package org.exist.security.internal;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.EXistException;
import org.exist.config.Configuration;
import org.exist.config.ConfigurationException;
import org.exist.config.Reference;
import org.exist.config.ReferenceImpl;
import org.exist.security.AXSchemaType;
import org.exist.security.AbstractAccount;
import org.exist.security.AbstractPrincipal;
import org.exist.security.AbstractRealm;
import org.exist.security.Account;
import org.exist.security.AuthenticationException;
import org.exist.security.EXistSchemaType;
import org.exist.security.Group;
import org.exist.security.PermissionDeniedException;
import org.exist.security.SecurityManager;
import org.exist.security.Subject;
import org.exist.security.UUIDGenerator;
import org.exist.security.internal.aider.UserAider;
import org.exist.storage.BrokerPool;
import org.exist.storage.DBBroker;
import org.exist.storage.txn.TransactionManager;
import org.exist.storage.txn.Txn;
import org.exist.xmldb.XmldbURI;

/* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/internal/RealmImpl.class */
public class RealmImpl extends AbstractRealm {
    public static String ID = "exist";
    private static final Logger LOG = LogManager.getLogger((Class<?>) RealmImpl.class);
    public static final int SYSTEM_ACCOUNT_ID = 1048575;
    public static final int ADMIN_ACCOUNT_ID = 1048574;
    public static final int GUEST_ACCOUNT_ID = 1048573;
    public static final int UNKNOWN_ACCOUNT_ID = 1048572;
    public static final int INITIAL_LAST_ACCOUNT_ID = 10;
    public static final int DBA_GROUP_ID = 1048575;
    public static final int GUEST_GROUP_ID = 1048574;
    public static final int UNKNOWN_GROUP_ID = 1048573;
    public static final int INITIAL_LAST_GROUP_ID = 10;
    protected final AccountImpl ACCOUNT_SYSTEM;
    protected final AccountImpl ACCOUNT_UNKNOWN;
    protected final GroupImpl GROUP_DBA;
    protected final GroupImpl GROUP_GUEST;
    protected final GroupImpl GROUP_UNKNOWN;
    private static final String DEFAULT_ADMIN_PASSWORD = "";
    private static final String DEFAULT_GUEST_PASSWORD = "guest";
    public boolean allowGuestAuthentication;

    public static void setPasswordRealm(String str) {
        ID = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RealmImpl(final SecurityManagerImpl securityManagerImpl, Configuration configuration) throws ConfigurationException {
        super(securityManagerImpl, configuration);
        this.allowGuestAuthentication = true;
        securityManagerImpl.lastUserId = 10;
        securityManagerImpl.lastGroupId = 10;
        this.GROUP_DBA = new GroupImpl(this, 1048575, SecurityManager.DBA_GROUP);
        this.GROUP_DBA.setManagers(new ArrayList<Reference<SecurityManager, Account>>() { // from class: org.exist.security.internal.RealmImpl.1
            {
                add(new ReferenceImpl(securityManagerImpl, "getAccount", "admin"));
            }
        });
        this.GROUP_DBA.setMetadataValue(EXistSchemaType.DESCRIPTION, "Database Administrators");
        securityManagerImpl.addGroup(this.GROUP_DBA.getId(), this.GROUP_DBA);
        registerGroup(this.GROUP_DBA);
        this.ACCOUNT_SYSTEM = new AccountImpl(this, 1048575, SecurityManager.SYSTEM, "", this.GROUP_DBA, true);
        this.ACCOUNT_SYSTEM.setMetadataValue(AXSchemaType.FULLNAME, SecurityManager.SYSTEM);
        this.ACCOUNT_SYSTEM.setMetadataValue(EXistSchemaType.DESCRIPTION, "System Internals");
        securityManagerImpl.addUser(this.ACCOUNT_SYSTEM.getId(), this.ACCOUNT_SYSTEM);
        registerAccount(this.ACCOUNT_SYSTEM);
        this.GROUP_GUEST = new GroupImpl(this, 1048574, "guest");
        this.GROUP_GUEST.setManagers(new ArrayList<Reference<SecurityManager, Account>>() { // from class: org.exist.security.internal.RealmImpl.2
            {
                add(new ReferenceImpl(securityManagerImpl, "getAccount", "admin"));
            }
        });
        this.GROUP_GUEST.setMetadataValue(EXistSchemaType.DESCRIPTION, "Anonymous Users");
        securityManagerImpl.addGroup(this.GROUP_GUEST.getId(), this.GROUP_GUEST);
        registerGroup(this.GROUP_GUEST);
        this.GROUP_UNKNOWN = new GroupImpl(this, 1048573, "");
        this.ACCOUNT_UNKNOWN = new AccountImpl(this, 1048572, "", (String) null, this.GROUP_UNKNOWN);
    }

