package org.artifactory.rest.common.security;

import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import org.artifactory.api.config.CentralConfigService;
import org.artifactory.api.security.AclService;
import org.artifactory.api.security.UserGroupService;
import org.artifactory.descriptor.config.MutableCentralConfigDescriptor;
import org.artifactory.model.xstream.security.AceImpl;
import org.artifactory.rest.exception.BadRequestException;
import org.artifactory.security.AceInfo;
import org.artifactory.security.Acl;
import org.artifactory.security.GroupInfo;
import org.artifactory.security.MutableAceInfo;
import org.artifactory.security.PermissionTargetAcls;
import org.artifactory.security.PermissionTargetNaming;
import org.artifactory.security.PrincipalConfiguration;
import org.artifactory.security.RepoPermissionTarget;
import org.artifactory.security.UserInfo;
import org.artifactory.util.CollectionUtils;

/* loaded from: input_file:org/artifactory/rest/common/security/RestSecurityHelperCommon.class */
public class RestSecurityHelperCommon {
    private static final String ERR_CANNOT_ADD_ADMIN = "' has admin privileges, and cannot be added to a Permission Target.";
    private static final String ERR_NON_EXISTING_PRINCIPAL = "Permission target contains a reference to a non-existing ";
    public static final String CONFLICT_ERR_MSG = "The permission target name that was provided in the request path does not match the permission name in the provided permission configuration object.";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.artifactory.rest.common.security.RestSecurityHelperCommon$1, reason: invalid class name */
    /* loaded from: input_file:org/artifactory/rest/common/security/RestSecurityHelperCommon$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$artifactory$security$PermissionTargetNaming = new int[PermissionTargetNaming.values().length];

        static {
            try {
                $SwitchMap$org$artifactory$security$PermissionTargetNaming[PermissionTargetNaming.NAMING_BACKEND.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$artifactory$security$PermissionTargetNaming[PermissionTargetNaming.NAMING_DISPLAY.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$artifactory$security$PermissionTargetNaming[PermissionTargetNaming.NAMING_UI.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    private RestSecurityHelperCommon() {
    }

    public static PermissionTargetAcls getExistingPermissionTarget(AclService aclService, String str) {
        return new PermissionTargetAcls(str, aclService.getRepoAcl(str), aclService.getBuildAcl(str), aclService.getReleaseBundleAcl(str));
    }

    public static PermissionTargetAcls getExistingPermissionTargetByLicense(AclService aclService, String str) {
        return new PermissionTargetAcls(str, aclService.getRepoAcl(str), aclService.getBuildAcl(str), aclService.getReleaseBundleAclByLicense(str));
    }

    @Nonnull
    public static Set<AceInfo> getAcesForAcl(PrincipalConfiguration principalConfiguration, PermissionTargetNaming permissionTargetNaming) {
        if (principalConfiguration == null) {
            return Sets.newHashSet();
        }
        HashSet newHashSet = Sets.newHashSet();
        addPrincipalAces(newHashSet, principalConfiguration.getUsers(), false, permissionTargetNaming);
        addPrincipalAces(newHashSet, principalConfiguration.getGroups(), true, permissionTargetNaming);
        return newHashSet;
    }

    private static void addPrincipalAces(Set<AceInfo> set, Map<String, Set<String>> map, boolean z, PermissionTargetNaming permissionTargetNaming) {
        if (map != null) {
            for (Map.Entry<String, Set<String>> entry : map.entrySet()) {
                AceImpl aceImpl = new AceImpl();
                aceImpl.setPrincipal(entry.getKey());
                setPermissionActionsByNamingConvention(permissionTargetNaming, aceImpl, entry.getValue());
                aceImpl.setGroup(z);
                set.add(aceImpl);
            }
        }
    }

