package org.apache.archiva.redback.rest.services;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import javax.ws.rs.core.Response;
import org.apache.archiva.redback.integration.model.AdminEditUserCredentials;
import org.apache.archiva.redback.integration.util.RoleSorter;
import org.apache.archiva.redback.rbac.Permission;
import org.apache.archiva.redback.rbac.RBACManager;
import org.apache.archiva.redback.rbac.RbacManagerException;
import org.apache.archiva.redback.rbac.UserAssignment;
import org.apache.archiva.redback.rest.api.model.Application;
import org.apache.archiva.redback.rest.api.model.ApplicationRoles;
import org.apache.archiva.redback.rest.api.model.ErrorMessage;
import org.apache.archiva.redback.rest.api.model.Role;
import org.apache.archiva.redback.rest.api.model.RoleTemplate;
import org.apache.archiva.redback.rest.api.model.User;
import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
import org.apache.archiva.redback.rest.api.services.RoleManagementService;
import org.apache.archiva.redback.role.RoleManager;
import org.apache.archiva.redback.role.RoleManagerException;
import org.apache.archiva.redback.role.model.ModelApplication;
import org.apache.archiva.redback.role.model.ModelRole;
import org.apache.archiva.redback.role.model.ModelTemplate;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.archiva.security.common.ArchivaRoleConstants;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service("roleManagementService#rest")
/* loaded from: input_file:WEB-INF/lib/redback-rest-services-2.0.jar:org/apache/archiva/redback/rest/services/DefaultRoleManagementService.class */
public class DefaultRoleManagementService implements RoleManagementService {
    private Logger log = LoggerFactory.getLogger(getClass());
    private RoleManager roleManager;
    private RBACManager rbacManager;
    private UserManager userManager;

