package org.exist.security;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import org.apache.http.HttpStatus;
import org.apache.log4j.Logger;
import org.exist.EXistException;
import org.exist.collections.Collection;
import org.exist.collections.CollectionConfiguration;
import org.exist.collections.IndexInfo;
import org.exist.collections.triggers.TriggerException;
import org.exist.dom.DocumentImpl;
import org.exist.security.xacml.ExistPDP;
import org.exist.security.xacml.XACMLConstants;
import org.exist.storage.BrokerPool;
import org.exist.storage.DBBroker;
import org.exist.storage.txn.TransactionManager;
import org.exist.storage.txn.Txn;
import org.exist.util.LockException;
import org.exist.util.MimeType;
import org.exist.util.hashtable.Int2ObjectHashMap;
import org.exist.xmldb.XmldbURI;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/exist-1_4_1_dev_orbeon_20110104.jar:org/exist/security/XMLSecurityManager.class */
public class XMLSecurityManager implements SecurityManager {
    public static final String CONFIGURATION_ELEMENT_NAME = "default-permissions";
    public static final String COLLECTION_ATTRIBUTE = "collection";
    public static final String RESOURCE_ATTRIBUTE = "resource";
    public static final String PROPERTY_PERMISSIONS_COLLECTIONS = "indexer.permissions.collection";
    public static final String PROPERTY_PERMISSIONS_RESOURCES = "indexer.permissions.resource";
    public static final String DBA_GROUP = "dba";
    public static final String DBA_USER = "admin";
    public static final String GUEST_GROUP = "guest";
    public static final String GUEST_USER = "guest";
    public static final User SYSTEM_USER = new User("admin", (String) null, "dba");
    private static final Logger LOG = Logger.getLogger(SecurityManager.class);
    private BrokerPool pool;
    private Int2ObjectHashMap groups = new Int2ObjectHashMap(65);
    private Int2ObjectHashMap users = new Int2ObjectHashMap(65);
    private int nextUserId = 0;
    private int nextGroupId = 0;
    private int defCollectionPermissions = 493;
    private int defResourcePermissions = 493;
    private ExistPDP pdp;

