package org.sonatype.security.realms;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.enterprise.inject.Typed;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.credential.Sha1CredentialsMatcher;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.PrincipalCollection;
import org.eclipse.sisu.Description;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonatype.security.SecuritySystem;
import org.sonatype.security.usermanagement.RoleIdentifier;
import org.sonatype.security.usermanagement.RoleMappingUserManager;
import org.sonatype.security.usermanagement.UserManager;
import org.sonatype.security.usermanagement.UserNotFoundException;

@Named(XmlAuthorizingRealm.ROLE)
@Description("Xml Authorizing Realm")
@Singleton
@Typed({Realm.class})
/* loaded from: input_file:WEB-INF/lib/nexus-security-realms-2.14.2-01.jar:org/sonatype/security/realms/XmlAuthorizingRealm.class */
public class XmlAuthorizingRealm extends AuthorizingRealm implements Realm {
    private static final Logger logger = LoggerFactory.getLogger(XmlAuthorizingRealm.class);
    public static final String ROLE = "XmlAuthorizingRealm";
    private final UserManager userManager;
    private final Map<String, UserManager> userManagerMap;
    private final SecuritySystem securitySystem;

    @Inject
    public XmlAuthorizingRealm(UserManager userManager, SecuritySystem securitySystem, Map<String, UserManager> map) {
        this.userManager = userManager;
        this.securitySystem = securitySystem;
        this.userManagerMap = map;
        setCredentialsMatcher(new Sha1CredentialsMatcher());
        setName(ROLE);
    }

    @Override // org.apache.shiro.realm.AuthenticatingRealm, org.apache.shiro.realm.Realm
    public boolean supports(AuthenticationToken authenticationToken) {
        return false;
    }

    @Override // org.apache.shiro.realm.AuthenticatingRealm
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        return null;
    }

    @Override // org.apache.shiro.realm.AuthorizingRealm
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        if (principalCollection == null) {
            throw new AuthorizationException("Cannot authorize with no principals.");
        }
        String obj = principalCollection.getPrimaryPrincipal().toString();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet(principalCollection.getRealmNames());
        if (!hashSet2.contains(getName())) {
            boolean z = false;
            Iterator<Realm> it = this.securitySystem.getSecurityManager().getRealms().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (hashSet2.contains(it.next().getName())) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                throw new AuthorizationException("User for principals: " + principalCollection.getPrimaryPrincipal() + " belongs to a disabled realm(s): " + principalCollection.getRealmNames() + ".");
            }
        }
        cleanUpRealmList(hashSet2);
        if (RoleMappingUserManager.class.isInstance(this.userManager)) {
            for (String str : hashSet2) {
                try {
                    Iterator<RoleIdentifier> it2 = ((RoleMappingUserManager) this.userManager).getUsersRoles(obj, str).iterator();
                    while (it2.hasNext()) {
                        hashSet.add(it2.next().getRoleId());
                    }
                } catch (UserNotFoundException e) {
                    if (logger.isTraceEnabled()) {
                        logger.trace("Failed to find role mappings for user: " + obj + " realm: " + str);
                    }
                }
            }
        } else {
            if (!hashSet2.contains("default")) {
                throw new AuthorizationException("User for principals: " + principalCollection.getPrimaryPrincipal() + " not manged by XML realm.");
            }
            try {
                Iterator<RoleIdentifier> it3 = this.userManager.getUser(obj).getRoles().iterator();
                while (it3.hasNext()) {
                    hashSet.add(it3.next().getRoleId());
                }
            } catch (UserNotFoundException e2) {
                throw new AuthorizationException("User for principals: " + principalCollection.getPrimaryPrincipal() + " could not be found.", e2);
            }
        }
        return new SimpleAuthorizationInfo(hashSet);
    }

    private void cleanUpRealmList(Set<String> set) {
        for (UserManager userManager : this.userManagerMap.values()) {
            String authenticationRealmName = userManager.getAuthenticationRealmName();
            if (authenticationRealmName != null && set.contains(authenticationRealmName)) {
                set.remove(authenticationRealmName);
                set.add(userManager.getSource());
            }
        }
        if (set.contains(getName())) {
            set.remove(getName());
            set.add("default");
        }
    }
}
