package org.exist.security.internal;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.xerces.impl.Constants;
import org.eclipse.jetty.server.SessionManager;
import org.exist.Database;
import org.exist.EXistException;
import org.exist.collections.Collection;
import org.exist.config.Configuration;
import org.exist.config.ConfigurationException;
import org.exist.config.Configurator;
import org.exist.config.annotation.ConfigurationClass;
import org.exist.config.annotation.ConfigurationFieldAsAttribute;
import org.exist.config.annotation.ConfigurationFieldAsElement;
import org.exist.config.annotation.ConfigurationFieldClassMask;
import org.exist.dom.persistent.DocumentImpl;
import org.exist.scheduler.JobDescription;
import org.exist.security.AbstractRealm;
import org.exist.security.Account;
import org.exist.security.AuthenticationException;
import org.exist.security.Group;
import org.exist.security.PermissionDeniedException;
import org.exist.security.PermissionFactory;
import org.exist.security.Principal;
import org.exist.security.SchemaType;
import org.exist.security.SecurityManager;
import org.exist.security.Session;
import org.exist.security.Subject;
import org.exist.security.internal.aider.GroupAider;
import org.exist.security.realm.Realm;
import org.exist.security.xacml.ExistPDP;
import org.exist.security.xacml.XACMLConstants;
import org.exist.storage.BrokerPool;
import org.exist.storage.DBBroker;
import org.exist.storage.txn.TransactionManager;
import org.exist.storage.txn.Txn;
import org.exist.util.hashtable.Int2ObjectHashMap;
import org.exist.xmldb.XmldbURI;
import org.quartz.Job;
import org.quartz.JobExecutionContext;
import org.quartz.JobExecutionException;

@ConfigurationClass(Constants.SECURITY_MANAGER_PROPERTY)
/* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/internal/SecurityManagerImpl.class */
public class SecurityManagerImpl implements SecurityManager {
    public static final int MAX_USER_ID = 1048571;
    public static final int MAX_GROUP_ID = 1048572;
    public static final String PROPERTY_PERMISSIONS_COLLECTIONS = "indexer.permissions.collection";
    public static final String PROPERTY_PERMISSIONS_RESOURCES = "indexer.permissions.resource";
    public static final Logger LOG = LogManager.getLogger((Class<?>) SecurityManager.class);
    private Database pool;

    @ConfigurationFieldAsElement("authentication-entry-point")
    public static final String authenticationEntryPoint = "/authentication/login";
    private ExistPDP pdp;
    public static final long TIMEOUT_CHECK_PERIOD = 20000;
    protected PrincipalDbById<Group> groupsById = new PrincipalDbById<>();
    protected PrincipalDbById<Account> usersById = new PrincipalDbById<>();
    private final PrincipalLocks<Account> accountLocks = new PrincipalLocks<>();
    private final PrincipalLocks<Group> groupLocks = new PrincipalLocks<>();
    private SessionDb sessions = new SessionDb();

    @ConfigurationFieldAsAttribute("last-account-id")
    protected int lastUserId = 0;

    @ConfigurationFieldAsAttribute("last-group-id")
    protected int lastGroupId = 0;

    @ConfigurationFieldAsAttribute("version")
    private String version = "2.0";
    private Boolean enableXACML = false;

    @ConfigurationFieldAsElement("realm")
    @ConfigurationFieldClassMask("org.exist.security.realm.%1$s.%2$sRealm")
    private List<Realm> realms = new ArrayList();

    @ConfigurationFieldAsElement("events")
    private SMEvents events = null;
    private Collection collection = null;
    private Configuration configuration = null;
    protected Subject systemSubject = null;
    protected Subject guestSubject = null;
    private Map<XmldbURI, Integer> saving = new HashMap();
    private RealmImpl defaultRealm = new RealmImpl(this, null);

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/internal/SecurityManagerImpl$PrincipalDbById.class */
    public static class PrincipalDbById<V extends Principal> {
        private final Int2ObjectHashMap<V> db = new Int2ObjectHashMap<>(65);
        private final ReentrantReadWriteLock lock = new ReentrantReadWriteLock();
        private final ReentrantReadWriteLock.ReadLock readLock = this.lock.readLock();
        private final ReentrantReadWriteLock.WriteLock writeLock = this.lock.writeLock();

        protected PrincipalDbById() {
        }

        public <R> R read(PrincipalDbRead<V, R> principalDbRead) {
            this.readLock.lock();
            try {
                return principalDbRead.execute(this.db);
            } finally {
                this.readLock.unlock();
            }
        }

        public final void modify(PrincipalDbModify<V> principalDbModify) {
            this.writeLock.lock();
            try {
                principalDbModify.execute(this.db);
            } finally {
                this.writeLock.unlock();
            }
        }