    @Override // org.exist.security.SecurityManager
    public void attach(BrokerPool brokerPool, DBBroker dBBroker) {
        this.pool = brokerPool;
        TransactionManager transactionManager = brokerPool.getTransactionManager();
        try {
            Collection collection = dBBroker.getCollection(XmldbURI.SYSTEM_COLLECTION_URI);
            if (collection == null) {
                Txn beginTransaction = transactionManager.beginTransaction();
                collection = dBBroker.getOrCreateCollection(beginTransaction, XmldbURI.SYSTEM_COLLECTION_URI);
                if (collection == null) {
                    return;
                }
                collection.setPermissions(HttpStatus.SC_GATEWAY_TIMEOUT);
                dBBroker.saveCollection(beginTransaction, collection);
                transactionManager.commit(beginTransaction);
            }
            DocumentImpl document = collection.getDocument(dBBroker, ACL_FILE_URI);
            if ((document != null ? document.getDocumentElement() : null) == null) {
                LOG.debug("creating system users");
                User user = new User("admin", null);
                user.addGroup("dba");
                int i = this.nextUserId + 1;
                this.nextUserId = i;
                user.setUID(i);
                this.users.put(user.getUID(), user);
                User user2 = new User("guest", "guest", "guest");
                int i2 = this.nextUserId + 1;
                this.nextUserId = i2;
                user2.setUID(i2);
                this.users.put(user2.getUID(), user2);
                newGroup("dba");
                newGroup("guest");
                Txn beginTransaction2 = transactionManager.beginTransaction();
                save(dBBroker, beginTransaction2);
                transactionManager.commit(beginTransaction2);
            } else {
                LOG.debug("loading acl");
                Element documentElement = document.getDocumentElement();
                Attr attributeNode = documentElement.getAttributeNode("version");
                int i3 = 0;
                int i4 = 0;
                if (attributeNode != null) {
                    String[] split = attributeNode.getValue().split("\\.");
                    i3 = Integer.parseInt(split[0]);
                    i4 = Integer.parseInt(split[1]);
                }
                NodeList childNodes = documentElement.getChildNodes();
                for (int i5 = 0; i5 < childNodes.getLength(); i5++) {
                    if (childNodes.item(i5).getNodeType() == 1) {
                        Element element = (Element) childNodes.item(i5);
                        if (element.getTagName().equals("users")) {
                            try {
                                this.nextUserId = Integer.parseInt(element.getAttribute("last-id"));
                            } catch (NumberFormatException e) {
                            }
                            NodeList childNodes2 = element.getChildNodes();
                            for (int i6 = 0; i6 < childNodes2.getLength(); i6++) {
                                Node item = childNodes2.item(i6);
                                if (item.getNodeType() == 1 && item.getLocalName().equals("user")) {
                                    User user3 = new User(i3, i4, (Element) item);
                                    this.users.put(user3.getUID(), user3);
                                }
                            }
                        } else if (element.getTagName().equals("groups")) {
                            try {
                                this.nextGroupId = Integer.parseInt(element.getAttribute("last-id"));
                            } catch (NumberFormatException e2) {
                            }
                            NodeList childNodes3 = element.getChildNodes();
                            for (int i7 = 0; i7 < childNodes3.getLength(); i7++) {
                                Node item2 = childNodes3.item(i7);
                                if (item2.getNodeType() == 1 && item2.getLocalName().equals("group")) {
                                    Group group = new Group((Element) item2);
                                    this.groups.put(group.getId(), group);
                                }
                            }
                        }
                    }
                }
            }
        } catch (Exception e3) {
            transactionManager.abort(null);
            e3.printStackTrace();
            LOG.debug("loading acl failed: " + e3.getMessage());
        }
        Integer num = (Integer) dBBroker.getConfiguration().getProperty(PROPERTY_PERMISSIONS_COLLECTIONS);
        if (num != null) {
            this.defCollectionPermissions = num.intValue();
        }
        Integer num2 = (Integer) dBBroker.getConfiguration().getProperty(PROPERTY_PERMISSIONS_RESOURCES);
        if (num2 != null) {
            this.defResourcePermissions = num2.intValue();
        }
        Boolean bool = (Boolean) dBBroker.getConfiguration().getProperty(XACMLConstants.ENABLE_XACML_PROPERTY);
        if (bool == null || !bool.booleanValue()) {
            return;
        }
        this.pdp = new ExistPDP(brokerPool);
        LOG.debug("XACML enabled");
    }

    @Override // org.exist.security.SecurityManager
    public boolean isXACMLEnabled() {
        return this.pdp != null;
    }

    @Override // org.exist.security.SecurityManager
    public ExistPDP getPDP() {
        return this.pdp;
    }

    @Override // org.exist.security.SecurityManager
    public synchronized void deleteUser(String str) throws PermissionDeniedException {
        deleteUser(getUser(str));
    }

    @Override // org.exist.security.SecurityManager
    public synchronized void deleteUser(User user) throws PermissionDeniedException {
        if (user == null) {
            return;
        }
        User user2 = (User) this.users.remove(user.getUID());
        if (user2 != null) {
            LOG.debug("user " + user2.getName() + " removed");
        } else {
            LOG.debug("user not found");
        }
        DBBroker dBBroker = null;
        TransactionManager transactionManager = this.pool.getTransactionManager();
        Txn beginTransaction = transactionManager.beginTransaction();
        try {
            try {
                dBBroker = this.pool.get(SYSTEM_USER);
                save(dBBroker, beginTransaction);
                transactionManager.commit(beginTransaction);
                this.pool.release(dBBroker);
            } catch (EXistException e) {
                transactionManager.abort(beginTransaction);
                e.printStackTrace();
                this.pool.release(dBBroker);
            }
        } catch (Throwable th) {
            this.pool.release(dBBroker);
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public synchronized User getUser(String str) {
        Iterator valueIterator = this.users.valueIterator();
        while (valueIterator.hasNext()) {
            User user = (User) valueIterator.next();
            if (user.getName().equals(str)) {
                return user;
            }
        }
        LOG.debug("user " + str + " not found");
        return null;
    }

