateRole(securityValidationContext, cRole, true);
        if (!validateRole.isValid()) {
            throw new InvalidConfigurationException(validateRole);
        }
        deleteRole(cRole.getId(), false);
        getConfiguration().addRole(cRole);
        logValidationWarnings(validateRole);
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void updateUser(CUser cUser) throws InvalidConfigurationException, UserNotFoundException {
        HashSet newHashSet = Sets.newHashSet();
        try {
            newHashSet.addAll(readUserRoleMapping(cUser.getId(), "default").getRoles());
        } catch (NoSuchRoleMappingException e) {
            this.logger.debug("User: {} has no roles", cUser.getId());
        }
        updateUser(cUser, new HashSet(newHashSet));
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void updateUser(CUser cUser, Set<String> set) throws InvalidConfigurationException, UserNotFoundException {
        updateUser(cUser, set, initializeContext());
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void updateUser(CUser cUser, Set<String> set, SecurityValidationContext securityValidationContext) throws InvalidConfigurationException, UserNotFoundException {
        if (securityValidationContext == null) {
            securityValidationContext = initializeContext();
        }
        ValidationResponse validateUser = this.validator.validateUser(securityValidationContext, cUser, set, true);
        if (!validateUser.isValid()) {
            throw new InvalidConfigurationException(validateUser);
        }
        deleteUser(cUser.getId());
        getConfiguration().addUser(cUser);
        createOrUpdateUserRoleMapping(buildUserRoleMapping(cUser.getId(), set));
        logValidationWarnings(validateUser);
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public String getPrivilegeProperty(CPrivilege cPrivilege, String str) {
        if (cPrivilege == null || cPrivilege.getProperties() == null) {
            return null;
        }
        for (CProperty cProperty : cPrivilege.getProperties()) {
            if (cProperty.getKey().equals(str)) {
                return cProperty.getValue();
            }
        }
        return null;
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void createUserRoleMapping(CUserRoleMapping cUserRoleMapping) throws InvalidConfigurationException {
        createUserRoleMapping(cUserRoleMapping, initializeContext());
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void createUserRoleMapping(CUserRoleMapping cUserRoleMapping, SecurityValidationContext securityValidationContext) throws InvalidConfigurationException {
        if (securityValidationContext == null) {
            securityValidationContext = initializeContext();
        }
        try {
            readUserRoleMapping(cUserRoleMapping.getUserId(), cUserRoleMapping.getSource());
            ValidationResponse validationResponse = new ValidationResponse();
            validationResponse.addValidationError(new ValidationMessage("*", "User Role Mapping for user '" + cUserRoleMapping.getUserId() + "' already exists."));
            throw new InvalidConfigurationException(validationResponse);
        } catch (NoSuchRoleMappingException e) {
            ValidationResponse validateUserRoleMapping = this.validator.validateUserRoleMapping(securityValidationContext, cUserRoleMapping, false);
            if (validateUserRoleMapping.getValidationErrors().size() > 0) {
                throw new InvalidConfigurationException(validateUserRoleMapping);
            }
            getConfiguration().addUserRoleMapping(cUserRoleMapping);
            logValidationWarnings(validateUserRoleMapping);
        }
    }

    private void logValidationWarnings(ValidationResponse validationResponse) {
        List<ValidationMessage> validationWarnings = validationResponse.getValidationWarnings();
        if (validationWarnings == null || validationWarnings.size() <= 0) {
            return;
        }
        StringBuilder sb = new StringBuilder();
        for (ValidationMessage validationMessage : validationWarnings) {
            if (sb.length() >= 0) {
                sb.append(",");
            }
            sb.append(" ").append(validationMessage.toString());
        }
        this.logger.warn("Security configuration has validation warnings:" + sb.toString());
    }