        public final <E extends Exception> void modifyE(PrincipalDbModifyE<V, E> principalDbModifyE) throws Exception {
            this.writeLock.lock();
            try {
                principalDbModifyE.execute(this.db);
            } finally {
                this.writeLock.unlock();
            }
        }

        public final <E extends Exception, E2 extends Exception> void modify2E(PrincipalDbModify2E<V, E, E2> principalDbModify2E) throws Exception, Exception {
            this.writeLock.lock();
            try {
                principalDbModify2E.execute(this.db);
            } finally {
                this.writeLock.unlock();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/internal/SecurityManagerImpl$PrincipalDbModify.class */
    public interface PrincipalDbModify<V extends Principal> {
        void execute(Int2ObjectHashMap<V> int2ObjectHashMap);
    }

    /* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/internal/SecurityManagerImpl$PrincipalDbModify2E.class */
    protected interface PrincipalDbModify2E<V extends Principal, E extends Exception, E2 extends Exception> {
        void execute(Int2ObjectHashMap<V> int2ObjectHashMap) throws Exception, Exception;
    }

    /* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/internal/SecurityManagerImpl$PrincipalDbModifyE.class */
    protected interface PrincipalDbModifyE<V extends Principal, E extends Exception> {
        void execute(Int2ObjectHashMap<V> int2ObjectHashMap) throws Exception;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/internal/SecurityManagerImpl$PrincipalDbRead.class */
    public interface PrincipalDbRead<V extends Principal, R> {
        R execute(Int2ObjectHashMap<V> int2ObjectHashMap);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/internal/SecurityManagerImpl$PrincipalLocks.class */
    public static class PrincipalLocks<T extends Principal> {
        private final Map<Integer, ReentrantReadWriteLock> locks;

        private PrincipalLocks() {
            this.locks = new HashMap();
        }

        private synchronized ReentrantReadWriteLock getLock(T t) {
            ReentrantReadWriteLock reentrantReadWriteLock = this.locks.get(Integer.valueOf(t.getId()));
            if (reentrantReadWriteLock == null) {
                reentrantReadWriteLock = new ReentrantReadWriteLock();
                this.locks.put(Integer.valueOf(t.getId()), reentrantReadWriteLock);
            }
            return reentrantReadWriteLock;
        }

        public ReentrantReadWriteLock.ReadLock getReadLock(T t) {
            return getLock(t).readLock();
        }

        public ReentrantReadWriteLock.WriteLock getWriteLock(T t) {
            return getLock(t).writeLock();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/internal/SecurityManagerImpl$SessionDb.class */
    protected static class SessionDb {
        private final Map<String, Session> db = new HashMap();
        private final ReentrantReadWriteLock lock = new ReentrantReadWriteLock();
        private final ReentrantReadWriteLock.ReadLock readLock = this.lock.readLock();
        private final ReentrantReadWriteLock.WriteLock writeLock = this.lock.writeLock();

        protected SessionDb() {
        }

        public <R> R read(SessionDbRead<R> sessionDbRead) {
            this.readLock.lock();
            try {
                return sessionDbRead.execute(this.db);
            } finally {
                this.readLock.unlock();
            }
        }

        public final void modify(SessionDbModify sessionDbModify) {
            this.writeLock.lock();
            try {
                sessionDbModify.execute(this.db);
            } finally {
                this.writeLock.unlock();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/internal/SecurityManagerImpl$SessionDbModify.class */
    public interface SessionDbModify {
        void execute(Map<String, Session> map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/internal/SecurityManagerImpl$SessionDbRead.class */
    public interface SessionDbRead<R> {
        R execute(Map<String, Session> map);
    }

    /* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/internal/SecurityManagerImpl$SessionsCheck.class */
    public static class SessionsCheck implements JobDescription, Job {
        boolean firstRun = true;

        @Override // org.exist.scheduler.JobDescription
        public String getGroup() {
            return "eXist.Security";
        }

        @Override // org.exist.scheduler.JobDescription
        public String getName() {
            return "Sessions.Check";
        }

        @Override // org.exist.scheduler.JobDescription
        public void setName(String str) {
        }