    @Override // org.exist.security.SecurityManager
    public synchronized User getUser(int i) {
        User user = (User) this.users.get(i);
        if (user == null) {
        }
        return user;
    }

    @Override // org.exist.security.SecurityManager
    public synchronized User[] getUsers() {
        User[] userArr = new User[this.users.size()];
        int i = 0;
        Iterator valueIterator = this.users.valueIterator();
        while (valueIterator.hasNext()) {
            userArr[i] = (User) valueIterator.next();
            i++;
        }
        return userArr;
    }

    protected void newGroup(String str) {
        int i = this.nextGroupId + 1;
        this.nextGroupId = i;
        Group group = new Group(str, i);
        this.groups.put(group.getId(), group);
    }

    @Override // org.exist.security.SecurityManager
    public synchronized void addGroup(String str) {
        newGroup(str);
        DBBroker dBBroker = null;
        TransactionManager transactionManager = this.pool.getTransactionManager();
        Txn beginTransaction = transactionManager.beginTransaction();
        try {
            try {
                dBBroker = this.pool.get(SYSTEM_USER);
                save(dBBroker, beginTransaction);
                transactionManager.commit(beginTransaction);
                this.pool.release(dBBroker);
            } catch (EXistException e) {
                transactionManager.abort(beginTransaction);
                e.printStackTrace();
                this.pool.release(dBBroker);
            }
        } catch (Throwable th) {
            this.pool.release(dBBroker);
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public synchronized boolean hasGroup(String str) {
        Iterator valueIterator = this.groups.valueIterator();
        while (valueIterator.hasNext()) {
            if (((Group) valueIterator.next()).getName().equals(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.exist.security.SecurityManager
    public synchronized Group getGroup(String str) {
        Iterator valueIterator = this.groups.valueIterator();
        while (valueIterator.hasNext()) {
            Group group = (Group) valueIterator.next();
            if (group.getName().equals(str)) {
                return group;
            }
        }
        return null;
    }

    @Override // org.exist.security.SecurityManager
    public synchronized Group getGroup(int i) {
        return (Group) this.groups.get(i);
    }

    @Override // org.exist.security.SecurityManager
    public synchronized String[] getGroups() {
        ArrayList arrayList = new ArrayList(this.groups.size());
        Iterator valueIterator = this.groups.valueIterator();
        while (valueIterator.hasNext()) {
            arrayList.add(((Group) valueIterator.next()).getName());
        }
        String[] strArr = new String[arrayList.size()];
        arrayList.toArray(strArr);
        return strArr;
    }

    @Override // org.exist.security.SecurityManager
    public synchronized boolean hasAdminPrivileges(User user) {
        return user.hasDbaRole();
    }

    @Override // org.exist.security.SecurityManager
    public synchronized boolean hasUser(String str) {
        Iterator valueIterator = this.users.valueIterator();
        while (valueIterator.hasNext()) {
            if (((User) valueIterator.next()).getName().equals(str)) {
                return true;
            }
        }
        return false;
    }

