package org.apache.maven.archiva.security;

import java.util.ArrayList;
import java.util.List;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.system.DefaultSecuritySession;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/archiva-security-1.2.jar:org/apache/maven/archiva/security/DefaultUserRepositories.class */
public class DefaultUserRepositories implements UserRepositories {
    private SecuritySystem securitySystem;
    private RoleManager roleManager;
    private ArchivaConfiguration archivaConfiguration;
    private Logger log = LoggerFactory.getLogger(DefaultUserRepositories.class);

    @Override // org.apache.maven.archiva.security.UserRepositories
    public List<String> getObservableRepositoryIds(String str) throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException {
        return getAccessibleRepositoryIds(str, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS);
    }

    @Override // org.apache.maven.archiva.security.UserRepositories
    public List<String> getManagableRepositoryIds(String str) throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException {
        return getAccessibleRepositoryIds(str, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD);
    }

    private List<String> getAccessibleRepositoryIds(String str, String str2) throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException {
        SecuritySession createSession = createSession(str);
        ArrayList arrayList = new ArrayList();
        for (ManagedRepositoryConfiguration managedRepositoryConfiguration : this.archivaConfiguration.getConfiguration().getManagedRepositories()) {
            try {
                String id = managedRepositoryConfiguration.getId();
                if (this.securitySystem.isAuthorized(createSession, str2, id)) {
                    arrayList.add(id);
                }
            } catch (AuthorizationException e) {
                this.log.debug("Not authorizing '" + str + "' for repository '" + managedRepositoryConfiguration.getId() + "': " + e.getMessage());
            }
        }
        return arrayList;
    }

    private SecuritySession createSession(String str) throws ArchivaSecurityException, AccessDeniedException {
        try {
            User findUser = this.securitySystem.getUserManager().findUser(str);
            if (findUser == null) {
                throw new ArchivaSecurityException("The security system had an internal error - please check your system logs");
            }
            if (findUser.isLocked()) {
                throw new AccessDeniedException("User " + str + DefaultExpressionEngine.DEFAULT_INDEX_START + findUser.getFullName() + ") is locked.");
            }
            return new DefaultSecuritySession(new AuthenticationResult(true, str, null), findUser);
        } catch (UserNotFoundException e) {
            throw new PrincipalNotFoundException("Unable to find principal " + str + "");
        }
    }

    @Override // org.apache.maven.archiva.security.UserRepositories
    public void createMissingRepositoryRoles(String str) throws ArchivaSecurityException {
        try {
            if (!this.roleManager.templatedRoleExists(ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, str)) {
                this.roleManager.createTemplatedRole(ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, str);
            }
            if (!this.roleManager.templatedRoleExists(ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, str)) {
                this.roleManager.createTemplatedRole(ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, str);
            }
        } catch (RoleManagerException e) {
            throw new ArchivaSecurityException("Unable to create roles for configured repositories: " + e.getMessage(), e);
        }
    }

    @Override // org.apache.maven.archiva.security.UserRepositories
    public boolean isAuthorizedToUploadArtifacts(String str, String str2) throws PrincipalNotFoundException, ArchivaSecurityException {
        try {
            return this.securitySystem.isAuthorized(createSession(str), ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD, str2);
        } catch (AuthorizationException e) {
            throw new ArchivaSecurityException(e.getMessage());
        }
    }

    @Override // org.apache.maven.archiva.security.UserRepositories
    public boolean isAuthorizedToDeleteArtifacts(String str, String str2) throws AccessDeniedException, ArchivaSecurityException {
        try {
            return this.securitySystem.isAuthorized(createSession(str), ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE, str2);
        } catch (AuthorizationException e) {
            throw new ArchivaSecurityException(e.getMessage());
        }
    }
}
