package com.atlassian.bamboo.security.acegi.acls;

import com.atlassian.bamboo.build.DefaultBuild;
import com.atlassian.bamboo.security.BambooPermissionManager;
import com.atlassian.bamboo.security.GlobalApplicationSecureObject;
import com.atlassian.bamboo.user.DefaultBambooUser;
import com.atlassian.spring.container.ContainerManager;
import com.atlassian.user.User;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.acegisecurity.acls.AccessControlEntry;
import org.acegisecurity.acls.Acl;
import org.acegisecurity.acls.MutableAcl;
import org.acegisecurity.acls.Permission;
import org.acegisecurity.acls.objectidentity.ObjectIdentity;
import org.acegisecurity.acls.sid.GrantedAuthoritySid;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.acegisecurity.acls.sid.Sid;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/bamboo/security/acegi/acls/BambooAclUpdateHelper.class */
public class BambooAclUpdateHelper {
    public static final String BAMBOO_PERMISSION_FORM_SEPARATOR = "_";
    public static final String BAMBOO_PERMISSION_FORM_USER = "user";
    public static final String BAMBOO_PERMISSION_FORM_GROUP = "group";
    public static final String BAMBOO_PERMISSION_FORM_ROLE = "role";
    private static final Logger log = Logger.getLogger(BambooAclUpdateHelper.class);
    public static String BAMBOO_PERMISSION_PREFIX = "bambooPermission";
    public static final String BAMBOO_PERMISSION_FORM_USER_PREFIX = BAMBOO_PERMISSION_PREFIX + "_user_";
    public static final String BAMBOO_PERMISSION_FORM_GROUP_PREFIX = BAMBOO_PERMISSION_PREFIX + "_group_";
    public static final String BAMBOO_PERMISSION_FORM_ROLE_PREFIX = BAMBOO_PERMISSION_PREFIX + "_role_";

    public List buildPermissionListFromRequest(Map map) {
        ArrayList arrayList = new ArrayList();
        Iterator it = map.entrySet().iterator();
        while (it.hasNext()) {
            String str = (String) ((Map.Entry) it.next()).getKey();
            if (str.startsWith(BAMBOO_PERMISSION_PREFIX)) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    public void buildUserGroupListsFromPermissions(List list, List list2, List list3) {
        Iterator it = list.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            String[] split = str.split("_");
            String str2 = split[split.length - 1];
            if (str.startsWith(BAMBOO_PERMISSION_FORM_USER_PREFIX)) {
                String substring = str.substring(BAMBOO_PERMISSION_FORM_USER_PREFIX.length(), (str.length() - str2.length()) - 1);
                if (!list2.contains(substring)) {
                    list2.add(substring);
                }
            } else if (str.startsWith(BAMBOO_PERMISSION_FORM_GROUP_PREFIX)) {
                String substring2 = str.substring(BAMBOO_PERMISSION_FORM_GROUP_PREFIX.length(), (str.length() - str2.length()) - 1);
                if (!list3.contains(substring2)) {
                    list3.add(substring2);
                }
            }
        }
    }

    public void buildPermissionAndUserGroupListsFromAcl(List<String> list, List<String> list2, List<String> list3, List<String> list4, Acl acl, boolean z, BambooPermissionManager bambooPermissionManager) {
        for (AccessControlEntry accessControlEntry : acl.getEntries()) {
            PrincipalSid sid = accessControlEntry.getSid();
            String determineNameFromPermission = BambooPermission.determineNameFromPermission(accessControlEntry.getPermission());
            if (sid instanceof GroupPrincipalSid) {
                String principal = ((GroupPrincipalSid) sid).getPrincipal();
                if (!bambooPermissionManager.getAdminGroups().contains(principal) || z) {
                    if (!list3.contains(principal)) {
                        list3.add(principal);
                    }
                    if (determineNameFromPermission != null) {
                        list.add(BAMBOO_PERMISSION_FORM_GROUP_PREFIX + principal + "_" + determineNameFromPermission);
                    }
                } else {
                    list4.add(BAMBOO_PERMISSION_FORM_GROUP_PREFIX + principal + "_" + determineNameFromPermission);
                }
            } else if (sid instanceof PrincipalSid) {
                String principal2 = sid.getPrincipal();
                if (!bambooPermissionManager.hasPermission(principal2, BambooPermission.ADMINISTRATION_STR, GlobalApplicationSecureObject.INSTANCE) || z) {
                    if (!list2.contains(principal2)) {
                        list2.add(principal2);
                    }
                    if (determineNameFromPermission != null) {
                        list.add(BAMBOO_PERMISSION_FORM_USER_PREFIX + principal2 + "_" + determineNameFromPermission);
                    }
                } else {
                    list4.add(BAMBOO_PERMISSION_FORM_USER_PREFIX + principal2 + "_" + determineNameFromPermission);
                }
            } else if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                if ("ROLE_ADMIN".equals(grantedAuthority) && !z) {
                    list4.add(BAMBOO_PERMISSION_FORM_ROLE_PREFIX + grantedAuthority + "_" + determineNameFromPermission);
                } else if (determineNameFromPermission != null) {
                    list.add(BAMBOO_PERMISSION_FORM_ROLE_PREFIX + grantedAuthority + "_" + determineNameFromPermission);
                }
            }
        }
    }

