package org.sonatype.nexus.security.internal;

import com.google.common.base.Preconditions;
import com.google.common.collect.Sets;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.apache.shiro.authc.credential.PasswordService;
import org.eclipse.sisu.Description;
import org.sonatype.nexus.common.event.EventManager;
import org.sonatype.nexus.security.SecuritySystem;
import org.sonatype.nexus.security.config.CUser;
import org.sonatype.nexus.security.config.CUserRoleMapping;
import org.sonatype.nexus.security.config.SecurityConfigurationManager;
import org.sonatype.nexus.security.role.NoSuchRoleException;
import org.sonatype.nexus.security.role.RoleIdentifier;
import org.sonatype.nexus.security.user.AbstractUserManager;
import org.sonatype.nexus.security.user.NoSuchRoleMappingException;
import org.sonatype.nexus.security.user.NoSuchUserManagerException;
import org.sonatype.nexus.security.user.RoleMappingUserManager;
import org.sonatype.nexus.security.user.User;
import org.sonatype.nexus.security.user.UserCreatedEvent;
import org.sonatype.nexus.security.user.UserDeletedEvent;
import org.sonatype.nexus.security.user.UserNotFoundException;
import org.sonatype.nexus.security.user.UserRoleMappingCreatedEvent;
import org.sonatype.nexus.security.user.UserRoleMappingDeletedEvent;
import org.sonatype.nexus.security.user.UserRoleMappingUpdatedEvent;
import org.sonatype.nexus.security.user.UserSearchCriteria;
import org.sonatype.nexus.security.user.UserStatus;
import org.sonatype.nexus.security.user.UserUpdatedEvent;

@Singleton
@Named("default")
@Description("Local")
/* loaded from: input_file:org/sonatype/nexus/security/internal/UserManagerImpl.class */
public class UserManagerImpl extends AbstractUserManager implements RoleMappingUserManager {
    private final EventManager eventManager;
    private final SecurityConfigurationManager configuration;
    private final SecuritySystem securitySystem;
    private final PasswordService passwordService;
    private final PasswordValidator passwordValidator;

    @Inject
    public UserManagerImpl(EventManager eventManager, SecurityConfigurationManager securityConfigurationManager, SecuritySystem securitySystem, PasswordService passwordService, PasswordValidator passwordValidator) {
        this.eventManager = (EventManager) Preconditions.checkNotNull(eventManager);
        this.configuration = securityConfigurationManager;
        this.securitySystem = securitySystem;
        this.passwordService = passwordService;
        this.passwordValidator = passwordValidator;
    }

    protected CUser toUser(User user) {
        if (user == null) {
            return null;
        }
        CUser newUser = this.configuration.newUser();
        newUser.setId(user.getUserId());
        newUser.setVersion(user.getVersion());
        newUser.setFirstName(user.getFirstName());
        newUser.setLastName(user.getLastName());
        newUser.setEmail(user.getEmailAddress());
        newUser.setStatus(user.getStatus().name());
        return newUser;
    }

    protected User toUser(CUser cUser, Set<String> set) {
        if (cUser == null) {
            return null;
        }
        User user = new User();
        user.setUserId(cUser.getId());
        user.setVersion(cUser.getVersion());
        user.setFirstName(cUser.getFirstName());
        user.setLastName(cUser.getLastName());
        user.setEmailAddress(cUser.getEmail());
        user.setSource("default");
        user.setStatus(UserStatus.valueOf(cUser.getStatus()));
        try {
            if (set != null) {
                user.setRoles(getUsersRoles(set));
            } else {
                user.setRoles(getUsersRoles(cUser.getId(), "default"));
            }
        } catch (UserNotFoundException e) {
            this.log.warn("Could not find user: '{}' of source: '{}' while looking up the users roles.", cUser.getId(), "default", e);
        }
        return user;
    }

    protected RoleIdentifier toRole(String str, String str2) {
        if (str == null) {
            return null;
        }
        try {
            return new RoleIdentifier(str2, this.configuration.readRole(str).getId());
        } catch (NoSuchRoleException e) {
            return null;
        }
    }

    @Override // org.sonatype.nexus.security.user.UserManager
    public Set<User> listUsers() {
        HashSet hashSet = new HashSet();
        Iterator<CUser> it = this.configuration.listUsers().iterator();
        while (it.hasNext()) {
            hashSet.add(toUser(it.next(), null));
        }
        return hashSet;
    }

    @Override // org.sonatype.nexus.security.user.UserManager
    public Set<String> listUserIds() {
        HashSet hashSet = new HashSet();
        Iterator<CUser> it = this.configuration.listUsers().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getId());
        }
        return hashSet;
    }

    @Override // org.sonatype.nexus.security.user.UserManager
    public User getUser(String str) throws UserNotFoundException {
        return getUser(str, null);
    }

    @Override // org.sonatype.nexus.security.user.UserManager
    public User getUser(String str, Set<String> set) throws UserNotFoundException {
        return toUser(this.configuration.readUser(str), set);
    }

    @Override // org.sonatype.nexus.security.user.UserManager
    public String getSource() {
        return "default";
    }

    @Override // org.sonatype.nexus.security.user.UserManager
    public boolean supportsWrite() {
        return true;
    }

    @Override // org.sonatype.nexus.security.user.UserManager
    public User addUser(User user, String str) {
        CUser user2 = toUser(user);
        user2.setPassword(hashPassword(str));
        this.configuration.createUser(user2, getRoleIdsFromUser(user));
        this.eventManager.post(new UserCreatedEvent(user));
        return user;
    }