        @Override // org.quartz.Job
        public final void execute(JobExecutionContext jobExecutionContext) throws JobExecutionException {
            SecurityManagerImpl securityManagerImpl;
            Properties properties = (Properties) jobExecutionContext.getJobDetail().getJobDataMap().get("params");
            if (properties == null || (securityManagerImpl = (SecurityManagerImpl) properties.get(SecurityManagerImpl.class.getName())) == null) {
                return;
            }
            securityManagerImpl.sessions.modify(new SessionDbModify() { // from class: org.exist.security.internal.SecurityManagerImpl.SessionsCheck.1
                @Override // org.exist.security.internal.SecurityManagerImpl.SessionDbModify
                public void execute(Map<String, Session> map) {
                    Iterator<Map.Entry<String, Session>> it = map.entrySet().iterator();
                    while (it.hasNext()) {
                        Map.Entry<String, Session> next = it.next();
                        if (next == null || !next.getValue().isValid()) {
                            it.remove();
                        }
                    }
                }
            });
        }
    }

    public SecurityManagerImpl(Database database) throws ConfigurationException {
        this.pool = database;
        this.realms.add(this.defaultRealm);
        PermissionFactory.sm = this;
        Properties properties = new Properties();
        properties.put(getClass().getName(), this);
        this.pool.getScheduler().createPeriodicJob(TIMEOUT_CHECK_PERIOD, new SessionsCheck(), TIMEOUT_CHECK_PERIOD, properties, -1, false);
    }

    @Override // org.exist.security.SecurityManager
    public void attach(BrokerPool brokerPool, DBBroker dBBroker) throws EXistException {
        Txn beginTransaction;
        Throwable th;
        this.pool = brokerPool;
        TransactionManager transactionManager = brokerPool.getTransactionManager();
        try {
            beginTransaction = transactionManager.beginTransaction();
            th = null;
        } catch (Exception e) {
            e.printStackTrace();
            LOG.debug("loading acl failed: " + e.getMessage());
        }
        try {
            try {
                if (dBBroker.getCollection(XmldbURI.SYSTEM_COLLECTION_URI) == null) {
                    Collection orCreateCollection = dBBroker.getOrCreateCollection(beginTransaction, XmldbURI.SYSTEM_COLLECTION_URI);
                    if (orCreateCollection == null) {
                        if (beginTransaction != null) {
                            if (0 == 0) {
                                beginTransaction.close();
                                return;
                            }
                            try {
                                beginTransaction.close();
                                return;
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                                return;
                            }
                        }
                        return;
                    }
                    orCreateCollection.setPermissions(493);
                    dBBroker.saveCollection(beginTransaction, orCreateCollection);
                    transactionManager.commit(beginTransaction);
                }
                if (beginTransaction != null) {
                    if (0 != 0) {
                        try {
                            beginTransaction.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        beginTransaction.close();
                    }
                }
                try {
                    Txn beginTransaction2 = transactionManager.beginTransaction();
                    Throwable th4 = null;
                    try {
                        try {
                            this.collection = dBBroker.getCollection(SECURITY_COLLECTION_URI);
                            if (this.collection == null) {
                                this.collection = dBBroker.getOrCreateCollection(beginTransaction2, SECURITY_COLLECTION_URI);
                                if (this.collection == null) {
                                    if (beginTransaction2 != null) {
                                        if (0 == 0) {
                                            beginTransaction2.close();
                                            return;
                                        }
                                        try {
                                            beginTransaction2.close();
                                            return;
                                        } catch (Throwable th5) {
                                            th4.addSuppressed(th5);
                                            return;
                                        }
                                    }
                                    return;
                                }
                                this.collection.setPermissions(504);
                                dBBroker.saveCollection(beginTransaction2, this.collection);
                                transactionManager.commit(beginTransaction2);
                            }
                            if (beginTransaction2 != null) {
                                if (0 != 0) {
                                    try {
                                        beginTransaction2.close();
                                    } catch (Throwable th6) {
                                        th4.addSuppressed(th6);
                                    }
                                } else {
                                    beginTransaction2.close();
                                }
                            }
                        } catch (Throwable th7) {
                            th4 = th7;
                            throw th7;
                        }
                    } finally {
                    }
                } catch (Exception e2) {
                    e2.printStackTrace();
                    LOG.debug("loading configuration failed: " + e2.getMessage());
                }
                this.configuration = Configurator.configure(this, Configurator.parse(this, dBBroker, this.collection, CONFIG_FILE_URI));
                Iterator<Realm> it = this.realms.iterator();
                while (it.hasNext()) {
                    it.next().start(dBBroker);
                }
                this.enableXACML = (Boolean) dBBroker.getConfiguration().getProperty(XACMLConstants.ENABLE_XACML_PROPERTY);
                if (this.enableXACML == null || !this.enableXACML.booleanValue()) {
                    return;
                }
                this.pdp = new ExistPDP(brokerPool);
                LOG.debug("XACML enabled");
            } catch (Throwable th8) {
                th = th8;
                throw th8;
            }
        } finally {
        }
    }

