package org.sonatype.nexus.configuration.security.upgrade;

import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.codehaus.plexus.component.annotations.Component;
import org.codehaus.plexus.util.IOUtil;
import org.codehaus.plexus.util.StringUtils;
import org.codehaus.plexus.util.xml.pull.XmlPullParserException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonatype.configuration.upgrade.ConfigurationIsCorruptedException;
import org.sonatype.nexus.jsecurity.realms.TargetPrivilegeGroupPropertyDescriptor;
import org.sonatype.security.model.upgrade.AbstractDataUpgrader;
import org.sonatype.security.model.upgrade.SecurityDataUpgrader;
import org.sonatype.security.model.v2_0_1.Configuration;
import org.sonatype.security.model.v2_0_2.CPrivilege;
import org.sonatype.security.model.v2_0_2.CProperty;
import org.sonatype.security.model.v2_0_2.CRole;
import org.sonatype.security.model.v2_0_2.io.xpp3.SecurityConfigurationXpp3Reader;

@Component(role = SecurityDataUpgrader.class, hint = Configuration.MODEL_VERSION)
/* loaded from: input_file:WEB-INF/lib/nexus-core-2.6.3-01.jar:org/sonatype/nexus/configuration/security/upgrade/SecurityData201Upgrade.class */
public class SecurityData201Upgrade extends AbstractDataUpgrader<org.sonatype.security.model.v2_0_2.Configuration> implements SecurityDataUpgrader {
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @Override // org.sonatype.security.model.upgrade.AbstractDataUpgrader
    public void doUpgrade(org.sonatype.security.model.v2_0_2.Configuration configuration) throws ConfigurationIsCorruptedException {
        Map<String, CPrivilege> staticPrivilages = getStaticPrivilages();
        for (CPrivilege cPrivilege : configuration.getPrivileges()) {
            if ("target".equals(cPrivilege.getType())) {
                staticPrivilages.put(cPrivilege.getId(), cPrivilege);
            }
        }
        for (CRole cRole : configuration.getRoles()) {
            HashSet hashSet = new HashSet();
            List<String> privileges = cRole.getPrivileges();
            for (String str : privileges) {
                CPrivilege cPrivilege2 = staticPrivilages.get(str);
                if (cPrivilege2 != null) {
                    hashSet.addAll(getRepositoriesFromTargetPrivilege(cPrivilege2));
                } else {
                    this.logger.warn("Failed to find privilege '" + str + "', but it was under the role '" + cRole.getId() + "'.");
                }
            }
            if (hashSet.contains("all")) {
                addViewPermissionToRole(cRole, privileges, "all");
            } else {
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    addViewPermissionToRole(cRole, privileges, (String) it.next());
                }
            }
        }
    }

    private void addViewPermissionToRole(CRole cRole, List<String> list, String str) {
        String str2 = "repository-" + str;
        if (list.contains(str2)) {
            return;
        }
        cRole.addPrivilege(str2);
    }

    private Set<String> getRepositoriesFromTargetPrivilege(CPrivilege cPrivilege) {
        HashSet hashSet = new HashSet();
        for (CProperty cProperty : cPrivilege.getProperties()) {
            if ("repositoryId".equals(cProperty.getKey()) || TargetPrivilegeGroupPropertyDescriptor.ID.equals(cProperty.getKey())) {
                if (StringUtils.isNotEmpty(cProperty.getValue())) {
                    hashSet.add(cProperty.getValue());
                }
            }
        }
        if (hashSet.isEmpty()) {
            hashSet.add("all");
        }
        return hashSet;
    }

    private Map<String, CPrivilege> getStaticPrivilages() {
        HashMap hashMap = new HashMap();
        InputStreamReader inputStreamReader = null;
        InputStream inputStream = null;
        try {
            try {
                try {
                    inputStream = getClass().getResourceAsStream("/META-INF/nexus/static-security.xml");
                    SecurityConfigurationXpp3Reader securityConfigurationXpp3Reader = new SecurityConfigurationXpp3Reader();
                    inputStreamReader = new InputStreamReader(inputStream);
                    for (CPrivilege cPrivilege : securityConfigurationXpp3Reader.read(inputStreamReader).getPrivileges()) {
                        if ("target".equals(cPrivilege.getType())) {
                            hashMap.put(cPrivilege.getId(), cPrivilege);
                        }
                    }
                    IOUtil.close(inputStreamReader);
                    IOUtil.close(inputStream);
                } catch (XmlPullParserException e) {
                    this.logger.error("Invalid XML Configuration", (Throwable) e);
                    IOUtil.close(inputStreamReader);
                    IOUtil.close(inputStream);
                }
            } catch (IOException e2) {
                this.logger.error("IOException while retrieving configuration file", (Throwable) e2);
                IOUtil.close(inputStreamReader);
                IOUtil.close(inputStream);
            }
            return hashMap;
        } catch (Throwable th) {
            IOUtil.close(inputStreamReader);
            IOUtil.close(inputStream);
            throw th;
        }
    }
}
