package org.sonatype.nexus.security.internal;

import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import com.google.common.eventbus.Subscribe;
import com.google.inject.Key;
import java.lang.annotation.Annotation;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Provider;
import javax.inject.Singleton;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.mgt.RealmSecurityManager;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.realm.Realm;
import org.eclipse.sisu.inject.BeanLocator;
import org.sonatype.goodies.common.Mutex;
import org.sonatype.nexus.common.event.EventManager;
import org.sonatype.nexus.common.stateguard.Guarded;
import org.sonatype.nexus.common.stateguard.StateGuardLifecycleSupport;
import org.sonatype.nexus.security.UserPrincipalsExpired;
import org.sonatype.nexus.security.authc.UserPasswordChanged;
import org.sonatype.nexus.security.authz.AuthorizationConfigurationChanged;
import org.sonatype.nexus.security.realm.RealmConfiguration;
import org.sonatype.nexus.security.realm.RealmConfigurationChangedEvent;
import org.sonatype.nexus.security.realm.RealmConfigurationEvent;
import org.sonatype.nexus.security.realm.RealmConfigurationStore;
import org.sonatype.nexus.security.realm.RealmManager;
import org.sonatype.nexus.security.realm.SecurityRealm;

@Singleton
@Named
/* loaded from: input_file:org/sonatype/nexus/security/internal/RealmManagerImpl.class */
public class RealmManagerImpl extends StateGuardLifecycleSupport implements RealmManager {
    private final BeanLocator beanLocator;
    private final EventManager eventManager;
    private final RealmConfigurationStore store;
    private final Provider<RealmConfiguration> defaults;
    private final RealmSecurityManager realmSecurityManager;
    private final Map<String, Realm> availableRealms;
    private final Mutex lock = new Mutex();
    private RealmConfiguration configuration;
    private final boolean enableAuthorizationRealmManagement;

    @Inject
    public RealmManagerImpl(BeanLocator beanLocator, EventManager eventManager, RealmConfigurationStore realmConfigurationStore, @Named("initial") Provider<RealmConfiguration> provider, RealmSecurityManager realmSecurityManager, Map<String, Realm> map, @Named("${nexus.security.enableAuthorizationRealmManagement:-false}") boolean z) {
        this.beanLocator = (BeanLocator) Preconditions.checkNotNull(beanLocator);
        this.eventManager = (EventManager) Preconditions.checkNotNull(eventManager);
        this.store = (RealmConfigurationStore) Preconditions.checkNotNull(realmConfigurationStore);
        this.log.debug("Store: {}", realmConfigurationStore);
        this.defaults = (Provider) Preconditions.checkNotNull(provider);
        this.log.debug("Defaults: {}", provider);
        this.realmSecurityManager = (RealmSecurityManager) Preconditions.checkNotNull(realmSecurityManager);
        this.availableRealms = (Map) Preconditions.checkNotNull(map);
        this.enableAuthorizationRealmManagement = z;
    }

    @Override // org.sonatype.nexus.common.stateguard.StateGuardLifecycleSupport
    protected void doStart() throws Exception {
        installRealms();
        this.eventManager.register(this);
    }

    @Override // org.sonatype.nexus.common.stateguard.StateGuardLifecycleSupport
    protected void doStop() throws Exception {
        this.eventManager.unregister(this);
        this.configuration = null;
        Collection<AuthenticatingRealm> realms = this.realmSecurityManager.getRealms();
        if (realms != null) {
            for (AuthenticatingRealm authenticatingRealm : realms) {
                if (authenticatingRealm instanceof AuthenticatingRealm) {
                    authenticatingRealm.setAuthenticationCache((Cache) null);
                }
                if (authenticatingRealm instanceof AuthorizingRealm) {
                    ((AuthorizingRealm) authenticatingRealm).setAuthorizationCache((Cache) null);
                }
            }
        }
    }

    private RealmConfiguration newEntity() {
        return this.store.newEntity();
    }

    private RealmConfiguration loadConfiguration() {
        RealmConfiguration load = this.store.load();
        if (load == null) {
            load = this.defaults.get();
            Preconditions.checkNotNull(load);
            this.log.info("Using default configuration: {}", load);
        } else {
            this.log.info("Loaded configuration: {}", load);
        }
        return load;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [org.sonatype.goodies.common.Mutex] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v6, types: [org.sonatype.nexus.security.realm.RealmConfiguration] */
    private RealmConfiguration getConfigurationInternal() {
        ?? r0 = this.lock;
        synchronized (r0) {
            if (this.configuration == null) {
                this.configuration = loadConfiguration();
            }
            r0 = this.configuration;
        }
        return r0;
    }

