package org.sonatype.nexus.security.internal;

import com.google.common.base.Preconditions;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.sonatype.goodies.common.ComponentSupport;
import org.sonatype.nexus.common.event.EventManager;
import org.sonatype.nexus.security.authz.AuthorizationConfigurationChanged;
import org.sonatype.nexus.security.authz.AuthorizationManager;
import org.sonatype.nexus.security.config.CPrivilege;
import org.sonatype.nexus.security.config.CRole;
import org.sonatype.nexus.security.config.SecurityConfigurationManager;
import org.sonatype.nexus.security.privilege.NoSuchPrivilegeException;
import org.sonatype.nexus.security.privilege.Privilege;
import org.sonatype.nexus.security.privilege.PrivilegeCreatedEvent;
import org.sonatype.nexus.security.privilege.PrivilegeDeletedEvent;
import org.sonatype.nexus.security.privilege.PrivilegeDescriptor;
import org.sonatype.nexus.security.privilege.PrivilegeUpdatedEvent;
import org.sonatype.nexus.security.role.NoSuchRoleException;
import org.sonatype.nexus.security.role.Role;
import org.sonatype.nexus.security.role.RoleCreatedEvent;
import org.sonatype.nexus.security.role.RoleDeletedEvent;
import org.sonatype.nexus.security.role.RoleUpdatedEvent;

@Singleton
@Named("default")
/* loaded from: input_file:org/sonatype/nexus/security/internal/AuthorizationManagerImpl.class */
public class AuthorizationManagerImpl extends ComponentSupport implements AuthorizationManager {
    public static final String SOURCE = "default";
    private final SecurityConfigurationManager configuration;
    private final EventManager eventManager;
    private final List<PrivilegeDescriptor> privilegeDescriptors;

    @Inject
    public AuthorizationManagerImpl(SecurityConfigurationManager securityConfigurationManager, EventManager eventManager, List<PrivilegeDescriptor> list) {
        this.configuration = securityConfigurationManager;
        this.eventManager = eventManager;
        this.privilegeDescriptors = (List) Preconditions.checkNotNull(list);
    }

    @Override // org.sonatype.nexus.security.authz.AuthorizationManager
    public String getSource() {
        return "default";
    }

    @Override // org.sonatype.nexus.security.authz.AuthorizationManager
    public String getRealmName() {
        return "NexusAuthenticatingRealm";
    }

    private Role convert(CRole cRole) {
        Role role = new Role();
        role.setRoleId(cRole.getId());
        role.setVersion(cRole.getVersion());
        role.setName(cRole.getName());
        role.setSource("default");
        role.setDescription(cRole.getDescription());
        role.setReadOnly(cRole.isReadOnly());
        role.setPrivileges(Sets.newHashSet(cRole.getPrivileges()));
        role.setRoles(Sets.newHashSet(cRole.getRoles()));
        return role;
    }

    private CRole convert(Role role) {
        CRole newRole = this.configuration.newRole();
        newRole.setId(role.getRoleId());
        newRole.setVersion(role.getVersion());
        newRole.setName(role.getName());
        newRole.setDescription(role.getDescription());
        newRole.setReadOnly(role.isReadOnly());
        if (role.getPrivileges() != null) {
            newRole.setPrivileges(Sets.newHashSet(role.getPrivileges()));
        } else {
            newRole.setPrivileges(Sets.newHashSet());
        }
        if (role.getRoles() != null) {
            newRole.setRoles(Sets.newHashSet(role.getRoles()));
        } else {
            newRole.setRoles(Sets.newHashSet());
        }
        return newRole;
    }

    private CPrivilege convert(Privilege privilege) {
        CPrivilege newPrivilege = this.configuration.newPrivilege();
        newPrivilege.setId(privilege.getId());
        newPrivilege.setVersion(privilege.getVersion());
        newPrivilege.setName(privilege.getName());
        newPrivilege.setDescription(privilege.getDescription());
        newPrivilege.setReadOnly(privilege.isReadOnly());
        newPrivilege.setType(privilege.getType());
        if (privilege.getProperties() != null) {
            newPrivilege.setProperties(Maps.newHashMap(privilege.getProperties()));
        }
        return newPrivilege;
    }

    private Privilege convert(CPrivilege cPrivilege) {
        Privilege privilege = new Privilege();
        privilege.setId(cPrivilege.getId());
        privilege.setVersion(cPrivilege.getVersion());
        privilege.setName(cPrivilege.getName() == null ? cPrivilege.getId() : cPrivilege.getName());
        privilege.setDescription(cPrivilege.getDescription());
        privilege.setReadOnly(cPrivilege.isReadOnly());
        privilege.setType(cPrivilege.getType());
        privilege.setProperties(Maps.newHashMap(cPrivilege.getProperties()));
        PrivilegeDescriptor descriptor = descriptor(cPrivilege.getType());
        if (descriptor != null) {
            privilege.setPermission(descriptor.createPermission(cPrivilege));
        }
        return privilege;
    }

