package org.exist.security;

import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.function.Consumer;
import java.util.function.Function;
import org.exist.Database;
import org.exist.EXistException;
import org.exist.collections.Collection;
import org.exist.collections.triggers.TriggerException;
import org.exist.config.Configurable;
import org.exist.config.Configuration;
import org.exist.config.ConfigurationException;
import org.exist.config.Configurator;
import org.exist.dom.persistent.DocumentImpl;
import org.exist.security.internal.AccountImpl;
import org.exist.security.internal.GroupImpl;
import org.exist.security.internal.SecurityManagerImpl;
import org.exist.security.realm.Realm;
import org.exist.security.utils.Utils;
import org.exist.storage.DBBroker;
import org.exist.storage.txn.TransactionManager;
import org.exist.storage.txn.Txn;
import org.exist.util.LockException;
import org.exist.util.function.Consumer2E;
import org.exist.util.function.ConsumerE;
import org.exist.xmldb.XmldbURI;
import org.hibernate.validator.internal.metadata.core.ConstraintHelper;

/* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/AbstractRealm.class */
public abstract class AbstractRealm implements Realm, Configurable {
    private SecurityManager sm;
    protected Configuration configuration;
    protected final PrincipalDbByName<Account> usersByName = new PrincipalDbByName<>();
    protected final PrincipalDbByName<Group> groupsByName = new PrincipalDbByName<>();
    protected Collection collectionRealm = null;
    protected Collection collectionAccounts = null;
    protected Collection collectionGroups = null;
    protected Collection collectionRemovedAccounts = null;
    protected Collection collectionRemovedGroups = null;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/AbstractRealm$PrincipalDbByName.class */
    public static class PrincipalDbByName<V extends Principal> {
        private final Map<String, V> db = new HashMap(65);
        private final ReentrantReadWriteLock lock = new ReentrantReadWriteLock();
        private final ReentrantReadWriteLock.ReadLock readLock = this.lock.readLock();
        private final ReentrantReadWriteLock.WriteLock writeLock = this.lock.writeLock();

        protected PrincipalDbByName() {
        }

        public <R> R read(Function<Map<String, V>, R> function) {
            this.readLock.lock();
            try {
                return function.apply(this.db);
            } finally {
                this.readLock.unlock();
            }
        }

        public final void modify(Consumer<Map<String, V>> consumer) {
            this.writeLock.lock();
            try {
                consumer.accept(this.db);
            } finally {
                this.writeLock.unlock();
            }
        }

        public final <E extends Throwable> void modifyE(ConsumerE<Map<String, V>, E> consumerE) throws Throwable {
            this.writeLock.lock();
            try {
                consumerE.accept(this.db);
            } finally {
                this.writeLock.unlock();
            }
        }

        public final <E1 extends Exception, E2 extends Exception> void modify2E(Consumer2E<Map<String, V>, E1, E2> consumer2E) throws Exception, Exception {
            this.writeLock.lock();
            try {
                consumer2E.accept(this.db);
            } finally {
                this.writeLock.unlock();
            }
        }
    }

    public AbstractRealm(SecurityManager securityManager, Configuration configuration) {
        this.sm = securityManager;
        this.configuration = Configurator.configure(this, configuration);
    }

    @Override // org.exist.security.realm.Realm
    public Database getDatabase() {
        return getSecurityManager().getDatabase();
    }

    @Override // org.exist.security.realm.Realm
    public SecurityManager getSecurityManager() {
        return this.sm;
    }

