package org.sonatype.nexus.security.role;

import com.google.common.base.Preconditions;
import java.lang.reflect.InvocationTargetException;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import javax.validation.ConstraintValidatorContext;
import org.sonatype.nexus.common.text.Strings2;
import org.sonatype.nexus.security.SecuritySystem;
import org.sonatype.nexus.security.authz.AuthorizationManager;
import org.sonatype.nexus.security.authz.NoSuchAuthorizationManagerException;
import org.sonatype.nexus.validation.ConstraintValidatorSupport;

@Named
/* loaded from: input_file:org/sonatype/nexus/security/role/RoleNotContainSelfValidator.class */
public class RoleNotContainSelfValidator extends ConstraintValidatorSupport<RoleNotContainSelf, Object> {
    private final AuthorizationManager authorizationManager;
    private String idField;
    private String roleIdsField;
    private String message;

    public void initialize(RoleNotContainSelf roleNotContainSelf) {
        this.idField = roleNotContainSelf.id();
        this.roleIdsField = roleNotContainSelf.roleIds();
        this.message = roleNotContainSelf.message();
    }

    @Inject
    public RoleNotContainSelfValidator(SecuritySystem securitySystem) throws NoSuchAuthorizationManagerException {
        this.authorizationManager = ((SecuritySystem) Preconditions.checkNotNull(securitySystem)).getAuthorizationManager("default");
    }

    public boolean isValid(Object obj, ConstraintValidatorContext constraintValidatorContext) {
        this.log.trace("Validating role doesn't contain itself: {}", obj);
        String id = getId(obj);
        if (Strings2.isEmpty(id)) {
            return true;
        }
        HashSet hashSet = new HashSet();
        Iterator<String> it = getRoleIds(obj).iterator();
        while (it.hasNext()) {
            if (containsRole(id, it.next(), hashSet)) {
                constraintValidatorContext.disableDefaultConstraintViolation();
                constraintValidatorContext.buildConstraintViolationWithTemplate(this.message).addConstraintViolation();
                return false;
            }
        }
        return true;
    }

    private String getId(Object obj) {
        try {
            return (String) obj.getClass().getMethod(this.idField, new Class[0]).invoke(obj, new Object[0]);
        } catch (IllegalAccessException | NoSuchMethodException | InvocationTargetException e) {
            this.log.error("Unable to find method {} in object {}", this.idField, obj);
            throw new RuntimeException(e);
        }
    }

    private Collection<String> getRoleIds(Object obj) {
        try {
            return (Collection) obj.getClass().getMethod(this.roleIdsField, new Class[0]).invoke(obj, new Object[0]);
        } catch (IllegalAccessException | NoSuchMethodException | InvocationTargetException e) {
            this.log.error("Unable to find method {} in object {}", this.roleIdsField, obj);
            throw new RuntimeException(e);
        }
    }

    private boolean containsRole(String str, String str2, Set<String> set) {
        if (set.contains(str2)) {
            return false;
        }
        set.add(str2);
        if (str.equals(str2)) {
            return true;
        }
        try {
            Iterator<String> it = this.authorizationManager.getRole(str2).getRoles().iterator();
            while (it.hasNext()) {
                if (containsRole(str, it.next(), set)) {
                    return true;
                }
            }
            return false;
        } catch (NoSuchRoleException unused) {
            this.log.trace("Missing role {}", str2);
            return false;
        }
    }
}