    @Override // org.exist.security.AbstractRealm, org.exist.LifeCycle
    public void start(DBBroker dBBroker) throws EXistException {
        super.start(dBBroker);
        try {
            createAdminAndGuestIfNotExist(dBBroker);
        } catch (PermissionDeniedException e) {
            if (!((Boolean) dBBroker.getConfiguration().getProperty(BrokerPool.PROPERTY_EXPORT_ONLY, false)).booleanValue()) {
                throw new EXistException(e.getMessage(), e);
            }
        }
    }

    private void createAdminAndGuestIfNotExist(DBBroker dBBroker) throws EXistException, PermissionDeniedException {
        if (getSecurityManager().getAccount(1048574) == null) {
            UserAider userAider = new UserAider(1048574, getId(), "admin");
            userAider.setPassword("");
            userAider.setMetadataValue(AXSchemaType.FULLNAME, "admin");
            userAider.setMetadataValue(EXistSchemaType.DESCRIPTION, "System Administrator");
            userAider.addGroup(SecurityManager.DBA_GROUP);
            getSecurityManager().addAccount(dBBroker, userAider);
        }
        if (getSecurityManager().getAccount(1048573) == null) {
            UserAider userAider2 = new UserAider(1048573, getId(), "guest");
            userAider2.setMetadataValue(AXSchemaType.FULLNAME, "guest");
            userAider2.setMetadataValue(EXistSchemaType.DESCRIPTION, "Anonymous User");
            userAider2.setPassword("guest");
            userAider2.addGroup("guest");
            getSecurityManager().addAccount(dBBroker, userAider2);
        }
    }

    @Override // org.exist.security.realm.Realm
    public String getId() {
        return ID;
    }

    @Override // org.exist.security.management.AccountsManagement
    public boolean deleteAccount(Account account) throws PermissionDeniedException, EXistException {
        if (account == null) {
            return false;
        }
        this.usersByName.modify2E(map -> {
            Txn beginTransaction;
            Throwable th;
            AbstractAccount abstractAccount = (AbstractAccount) map.get(account.getName());
            if (abstractAccount == null) {
                throw new IllegalArgumentException("No such account exists!");
            }
            DBBroker dBBroker = null;
            try {
                dBBroker = getDatabase().get(null);
                Subject subject = dBBroker.getSubject();
                if (!account.getName().equals(subject.getName()) && !subject.hasDbaRole()) {
                    throw new PermissionDeniedException("You are not allowed to delete '" + account.getName() + "' user");
                }
                abstractAccount.setRemoved(true);
                abstractAccount.setCollection(dBBroker, this.collectionRemovedAccounts, XmldbURI.create(UUIDGenerator.getUUID() + ".xml"));
                TransactionManager transactionManager = getDatabase().getTransactionManager();
                try {
                    beginTransaction = transactionManager.beginTransaction();
                    th = null;
                } catch (Exception e) {
                    LOG.warn(e.getMessage(), (Throwable) e);
                }
                try {
                    try {
                        this.collectionAccounts.removeXMLResource(beginTransaction, dBBroker, XmldbURI.create(abstractAccount.getName() + ".xml"));
                        transactionManager.commit(beginTransaction);
                        if (beginTransaction != null) {
                            if (0 != 0) {
                                try {
                                    beginTransaction.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                beginTransaction.close();
                            }
                        }
                        getSecurityManager().addUser(abstractAccount.getId(), abstractAccount);
                        map.remove(abstractAccount.getName());
                        getDatabase().release(dBBroker);
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (beginTransaction != null) {
                        if (th != null) {
                            try {
                                beginTransaction.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            beginTransaction.close();
                        }
                    }
                    throw th3;
                }
            } catch (Throwable th5) {
                getDatabase().release(dBBroker);
                throw th5;
            }
        });
        return true;
    }

