package org.sonatype.nexus.jsecurity.realms;

import com.google.common.base.Preconditions;
import java.util.ArrayList;
import java.util.List;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.apache.tika.metadata.Metadata;
import org.codehaus.plexus.util.StringUtils;
import org.sonatype.configuration.validation.ValidationMessage;
import org.sonatype.configuration.validation.ValidationResponse;
import org.sonatype.nexus.formfields.RepoTargetComboFormField;
import org.sonatype.security.model.CPrivilege;
import org.sonatype.security.model.CProperty;
import org.sonatype.security.realms.privileges.AbstractPrivilegeDescriptor;
import org.sonatype.security.realms.privileges.PrivilegeDescriptor;
import org.sonatype.security.realms.privileges.PrivilegePropertyDescriptor;
import org.sonatype.security.realms.validator.SecurityValidationContext;

@Singleton
@Named("TargetPrivilegeDescriptor")
/* loaded from: input_file:WEB-INF/lib/nexus-core-2.14.2-01.jar:org/sonatype/nexus/jsecurity/realms/TargetPrivilegeDescriptor.class */
public class TargetPrivilegeDescriptor extends AbstractPrivilegeDescriptor implements PrivilegeDescriptor {
    public static final String TYPE = "target";
    private final PrivilegePropertyDescriptor methodProperty;
    private final PrivilegePropertyDescriptor targetProperty;
    private final PrivilegePropertyDescriptor repositoryProperty;
    private final PrivilegePropertyDescriptor groupProperty;

    @Inject
    public TargetPrivilegeDescriptor(@Named("ApplicationPrivilegeMethodPropertyDescriptor") PrivilegePropertyDescriptor privilegePropertyDescriptor, @Named("TargetPrivilegeRepositoryTargetPropertyDescriptor") PrivilegePropertyDescriptor privilegePropertyDescriptor2, @Named("TargetPrivilegeRepositoryPropertyDescriptor") PrivilegePropertyDescriptor privilegePropertyDescriptor3, @Named("TargetPrivilegeGroupPropertyDescriptor") PrivilegePropertyDescriptor privilegePropertyDescriptor4) {
        this.methodProperty = (PrivilegePropertyDescriptor) Preconditions.checkNotNull(privilegePropertyDescriptor);
        this.targetProperty = (PrivilegePropertyDescriptor) Preconditions.checkNotNull(privilegePropertyDescriptor2);
        this.repositoryProperty = (PrivilegePropertyDescriptor) Preconditions.checkNotNull(privilegePropertyDescriptor3);
        this.groupProperty = (PrivilegePropertyDescriptor) Preconditions.checkNotNull(privilegePropertyDescriptor4);
    }

    @Override // org.sonatype.security.realms.privileges.PrivilegeDescriptor
    public String getName() {
        return RepoTargetComboFormField.DEFAULT_LABEL;
    }

    @Override // org.sonatype.security.realms.privileges.PrivilegeDescriptor
    public List<PrivilegePropertyDescriptor> getPropertyDescriptors() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.methodProperty);
        arrayList.add(this.targetProperty);
        arrayList.add(this.repositoryProperty);
        arrayList.add(this.groupProperty);
        return arrayList;
    }

    @Override // org.sonatype.security.realms.privileges.PrivilegeDescriptor
    public String getType() {
        return "target";
    }

    @Override // org.sonatype.security.realms.privileges.PrivilegeDescriptor
    public String buildPermission(CPrivilege cPrivilege) {
        if (!"target".equals(cPrivilege.getType())) {
            return null;
        }
        String property = getProperty(cPrivilege, "method");
        String property2 = getProperty(cPrivilege, TargetPrivilegeRepositoryTargetPropertyDescriptor.ID);
        String property3 = getProperty(cPrivilege, "repositoryId");
        String property4 = getProperty(cPrivilege, TargetPrivilegeGroupPropertyDescriptor.ID);
        StringBuilder sb = new StringBuilder();
        sb.append("nexus:target:");
        sb.append(property2);
        sb.append(Metadata.NAMESPACE_PREFIX_DELIMITER);
        StringBuilder sb2 = new StringBuilder();
        sb2.append(Metadata.NAMESPACE_PREFIX_DELIMITER);
        if (StringUtils.isEmpty(property)) {
            sb2.append("*");
        } else {
            sb2.append(property);
        }
        return !StringUtils.isEmpty(property3) ? ((Object) sb) + property3 + ((Object) sb2) : !StringUtils.isEmpty(property4) ? ((Object) sb) + property4 + ((Object) sb2) : ((Object) sb) + "*" + ((Object) sb2);
    }

    @Override // org.sonatype.security.realms.privileges.AbstractPrivilegeDescriptor, org.sonatype.security.realms.privileges.PrivilegeDescriptor
    public ValidationResponse validatePrivilege(CPrivilege cPrivilege, SecurityValidationContext securityValidationContext, boolean z) {
        ValidationResponse validatePrivilege = super.validatePrivilege(cPrivilege, securityValidationContext, z);
        if (!"target".equals(cPrivilege.getType())) {
            return validatePrivilege;
        }
        String str = null;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        for (CProperty cProperty : cPrivilege.getProperties()) {
            if (cProperty.getKey().equals("method")) {
                str = cProperty.getValue();
            } else if (cProperty.getKey().equals("repositoryId")) {
                str2 = cProperty.getValue();
            } else if (cProperty.getKey().equals(TargetPrivilegeRepositoryTargetPropertyDescriptor.ID)) {
                str3 = cProperty.getValue();
            } else if (cProperty.getKey().equals(TargetPrivilegeGroupPropertyDescriptor.ID)) {
                str4 = cProperty.getValue();
            }
        }
        if (StringUtils.isEmpty(str3)) {
            validatePrivilege.addValidationError(new ValidationMessage(TargetPrivilegeRepositoryTargetPropertyDescriptor.ID, "Privilege ID '" + cPrivilege.getId() + "' requires a repositoryTargetId.", "Repository Target is required."));
        }
        if (!StringUtils.isEmpty(str2) && !StringUtils.isEmpty(str4)) {
            validatePrivilege.addValidationError(new ValidationMessage("repositoryId", "Privilege ID '" + cPrivilege.getId() + "' cannot be assigned to both a group and repository.  Either assign a group, a repository or neither (which assigns to ALL repositories).", "Cannot select both a Repository and Repository Group."));
        }
        if (StringUtils.isEmpty(str)) {
            validatePrivilege.addValidationError("Method cannot be empty on a privilege!");
        } else {
            boolean z2 = true;
            String[] split = str.contains(",") ? str.split(",") : new String[]{str};
            int length = split.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String str5 = split[i];
                if (!org.sonatype.security.legacy.model.v1_0_0.CPrivilege.METHOD_CREATE.equals(str5) && !org.sonatype.security.legacy.model.v1_0_0.CPrivilege.METHOD_DELETE.equals(str5) && !org.sonatype.security.legacy.model.v1_0_0.CPrivilege.METHOD_READ.equals(str5) && !org.sonatype.security.legacy.model.v1_0_0.CPrivilege.METHOD_UPDATE.equals(str5) && !"*".equals(str5)) {
                    z2 = false;
                    break;
                }
                i++;
            }
            if (!z2) {
                validatePrivilege.addValidationError(new ValidationMessage("method", "Privilege ID '" + cPrivilege.getId() + "' Method is wrong! (Allowed methods are: create, delete, read and update)", "Invalid method selected."));
            }
        }
        return validatePrivilege;
    }
}