    @Inject
    public DefaultRoleManagementService(RoleManager roleManager, @Named("rBACManager#cached") RBACManager rBACManager, @Named("userManager#cached") UserManager userManager) {
        this.roleManager = roleManager;
        this.rbacManager = rBACManager;
        this.userManager = userManager;
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public Boolean createTemplatedRole(String str, String str2) throws RedbackServiceException {
        try {
            this.roleManager.createTemplatedRole(str, str2);
            return Boolean.TRUE;
        } catch (RoleManagerException e) {
            throw new RedbackServiceException(e.getMessage());
        }
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public Boolean removeTemplatedRole(String str, String str2) throws RedbackServiceException {
        try {
            this.roleManager.removeTemplatedRole(str, str2);
            return Boolean.TRUE;
        } catch (RoleManagerException e) {
            throw new RedbackServiceException(e.getMessage());
        }
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public Boolean updateRole(String str, String str2, String str3) throws RedbackServiceException {
        try {
            this.roleManager.updateRole(str, str2, str3);
            return Boolean.TRUE;
        } catch (RoleManagerException e) {
            throw new RedbackServiceException(e.getMessage());
        }
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public Boolean assignRole(String str, String str2) throws RedbackServiceException {
        try {
            this.roleManager.assignRole(str, str2);
            return Boolean.TRUE;
        } catch (RoleManagerException e) {
            throw new RedbackServiceException(e.getMessage());
        }
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public Boolean assignRoleByName(String str, String str2) throws RedbackServiceException {
        try {
            this.roleManager.assignRoleByName(str, str2);
            return Boolean.TRUE;
        } catch (RoleManagerException e) {
            throw new RedbackServiceException(e.getMessage());
        }
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public Boolean assignTemplatedRole(String str, String str2, String str3) throws RedbackServiceException {
        try {
            this.roleManager.assignTemplatedRole(str, str2, str3);
            return Boolean.TRUE;
        } catch (RoleManagerException e) {
            throw new RedbackServiceException(e.getMessage());
        }
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public Boolean unassignRole(String str, String str2) throws RedbackServiceException {
        try {
            this.roleManager.unassignRole(str, str2);
            return Boolean.TRUE;
        } catch (RoleManagerException e) {
            throw new RedbackServiceException(e.getMessage());
        }
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public Boolean unassignRoleByName(String str, String str2) throws RedbackServiceException {
        try {
            this.roleManager.unassignRoleByName(str, str2);
            return Boolean.TRUE;
        } catch (RoleManagerException e) {
            throw new RedbackServiceException(e.getMessage());
        }
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public Boolean roleExists(String str) throws RedbackServiceException {
        try {
            return Boolean.valueOf(this.roleManager.roleExists(str));
        } catch (RoleManagerException e) {
            throw new RedbackServiceException(e.getMessage());
        }
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public Boolean templatedRoleExists(String str, String str2) throws RedbackServiceException {
        try {
            return Boolean.valueOf(this.roleManager.templatedRoleExists(str, str2));
        } catch (RoleManagerException e) {
            throw new RedbackServiceException(e.getMessage());
        }
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public Boolean verifyTemplatedRole(String str, String str2) throws RedbackServiceException {
        try {
            this.roleManager.verifyTemplatedRole(str, str2);
            return Boolean.TRUE;
        } catch (RoleManagerException e) {
            throw new RedbackServiceException(e.getMessage());
        }
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public List<Role> getEffectivelyAssignedRoles(String str) throws RedbackServiceException {
        if (StringUtils.isEmpty(str)) {
            throw new RedbackServiceException(new ErrorMessage("user.cannot.be.null"));
        }
        try {
            List<org.apache.archiva.redback.rbac.Role> filterAssignableRoles = filterAssignableRoles(this.rbacManager.getEffectivelyAssignedRoles(str));
            ArrayList arrayList = new ArrayList(filterAssignableRoles.size());
            Iterator<org.apache.archiva.redback.rbac.Role> it = filterAssignableRoles.iterator();
            while (it.hasNext()) {
                arrayList.add(new Role(it.next()));
            }
            return arrayList;
        } catch (RbacManagerException e) {
            return new ArrayList(0);
        }
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public List<Application> getApplications(String str) throws RedbackServiceException {
        List<ModelApplication> applications = this.roleManager.getModel().getApplications();
        ArrayList arrayList = new ArrayList(applications.size());
        for (ModelApplication modelApplication : applications) {
            Application application = new Application();
            application.setDescription(modelApplication.getDescription());
            application.setId(modelApplication.getId());
            application.setLongDescription(modelApplication.getLongDescription());
            application.setVersion(modelApplication.getVersion());
            arrayList.add(application);
        }
        return arrayList;
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public List<Role> getAllRoles() throws RedbackServiceException {
        try {
            List<org.apache.archiva.redback.rbac.Role> allRoles = this.rbacManager.getAllRoles();
            if (allRoles == null) {
                return Collections.emptyList();
            }
            List<org.apache.archiva.redback.rbac.Role> filterRolesForCurrentUserAccess = filterRolesForCurrentUserAccess(allRoles);
            ArrayList arrayList = new ArrayList(filterRolesForCurrentUserAccess.size());
            Iterator<org.apache.archiva.redback.rbac.Role> it = filterRolesForCurrentUserAccess.iterator();
            while (it.hasNext()) {
                arrayList.add(new Role(it.next()));
            }
            return arrayList;
        } catch (RbacManagerException e) {
            throw new RedbackServiceException(e.getMessage());
        }
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public List<Role> getDetailedAllRoles() throws RedbackServiceException {
        try {
            List<org.apache.archiva.redback.rbac.Role> allRoles = this.rbacManager.getAllRoles();
            if (allRoles == null) {
                return Collections.emptyList();
            }
            List<org.apache.archiva.redback.rbac.Role> filterRolesForCurrentUserAccess = filterRolesForCurrentUserAccess(allRoles);
            ArrayList arrayList = new ArrayList(filterRolesForCurrentUserAccess.size());
            Iterator<org.apache.archiva.redback.rbac.Role> it = filterRolesForCurrentUserAccess.iterator();
            while (it.hasNext()) {
                arrayList.add(getRole(it.next().getName()));
            }
            return arrayList;
        } catch (RbacManagerException e) {
            throw new RedbackServiceException(e.getMessage());
        }
    }

