package org.sonatype.security.realms;

import com.google.common.base.Throwables;
import com.google.common.collect.MapMaker;
import com.google.common.eventbus.AllowConcurrentEvents;
import com.google.common.eventbus.Subscribe;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.enterprise.inject.Typed;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.permission.RolePermissionResolver;
import org.sonatype.security.authorization.NoSuchPrivilegeException;
import org.sonatype.security.authorization.NoSuchRoleException;
import org.sonatype.security.authorization.PermissionFactory;
import org.sonatype.security.events.AuthorizationConfigurationChanged;
import org.sonatype.security.events.SecurityConfigurationChanged;
import org.sonatype.security.model.CPrivilege;
import org.sonatype.security.model.CRole;
import org.sonatype.security.realms.privileges.PrivilegeDescriptor;
import org.sonatype.security.realms.tools.ConfigurationManager;
import org.sonatype.security.realms.tools.ConfigurationManagerAction;
import org.sonatype.sisu.goodies.eventbus.EventBus;

@Singleton
@Typed({RolePermissionResolver.class})
@Named("default")
/* loaded from: input_file:WEB-INF/lib/nexus-security-realms-2.14.5-02.jar:org/sonatype/security/realms/XmlRolePermissionResolver.class */
public class XmlRolePermissionResolver implements RolePermissionResolver {
    private final ConfigurationManager configuration;
    private final List<PrivilegeDescriptor> privilegeDescriptors;
    private final PermissionFactory permissionFactory;
    private final Map<String, Collection<Permission>> permissionsCache = new MapMaker().weakValues2().makeMap();

    @Inject
    public XmlRolePermissionResolver(@Named("default") ConfigurationManager configurationManager, List<PrivilegeDescriptor> list, @Named("caching") PermissionFactory permissionFactory, EventBus eventBus) {
        this.configuration = configurationManager;
        this.privilegeDescriptors = list;
        this.permissionFactory = permissionFactory;
        eventBus.register(this);
    }

    @AllowConcurrentEvents
    @Subscribe
    public void on(AuthorizationConfigurationChanged authorizationConfigurationChanged) {
        this.permissionsCache.clear();
    }

    @AllowConcurrentEvents
    @Subscribe
    public void on(SecurityConfigurationChanged securityConfigurationChanged) {
        this.permissionsCache.clear();
    }

    @Override // org.apache.shiro.authz.permission.RolePermissionResolver
    public Collection<Permission> resolvePermissionsInRole(final String str) {
        try {
            final LinkedHashSet linkedHashSet = new LinkedHashSet();
            this.configuration.runRead(new ConfigurationManagerAction() { // from class: org.sonatype.security.realms.XmlRolePermissionResolver.1
                @Override // org.sonatype.security.realms.tools.ConfigurationManagerAction
                public void run() throws Exception {
                    XmlRolePermissionResolver.this.resolvePermissionsInRole(str, linkedHashSet);
                }
            });
            return linkedHashSet;
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    protected void resolvePermissionsInRole(String str, Collection<Permission> collection) {
        LinkedList linkedList = new LinkedList();
        linkedList.add(str);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        while (!linkedList.isEmpty()) {
            String str2 = (String) linkedList.removeFirst();
            if (linkedHashSet.add(str2)) {
                try {
                    CRole readRole = this.configuration.readRole(str2);
                    Collection<Permission> collection2 = this.permissionsCache.get(str2);
                    if (collection2 != null) {
                        collection.addAll(collection2);
                    } else {
                        linkedList.addAll(readRole.getRoles());
                        Iterator<String> it = readRole.getPrivileges().iterator();
                        while (it.hasNext()) {
                            collection.addAll(getPermissions(it.next()));
                        }
                    }
                } catch (NoSuchRoleException e) {
                }
            }
        }
        this.permissionsCache.put(str, collection);
    }

    protected Set<Permission> getPermissions(String str) {
        try {
            CPrivilege readPrivilege = this.configuration.readPrivilege(str);
            Iterator<PrivilegeDescriptor> it = this.privilegeDescriptors.iterator();
            while (it.hasNext()) {
                String buildPermission = it.next().buildPermission(readPrivilege);
                if (buildPermission != null) {
                    return Collections.singleton(this.permissionFactory.create(buildPermission));
                }
            }
            return Collections.emptySet();
        } catch (NoSuchPrivilegeException e) {
            return Collections.emptySet();
        }
    }
}