    @Override // org.exist.security.SecurityManager
    public boolean isXACMLEnabled() {
        return this.pdp != null;
    }

    @Override // org.exist.security.SecurityManager
    public ExistPDP getPDP() {
        return this.pdp;
    }

    @Override // org.exist.security.SecurityManager
    public boolean updateAccount(Account account) throws PermissionDeniedException, EXistException {
        if (account == null) {
            return false;
        }
        if (account.getRealmId() == null) {
            throw new ConfigurationException("Account must have realm id.");
        }
        ReentrantReadWriteLock.WriteLock writeLock = this.accountLocks.getWriteLock(account);
        writeLock.lock();
        try {
            boolean updateAccount = findRealmForRealmId(account.getRealmId()).updateAccount(account);
            writeLock.unlock();
            return updateAccount;
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public boolean updateGroup(Group group) throws PermissionDeniedException, EXistException {
        if (group == null) {
            return false;
        }
        if (group.getRealmId() == null) {
            throw new ConfigurationException("Group must have realm id.");
        }
        ReentrantReadWriteLock.WriteLock writeLock = this.groupLocks.getWriteLock(group);
        writeLock.lock();
        try {
            boolean updateGroup = findRealmForRealmId(group.getRealmId()).updateGroup(group);
            writeLock.unlock();
            return updateGroup;
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public boolean deleteGroup(String str) throws PermissionDeniedException, EXistException {
        Group group = getGroup(str);
        if (group == null) {
            return false;
        }
        if (group.getRealmId() == null) {
            throw new ConfigurationException("Group must have realm id.");
        }
        ReentrantReadWriteLock.WriteLock writeLock = this.groupLocks.getWriteLock(group);
        writeLock.lock();
        try {
            boolean deleteGroup = findRealmForRealmId(group.getRealmId()).deleteGroup(group);
            writeLock.unlock();
            return deleteGroup;
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public boolean deleteAccount(String str) throws PermissionDeniedException, EXistException {
        return deleteAccount(getAccount(str));
    }

    @Override // org.exist.security.SecurityManager
    public boolean deleteAccount(Account account) throws PermissionDeniedException, EXistException {
        if (account == null) {
            return false;
        }
        if (account.getRealmId() == null) {
            throw new ConfigurationException("Account must have realm id.");
        }
        ReentrantReadWriteLock.WriteLock writeLock = this.accountLocks.getWriteLock(account);
        writeLock.lock();
        try {
            boolean deleteAccount = findRealmForRealmId(account.getRealmId()).deleteAccount(account);
            writeLock.unlock();
            return deleteAccount;
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public Account getAccount(String str) {
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            Account account = it.next().getAccount(str);
            if (account != null) {
                return account;
            }
        }
        LOG.debug("Account for '" + str + "' not found!");
        return null;
    }

    @Override // org.exist.security.SecurityManager
    public final Account getAccount(final int i) {
        return (Account) this.usersById.read(new PrincipalDbRead<Account, Account>() { // from class: org.exist.security.internal.SecurityManagerImpl.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.exist.security.internal.SecurityManagerImpl.PrincipalDbRead
            public Account execute(Int2ObjectHashMap<Account> int2ObjectHashMap) {
                return int2ObjectHashMap.get(i);
            }
        });
    }

    @Override // org.exist.security.SecurityManager
    public boolean hasGroup(String str) {
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            if (it.next().hasGroup(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.exist.security.SecurityManager
    public boolean hasGroup(Group group) {
        return hasGroup(group.getName());
    }

    @Override // org.exist.security.SecurityManager
    public Group getGroup(String str) {
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            Group group = it.next().getGroup(str);
            if (group != null) {
                return group;
            }
        }
        return null;
    }

    @Override // org.exist.security.SecurityManager
    public final Group getGroup(final int i) {
        return (Group) this.groupsById.read(new PrincipalDbRead<Group, Group>() { // from class: org.exist.security.internal.SecurityManagerImpl.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.exist.security.internal.SecurityManagerImpl.PrincipalDbRead
            public Group execute(Int2ObjectHashMap<Group> int2ObjectHashMap) {
                return int2ObjectHashMap.get(i);
            }
        });
    }