    private static void setPermissionActionsByNamingConvention(PermissionTargetNaming permissionTargetNaming, MutableAceInfo mutableAceInfo, Set<String> set) {
        switch (AnonymousClass1.$SwitchMap$org$artifactory$security$PermissionTargetNaming[permissionTargetNaming.ordinal()]) {
            case 1:
                mutableAceInfo.setPermissionsFromStrings(set);
                return;
            case 2:
                mutableAceInfo.setPermissionsFromDisplayNames(set);
                return;
            case 3:
                mutableAceInfo.setPermissionsFromUiNames(set);
                return;
            default:
                mutableAceInfo.setPermissionsFromStrings(set);
                return;
        }
    }

    public static String getFirstNonExistingRepoFromList(List<String> list, CentralConfigService centralConfigService, AclService aclService) {
        if (list == null) {
            return null;
        }
        MutableCentralConfigDescriptor mutableDescriptor = centralConfigService.getMutableDescriptor();
        for (String str : aclService.convertCachedRepoKeysToRemote(list)) {
            if (!mutableDescriptor.isRepositoryExists(str) && !"ANY".equals(str) && !"ANY REMOTE".equals(str) && !"ANY LOCAL".equals(str) && !"ANY DISTRIBUTION".equals(str)) {
                return str;
            }
        }
        return null;
    }

    public static void checkForNonExistingPrinciples(UserGroupService userGroupService, PrincipalConfiguration principalConfiguration, PermissionTargetAcls permissionTargetAcls) throws BadRequestException {
        if (principalConfiguration != null) {
            if (principalConfiguration.getUsers() != null) {
                principalConfiguration.getUsers().entrySet().stream().filter(entry -> {
                    return CollectionUtils.notNullOrEmpty((Collection) entry.getValue());
                }).map((v0) -> {
                    return v0.getKey();
                }).forEach(str -> {
                    validateUserExistsAndNonAdmin(userGroupService, str, permissionDoesntContainPrincipal(permissionTargetAcls, str, false));
                });
            }
            if (principalConfiguration.getGroups() != null) {
                principalConfiguration.getGroups().entrySet().stream().filter(entry2 -> {
                    return CollectionUtils.notNullOrEmpty((Collection) entry2.getValue());
                }).map((v0) -> {
                    return v0.getKey();
                }).forEach(str2 -> {
                    validateGroupExistsAndNonAdmin(userGroupService, str2, permissionDoesntContainPrincipal(permissionTargetAcls, str2, true));
                });
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void validateUserExistsAndNonAdmin(UserGroupService userGroupService, String str, boolean z) {
        try {
            UserInfo findUser = userGroupService.findUser(str);
            if (z && findUser.isEffectiveAdmin()) {
                throw new BadRequestException("User '" + str + ERR_CANNOT_ADD_ADMIN);
            }
        } catch (Exception e) {
            throw new BadRequestException("Permission target contains a reference to a non-existing user '" + str + "'.");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void validateGroupExistsAndNonAdmin(UserGroupService userGroupService, String str, boolean z) {
        GroupInfo findGroup = userGroupService.findGroup(str);
        if (findGroup == null) {
            throw new BadRequestException("Permission target contains a reference to a non-existing group '" + str + "'.");
        }
        if (z && findGroup.isAdminPrivileges()) {
            throw new BadRequestException("Group '" + str + ERR_CANNOT_ADD_ADMIN);
        }
    }

    private static boolean permissionDoesntContainPrincipal(PermissionTargetAcls permissionTargetAcls, String str, boolean z) {
        if (permissionTargetAcls == null) {
            return true;
        }
        return aclDoesntContainPrincipal(permissionTargetAcls.getRepoAcl(), str, z) && aclDoesntContainPrincipal(permissionTargetAcls.getBuildAcl(), str, z) && aclDoesntContainPrincipal(permissionTargetAcls.getReleaseBundleAcl(), str, z);
    }

    private static boolean aclDoesntContainPrincipal(Acl<? extends RepoPermissionTarget> acl, String str, boolean z) {
        return acl == null || acl.getAces().stream().noneMatch(aceInfo -> {
            return str.equals(aceInfo.getPrincipal()) && aceInfo.isGroup() == z;
        });
    }
}