    @Override // org.exist.security.management.GroupsManagement
    public boolean deleteGroup(Group group) throws PermissionDeniedException, EXistException {
        if (group == null) {
            return false;
        }
        this.groupsByName.modify2E(map -> {
            AbstractPrincipal abstractPrincipal = (AbstractPrincipal) map.get(group.getName());
            if (abstractPrincipal == 0) {
                throw new IllegalArgumentException("Group does '" + group.getName() + "' not exist!");
            }
            DBBroker activeBroker = getDatabase().getActiveBroker();
            ((Group) abstractPrincipal).assertCanModifyGroup(activeBroker.getSubject());
            abstractPrincipal.setRemoved(true);
            abstractPrincipal.setCollection(activeBroker, this.collectionRemovedGroups, XmldbURI.create(UUIDGenerator.getUUID() + ".xml"));
            TransactionManager transactionManager = getDatabase().getTransactionManager();
            try {
                Txn beginTransaction = transactionManager.beginTransaction();
                Throwable th = null;
                try {
                    try {
                        this.collectionGroups.removeXMLResource(beginTransaction, activeBroker, XmldbURI.create(abstractPrincipal.getName() + ".xml"));
                        transactionManager.commit(beginTransaction);
                        if (beginTransaction != null) {
                            if (0 != 0) {
                                try {
                                    beginTransaction.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                beginTransaction.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Exception e) {
                LOG.warn(e.getMessage(), (Throwable) e);
            }
            getSecurityManager().addGroup(abstractPrincipal.getId(), (Group) abstractPrincipal);
            map.remove(abstractPrincipal.getName());
        });
        return true;
    }

    @Override // org.exist.security.realm.AuthenticatingRealm
    public Subject authenticate(String str, Object obj) throws AuthenticationException {
        Account account = getAccount(str);
        if (account == null) {
            throw new AuthenticationException(0, "Account '" + str + "' not found.");
        }
        if (SecurityManager.SYSTEM.equals(str) || (!this.allowGuestAuthentication && "guest".equals(str))) {
            throw new AuthenticationException(0, "Account '" + str + "' can not be used.");
        }
        if (!account.isEnabled()) {
            throw new AuthenticationException(2, "Account '" + str + "' is disabled.");
        }
        SubjectImpl subjectImpl = new SubjectImpl((AccountImpl) account, obj);
        if (subjectImpl.isAuthenticated()) {
            return subjectImpl;
        }
        throw new AuthenticationException(1, "Wrong password for user [" + str + "] ");
    }

    @Override // org.exist.security.AbstractRealm, org.exist.security.realm.Realm
    public List<String> findUsernamesWhereUsernameStarts(String str) {
        return (List) this.usersByName.read(map -> {
            return (List) map.keySet().stream().filter(str2 -> {
                return str2.startsWith(str);
            }).collect(Collectors.toList());
        });
    }

    @Override // org.exist.security.AbstractRealm, org.exist.security.realm.Realm
    public List<String> findGroupnamesWhereGroupnameStarts(String str) {
        return (List) this.groupsByName.read(map -> {
            return (List) map.keySet().stream().filter(str2 -> {
                return str2.startsWith(str);
            }).collect(Collectors.toList());
        });
    }

    @Override // org.exist.security.AbstractRealm, org.exist.security.realm.Realm
    public Collection<? extends String> findGroupnamesWhereGroupnameContains(String str) {
        return (Collection) this.groupsByName.read(map -> {
            return (List) map.keySet().stream().filter(str2 -> {
                return str2.contains(str);
            }).collect(Collectors.toList());
        });
    }

    @Override // org.exist.security.AbstractRealm, org.exist.security.realm.Realm
    public List<String> findAllGroupNames() {
        return (List) this.groupsByName.read(map -> {
            return new ArrayList(map.keySet());
        });
    }

    @Override // org.exist.security.AbstractRealm, org.exist.security.realm.Realm
    public List<String> findAllUserNames() {
        return (List) this.usersByName.read(map -> {
            return new ArrayList(map.keySet());
        });
    }

    @Override // org.exist.security.AbstractRealm, org.exist.security.realm.Realm
    public List<String> findAllGroupMembers(String str) {
        return (List) this.usersByName.read(map -> {
            return (List) map.values().stream().filter(account -> {
                return account.hasGroup(str);
            }).map(account2 -> {
                return account2.getName();
            }).collect(Collectors.toList());
        });
    }

    @Override // org.exist.security.AbstractRealm, org.exist.security.realm.Realm
    public List<String> findUsernamesWhereNameStarts(String str) {
        return Collections.EMPTY_LIST;
    }

    @Override // org.exist.security.AbstractRealm, org.exist.security.realm.Realm
    public List<String> findUsernamesWhereNamePartStarts(String str) {
        return Collections.EMPTY_LIST;
    }
}