    private List<org.apache.archiva.redback.rbac.Role> filterAssignableRoles(Collection<org.apache.archiva.redback.rbac.Role> collection) {
        ArrayList arrayList = new ArrayList(collection.size());
        for (org.apache.archiva.redback.rbac.Role role : collection) {
            if (role.isAssignable()) {
                arrayList.add(role);
            }
        }
        return arrayList;
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public Role getRole(String str) throws RedbackServiceException {
        List<UserAssignment> userAssignmentsForRoles;
        try {
            org.apache.archiva.redback.rbac.Role role = this.rbacManager.getRole(str);
            Role role2 = new Role(role);
            Map<String, org.apache.archiva.redback.rbac.Role> parentRoles = this.rbacManager.getParentRoles(role);
            Iterator<String> it = parentRoles.keySet().iterator();
            while (it.hasNext()) {
                role2.getParentRoleNames().add(it.next());
            }
            List<UserAssignment> userAssignmentsForRoles2 = this.rbacManager.getUserAssignmentsForRoles(Arrays.asList(str));
            if (userAssignmentsForRoles2 != null) {
                for (UserAssignment userAssignment : userAssignmentsForRoles2) {
                    try {
                        role2.getUsers().add(new User(this.userManager.findUser(userAssignment.getPrincipal())));
                    } catch (UserNotFoundException e) {
                        this.log.warn("User '" + userAssignment.getPrincipal() + "' doesn't exist.", (Throwable) e);
                    }
                }
            }
            if (!role2.getParentRoleNames().isEmpty() && (userAssignmentsForRoles = this.rbacManager.getUserAssignmentsForRoles(parentRoles.keySet())) != null) {
                for (UserAssignment userAssignment2 : userAssignmentsForRoles) {
                    try {
                        role2.getParentsRolesUsers().add(new User(this.userManager.findUser(userAssignment2.getPrincipal())));
                    } catch (UserNotFoundException e2) {
                        this.log.warn("User '" + userAssignment2.getPrincipal() + "' doesn't exist.", (Throwable) e2);
                    }
                }
            }
            ArrayList arrayList = new ArrayList();
            Iterator<org.apache.archiva.redback.users.User> it2 = this.userManager.getUsers().iterator();
            while (it2.hasNext()) {
                User user = new User(it2.next());
                if (!role2.getParentsRolesUsers().contains(user) && !role2.getUsers().contains(user)) {
                    arrayList.add(user);
                }
            }
            role2.setOtherUsers(arrayList);
            return role2;
        } catch (RbacManagerException e3) {
            throw new RedbackServiceException(new ErrorMessage(e3.getMessage()));
        }
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public Boolean updateRoleDescription(String str, String str2) throws RedbackServiceException {
        try {
            org.apache.archiva.redback.rbac.Role role = this.rbacManager.getRole(str);
            role.setDescription(str2);
            this.rbacManager.saveRole(role);
            return Boolean.TRUE;
        } catch (RbacManagerException e) {
            throw new RedbackServiceException(new ErrorMessage(e.getMessage()));
        }
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public Boolean updateRoleUsers(Role role) throws RedbackServiceException {
        Iterator<User> it = role.getUsers().iterator();
        while (it.hasNext()) {
            String username = it.next().getUsername();
            if (!this.userManager.userExists(username)) {
                this.log.error("user {} not exits", username);
                throw new RedbackServiceException(new ErrorMessage("user.not.exists", new String[]{username}));
            }
            try {
                UserAssignment userAssignment = this.rbacManager.userAssignmentExists(username) ? this.rbacManager.getUserAssignment(username) : this.rbacManager.createUserAssignment(username);
                userAssignment.addRoleName(role.getName());
                this.rbacManager.saveUserAssignment(userAssignment);
                this.log.info("{} role assigned to {}", role.getName(), username);
            } catch (RbacManagerException e) {
                this.log.error("error during assign role " + role.getName() + " to user " + username, (Throwable) e);
                throw new RedbackServiceException(new ErrorMessage("error.assign.role.user", new String[]{role.getName(), username}));
            }
        }
        Iterator<User> it2 = role.getRemovedUsers().iterator();
        while (it2.hasNext()) {
            String username2 = it2.next().getUsername();
            if (!this.userManager.userExists(username2)) {
                this.log.error("user {} not exits", username2);
                throw new RedbackServiceException(new ErrorMessage("user.not.exists", new String[]{username2}));
            }
            try {
                UserAssignment userAssignment2 = this.rbacManager.userAssignmentExists(username2) ? this.rbacManager.getUserAssignment(username2) : this.rbacManager.createUserAssignment(username2);
                userAssignment2.removeRoleName(role.getName());
                this.rbacManager.saveUserAssignment(userAssignment2);
                this.log.info("{} role unassigned to {}", role.getName(), username2);
            } catch (RbacManagerException e2) {
                this.log.error("error during unassign role " + role.getName() + " to user " + username2, (Throwable) e2);
                throw new RedbackServiceException(new ErrorMessage("error.unassign.role.user", new String[]{role.getName(), username2}));
            }
        }
        return Boolean.TRUE;
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public List<ApplicationRoles> getApplicationRoles(String str) throws RedbackServiceException {
        if (StringUtils.isEmpty(str)) {
            throw new RedbackServiceException(new ErrorMessage("rbac.edit.user.empty.principal"));
        }
        if (!this.userManager.userExists(str)) {
            throw new RedbackServiceException(new ErrorMessage("user.does.not.exist", new String[]{str}));
        }
        try {
            org.apache.archiva.redback.users.User findUser = this.userManager.findUser(str);
            if (findUser == null) {
                throw new RedbackServiceException(new ErrorMessage("cannot.operate.on.null.user"));
            }
            new AdminEditUserCredentials(findUser);
            try {
                if (!this.rbacManager.userAssignmentExists(str)) {
                    this.rbacManager.saveUserAssignment(this.rbacManager.createUserAssignment(str));
                }
                List<org.apache.archiva.redback.rbac.Role> filterRolesForCurrentUserAccess = filterRolesForCurrentUserAccess(this.rbacManager.getAllRoles());
                List<ModelApplication> applications = this.roleManager.getModel().getApplications();
                ArrayList arrayList = new ArrayList(applications.size());
                for (ModelApplication modelApplication : applications) {
                    ApplicationRoles applicationRoles = new ApplicationRoles();
                    applicationRoles.setDescription(modelApplication.getDescription());
                    applicationRoles.setName(modelApplication.getId());
                    Collection<org.apache.archiva.redback.rbac.Role> filterApplicationRoles = filterApplicationRoles(modelApplication, filterRolesForCurrentUserAccess, modelApplication.getTemplates());
                    applicationRoles.setGlobalRoles(toRoleNames(filterApplicationRoles));
                    applicationRoles.setResources(discoverResources(modelApplication.getTemplates(), filterApplicationRoles));
                    applicationRoles.setRoleTemplates(toRoleTemplates(modelApplication.getTemplates()));
                    ArrayList arrayList2 = new ArrayList(filterApplicationRoles.size());
                    for (String str2 : applicationRoles.getGlobalRoles()) {
                        if (!roleFromTemplate(str2, modelApplication.getTemplates())) {
                            arrayList2.add(str2);
                        }
                    }
                    applicationRoles.setGlobalRoles(arrayList2);
                    arrayList.add(applicationRoles);
                }
                return arrayList;
            } catch (RbacManagerException e) {
                RedbackServiceException redbackServiceException = new RedbackServiceException(new ErrorMessage(e.getMessage()));
                redbackServiceException.setHttpErrorCode(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
                throw redbackServiceException;
            }
        } catch (UserNotFoundException e2) {
            throw new RedbackServiceException(new ErrorMessage("user.does.not.exist", new String[]{str, e2.getMessage()}));
        }
    }