    protected void initialiseRealmStorage(DBBroker dBBroker) throws EXistException {
        XmldbURI append = SecurityManager.SECURITY_COLLECTION_URI.append(getId());
        TransactionManager transactionManager = dBBroker.getBrokerPool().getTransactionManager();
        try {
            Txn beginTransaction = transactionManager.beginTransaction();
            Throwable th = null;
            try {
                try {
                    this.collectionRealm = Utils.getOrCreateCollection(dBBroker, beginTransaction, append);
                    this.collectionAccounts = Utils.getOrCreateCollection(dBBroker, beginTransaction, append.append("accounts"));
                    this.collectionGroups = Utils.getOrCreateCollection(dBBroker, beginTransaction, append.append(ConstraintHelper.GROUPS));
                    this.collectionRemovedAccounts = Utils.getOrCreateCollection(dBBroker, beginTransaction, append.append("accounts").append("removed"));
                    this.collectionRemovedGroups = Utils.getOrCreateCollection(dBBroker, beginTransaction, append.append(ConstraintHelper.GROUPS).append("removed"));
                    transactionManager.commit(beginTransaction);
                    if (beginTransaction != null) {
                        if (0 != 0) {
                            try {
                                beginTransaction.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            beginTransaction.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException | TriggerException | PermissionDeniedException | LockException e) {
            throw new EXistException(e);
        }
    }

    private void loadGroupsFromRealmStorage(DBBroker dBBroker) throws ConfigurationException, PermissionDeniedException, LockException {
        if (this.collectionGroups == null || this.collectionGroups.getDocumentCount(dBBroker) <= 0) {
            return;
        }
        Iterator<DocumentImpl> it = this.collectionGroups.iterator(dBBroker);
        while (it.hasNext()) {
            Configuration parse = Configurator.parse(dBBroker.getBrokerPool(), it.next());
            String property = parse.getProperty("name");
            this.groupsByName.modifyE(map -> {
                if (property == null || map.containsKey(property)) {
                    return;
                }
                GroupImpl groupImpl = new GroupImpl(this, parse);
                getSecurityManager().addGroup(groupImpl.getId(), groupImpl);
                map.put(groupImpl.getName(), groupImpl);
                if (groupImpl.getId() > 0) {
                    groupImpl.setCollection(dBBroker, this.collectionGroups);
                }
            });
        }
    }

    private void loadRemovedGroupsFromRealmStorage(DBBroker dBBroker) throws ConfigurationException, PermissionDeniedException, LockException {
        if (this.collectionRemovedGroups == null || this.collectionRemovedGroups.getDocumentCount(dBBroker) <= 0) {
            return;
        }
        Iterator<DocumentImpl> it = this.collectionRemovedGroups.iterator(dBBroker);
        while (it.hasNext()) {
            Configuration parse = Configurator.parse(dBBroker.getBrokerPool(), it.next());
            Integer propertyInteger = parse.getPropertyInteger("id");
            if (propertyInteger != null && !getSecurityManager().hasGroup(propertyInteger.intValue())) {
                GroupImpl groupImpl = new GroupImpl(this, parse);
                groupImpl.removed = true;
                getSecurityManager().addGroup(groupImpl.getId(), groupImpl);
            }
        }
    }

    private void loadAccountsFromRealmStorage(DBBroker dBBroker) throws ConfigurationException, PermissionDeniedException, LockException {
        if (this.collectionAccounts == null || this.collectionAccounts.getDocumentCount(dBBroker) <= 0) {
            return;
        }
        Iterator<DocumentImpl> it = this.collectionAccounts.iterator(dBBroker);
        while (it.hasNext()) {
            DocumentImpl next = it.next();
            Configuration parse = Configurator.parse(dBBroker.getBrokerPool(), next);
            String property = parse.getProperty("name");
            this.usersByName.modifyE(map -> {
                if (property == null || map.containsKey(property)) {
                    return;
                }
                try {
                    AccountImpl accountImpl = new AccountImpl(this, parse);
                    getSecurityManager().addUser(accountImpl.getId(), accountImpl);
                    map.put(accountImpl.getName(), accountImpl);
                    if (accountImpl.getId() > 0) {
                        accountImpl.setCollection(dBBroker, this.collectionAccounts);
                    }
                } catch (Throwable th) {
                    SecurityManagerImpl.LOG.error("Account object can't build up from '" + next.getFileURI() + "'", th);
                }
            });
        }
    }

    private void loadRemovedAccountsFromRealmStorage(DBBroker dBBroker) throws ConfigurationException, PermissionDeniedException, LockException {
        if (this.collectionRemovedAccounts == null || this.collectionRemovedAccounts.getDocumentCount(dBBroker) <= 0) {
            return;
        }
        Iterator<DocumentImpl> it = this.collectionRemovedAccounts.iterator(dBBroker);
        while (it.hasNext()) {
            Configuration parse = Configurator.parse(dBBroker.getBrokerPool(), it.next());
            Integer propertyInteger = parse.getPropertyInteger("id");
            if (propertyInteger != null && !getSecurityManager().hasUser(propertyInteger.intValue())) {
                AccountImpl accountImpl = new AccountImpl(this, parse);
                accountImpl.removed = true;
                getSecurityManager().addUser(accountImpl.getId(), accountImpl);
            }
        }
    }

