package org.apache.maven.archiva.security;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.redback.rbac.RBACManager;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.system.DefaultSecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserNotFoundException;

/* loaded from: input_file:WEB-INF/lib/archiva-security-1.2-M1.jar:org/apache/maven/archiva/security/DefaultUserRepositories.class */
public class DefaultUserRepositories implements UserRepositories {
    private SecuritySystem securitySystem;
    private RBACManager rbacManager;
    private RoleManager roleManager;
    private ArchivaConfiguration archivaConfiguration;

    @Override // org.apache.maven.archiva.security.UserRepositories
    public List<String> getObservableRepositoryIds(String str) throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException {
        try {
            User findUser = this.securitySystem.getUserManager().findUser(str);
            if (findUser.isLocked()) {
                throw new AccessDeniedException("User " + str + DefaultExpressionEngine.DEFAULT_INDEX_START + findUser.getFullName() + ") is locked.");
            }
            DefaultSecuritySession defaultSecuritySession = new DefaultSecuritySession(new AuthenticationResult(true, str, null), findUser);
            ArrayList arrayList = new ArrayList();
            Iterator it = this.archivaConfiguration.getConfiguration().getManagedRepositories().iterator();
            while (it.hasNext()) {
                try {
                    String id = ((ManagedRepositoryConfiguration) it.next()).getId();
                    if (this.securitySystem.isAuthorized(defaultSecuritySession, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, id)) {
                        arrayList.add(id);
                    }
                } catch (AuthorizationException e) {
                }
            }
            return arrayList;
        } catch (UserNotFoundException e2) {
            throw new PrincipalNotFoundException("Unable to find principal " + str + "");
        }
    }

    @Override // org.apache.maven.archiva.security.UserRepositories
    public void createMissingRepositoryRoles(String str) throws ArchivaSecurityException {
        try {
            if (!this.roleManager.templatedRoleExists(ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, str)) {
                this.roleManager.createTemplatedRole(ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, str);
            }
            if (!this.roleManager.templatedRoleExists(ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, str)) {
                this.roleManager.createTemplatedRole(ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, str);
            }
        } catch (RoleManagerException e) {
            throw new ArchivaSecurityException("Unable to create roles for configured repositories: " + e.getMessage(), e);
        }
    }

    @Override // org.apache.maven.archiva.security.UserRepositories
    public boolean isAuthorizedToUploadArtifacts(String str, String str2) throws PrincipalNotFoundException, ArchivaSecurityException {
        try {
            User findUser = this.securitySystem.getUserManager().findUser(str);
            if (findUser.isLocked()) {
                throw new AccessDeniedException("User " + str + DefaultExpressionEngine.DEFAULT_INDEX_START + findUser.getFullName() + ") is locked.");
            }
            return this.securitySystem.isAuthorized(new DefaultSecuritySession(new AuthenticationResult(true, str, null), findUser), ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD, str2);
        } catch (AuthorizationException e) {
            throw new ArchivaSecurityException(e.getMessage());
        } catch (UserNotFoundException e2) {
            throw new PrincipalNotFoundException("Unable to find principal " + str + "");
        }
    }
}