    @Override // org.apache.archiva.redback.rest.api.services.RoleManagementService
    public Boolean updateUserRoles(User user) throws RedbackServiceException {
        String username = user.getUsername();
        if (StringUtils.isEmpty(username)) {
            throw new RedbackServiceException(new ErrorMessage("rbac.edit.user.empty.principal"));
        }
        if (!this.userManager.userExists(username)) {
            throw new RedbackServiceException(new ErrorMessage("user.does.not.exist", new String[]{username}));
        }
        try {
            if (this.userManager.findUser(username) == null) {
                throw new RedbackServiceException(new ErrorMessage("cannot.operate.on.null.user"));
            }
            try {
                UserAssignment userAssignment = this.rbacManager.userAssignmentExists(username) ? this.rbacManager.getUserAssignment(username) : this.rbacManager.createUserAssignment(username);
                userAssignment.setRoleNames(user.getAssignedRoles());
                this.rbacManager.saveUserAssignment(userAssignment);
                return Boolean.TRUE;
            } catch (RbacManagerException e) {
                RedbackServiceException redbackServiceException = new RedbackServiceException(new ErrorMessage(e.getMessage()));
                redbackServiceException.setHttpErrorCode(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
                throw redbackServiceException;
            }
        } catch (UserNotFoundException e2) {
            throw new RedbackServiceException(new ErrorMessage("user.does.not.exist", new String[]{username, e2.getMessage()}));
        }
    }

    private org.apache.archiva.redback.rbac.Role isInList(String str, Collection<org.apache.archiva.redback.rbac.Role> collection) {
        for (org.apache.archiva.redback.rbac.Role role : collection) {
            if (str.equals(role.getName())) {
                return role;
            }
        }
        return null;
    }