    public void modifyAclAces(MutableAcl mutableAcl, List list) {
        ArrayList<String> arrayList = new ArrayList(list);
        for (AccessControlEntry accessControlEntry : mutableAcl.getEntries()) {
            String permissionKeyFromAce = getPermissionKeyFromAce(accessControlEntry);
            if (arrayList.contains(permissionKeyFromAce)) {
                arrayList.remove(permissionKeyFromAce);
            } else {
                mutableAcl.deleteAce(accessControlEntry.getId());
            }
        }
        for (String str : arrayList) {
            String[] split = str.split("_");
            String str2 = split[split.length - 1];
            Permission buildFromName = BambooPermission.buildFromName(str2);
            PrincipalSid principalSid = null;
            if (str.startsWith(BAMBOO_PERMISSION_FORM_USER_PREFIX)) {
                principalSid = new PrincipalSid(str.substring(BAMBOO_PERMISSION_FORM_USER_PREFIX.length(), (str.length() - str2.length()) - 1));
            } else if (str.startsWith(BAMBOO_PERMISSION_FORM_GROUP_PREFIX)) {
                principalSid = new GroupPrincipalSid(str.substring(BAMBOO_PERMISSION_FORM_GROUP_PREFIX.length(), (str.length() - str2.length()) - 1));
            } else if (str.startsWith(BAMBOO_PERMISSION_FORM_ROLE_PREFIX)) {
                principalSid = new GrantedAuthoritySid(str.substring(BAMBOO_PERMISSION_FORM_ROLE_PREFIX.length(), (str.length() - str2.length()) - 1));
            }
            if (buildFromName != null && principalSid != null) {
                mutableAcl.insertAce((Serializable) null, buildFromName, principalSid, true);
            }
        }
    }

    public String getPermissionKeyFromAce(AccessControlEntry accessControlEntry) {
        PrincipalSid sid = accessControlEntry.getSid();
        String determineNameFromPermission = BambooPermission.determineNameFromPermission(accessControlEntry.getPermission());
        if (sid instanceof PrincipalSid) {
            return BAMBOO_PERMISSION_FORM_USER_PREFIX + sid.getPrincipal() + "_" + determineNameFromPermission;
        }
        if (sid instanceof GroupPrincipalSid) {
            return BAMBOO_PERMISSION_FORM_GROUP_PREFIX + ((GroupPrincipalSid) sid).getPrincipal() + "_" + determineNameFromPermission;
        }
        if (!(sid instanceof GrantedAuthoritySid)) {
            return "";
        }
        return BAMBOO_PERMISSION_FORM_ROLE_PREFIX + ((GrantedAuthoritySid) sid).getGrantedAuthority() + "_" + determineNameFromPermission;
    }

    public MutableAcl createNewDefaultAcl(User user) {
        PrincipalSid principalSid = new PrincipalSid(user.getName());
        HibernateAclImpl hibernateAclImpl = new HibernateAclImpl((ObjectIdentity) new HibernateObjectIdentityImpl(DefaultBuild.class, new Long(-1L)), (Acl) null, true, (Sid) principalSid);
        ContainerManager.autowireComponent(hibernateAclImpl);
        hibernateAclImpl.insertAce((Serializable) null, BambooPermission.ADMINISTRATION, principalSid, true);
        hibernateAclImpl.insertAce((Serializable) null, BambooPermission.READ, principalSid, true);
        hibernateAclImpl.insertAce((Serializable) null, BambooPermission.CLONE, principalSid, true);
        hibernateAclImpl.insertAce((Serializable) null, BambooPermission.BUILD, principalSid, true);
        hibernateAclImpl.insertAce((Serializable) null, BambooPermission.WRITE, principalSid, true);
        hibernateAclImpl.insertAce((Serializable) null, BambooPermission.READ, new GrantedAuthoritySid(DefaultBambooUser.ROLE_USER), true);
        hibernateAclImpl.insertAce((Serializable) null, BambooPermission.READ, new GrantedAuthoritySid(DefaultBambooUser.ROLE_ANONYMOUS), true);
        return hibernateAclImpl;
    }
}