    @Override // org.exist.security.SecurityManager
    public boolean hasAdminPrivileges(Account account) {
        ReentrantReadWriteLock.ReadLock readLock = this.accountLocks.getReadLock(account);
        readLock.lock();
        try {
            boolean hasDbaRole = account.hasDbaRole();
            readLock.unlock();
            return hasDbaRole;
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public boolean hasAccount(String str) {
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            if (it.next().hasAccount(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.exist.security.SecurityManager
    public Subject authenticate(String str, final Object obj) throws AuthenticationException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Authentication try for '" + str + "'.");
        }
        if (str == null) {
            throw new AuthenticationException(0, "Account NULL not found");
        }
        if (SessionManager.__DefaultSessionIdPathParameterName.equals(str)) {
            if (getSystemSubject().getSessionId().equals(obj)) {
                return getSystemSubject();
            }
            if (getGuestSubject().getSessionId().equals(obj)) {
                return getGuestSubject();
            }
            Subject subject = (Subject) this.sessions.read(new SessionDbRead<Subject>() { // from class: org.exist.security.internal.SecurityManagerImpl.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.exist.security.internal.SecurityManagerImpl.SessionDbRead
                public Subject execute(Map<String, Session> map) {
                    Session session = map.get((String) obj);
                    if (session != null && session.isValid()) {
                        return session.getSubject();
                    }
                    return null;
                }

                @Override // org.exist.security.internal.SecurityManagerImpl.SessionDbRead
                public /* bridge */ /* synthetic */ Subject execute(Map map) {
                    return execute((Map<String, Session>) map);
                }
            });
            if (subject == null) {
                throw new AuthenticationException(3, "Session [" + obj + "] not found");
            }
            if (this.events != null) {
                this.events.authenticated(subject);
            }
            return subject;
        }
        for (Realm realm : this.realms) {
            try {
                Subject authenticate = realm.authenticate(str, obj);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Authenticated by '" + realm.getId() + "' as '" + authenticate + "'.");
                }
                if (this.events != null) {
                    this.events.authenticated(authenticate);
                }
                return authenticate;
            } catch (AuthenticationException e) {
                if (e.getType() != 0) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Realm '" + realm.getId() + "' threw exception for account '" + str + "'. [" + e.getMessage() + "]");
                    }
                    throw e;
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Account '" + str + "' not found, throw error");
        }
        throw new AuthenticationException(0, "Account [" + str + "] not found");
    }

    @Override // org.exist.security.SecurityManager
    public Subject getSystemSubject() {
        if (this.systemSubject == null) {
            this.systemSubject = new SubjectAccreditedImpl(this.defaultRealm.ACCOUNT_SYSTEM, this);
        }
        return this.systemSubject;
    }

    @Override // org.exist.security.SecurityManager
    public Subject getGuestSubject() {
        if (this.guestSubject == null) {
            this.guestSubject = new SubjectAccreditedImpl((AccountImpl) this.defaultRealm.getAccount("guest"), this);
        }
        return this.guestSubject;
    }

    @Override // org.exist.security.SecurityManager
    public Group getDBAGroup() {
        return this.defaultRealm.GROUP_DBA;
    }

    @Override // org.exist.security.SecurityManager
    public Database getDatabase() {
        return this.pool;
    }

    private synchronized int getNextGroupId() {
        if (this.lastGroupId + 1 == 1048572) {
            throw new RuntimeException("System has no more group-ids available");
        }
        int i = this.lastGroupId + 1;
        this.lastGroupId = i;
        return i;
    }

    private synchronized int getNextAccountId() {
        if (this.lastUserId + 1 == 1048571) {
            throw new RuntimeException("System has no more user-ids available");
        }
        int i = this.lastUserId + 1;
        this.lastUserId = i;
        return i;
    }

    @Override // org.exist.security.SecurityManager
    public List<Account> getGroupMembers(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            for (Account account : it.next().getAccounts()) {
                if (account.hasGroup(str)) {
                    arrayList.add(account);
                }
            }
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    public List<String> findAllGroupMembers(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().findAllGroupMembers(str));
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    @Deprecated
    public java.util.Collection<Account> getUsers() {
        return this.defaultRealm.getAccounts();
    }

    @Override // org.exist.security.SecurityManager
    @Deprecated
    public java.util.Collection<Group> getGroups() {
        return this.defaultRealm.getGroups();
    }

    @Override // org.exist.security.SecurityManager
    public void addGroup(String str) throws PermissionDeniedException, EXistException {
        addGroup(new GroupAider(str));
    }