    private Collection<org.apache.archiva.redback.rbac.Role> filterApplicationRoles(ModelApplication modelApplication, List<org.apache.archiva.redback.rbac.Role> list, List<ModelTemplate> list2) {
        HashSet hashSet = new HashSet();
        Iterator it = modelApplication.getRoles().iterator();
        while (it.hasNext()) {
            org.apache.archiva.redback.rbac.Role isInList = isInList(((ModelRole) it.next()).getName(), list);
            if (isInList != null) {
                hashSet.add(isInList);
            }
        }
        toRoleNames(list);
        for (ModelTemplate modelTemplate : list2) {
            for (org.apache.archiva.redback.rbac.Role role : list) {
                if (StringUtils.startsWith(role.getName(), modelTemplate.getNamePrefix() + modelTemplate.getDelimiter())) {
                    hashSet.add(role);
                }
            }
        }
        return hashSet;
    }

    private boolean roleFromTemplate(String str, List<ModelTemplate> list) {
        for (ModelTemplate modelTemplate : list) {
            if (StringUtils.startsWith(str, modelTemplate.getNamePrefix() + modelTemplate.getDelimiter())) {
                return true;
            }
        }
        return false;
    }

    private List<String> toRoleNames(Collection<org.apache.archiva.redback.rbac.Role> collection) {
        ArrayList arrayList = new ArrayList(collection.size());
        Iterator<org.apache.archiva.redback.rbac.Role> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getName());
        }
        return arrayList;
    }

    private List<RoleTemplate> toRoleTemplates(List<ModelTemplate> list) {
        if (list == null || list.isEmpty()) {
            return new ArrayList(0);
        }
        ArrayList arrayList = new ArrayList(list.size());
        for (ModelTemplate modelTemplate : list) {
            RoleTemplate roleTemplate = new RoleTemplate();
            roleTemplate.setDelimiter(modelTemplate.getDelimiter());
            roleTemplate.setDescription(modelTemplate.getDescription());
            roleTemplate.setId(modelTemplate.getId());
            roleTemplate.setNamePrefix(modelTemplate.getNamePrefix());
            arrayList.add(roleTemplate);
        }
        return arrayList;
    }

    private Set<String> discoverResources(List<ModelTemplate> list, Collection<org.apache.archiva.redback.rbac.Role> collection) {
        HashSet hashSet = new HashSet();
        for (ModelTemplate modelTemplate : list) {
            Iterator<org.apache.archiva.redback.rbac.Role> it = collection.iterator();
            while (it.hasNext()) {
                String name = it.next().getName();
                if (name.startsWith(modelTemplate.getNamePrefix())) {
                    String delimiter = modelTemplate.getDelimiter();
                    hashSet.add(name.substring(name.indexOf(delimiter) + delimiter.length()));
                }
            }
        }
        return hashSet;
    }

    protected List<org.apache.archiva.redback.rbac.Role> filterRolesForCurrentUserAccess(List<org.apache.archiva.redback.rbac.Role> list) throws RedbackServiceException {
        Map<String, List<Permission>> assignedPermissionMap;
        ArrayList<String> arrayList;
        RedbackRequestInformation redbackRequestInformation = RedbackAuthenticationThreadLocal.get();
        if (redbackRequestInformation == null || redbackRequestInformation.getUser() == null) {
            throw new RedbackServiceException(new ErrorMessage("login.mandatory"));
        }
        String username = redbackRequestInformation.getUser().getUsername();
        ArrayList arrayList2 = new ArrayList();
        try {
            assignedPermissionMap = this.rbacManager.getAssignedPermissionMap(username);
            arrayList = new ArrayList();
        } catch (RbacManagerException e) {
        }
        if (!assignedPermissionMap.containsKey("user-management-role-grant")) {
            return Collections.emptyList();
        }
        for (Permission permission : assignedPermissionMap.get("user-management-role-grant")) {
            if (permission.getResource().getIdentifier().equals("*")) {
                return list;
            }
            arrayList.add(permission.getResource().getIdentifier());
        }
        for (org.apache.archiva.redback.rbac.Role role : list) {
            int indexOf = role.getName().indexOf(ArchivaRoleConstants.DELIMITER);
            for (String str : arrayList) {
                if (role.getName().indexOf(str) != -1 && indexOf != -1 && role.getName().substring(indexOf + ArchivaRoleConstants.DELIMITER.length()).equals(str)) {
                    arrayList2.add(role);
                }
            }
        }
        Collections.sort(arrayList2, new RoleSorter());
        return arrayList2;
    }
}