    private synchronized void save(DBBroker dBBroker, Txn txn) throws EXistException {
        LOG.debug("storing acl file");
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("<!-- Central user configuration. Editing this document will cause the security to reload and update its internal database. Please handle with care! -->");
        stringBuffer.append("<auth version='1.0'>");
        stringBuffer.append("<!-- Please do not remove the guest and admin groups -->");
        stringBuffer.append("<groups last-id=\"");
        stringBuffer.append(Integer.toString(this.nextGroupId));
        stringBuffer.append("\">");
        Iterator valueIterator = this.groups.valueIterator();
        while (valueIterator.hasNext()) {
            stringBuffer.append(((Group) valueIterator.next()).toString());
        }
        stringBuffer.append("</groups>");
        stringBuffer.append("<!-- Please do not remove the admin user. -->");
        stringBuffer.append("<users last-id=\"");
        stringBuffer.append(Integer.toString(this.nextUserId));
        stringBuffer.append("\">");
        Iterator valueIterator2 = this.users.valueIterator();
        while (valueIterator2.hasNext()) {
            stringBuffer.append(((User) valueIterator2.next()).toString());
        }
        stringBuffer.append("</users>");
        stringBuffer.append("</auth>");
        dBBroker.flush();
        dBBroker.sync(1);
        try {
            dBBroker.setUser(getUser("admin"));
            Collection collection = dBBroker.getCollection(XmldbURI.SYSTEM_COLLECTION_URI);
            String stringBuffer2 = stringBuffer.toString();
            IndexInfo validateXMLResource = collection.validateXMLResource(txn, dBBroker, ACL_FILE_URI, stringBuffer2);
            DocumentImpl document = validateXMLResource.getDocument();
            document.getMetadata().setMimeType(MimeType.XML_TYPE.getName());
            collection.store(txn, dBBroker, validateXMLResource, stringBuffer2, false);
            document.setPermissions(HttpStatus.SC_GATEWAY_TIMEOUT);
            dBBroker.saveCollection(txn, document.getCollection());
            dBBroker.flush();
            dBBroker.sync(1);
        } catch (IOException e) {
            throw new EXistException(e.getMessage());
        } catch (TriggerException e2) {
            throw new EXistException(e2.getMessage());
        } catch (PermissionDeniedException e3) {
            throw new EXistException(e3.getMessage());
        } catch (LockException e4) {
            throw new EXistException(e4.getMessage());
        } catch (SAXException e5) {
            throw new EXistException(e5.getMessage());
        }
    }

    @Override // org.exist.security.SecurityManager
    public synchronized void setUser(User user) {
        if (user.getUID() < 0) {
            int i = this.nextUserId + 1;
            this.nextUserId = i;
            user.setUID(i);
        }
        this.users.put(user.getUID(), user);
        String[] groups = user.getGroups();
        if (groups.length == 0) {
            user.addGroup("guest");
        }
        for (int i2 = 0; i2 < groups.length; i2++) {
            if (!hasGroup(groups[i2])) {
                newGroup(groups[i2]);
            }
        }
        TransactionManager transactionManager = this.pool.getTransactionManager();
        Txn beginTransaction = transactionManager.beginTransaction();
        DBBroker dBBroker = null;
        try {
            try {
                try {
                    dBBroker = this.pool.get(SYSTEM_USER);
                    save(dBBroker, beginTransaction);
                    createUserHome(dBBroker, beginTransaction, user);
                    transactionManager.commit(beginTransaction);
                    this.pool.release(dBBroker);
                } catch (PermissionDeniedException e) {
                    transactionManager.abort(beginTransaction);
                    LOG.debug("error while creating home collection", e);
                    this.pool.release(dBBroker);
                }
            } catch (IOException e2) {
                transactionManager.abort(beginTransaction);
                LOG.debug("error while creating home collection", e2);
                this.pool.release(dBBroker);
            } catch (EXistException e3) {
                transactionManager.abort(beginTransaction);
                LOG.debug("error while creating user", e3);
                this.pool.release(dBBroker);
            }
        } catch (Throwable th) {
            this.pool.release(dBBroker);
            throw th;
        }
    }

    @Override // org.exist.security.SecurityManager
    public int getResourceDefaultPerms() {
        return this.defResourcePermissions;
    }

    @Override // org.exist.security.SecurityManager
    public int getCollectionDefaultPerms() {
        return this.defCollectionPermissions;
    }

    private void createUserHome(DBBroker dBBroker, Txn txn, User user) throws EXistException, PermissionDeniedException, IOException {
        if (user.getHome() == null) {
            return;
        }
        dBBroker.setUser(getUser("admin"));
        Collection orCreateCollection = dBBroker.getOrCreateCollection(txn, user.getHome());
        orCreateCollection.getPermissions().setOwner(user.getName());
        CollectionConfiguration configuration = orCreateCollection.getConfiguration(dBBroker);
        orCreateCollection.getPermissions().setGroup(configuration != null ? configuration.getDefCollGroup(user) : user.getPrimaryGroup());
        dBBroker.saveCollection(txn, orCreateCollection);
    }
}