    @Override // org.exist.LifeCycle
    public void start(DBBroker dBBroker) throws EXistException {
        initialiseRealmStorage(dBBroker);
        try {
            loadGroupsFromRealmStorage(dBBroker);
            loadRemovedGroupsFromRealmStorage(dBBroker);
            loadAccountsFromRealmStorage(dBBroker);
            loadRemovedAccountsFromRealmStorage(dBBroker);
        } catch (PermissionDeniedException | LockException e) {
            throw new EXistException(e);
        }
    }

    @Override // org.exist.LifeCycle
    public void sync(DBBroker dBBroker) throws EXistException {
    }

    @Override // org.exist.LifeCycle
    public void stop(DBBroker dBBroker) throws EXistException {
    }

    public void save() throws PermissionDeniedException, EXistException, IOException {
        this.configuration.save();
    }

    public final Account registerAccount(Account account) {
        this.usersByName.modify(map -> {
            if (map.containsKey(account.getName())) {
                throw new IllegalArgumentException("Account " + account.getName() + " exist.");
            }
            map.put(account.getName(), account);
        });
        return account;
    }

    public final Group registerGroup(Group group) {
        this.groupsByName.modify(map -> {
            if (map.containsKey(group.getName())) {
                throw new IllegalArgumentException("Group " + group.getName() + " already exists.");
            }
            map.put(group.getName(), group);
        });
        return group;
    }

    @Override // org.exist.security.management.AccountsManagement
    public Account getAccount(String str) {
        return (Account) this.usersByName.read(map -> {
            return (Account) map.get(str);
        });
    }

    @Override // org.exist.security.management.AccountsManagement
    public final boolean hasAccount(String str) {
        return ((Boolean) this.usersByName.read(map -> {
            return Boolean.valueOf(map.containsKey(str));
        })).booleanValue();
    }

    @Override // org.exist.security.management.AccountsManagement
    public final boolean hasAccount(Account account) {
        return hasAccount(account.getName());
    }

    @Override // org.exist.security.realm.Realm
    public final java.util.Collection<Account> getAccounts() {
        return (java.util.Collection) this.usersByName.read(map -> {
            return map.values();
        });
    }

    @Override // org.exist.security.management.GroupsManagement
    public final boolean hasGroup(String str) {
        return ((Boolean) this.groupsByName.read(map -> {
            return Boolean.valueOf(map.containsKey(str));
        })).booleanValue();
    }

    @Override // org.exist.security.management.GroupsManagement
    public final boolean hasGroup(Group group) {
        return hasGroup(group.getName());
    }

    @Override // org.exist.security.management.GroupsManagement
    public Group getGroup(String str) {
        return (Group) this.groupsByName.read(map -> {
            return (Group) map.get(str);
        });
    }

    @Override // org.exist.security.realm.Realm
    public final java.util.Collection<Group> getRoles() {
        return getGroups();
    }

    @Override // org.exist.security.realm.Realm
    public final java.util.Collection<Group> getGroups() {
        return (java.util.Collection) this.groupsByName.read(map -> {
            return map.values();
        });
    }

    protected Collection getCollection() {
        return this.collectionRealm;
    }

    @Override // org.exist.security.management.GroupsManagement
    public Group addGroup(Group group) throws PermissionDeniedException, EXistException {
        if (group.getRealmId() == null) {
            throw new ConfigurationException("Group's realmId is null.");
        }
        if (getId().equals(group.getRealmId())) {
            return getSecurityManager().addGroup(group);
        }
        throw new ConfigurationException("Group from different realm");
    }