    private RealmConfiguration getConfiguration() {
        return getConfigurationInternal().copy();
    }

    private void setConfiguration(RealmConfiguration realmConfiguration) {
        Preconditions.checkNotNull(realmConfiguration);
        maybeAddAuthorizingRealm(realmConfiguration.getRealmNames());
        changeConfiguration(realmConfiguration, true);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v11 */
    /* JADX WARN: Type inference failed for: r0v6 */
    /* JADX WARN: Type inference failed for: r0v9, types: [java.lang.Throwable] */
    private void changeConfiguration(RealmConfiguration realmConfiguration, boolean z) {
        RealmConfiguration copy = realmConfiguration.copy();
        this.log.info("Changing configuration: {}", copy);
        Mutex mutex = this.lock;
        synchronized (mutex) {
            ?? r0 = z;
            if (r0 != 0) {
                this.store.save(copy);
            }
            this.configuration = copy;
            r0 = mutex;
            installRealms();
            this.eventManager.post(new RealmConfigurationChangedEvent(copy));
        }
    }

    private void installRealms() {
        List<Realm> resolveRealms = resolveRealms();
        this.log.debug("Installing realms: {}", resolveRealms);
        this.realmSecurityManager.setRealms(resolveRealms);
    }

    private List<Realm> resolveRealms() {
        ArrayList newArrayList = Lists.newArrayList();
        ArrayList arrayList = new ArrayList(getConfigurationInternal().getRealmNames());
        maybeAddAuthorizingRealm(arrayList);
        this.log.debug("Available realms: {}", this.availableRealms);
        for (String str : arrayList) {
            Realm realm = this.availableRealms.get(str);
            if (realm == null) {
                this.log.debug("Failed to look up realm '{}' as a component, trying reflection", str);
                try {
                    realm = (Realm) getClass().getClassLoader().loadClass(str).newInstance();
                } catch (Exception e) {
                    this.log.error("Unable to lookup security realms", (Throwable) e);
                }
            }
            if (realm != null) {
                newArrayList.add(realm);
            }
        }
        return newArrayList;
    }

    @Override // org.sonatype.nexus.security.realm.RealmManager
    public boolean isRealmEnabled(String str) {
        Preconditions.checkNotNull(str);
        return getConfigurationInternal().getRealmNames().contains(str);
    }

    @Override // org.sonatype.nexus.security.realm.RealmManager
    public void enableRealm(String str, boolean z) {
        if (z) {
            enableRealm(str);
        } else {
            disableRealm(str);
        }
    }

    @Override // org.sonatype.nexus.security.realm.RealmManager
    public void enableRealm(String str) {
        Preconditions.checkNotNull(str);
        this.log.debug("Enabling realm: {}", str);
        RealmConfiguration configuration = getConfiguration();
        if (configuration.getRealmNames().contains(str)) {
            this.log.debug("Realm already enabled: {}", str);
        } else {
            configuration.getRealmNames().add(str);
            setConfiguration(configuration);
        }
    }

    @Override // org.sonatype.nexus.security.realm.RealmManager
    public void enableRealm(String str, int i) {
        ArrayList arrayList = new ArrayList(getConfiguration().getRealmNames());
        arrayList.remove(str);
        if (i > arrayList.size()) {
            this.log.debug("Enabling realm: {} as last member", str);
            arrayList.add(str);
        } else {
            this.log.debug("Enabling realm: {} at position: {}", str, Integer.valueOf(i));
            arrayList.add(i, str);
        }
        setConfiguredRealmIds(arrayList);
    }

    @Override // org.sonatype.nexus.security.realm.RealmManager
    public void disableRealm(String str) {
        Preconditions.checkNotNull(str);
        if (!this.enableAuthorizationRealmManagement && "NexusAuthorizingRealm".equals(str)) {
            this.log.error("Cannot disable the {} realm", "NexusAuthorizingRealm");
            return;
        }
        this.log.debug("Disabling realm: {}", str);
        RealmConfiguration configuration = getConfiguration();
        configuration.getRealmNames().remove(str);
        setConfiguration(configuration);
    }

    @Subscribe
    public void on(RealmConfigurationEvent realmConfigurationEvent) {
        if (realmConfigurationEvent.isLocal()) {
            return;
        }
        changeConfiguration(realmConfigurationEvent.getConfiguration(), false);
    }

    @Subscribe
    public void onEvent(UserPrincipalsExpired userPrincipalsExpired) {
        clearAuthcRealmCaches();
    }