    @Override // org.exist.security.SecurityManager
    public Group addGroup(Group group) throws PermissionDeniedException, EXistException {
        if (group.getRealmId() == null) {
            throw new ConfigurationException("Group must have realm id.");
        }
        if (group.getName() == null || group.getName().isEmpty()) {
            throw new ConfigurationException("Group must have name.");
        }
        int id = group.getId() != -1 ? group.getId() : getNextGroupId();
        AbstractRealm abstractRealm = (AbstractRealm) findRealmForRealmId(group.getRealmId());
        if (abstractRealm.hasGroup(group.getName())) {
            throw new ConfigurationException("The group '" + group.getName() + "' at realm '" + group.getRealmId() + "' already exist.");
        }
        final GroupImpl groupImpl = new GroupImpl(abstractRealm, id, group.getName(), group.getManagers());
        for (SchemaType schemaType : group.getMetadataKeys()) {
            groupImpl.setMetadataValue(schemaType, group.getMetadataValue(schemaType));
        }
        this.groupLocks.getWriteLock(groupImpl).lock();
        try {
            final int i = id;
            this.groupsById.modify(new PrincipalDbModify<Group>() { // from class: org.exist.security.internal.SecurityManagerImpl.4
                @Override // org.exist.security.internal.SecurityManagerImpl.PrincipalDbModify
                public void execute(Int2ObjectHashMap<Group> int2ObjectHashMap) {
                    int2ObjectHashMap.put(i, groupImpl);
                }
            });
            abstractRealm.registerGroup(groupImpl);
            save();
            groupImpl.save();
            this.groupLocks.getWriteLock(groupImpl).unlock();
            return groupImpl;
        } catch (Throwable th) {
            this.groupLocks.getWriteLock(groupImpl).unlock();
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public final Account addAccount(Account account) throws PermissionDeniedException, EXistException {
        if (account.getRealmId() == null) {
            LOG.debug("Account must have realm id.");
            throw new ConfigurationException("Account must have realm id.");
        }
        if (account.getName() == null || account.getName().isEmpty()) {
            LOG.debug("Account must have name.");
            throw new ConfigurationException("Account must have name.");
        }
        int id = account.getId() != -1 ? account.getId() : getNextAccountId();
        AbstractRealm abstractRealm = (AbstractRealm) findRealmForRealmId(account.getRealmId());
        final AccountImpl accountImpl = new AccountImpl(abstractRealm, id, account);
        this.accountLocks.getWriteLock(accountImpl).lock();
        try {
            final int i = id;
            this.usersById.modify(new PrincipalDbModify<Account>() { // from class: org.exist.security.internal.SecurityManagerImpl.5
                @Override // org.exist.security.internal.SecurityManagerImpl.PrincipalDbModify
                public void execute(Int2ObjectHashMap<Account> int2ObjectHashMap) {
                    int2ObjectHashMap.put(i, accountImpl);
                }
            });
            abstractRealm.registerAccount(accountImpl);
            save();
            accountImpl.save();
            this.accountLocks.getWriteLock(accountImpl).unlock();
            return accountImpl;
        } catch (Throwable th) {
            this.accountLocks.getWriteLock(accountImpl).unlock();
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public final Account addAccount(DBBroker dBBroker, Account account) throws PermissionDeniedException, EXistException {
        if (account.getRealmId() == null) {
            throw new ConfigurationException("Account must have realm id.");
        }
        if (account.getName() == null || account.getName().isEmpty()) {
            throw new ConfigurationException("Account must have name.");
        }
        int id = account.getId() != -1 ? account.getId() : getNextAccountId();
        AbstractRealm abstractRealm = (AbstractRealm) findRealmForRealmId(account.getRealmId());
        final AccountImpl accountImpl = new AccountImpl(dBBroker, abstractRealm, id, account);
        this.accountLocks.getWriteLock(accountImpl).lock();
        try {
            final int i = id;
            this.usersById.modify(new PrincipalDbModify<Account>() { // from class: org.exist.security.internal.SecurityManagerImpl.6
                @Override // org.exist.security.internal.SecurityManagerImpl.PrincipalDbModify
                public void execute(Int2ObjectHashMap<Account> int2ObjectHashMap) {
                    int2ObjectHashMap.put(i, accountImpl);
                }
            });
            abstractRealm.registerAccount(accountImpl);
            save(dBBroker);
            accountImpl.save(dBBroker);
            this.accountLocks.getWriteLock(accountImpl).unlock();
            return accountImpl;
        } catch (Throwable th) {
            this.accountLocks.getWriteLock(accountImpl).unlock();
            throw th;
        }
    }

    private void save() throws PermissionDeniedException, EXistException {
        if (this.configuration != null) {
            this.configuration.save();
        }
    }

    private void save(DBBroker dBBroker) throws PermissionDeniedException, EXistException {
        if (this.configuration != null) {
            this.configuration.save(dBBroker);
        }
    }

    @Override // org.exist.config.Configurable
    public boolean isConfigured() {
        return this.configuration != null;
    }

    @Override // org.exist.config.Configurable
    public Configuration getConfiguration() {
        return this.configuration;
    }

