package org.apache.archiva.security;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.inject.Inject;
import org.apache.archiva.admin.model.RepositoryAdminException;
import org.apache.archiva.admin.model.beans.ManagedRepository;
import org.apache.archiva.admin.model.managed.ManagedRepositoryAdmin;
import org.apache.archiva.redback.authentication.AuthenticationResult;
import org.apache.archiva.redback.authorization.AuthorizationException;
import org.apache.archiva.redback.role.RoleManager;
import org.apache.archiva.redback.role.RoleManagerException;
import org.apache.archiva.redback.system.DefaultSecuritySession;
import org.apache.archiva.redback.system.SecuritySession;
import org.apache.archiva.redback.system.SecuritySystem;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManagerException;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.archiva.security.common.ArchivaRoleConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service("userRepositories")
/* loaded from: input_file:WEB-INF/lib/archiva-security-2.0.0.jar:org/apache/archiva/security/DefaultUserRepositories.class */
public class DefaultUserRepositories implements UserRepositories {

    @Inject
    private SecuritySystem securitySystem;

    @Inject
    private RoleManager roleManager;

    @Inject
    private ManagedRepositoryAdmin managedRepositoryAdmin;
    private Logger log = LoggerFactory.getLogger(getClass());

    @Override // org.apache.archiva.security.UserRepositories
    public List<String> getObservableRepositoryIds(String str) throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException {
        return getAccessibleRepositoryIds(str, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS);
    }

    @Override // org.apache.archiva.security.UserRepositories
    public List<String> getManagableRepositoryIds(String str) throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException {
        return getAccessibleRepositoryIds(str, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD);
    }

    private List<String> getAccessibleRepositoryIds(String str, String str2) throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException {
        List<ManagedRepository> accessibleRepositories = getAccessibleRepositories(str, str2);
        ArrayList arrayList = new ArrayList(accessibleRepositories.size());
        Iterator<ManagedRepository> it = accessibleRepositories.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getId());
        }
        return arrayList;
    }

    @Override // org.apache.archiva.security.UserRepositories
    public List<ManagedRepository> getAccessibleRepositories(String str) throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException {
        return getAccessibleRepositories(str, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS);
    }

    private List<ManagedRepository> getAccessibleRepositories(String str, String str2) throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException {
        SecuritySession createSession = createSession(str);
        ArrayList arrayList = new ArrayList();
        try {
            for (ManagedRepository managedRepository : this.managedRepositoryAdmin.getManagedRepositories()) {
                try {
                    if (this.securitySystem.isAuthorized(createSession, str2, managedRepository.getId())) {
                        arrayList.add(managedRepository);
                    }
                } catch (AuthorizationException e) {
                    this.log.debug("Not authorizing '{}' for repository '{}': {}", str, managedRepository.getId(), e.getMessage());
                }
            }
            return arrayList;
        } catch (RepositoryAdminException e2) {
            throw new ArchivaSecurityException(e2.getMessage(), e2);
        }
    }

    private SecuritySession createSession(String str) throws ArchivaSecurityException, AccessDeniedException {
        try {
            User findUser = this.securitySystem.getUserManager().findUser(str);
            if (findUser == null) {
                throw new ArchivaSecurityException("The security system had an internal error - please check your system logs");
            }
            if (findUser.isLocked()) {
                throw new AccessDeniedException("User " + str + "(" + findUser.getFullName() + ") is locked.");
            }
            AuthenticationResult authenticationResult = new AuthenticationResult(true, str, null);
            authenticationResult.setUser(findUser);
            return new DefaultSecuritySession(authenticationResult, findUser);
        } catch (UserNotFoundException e) {
            throw new PrincipalNotFoundException("Unable to find principal " + str + "", e);
        } catch (UserManagerException e2) {
            throw new ArchivaSecurityException(e2.getMessage(), e2);
        }
    }

    @Override // org.apache.archiva.security.UserRepositories
    public void createMissingRepositoryRoles(String str) throws ArchivaSecurityException {
        try {
            if (!this.roleManager.templatedRoleExists(ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, str)) {
                this.roleManager.createTemplatedRole(ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, str);
            }
            if (!this.roleManager.templatedRoleExists(ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, str)) {
                this.roleManager.createTemplatedRole(ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, str);
            }
        } catch (RoleManagerException e) {
            throw new ArchivaSecurityException("Unable to create roles for configured repositories: " + e.getMessage(), e);
        }
    }

    @Override // org.apache.archiva.security.UserRepositories
    public boolean isAuthorizedToUploadArtifacts(String str, String str2) throws PrincipalNotFoundException, ArchivaSecurityException {
        try {
            return this.securitySystem.isAuthorized(createSession(str), ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD, str2);
        } catch (AuthorizationException e) {
            throw new ArchivaSecurityException(e.getMessage(), e);
        }
    }

    @Override // org.apache.archiva.security.UserRepositories
    public boolean isAuthorizedToDeleteArtifacts(String str, String str2) throws ArchivaSecurityException {
        try {
            return this.securitySystem.isAuthorized(createSession(str), ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE, str2);
        } catch (AuthorizationException e) {
            throw new ArchivaSecurityException(e.getMessage(), e);
        }
    }

    public SecuritySystem getSecuritySystem() {
        return this.securitySystem;
    }

    public void setSecuritySystem(SecuritySystem securitySystem) {
        this.securitySystem = securitySystem;
    }

    public RoleManager getRoleManager() {
        return this.roleManager;
    }

    public void setRoleManager(RoleManager roleManager) {
        this.roleManager = roleManager;
    }
}