    @Override // org.sonatype.nexus.security.user.UserManager
    public void changePassword(String str, String str2) throws UserNotFoundException {
        CUser readUser = this.configuration.readUser(str);
        if (CUser.STATUS_CHANGE_PASSWORD.equals(readUser.getStatus())) {
            readUser.setStatus(CUser.STATUS_ACTIVE);
        }
        readUser.setPassword(hashPassword(str2));
        this.configuration.updateUser(readUser);
        this.eventManager.post(new UserUpdatedEvent(getUser(str)));
    }

    @Override // org.sonatype.nexus.security.user.UserManager
    public User updateUser(User user) throws UserNotFoundException {
        CUser readUser = this.configuration.readUser(user.getUserId());
        CUser user2 = toUser(user);
        user2.setPassword(readUser.getPassword());
        this.configuration.updateUser(user2, getRoleIdsFromUser(user));
        this.eventManager.post(new UserUpdatedEvent(user));
        return user;
    }

    @Override // org.sonatype.nexus.security.user.UserManager
    public void deleteUser(String str) throws UserNotFoundException {
        User user = getUser(str);
        this.configuration.deleteUser(str);
        this.eventManager.post(new UserDeletedEvent(user));
    }

    @Override // org.sonatype.nexus.security.user.RoleMappingUserManager
    public Set<RoleIdentifier> getUsersRoles(String str, String str2) throws UserNotFoundException {
        Set<RoleIdentifier> hashSet = new HashSet();
        try {
            CUserRoleMapping readUserRoleMapping = this.configuration.readUserRoleMapping(str, str2);
            if (readUserRoleMapping != null) {
                hashSet = getUsersRoles(readUserRoleMapping.getRoles());
            }
        } catch (NoSuchRoleMappingException e) {
            this.log.debug("No user role mapping found for user: {}", str);
        }
        return hashSet;
    }

    private Set<RoleIdentifier> getUsersRoles(Set<String> set) {
        HashSet hashSet = new HashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            RoleIdentifier role = toRole(it.next(), "default");
            if (role != null) {
                hashSet.add(role);
            }
        }
        return hashSet;
    }

    @Override // org.sonatype.nexus.security.user.UserManager
    public Set<User> searchUsers(UserSearchCriteria userSearchCriteria) {
        HashSet hashSet = new HashSet();
        hashSet.addAll(filterListInMemeory(listUsers(), userSearchCriteria));
        if (userSearchCriteria.getSource() == null) {
            for (CUserRoleMapping cUserRoleMapping : this.configuration.listUserRoleMappings()) {
                if (!"default".equals(cUserRoleMapping.getSource()) && matchesCriteria(cUserRoleMapping.getUserId(), cUserRoleMapping.getSource(), cUserRoleMapping.getRoles(), userSearchCriteria)) {
                    try {
                        hashSet.add(this.securitySystem.getUser(cUserRoleMapping.getUserId(), cUserRoleMapping.getSource()));
                    } catch (NoSuchUserManagerException e) {
                        this.log.warn("User: '{}' of source: '{}' could not be found.", cUserRoleMapping.getUserId(), cUserRoleMapping.getSource(), e);
                    } catch (UserNotFoundException e2) {
                        this.log.debug("User: '{}' of source: '{}' could not be found.", cUserRoleMapping.getUserId(), cUserRoleMapping.getSource(), e2);
                    }
                }
            }
        }
        return hashSet;
    }

    @Override // org.sonatype.nexus.security.user.UserManager
    public boolean isConfigured() {
        return true;
    }

    private String hashPassword(String str) {
        this.passwordValidator.validate(str);
        return (str == null || str.trim().length() <= 0) ? str : this.passwordService.encryptPassword(str);
    }

    @Override // org.sonatype.nexus.security.user.RoleMappingUserManager
    public void setUsersRoles(String str, String str2, Set<RoleIdentifier> set) throws UserNotFoundException {
        if (set == null || set.isEmpty()) {
            try {
                this.configuration.deleteUserRoleMapping(str, str2);
                this.eventManager.post(new UserRoleMappingDeletedEvent(str, str2));
                return;
            } catch (NoSuchRoleMappingException e) {
                this.log.debug("User role mapping for user: {} source: {} could not be deleted because it does not exist.", str, str2);
                return;
            }
        }
        try {
            CUserRoleMapping m3909clone = this.configuration.readUserRoleMapping(str, str2).m3909clone();
            m3909clone.setRoles(Sets.newHashSet());
            updateRoles(m3909clone, set);
            this.configuration.updateUserRoleMapping(m3909clone);
            this.eventManager.post(new UserRoleMappingUpdatedEvent(str, str2, m3909clone.getRoles()));
        } catch (NoSuchRoleMappingException e2) {
            CUserRoleMapping newUserRoleMapping = this.configuration.newUserRoleMapping();
            newUserRoleMapping.setUserId(str);
            newUserRoleMapping.setSource(str2);
            updateRoles(newUserRoleMapping, set);
            this.log.debug("Update of user role mapping for user: {} source: {} did not exist, creating new one.", str, str2);
            this.configuration.createUserRoleMapping(newUserRoleMapping);
            this.eventManager.post(new UserRoleMappingCreatedEvent(str, str2, newUserRoleMapping.getRoles()));
        }
    }

    private void updateRoles(CUserRoleMapping cUserRoleMapping, Set<RoleIdentifier> set) {
        for (RoleIdentifier roleIdentifier : set) {
            if (getSource().equals(roleIdentifier.getSource())) {
                cUserRoleMapping.addRole(roleIdentifier.getRoleId());
            }
        }
    }

    @Override // org.sonatype.nexus.security.user.UserManager
    public String getAuthenticationRealmName() {
        return "NexusAuthenticatingRealm";
    }

    private Set<String> getRoleIdsFromUser(User user) {
        HashSet hashSet = new HashSet();
        Iterator<RoleIdentifier> it = user.getRoles().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getRoleId());
        }
        return hashSet;
    }
}
