package org.sonatype.security.rest.authentication;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.permission.WildcardPermission;
import org.apache.shiro.subject.Subject;
import org.restlet.data.Request;
import org.restlet.resource.ResourceException;
import org.sonatype.security.authorization.Privilege;
import org.sonatype.security.realms.privileges.application.ApplicationPrivilegePermissionPropertyDescriptor;
import org.sonatype.security.rest.AbstractSecurityPlexusResource;
import org.sonatype.security.rest.model.AuthenticationClientPermissions;
import org.sonatype.security.rest.model.ClientPermission;
import org.sonatype.security.usermanagement.User;
import org.sonatype.security.usermanagement.UserNotFoundException;

/* loaded from: input_file:WEB-INF/plugin-repository/nexus-restlet1x-plugin-2.14.17-01/nexus-restlet1x-plugin-2.14.17-01.jar:org/sonatype/security/rest/authentication/AbstractUIPermissionCalculatingPlexusResource.class */
public abstract class AbstractUIPermissionCalculatingPlexusResource extends AbstractSecurityPlexusResource {
    private static final int NONE = 0;
    private static final int READ = 1;
    private static final int UPDATE = 2;
    private static final int DELETE = 4;
    private static final int CREATE = 8;
    private static final int ALL = 15;

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationClientPermissions getClientPermissionsForCurrentUser(Request request) throws ResourceException {
        Object principal;
        AuthenticationClientPermissions authenticationClientPermissions = new AuthenticationClientPermissions();
        Subject subject = SecurityUtils.getSubject();
        if (getSecuritySystem().isAnonymousAccessEnabled()) {
            authenticationClientPermissions.setLoggedIn(!getSecuritySystem().getAnonymousUsername().equals(subject.getPrincipal()));
        } else {
            authenticationClientPermissions.setLoggedIn(subject != null && subject.isAuthenticated());
        }
        if (authenticationClientPermissions.isLoggedIn() && (principal = subject.getPrincipal()) != null) {
            authenticationClientPermissions.setLoggedInUsername(principal.toString());
        }
        String loggedInUsername = authenticationClientPermissions.getLoggedInUsername();
        if (StringUtils.isNotEmpty(loggedInUsername)) {
            try {
                User user = getSecuritySystem().getUser(loggedInUsername);
                authenticationClientPermissions.setLoggedInUserSource(user != null ? user.getSource() : null);
            } catch (UserNotFoundException e) {
                if (getLogger().isDebugEnabled()) {
                    getLogger().info("Failed to lookup user: {}", loggedInUsername, e);
                } else {
                    getLogger().info("Failed to lookup user: {}: {}/{}", loggedInUsername, e.getClass().getName(), e.getMessage());
                }
            }
        }
        HashMap hashMap = new HashMap();
        for (Privilege privilege : getSecuritySystem().listPrivileges()) {
            if (privilege.getType().equals("method")) {
                hashMap.put(privilege.getPrivilegeProperty(ApplicationPrivilegePermissionPropertyDescriptor.ID), 0);
            }
        }
        checkSubjectsPermissions(subject, hashMap);
        for (Map.Entry<String, Integer> entry : hashMap.entrySet()) {
            ClientPermission clientPermission = new ClientPermission();
            clientPermission.setId(entry.getKey());
            clientPermission.setValue(entry.getValue().intValue());
            authenticationClientPermissions.addPermission(clientPermission);
        }
        return authenticationClientPermissions;
    }

    private void checkSubjectsPermissions(Subject subject, Map<String, Integer> map) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (Map.Entry<String, Integer> entry : map.entrySet()) {
            arrayList.add(new WildcardPermission(entry.getKey() + ":read"));
            arrayList.add(new WildcardPermission(entry.getKey() + ":create"));
            arrayList.add(new WildcardPermission(entry.getKey() + ":update"));
            arrayList.add(new WildcardPermission(entry.getKey() + ":delete"));
            arrayList2.add(entry.getKey() + ":read");
            arrayList2.add(entry.getKey() + ":create");
            arrayList2.add(entry.getKey() + ":update");
            arrayList2.add(entry.getKey() + ":delete");
        }
        if (subject == null) {
            Iterator<Map.Entry<String, Integer>> it = map.entrySet().iterator();
            while (it.hasNext()) {
                it.next().setValue(0);
            }
            return;
        }
        boolean[] isPermitted = subject.isPermitted(arrayList);
        HashMap hashMap = new HashMap();
        for (int i = 0; i < arrayList.size(); i++) {
            hashMap.put((String) arrayList2.get(i), Boolean.valueOf(isPermitted[i]));
        }
        for (Map.Entry<String, Integer> entry2 : map.entrySet()) {
            boolean booleanValue = ((Boolean) hashMap.get(entry2.getKey() + ":read")).booleanValue();
            boolean booleanValue2 = ((Boolean) hashMap.get(entry2.getKey() + ":create")).booleanValue();
            boolean booleanValue3 = ((Boolean) hashMap.get(entry2.getKey() + ":update")).booleanValue();
            boolean booleanValue4 = ((Boolean) hashMap.get(entry2.getKey() + ":delete")).booleanValue();
            int i2 = booleanValue ? 0 | 1 : 0;
            if (booleanValue2) {
                i2 |= 8;
            }
            if (booleanValue3) {
                i2 |= 2;
            }
            if (booleanValue4) {
                i2 |= 4;
            }
            entry2.setValue(Integer.valueOf(i2));
        }
    }
}