    @Override // org.exist.security.management.AccountsManagement
    public Account addAccount(Account account) throws PermissionDeniedException, EXistException, ConfigurationException {
        if (account.getRealmId() == null) {
            throw new ConfigurationException("Account's realmId is null.");
        }
        if (getId().equals(account.getRealmId())) {
            return getSecurityManager().addAccount(account);
        }
        throw new ConfigurationException("Account from different realm");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.exist.security.management.AccountsManagement
    public boolean updateAccount(Account account) throws PermissionDeniedException, EXistException {
        account.assertCanModifyAccount(getDatabase().getSubject());
        Account account2 = getAccount(account.getName());
        if (account2 == 0) {
            throw new PermissionDeniedException("account " + account.getName() + " does not exist");
        }
        String[] groups = account.getGroups();
        for (int i = 0; i < groups.length; i++) {
            if (!account2.hasGroup(groups[i])) {
                account2.addGroup(groups[i]);
            }
        }
        String[] groups2 = account2.getGroups();
        for (int i2 = 0; i2 < groups2.length; i2++) {
            if (!account.hasGroup(groups2[i2])) {
                account2.remGroup(groups2[i2]);
            }
        }
        if (account.getPassword() != null) {
            account2.setPassword(account.getPassword());
        }
        account2.setUserMask(account.getUserMask());
        if (account.hashCode() != account2.hashCode()) {
            account2.clearMetadata();
            for (SchemaType schemaType : account.getMetadataKeys()) {
                account2.setMetadataValue(schemaType, account.getMetadataValue(schemaType));
            }
        }
        ((AbstractPrincipal) account2).save();
        return true;
    }

    @Override // org.exist.security.management.GroupsManagement
    public boolean updateGroup(Group group) throws PermissionDeniedException, EXistException {
        group.assertCanModifyGroup(getDatabase().getSubject());
        Group group2 = getGroup(group.getName());
        if (group2 == null) {
            throw new PermissionDeniedException("group " + group.getName() + " does not exist");
        }
        for (Account account : group.getManagers()) {
            if (!group2.isManager(account)) {
                group2.addManager(account);
            }
        }
        for (Account account2 : group2.getManagers()) {
            if (!group.isManager(account2)) {
                group2.removeManager(account2);
            }
        }
        if (group.hashCode() != group2.hashCode()) {
            group2.clearMetadata();
            for (SchemaType schemaType : group.getMetadataKeys()) {
                group2.setMetadataValue(schemaType, group.getMetadataValue(schemaType));
            }
        }
        group2.save();
        return true;
    }

    @Override // org.exist.security.realm.Realm
    public Group getExternalGroup(String str) {
        return getSecurityManager().getGroup(str);
    }

    @Override // org.exist.config.Configurable
    public boolean isConfigured() {
        return this.configuration != null;
    }

    @Override // org.exist.config.Configurable
    public Configuration getConfiguration() {
        return this.configuration;
    }

    @Override // org.exist.security.realm.Realm
    public List<String> findUsernamesWhereNameStarts(String str) {
        return Collections.EMPTY_LIST;
    }

    @Override // org.exist.security.realm.Realm
    public List<String> findUsernamesWhereUsernameStarts(String str) {
        return Collections.EMPTY_LIST;
    }

    @Override // org.exist.security.realm.Realm
    public List<String> findAllGroupNames() {
        return Collections.EMPTY_LIST;
    }

    @Override // org.exist.security.realm.Realm
    public List<String> findAllUserNames() {
        return Collections.EMPTY_LIST;
    }

    @Override // org.exist.security.realm.Realm
    public List<String> findAllGroupMembers(String str) {
        return Collections.EMPTY_LIST;
    }

    @Override // org.exist.security.realm.Realm
    public List<String> findUsernamesWhereNamePartStarts(String str) {
        return Collections.EMPTY_LIST;
    }

    @Override // org.exist.security.realm.Realm
    public java.util.Collection<? extends String> findGroupnamesWhereGroupnameStarts(String str) {
        return Collections.EMPTY_LIST;
    }

    @Override // org.exist.security.realm.Realm
    public java.util.Collection<? extends String> findGroupnamesWhereGroupnameContains(String str) {
        return Collections.EMPTY_LIST;
    }
}