    @Override // org.exist.security.SecurityManager
    public void registerSession(final Session session) {
        this.sessions.modify(new SessionDbModify() { // from class: org.exist.security.internal.SecurityManagerImpl.7
            @Override // org.exist.security.internal.SecurityManagerImpl.SessionDbModify
            public void execute(Map<String, Session> map) {
                map.put(session.getId(), session);
            }
        });
    }

    @Override // org.exist.security.SecurityManager
    public Subject getSubjectBySessionId(final String str) {
        return (Subject) this.sessions.read(new SessionDbRead<Subject>() { // from class: org.exist.security.internal.SecurityManagerImpl.8
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.exist.security.internal.SecurityManagerImpl.SessionDbRead
            public Subject execute(Map<String, Session> map) {
                return map.get(str).getSubject();
            }

            @Override // org.exist.security.internal.SecurityManagerImpl.SessionDbRead
            public /* bridge */ /* synthetic */ Subject execute(Map map) {
                return execute((Map<String, Session>) map);
            }
        });
    }

    private Realm findRealmForRealmId(String str) throws ConfigurationException {
        for (Realm realm : this.realms) {
            if (realm.getId().equals(str)) {
                return realm;
            }
        }
        throw new ConfigurationException("The realm id = '" + str + "' not found.");
    }

    @Override // org.exist.security.SecurityManager
    public void addGroup(final int i, final Group group) {
        this.groupsById.modify(new PrincipalDbModify<Group>() { // from class: org.exist.security.internal.SecurityManagerImpl.9
            @Override // org.exist.security.internal.SecurityManagerImpl.PrincipalDbModify
            public void execute(Int2ObjectHashMap<Group> int2ObjectHashMap) {
                int2ObjectHashMap.put(i, group);
            }
        });
    }

    @Override // org.exist.security.SecurityManager
    public void addUser(final int i, final Account account) {
        this.usersById.modify(new PrincipalDbModify<Account>() { // from class: org.exist.security.internal.SecurityManagerImpl.10
            @Override // org.exist.security.internal.SecurityManagerImpl.PrincipalDbModify
            public void execute(Int2ObjectHashMap<Account> int2ObjectHashMap) {
                int2ObjectHashMap.put(i, account);
            }
        });
    }

    @Override // org.exist.security.SecurityManager
    public boolean hasGroup(final int i) {
        return ((Boolean) this.groupsById.read(new PrincipalDbRead<Group, Boolean>() { // from class: org.exist.security.internal.SecurityManagerImpl.11
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.exist.security.internal.SecurityManagerImpl.PrincipalDbRead
            public Boolean execute(Int2ObjectHashMap<Group> int2ObjectHashMap) {
                return Boolean.valueOf(int2ObjectHashMap.containsKey(i));
            }
        })).booleanValue();
    }

    @Override // org.exist.security.SecurityManager
    public boolean hasUser(final int i) {
        return ((Boolean) this.usersById.read(new PrincipalDbRead<Account, Boolean>() { // from class: org.exist.security.internal.SecurityManagerImpl.12
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.exist.security.internal.SecurityManagerImpl.PrincipalDbRead
            public Boolean execute(Int2ObjectHashMap<Account> int2ObjectHashMap) {
                return Boolean.valueOf(int2ObjectHashMap.containsKey(i));
            }
        })).booleanValue();
    }

    @Override // org.exist.security.SecurityManager
    public List<String> findUsernamesWhereNameStarts(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().findUsernamesWhereNameStarts(str));
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    public List<String> findUsernamesWhereUsernameStarts(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().findUsernamesWhereUsernameStarts(str));
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    public List<String> findUsernamesWhereNamePartStarts(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().findUsernamesWhereNamePartStarts(str));
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    public List<String> findGroupnamesWhereGroupnameContains(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().findGroupnamesWhereGroupnameContains(str));
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    public List<String> findGroupnamesWhereGroupnameStarts(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().findGroupnamesWhereGroupnameStarts(str));
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    public List<String> findAllGroupNames() {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().findAllGroupNames());
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    public List<String> findAllUserNames() {
        ArrayList arrayList = new ArrayList();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().findAllUserNames());
        }
        return arrayList;
    }

    @Override // org.exist.security.SecurityManager
    public void processPramatterBeforeSave(DBBroker dBBroker, DocumentImpl documentImpl) throws ConfigurationException {
        XmldbURI uri = documentImpl.getCollection().getURI();
        if (uri.endsWith(SecurityManager.REMOVED_COLLECTION_URI)) {
            uri = uri.removeLastSegment();
        }
        boolean endsWith = uri.endsWith(SecurityManager.ACCOUNTS_COLLECTION_URI);
        boolean endsWith2 = uri.endsWith(SecurityManager.GROUPS_COLLECTION_URI);
        if (endsWith || endsWith2) {
            this.saving.put(documentImpl.getURI(), Configurator.parse(dBBroker.getBrokerPool(), documentImpl).getPropertyInteger("id"));
        }
    }

