package org.sonatype.nexus.security;

import com.google.common.base.Throwables;
import com.google.common.eventbus.AllowConcurrentEvents;
import com.google.common.eventbus.Subscribe;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.codehaus.plexus.component.annotations.Component;
import org.codehaus.plexus.component.annotations.Requirement;
import org.codehaus.plexus.interpolation.util.StringUtils;
import org.codehaus.plexus.personality.plexus.lifecycle.phase.Initializable;
import org.codehaus.plexus.personality.plexus.lifecycle.phase.InitializationException;
import org.sonatype.nexus.proxy.events.RepositoryRegistryEventAdd;
import org.sonatype.nexus.proxy.events.RepositoryRegistryEventRemove;
import org.sonatype.nexus.proxy.registry.ContentClass;
import org.sonatype.nexus.proxy.registry.RepositoryRegistry;
import org.sonatype.nexus.proxy.registry.RepositoryTypeRegistry;
import org.sonatype.nexus.proxy.registry.RootContentClass;
import org.sonatype.nexus.proxy.repository.Repository;
import org.sonatype.security.model.CPrivilege;
import org.sonatype.security.model.CProperty;
import org.sonatype.security.model.CRole;
import org.sonatype.security.model.Configuration;
import org.sonatype.security.realms.tools.AbstractDynamicSecurityResource;
import org.sonatype.security.realms.tools.ConfigurationManager;
import org.sonatype.security.realms.tools.ConfigurationManagerAction;
import org.sonatype.security.realms.tools.DynamicSecurityResource;
import org.sonatype.sisu.goodies.eventbus.EventBus;

@Component(role = DynamicSecurityResource.class, hint = "NexusViewSecurityResource")
/* loaded from: input_file:WEB-INF/lib/nexus-core-2.6.3-01.jar:org/sonatype/nexus/security/NexusViewSecurityResource.class */
public class NexusViewSecurityResource extends AbstractDynamicSecurityResource implements Initializable, DynamicSecurityResource {

    @Requirement
    private RepositoryRegistry repoRegistry;

    @Requirement
    private EventBus eventBus;

    @Requirement
    private RepositoryTypeRegistry repoTypeRegistry;

    @Requirement(hint = "default")
    private ConfigurationManager configManager;

    @Override // org.sonatype.security.realms.tools.AbstractDynamicSecurityResource
    public Configuration doGetConfiguration() {
        Configuration configuration = new Configuration();
        configuration.addPrivilege(buildPrivilege("All Repositories - (view)", "Privilege that gives view access to all repositories.", "*"));
        for (Repository repository : this.repoRegistry.getRepositories()) {
            configuration.addPrivilege(buildPrivilege(repository.getName() + " - (view)", "Privilege that gives view access to the " + repository.getName() + " repository.", repository.getId()));
        }
        Iterator<Map.Entry<String, ContentClass>> it = this.repoTypeRegistry.getContentClasses().entrySet().iterator();
        while (it.hasNext()) {
            configuration.addRole(buildRole(it.next(), "view"));
        }
        setDirty(false);
        return configuration;
    }

    private CRole buildRole(Map.Entry<String, ContentClass> entry, String str) {
        String key = entry.getKey();
        CRole cRole = new CRole();
        cRole.setId(key + "-all-" + str);
        String name = entry.getValue().getName();
        if (entry.getValue() instanceof RootContentClass) {
            name = "";
        }
        cRole.setDescription("Gives access to " + str + " ALL " + name + " Repositories in Nexus.");
        cRole.setName("Repo: All " + name + " Repositories (" + StringUtils.capitalizeFirstLetter(str) + ")");
        cRole.setSessionTimeout(60);
        Iterator<? extends Repository> it = getRepositoriesWithContentClass(entry.getValue()).iterator();
        while (it.hasNext()) {
            cRole.addPrivilege("repository-" + it.next().getId());
        }
        return cRole;
    }

    private List<? extends Repository> getRepositoriesWithContentClass(ContentClass contentClass) {
        ArrayList arrayList = new ArrayList();
        for (Repository repository : this.repoRegistry.getRepositories()) {
            if (contentClass.equals(repository.getRepositoryContentClass())) {
                arrayList.add(repository);
            }
        }
        return arrayList;
    }

    protected CPrivilege buildPrivilege(String str, String str2, String str3) {
        CPrivilege cPrivilege = new CPrivilege();
        cPrivilege.setId(createPrivilegeId(str3));
        cPrivilege.setName(str);
        cPrivilege.setDescription(str2);
        cPrivilege.setType("repository");
        CProperty cProperty = new CProperty();
        cProperty.setKey("repositoryId");
        cProperty.setValue(str3);
        cPrivilege.addProperty(cProperty);
        return cPrivilege;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String createPrivilegeId(String str) {
        return "repository-" + (str.equals("*") ? "all" : str);
    }

    @AllowConcurrentEvents
    @Subscribe
    public void onEvent(RepositoryRegistryEventAdd repositoryRegistryEventAdd) {
        setDirty(true);
    }

    @AllowConcurrentEvents
    @Subscribe
    public void onEvent(final RepositoryRegistryEventRemove repositoryRegistryEventRemove) {
        setDirty(true);
        try {
            this.configManager.runWrite(new ConfigurationManagerAction() { // from class: org.sonatype.nexus.security.NexusViewSecurityResource.1
                @Override // org.sonatype.security.realms.tools.ConfigurationManagerAction
                public void run() throws Exception {
                    NexusViewSecurityResource.this.configManager.cleanRemovedPrivilege(NexusViewSecurityResource.this.createPrivilegeId(repositoryRegistryEventRemove.getRepository().getId()));
                }
            });
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    @Override // org.codehaus.plexus.personality.plexus.lifecycle.phase.Initializable
    public void initialize() throws InitializationException {
        this.eventBus.register(this);
    }
}
