package org.sonatype.nexus.security.config;

import groovy.lang.ExpandoMetaClass;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.util.Optional;
import java.util.UUID;
import javax.annotation.Nullable;
import javax.annotation.Priority;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.authc.credential.PasswordService;
import org.sonatype.nexus.common.text.Strings2;
import org.sonatype.nexus.security.Roles;
import org.sonatype.nexus.security.anonymous.AnonymousConfiguration;
import org.sonatype.nexus.security.config.memory.MemoryCUser;
import org.sonatype.nexus.security.config.memory.MemoryCUserRoleMapping;
import org.sonatype.nexus.security.internal.rest.UserApiResource;

@Singleton
@Priority(Integer.MIN_VALUE)
@Named(ExpandoMetaClass.STATIC_QUALIFIER)
/* loaded from: input_file:org/sonatype/nexus/security/config/StaticSecurityConfigurationSource.class */
public class StaticSecurityConfigurationSource implements SecurityConfigurationSource {
    private static final String NEXUS_SECURITY_INITIAL_PASSWORD = "NEXUS_SECURITY_INITIAL_PASSWORD";
    private final PasswordService passwordService;
    private final AdminPasswordFileManager adminPasswordFileManager;
    private final boolean randomPassword;
    private final String password;
    private SecurityConfiguration configuration;

    @Inject
    public StaticSecurityConfigurationSource(PasswordService passwordService, AdminPasswordFileManager adminPasswordFileManager, @Named("${nexus.security.randompassword:-true}") boolean z) {
        this(passwordService, adminPasswordFileManager, z, System.getenv(NEXUS_SECURITY_INITIAL_PASSWORD));
    }

    public StaticSecurityConfigurationSource(PasswordService passwordService, AdminPasswordFileManager adminPasswordFileManager, boolean z, @Nullable String str) {
        this.passwordService = passwordService;
        this.adminPasswordFileManager = adminPasswordFileManager;
        this.password = str;
        if (StringUtils.isBlank(str)) {
            this.randomPassword = z && ((Boolean) Optional.ofNullable(System.getenv("NEXUS_SECURITY_RANDOMPASSWORD")).map(Boolean::valueOf).orElse(true)).booleanValue();
        } else {
            this.randomPassword = false;
        }
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationSource
    public SecurityConfiguration getConfiguration() {
        return this.configuration != null ? this.configuration : loadConfiguration();
    }

    @Override // org.sonatype.nexus.security.config.SecurityConfigurationSource
    public synchronized SecurityConfiguration loadConfiguration() {
        String encryptPassword = this.passwordService.encryptPassword(getPassword());
        MemorySecurityConfiguration memorySecurityConfiguration = new MemorySecurityConfiguration();
        CUser[] cUserArr = new CUser[2];
        cUserArr[0] = new MemoryCUser().withId(UserApiResource.ADMIN_USER_ID).withPassword(encryptPassword).withFirstName("Administrator").withLastName("User").withStatus(this.randomPassword ? CUser.STATUS_CHANGE_PASSWORD : CUser.STATUS_ACTIVE).withEmail("admin@example.org");
        cUserArr[1] = new MemoryCUser().withId(AnonymousConfiguration.DEFAULT_USER_ID).withPassword("$shiro1$SHA-512$1024$CPJm1XWdYNg5eCAYp4L4HA==$HIGwnJhC07ZpgeVblZcFRD1F6KH+xPG8t7mIcEMbfycC+n5Ljudyoj9dzdinrLmChTrmKMCw2/z29F7HeLbTbQ==").withFirstName("Anonymous").withLastName("User").withStatus(CUser.STATUS_ACTIVE).withEmail("anonymous@example.org");
        return memorySecurityConfiguration.withUsers(cUserArr).withUserRoleMappings(new MemoryCUserRoleMapping().withUserId(UserApiResource.ADMIN_USER_ID).withSource("default").withRoles(Roles.ADMIN_ROLE_ID), new MemoryCUserRoleMapping().withUserId(AnonymousConfiguration.DEFAULT_USER_ID).withSource("default").withRoles("nx-anonymous"));
    }

    private String getPassword() {
        if (StringUtils.isNotBlank(this.password)) {
            return this.password;
        }
        try {
            String readFile = this.adminPasswordFileManager.readFile();
            if (!Strings2.isBlank(readFile)) {
                return readFile;
            }
            if (!this.randomPassword) {
                return "admin123";
            }
            String uuid = UUID.randomUUID().toString();
            if (!this.adminPasswordFileManager.writeFile(uuid)) {
                uuid = "admin123";
            }
            return uuid;
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }
}