    private CUserRoleMapping readCUserRoleMapping(String str, String str2) throws NoSuchRoleMappingException {
        CUserRoleMapping userRoleMappingByUserId = getConfiguration().getUserRoleMappingByUserId(str, str2);
        if (userRoleMappingByUserId != null) {
            return userRoleMappingByUserId;
        }
        throw new NoSuchRoleMappingException("No User Role Mapping for user: " + str);
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public CUserRoleMapping readUserRoleMapping(String str, String str2) throws NoSuchRoleMappingException {
        return readCUserRoleMapping(str, str2);
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void updateUserRoleMapping(CUserRoleMapping cUserRoleMapping) throws InvalidConfigurationException, NoSuchRoleMappingException {
        updateUserRoleMapping(cUserRoleMapping, initializeContext());
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void updateUserRoleMapping(CUserRoleMapping cUserRoleMapping, SecurityValidationContext securityValidationContext) throws InvalidConfigurationException, NoSuchRoleMappingException {
        if (securityValidationContext == null) {
            securityValidationContext = initializeContext();
        }
        if (readUserRoleMapping(cUserRoleMapping.getUserId(), cUserRoleMapping.getSource()) == null) {
            ValidationResponse validationResponse = new ValidationResponse();
            validationResponse.addValidationError(new ValidationMessage("*", "No User Role Mapping found for user '" + cUserRoleMapping.getUserId() + "'."));
            throw new InvalidConfigurationException(validationResponse);
        }
        ValidationResponse validateUserRoleMapping = this.validator.validateUserRoleMapping(securityValidationContext, cUserRoleMapping, true);
        if (validateUserRoleMapping.getValidationErrors().size() > 0) {
            throw new InvalidConfigurationException(validateUserRoleMapping);
        }
        deleteUserRoleMapping(cUserRoleMapping.getUserId(), cUserRoleMapping.getSource());
        getConfiguration().addUserRoleMapping(cUserRoleMapping);
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public List<CUserRoleMapping> listUserRoleMappings() {
        return Collections.unmodifiableList(getConfiguration().getUserRoleMappings());
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void deleteUserRoleMapping(String str, String str2) throws NoSuchRoleMappingException {
        if (!getConfiguration().removeUserRoleMappingByUserId(str, str2)) {
            throw new NoSuchRoleMappingException("No User Role Mapping for user: " + str);
        }
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public String getPrivilegeProperty(String str, String str2) throws NoSuchPrivilegeException {
        return getPrivilegeProperty(readPrivilege(str), str2);
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void save() {
        try {
            this.configurationSource.storeConfiguration();
        } catch (IOException e) {
            getLogger().error("IOException while storing configuration file", e);
        }
    }

    @Override // org.sonatype.security.realms.tools.AbstractConfigurationManager
    protected synchronized Configuration doGetConfiguration() {
        try {
            this.configurationSource.loadConfiguration();
            boolean z = false;
            Iterator<SecurityConfigurationModifier> it = this.configurationModifiers.iterator();
            while (it.hasNext()) {
                z |= it.next().apply((Configuration) this.configurationSource.getConfiguration());
            }
            if (z) {
                this.configurationSource.backupConfiguration();
                this.configurationSource.storeConfiguration();
            }
            return (Configuration) this.configurationSource.getConfiguration();
        } catch (ConfigurationException e) {
            getLogger().error("Invalid Configuration", e);
            throw new IllegalStateException("Invalid configuration!", e);
        } catch (IOException e2) {
            getLogger().error("IOException while retrieving configuration file", e2);
            throw new IllegalStateException("Cannot load configuration!", e2);
        }
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public SecurityValidationContext initializeContext() {
        SecurityValidationContext securityValidationContext = new SecurityValidationContext();
        securityValidationContext.addExistingUserIds();
        securityValidationContext.addExistingRoleIds();
        securityValidationContext.addExistingPrivilegeIds();
        for (CUser cUser : listUsers()) {
            securityValidationContext.getExistingUserIds().add(cUser.getId());
            securityValidationContext.getExistingEmailMap().put(cUser.getId(), cUser.getEmail());
        }
        for (CRole cRole : listRoles()) {
            securityValidationContext.getExistingRoleIds().add(cRole.getId());
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(cRole.getRoles());
            securityValidationContext.getRoleContainmentMap().put(cRole.getId(), arrayList);
            securityValidationContext.getExistingRoleNameMap().put(cRole.getId(), cRole.getName());
        }
        Iterator<CPrivilege> it = listPrivileges().iterator();
        while (it.hasNext()) {
            securityValidationContext.getExistingPrivilegeIds().add(it.next().getId());
        }
        for (CUserRoleMapping cUserRoleMapping : listUserRoleMappings()) {
            securityValidationContext.getExistingUserRoleMap().put(cUserRoleMapping.getUserId(), cUserRoleMapping.getRoles());
        }
        return securityValidationContext;
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public List<PrivilegeDescriptor> listPrivilegeDescriptors() {
        return Collections.unmodifiableList(this.privilegeDescriptors);
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void cleanRemovedPrivilege(String str) {
        this.configCleaner.privilegeRemoved(getConfiguration(), str);
    }

    @Override // org.sonatype.security.realms.tools.ConfigurationManager
    public void cleanRemovedRole(String str) {
        this.configCleaner.roleRemoved(getConfiguration(), str);
    }
}