    @Subscribe
    public void onEvent(AuthorizationConfigurationChanged authorizationConfigurationChanged) {
        clearAuthzRealmCaches();
    }

    @Subscribe
    public void onEvent(UserPasswordChanged userPasswordChanged) {
        if (userPasswordChanged.isClearCache()) {
            clearAuthcRealmCacheForUserId(userPasswordChanged.getUserId());
        }
    }

    private void clearAuthcRealmCacheForUserId(String str) {
        ((Collection) Optional.of(this.realmSecurityManager).map((v0) -> {
            return v0.getRealms();
        }).orElse(Collections.emptyList())).stream().filter(realm -> {
            return realm instanceof AuthenticatingRealmImpl;
        }).map(realm2 -> {
            return (AuthenticatingRealmImpl) realm2;
        }).findFirst().ifPresent(authenticatingRealmImpl -> {
            authenticatingRealmImpl.clearCache(str);
        });
    }

    private void clearAuthcRealmCaches() {
        Cache authenticationCache;
        Collection<AuthenticatingRealm> realms = this.realmSecurityManager.getRealms();
        if (realms != null) {
            for (AuthenticatingRealm authenticatingRealm : realms) {
                if ((authenticatingRealm instanceof AuthenticatingRealm) && (authenticationCache = authenticatingRealm.getAuthenticationCache()) != null) {
                    this.log.debug("Clearing cache: {}", authenticationCache);
                    authenticationCache.clear();
                }
            }
        }
    }

    private void clearAuthzRealmCaches() {
        Cache authorizationCache;
        Collection<AuthorizingRealm> realms = this.realmSecurityManager.getRealms();
        if (realms != null) {
            for (AuthorizingRealm authorizingRealm : realms) {
                if ((authorizingRealm instanceof AuthorizingRealm) && (authorizationCache = authorizingRealm.getAuthorizationCache()) != null) {
                    this.log.debug("Clearing cache: {}", authorizationCache);
                    authorizationCache.clear();
                }
            }
        }
    }

    @Override // org.sonatype.nexus.security.realm.RealmManager
    public List<SecurityRealm> getAvailableRealms() {
        return getAvailableRealms(false);
    }

    @Override // org.sonatype.nexus.security.realm.RealmManager
    public List<SecurityRealm> getAvailableRealms(boolean z) {
        return (List) StreamSupport.stream(this.beanLocator.locate(Key.get(Realm.class, (Class<? extends Annotation>) Named.class)).spliterator(), false).filter(beanEntry -> {
            this.log.info(beanEntry.toString());
            return z || this.enableAuthorizationRealmManagement || !"NexusAuthorizingRealm".equals(((Named) beanEntry.getKey()).value());
        }).map(beanEntry2 -> {
            return new SecurityRealm(((Named) beanEntry2.getKey()).value(), beanEntry2.getDescription());
        }).sorted((securityRealm, securityRealm2) -> {
            return securityRealm.getName().compareToIgnoreCase(securityRealm2.getName());
        }).collect(Collectors.toList());
    }

    @Override // org.sonatype.nexus.security.realm.RealmManager
    @Guarded(by = {StateGuardLifecycleSupport.State.STARTED})
    public List<String> getConfiguredRealmIds() {
        List list = (List) getAvailableRealms().stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toList());
        Stream<String> stream = getConfiguredRealmIds(false).stream();
        list.getClass();
        return (List) stream.filter((v1) -> {
            return r1.contains(v1);
        }).collect(Collectors.toList());
    }

    @Override // org.sonatype.nexus.security.realm.RealmManager
    @Guarded(by = {StateGuardLifecycleSupport.State.STARTED})
    public List<String> getConfiguredRealmIds(boolean z) {
        return (List) getConfiguration().getRealmNames().stream().filter(str -> {
            return z || this.enableAuthorizationRealmManagement || !"NexusAuthorizingRealm".equals(str);
        }).collect(Collectors.toList());
    }

    @Override // org.sonatype.nexus.security.realm.RealmManager
    @Guarded(by = {StateGuardLifecycleSupport.State.STARTED})
    public void setConfiguredRealmIds(List<String> list) {
        ArrayList arrayList = new ArrayList(list);
        RealmConfiguration configuration = getConfiguration();
        configuration.setRealmNames(arrayList);
        setConfiguration(configuration);
    }

    private void maybeAddAuthorizingRealm(List<String> list) {
        if (this.enableAuthorizationRealmManagement) {
            return;
        }
        list.remove("NexusAuthorizingRealm");
        list.add("NexusAuthorizingRealm");
    }
}