    @Nullable
    private PrivilegeDescriptor descriptor(String str) {
        for (PrivilegeDescriptor privilegeDescriptor : this.privilegeDescriptors) {
            if (str.equals(privilegeDescriptor.getType())) {
                return privilegeDescriptor;
            }
        }
        return null;
    }

    @Override // org.sonatype.nexus.security.authz.AuthorizationManager
    public Set<Role> listRoles() {
        HashSet hashSet = new HashSet();
        Iterator<CRole> it = this.configuration.listRoles().iterator();
        while (it.hasNext()) {
            hashSet.add(convert(it.next()));
        }
        return hashSet;
    }

    @Override // org.sonatype.nexus.security.authz.AuthorizationManager
    public Role getRole(String str) throws NoSuchRoleException {
        return convert(this.configuration.readRole(str));
    }

    @Override // org.sonatype.nexus.security.authz.AuthorizationManager
    public Role addRole(Role role) {
        CRole convert = convert(role);
        this.configuration.createRole(convert);
        this.log.info("Added role {}", role.getName());
        this.eventManager.post(new RoleCreatedEvent(role));
        fireAuthorizationChangedEvent();
        return convert(convert);
    }

    @Override // org.sonatype.nexus.security.authz.AuthorizationManager
    public Role updateRole(Role role) throws NoSuchRoleException {
        CRole convert = convert(role);
        this.configuration.updateRole(convert);
        this.eventManager.post(new RoleUpdatedEvent(role));
        fireAuthorizationChangedEvent();
        return convert(convert);
    }

    @Override // org.sonatype.nexus.security.authz.AuthorizationManager
    public void deleteRole(String str) throws NoSuchRoleException {
        Role role = getRole(str);
        this.configuration.deleteRole(str);
        this.log.info("Removed role {}", role.getName());
        this.eventManager.post(new RoleDeletedEvent(role));
        fireAuthorizationChangedEvent();
    }

    @Override // org.sonatype.nexus.security.authz.AuthorizationManager
    public Set<Privilege> listPrivileges() {
        HashSet hashSet = new HashSet();
        Iterator<CPrivilege> it = this.configuration.listPrivileges().iterator();
        while (it.hasNext()) {
            hashSet.add(convert(it.next()));
        }
        return hashSet;
    }

    @Override // org.sonatype.nexus.security.authz.AuthorizationManager
    public Privilege getPrivilege(String str) throws NoSuchPrivilegeException {
        return convert(this.configuration.readPrivilege(str));
    }

    @Override // org.sonatype.nexus.security.authz.AuthorizationManager
    public Privilege addPrivilege(Privilege privilege) {
        CPrivilege convert = convert(privilege);
        this.configuration.createPrivilege(convert);
        this.log.info("Added privilege {}", privilege.getName());
        this.eventManager.post(new PrivilegeCreatedEvent(privilege));
        fireAuthorizationChangedEvent();
        return convert(convert);
    }

    @Override // org.sonatype.nexus.security.authz.AuthorizationManager
    public Privilege updatePrivilege(Privilege privilege) throws NoSuchPrivilegeException {
        CPrivilege convert = convert(privilege);
        this.configuration.updatePrivilege(convert);
        this.eventManager.post(new PrivilegeUpdatedEvent(privilege));
        fireAuthorizationChangedEvent();
        return convert(convert);
    }

    @Override // org.sonatype.nexus.security.authz.AuthorizationManager
    public void deletePrivilege(String str) throws NoSuchPrivilegeException {
        Privilege privilege = getPrivilege(str);
        this.configuration.deletePrivilege(str);
        this.log.info("Removed privilege {}", privilege.getName());
        this.eventManager.post(new PrivilegeDeletedEvent(privilege));
        fireAuthorizationChangedEvent();
    }

    @Override // org.sonatype.nexus.security.authz.AuthorizationManager
    public boolean supportsWrite() {
        return true;
    }

    private void fireAuthorizationChangedEvent() {
        this.eventManager.post(new AuthorizationConfigurationChanged());
    }
}
