package org.sonatype.nexus.security;

import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import com.google.common.eventbus.AllowConcurrentEvents;
import com.google.common.eventbus.Subscribe;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.sonatype.nexus.events.Event;
import org.sonatype.nexus.events.EventSubscriber;
import org.sonatype.nexus.jsecurity.realms.TargetPrivilegeGroupPropertyDescriptor;
import org.sonatype.nexus.jsecurity.realms.TargetPrivilegeRepositoryTargetPropertyDescriptor;
import org.sonatype.nexus.proxy.events.RepositoryRegistryEventRemove;
import org.sonatype.nexus.proxy.events.TargetRegistryEventRemove;
import org.sonatype.security.SecuritySystem;
import org.sonatype.security.authorization.NoSuchAuthorizationManagerException;
import org.sonatype.security.authorization.NoSuchPrivilegeException;
import org.sonatype.security.authorization.Privilege;
import org.sonatype.security.realms.tools.ConfigurationManager;
import org.sonatype.security.realms.tools.ConfigurationManagerAction;
import org.sonatype.sisu.goodies.common.ComponentSupport;

@Singleton
@Named
/* loaded from: input_file:WEB-INF/lib/nexus-core-2.14.18-01.jar:org/sonatype/nexus/security/SecurityCleanupEventInspector.class */
public class SecurityCleanupEventInspector extends ComponentSupport implements EventSubscriber {
    private final ConfigurationManager configManager;
    private final SecuritySystem security;

    @Inject
    public SecurityCleanupEventInspector(ConfigurationManager configurationManager, SecuritySystem securitySystem) {
        this.configManager = (ConfigurationManager) Preconditions.checkNotNull(configurationManager);
        this.security = (SecuritySystem) Preconditions.checkNotNull(securitySystem);
    }

    @Subscribe
    @AllowConcurrentEvents
    public void on(RepositoryRegistryEventRemove repositoryRegistryEventRemove) {
        inspect(repositoryRegistryEventRemove);
    }

    @Subscribe
    @AllowConcurrentEvents
    public void on(TargetRegistryEventRemove targetRegistryEventRemove) {
        inspect(targetRegistryEventRemove);
    }

    protected void inspect(Event<?> event) {
        if (event instanceof RepositoryRegistryEventRemove) {
            String id = ((RepositoryRegistryEventRemove) event).getRepository().getId();
            try {
                cleanupPrivileges("repositoryId", id);
                cleanupPrivileges(TargetPrivilegeGroupPropertyDescriptor.ID, id);
            } catch (NoSuchAuthorizationManagerException e) {
                this.log.error("Unable to clean privileges attached to repository", (Throwable) e);
            } catch (NoSuchPrivilegeException e2) {
                this.log.error("Unable to clean privileges attached to repository", (Throwable) e2);
            }
        }
        if (event instanceof TargetRegistryEventRemove) {
            String id2 = ((TargetRegistryEventRemove) event).getTarget().getId();
            try {
                cleanupPrivileges(TargetPrivilegeRepositoryTargetPropertyDescriptor.ID, id2);
            } catch (NoSuchAuthorizationManagerException e3) {
                this.log.error("Unable to clean privileges attached to target: {}", id2, e3);
            } catch (NoSuchPrivilegeException e4) {
                this.log.error("Unable to clean privileges attached to target: {}", id2, e4);
            }
        }
    }

    protected void cleanupPrivileges(String str, String str2) throws NoSuchPrivilegeException, NoSuchAuthorizationManagerException {
        Set<Privilege> listPrivileges = this.security.listPrivileges();
        final HashSet hashSet = new HashSet();
        for (Privilege privilege : listPrivileges) {
            if (!privilege.isReadOnly() && privilege.getType().equals("target") && str2.equals(privilege.getPrivilegeProperty(str))) {
                this.log.debug("Removing Privilege {} because repository was removed", privilege.getName());
                this.security.getAuthorizationManager("default").deletePrivilege(privilege.getId());
                hashSet.add(privilege.getId());
            }
        }
        try {
            this.configManager.runWrite(new ConfigurationManagerAction() { // from class: org.sonatype.nexus.security.SecurityCleanupEventInspector.1
                @Override // org.sonatype.security.realms.tools.ConfigurationManagerAction
                public void run() throws Exception {
                    Iterator it = hashSet.iterator();
                    while (it.hasNext()) {
                        SecurityCleanupEventInspector.this.configManager.cleanRemovedPrivilege((String) it.next());
                    }
                    SecurityCleanupEventInspector.this.configManager.save();
                }
            });
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }
}