    @Override // org.exist.security.SecurityManager
    public void processPramatter(DBBroker dBBroker, DocumentImpl documentImpl) throws ConfigurationException {
        XmldbURI uri = documentImpl.getCollection().getURI();
        boolean endsWith = uri.endsWith(SecurityManager.REMOVED_COLLECTION_URI);
        if (endsWith) {
            uri = uri.removeLastSegment();
        }
        boolean endsWith2 = uri.endsWith(SecurityManager.ACCOUNTS_COLLECTION_URI);
        boolean endsWith3 = uri.endsWith(SecurityManager.GROUPS_COLLECTION_URI);
        if (endsWith2 || endsWith3) {
            String xmldbURI = uri.removeLastSegment().lastSegment().toString();
            AbstractRealm abstractRealm = (AbstractRealm) findRealmForRealmId(xmldbURI);
            Configuration parse = Configurator.parse(dBBroker.getBrokerPool(), documentImpl);
            Integer num = -1;
            if (endsWith) {
                num = parse.getPropertyInteger("id");
            }
            String property = parse.getProperty("name");
            if (endsWith2) {
                if (endsWith && num.intValue() > 2 && !hasUser(num.intValue())) {
                    AccountImpl accountImpl = new AccountImpl(abstractRealm, parse);
                    accountImpl.removed = true;
                    addUser(accountImpl.getId(), accountImpl);
                } else if (property == null) {
                    LOG.error("Account '" + property + "' pressent at '" + xmldbURI + "' realm, but get event that new one created.");
                } else if (abstractRealm.hasAccount(property)) {
                    final Integer num2 = this.saving.get(documentImpl.getURI());
                    final Integer propertyInteger = parse.getPropertyInteger("id");
                    if (!propertyInteger.equals(num2)) {
                        final Account account = abstractRealm.getAccount(property);
                        this.accountLocks.getWriteLock(account).lock();
                        try {
                            this.usersById.modify(new PrincipalDbModify<Account>() { // from class: org.exist.security.internal.SecurityManagerImpl.13
                                @Override // org.exist.security.internal.SecurityManagerImpl.PrincipalDbModify
                                public void execute(Int2ObjectHashMap<Account> int2ObjectHashMap) {
                                    int2ObjectHashMap.remove(num2.intValue());
                                    int2ObjectHashMap.put(propertyInteger.intValue(), account);
                                }
                            });
                            this.accountLocks.getWriteLock(account).unlock();
                        } catch (Throwable th) {
                            this.accountLocks.getWriteLock(account).unlock();
                            throw th;
                        }
                    }
                } else {
                    Account accountImpl2 = new AccountImpl(abstractRealm, parse);
                    addUser(accountImpl2.getId(), accountImpl2);
                    abstractRealm.registerAccount(accountImpl2);
                }
            } else if (endsWith3) {
                if (endsWith && num.intValue() > 2 && !hasGroup(num.intValue())) {
                    GroupImpl groupImpl = new GroupImpl(abstractRealm, parse);
                    groupImpl.removed = true;
                    addGroup(groupImpl.getId(), groupImpl);
                } else if (property == null || abstractRealm.hasGroup(property)) {
                    LOG.error("Group '" + property + "' pressent at '" + xmldbURI + "' realm, but get event that new one created.");
                } else {
                    Group groupImpl2 = new GroupImpl(abstractRealm, parse);
                    addGroup(groupImpl2.getId(), groupImpl2);
                    abstractRealm.registerGroup(groupImpl2);
                }
            }
            this.saving.remove(documentImpl.getURI());
        }
    }

    @Override // org.exist.security.SecurityManager
    public String getAuthenticationEntryPoint() {
        return authenticationEntryPoint;
    }

    @Override // org.exist.security.SecurityManager
    public Subject getCurrentSubject() {
        return this.pool.getSubject();
    }

    @Override // org.exist.security.SecurityManager
    public final synchronized void preAllocateAccountId(SecurityManager.PrincipalIdReceiver principalIdReceiver) throws PermissionDeniedException, EXistException {
        int nextAccountId = getNextAccountId();
        save();
        principalIdReceiver.allocate(nextAccountId);
    }

    @Override // org.exist.security.SecurityManager
    public final synchronized void preAllocateGroupId(SecurityManager.PrincipalIdReceiver principalIdReceiver) throws PermissionDeniedException, EXistException {
        int nextGroupId = getNextGroupId();
        save();
        principalIdReceiver.allocate(nextGroupId);
    }
}
