package com.atlassian.bamboo.security.acegi.acls;

import com.atlassian.bamboo.configuration.AdministrationConfiguration;
import com.atlassian.bamboo.configuration.AdministrationConfigurationAccessor;
import com.atlassian.bamboo.configuration.AdministrationConfigurationPersister;
import com.atlassian.bamboo.core.BambooIdProvider;
import com.atlassian.bamboo.exception.NotFoundException;
import com.atlassian.bamboo.exception.UnauthorisedException;
import com.atlassian.bamboo.exception.WebValidationException;
import com.atlassian.bamboo.plan.Plan;
import com.atlassian.bamboo.security.BambooPermissionManager;
import com.atlassian.bamboo.security.GlobalApplicationSecureObject;
import com.atlassian.bamboo.spring.ComponentAccessor;
import com.atlassian.bamboo.user.Authority;
import com.atlassian.bamboo.user.BambooUserManager;
import com.atlassian.bamboo.utils.BambooOptionals;
import com.atlassian.bamboo.utils.BambooValidationUtils;
import com.atlassian.bamboo.utils.error.ErrorCollection;
import com.atlassian.bamboo.utils.error.SimpleErrorCollection;
import com.atlassian.sal.api.message.I18nResolver;
import com.atlassian.spring.container.ContainerManager;
import com.atlassian.struts.TextProvider;
import com.atlassian.user.Group;
import com.atlassian.user.User;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Joiner;
import com.google.common.collect.ImmutableMap;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.acegisecurity.acls.AccessControlEntry;
import org.acegisecurity.acls.Acl;
import org.acegisecurity.acls.MutableAcl;
import org.acegisecurity.acls.Permission;
import org.acegisecurity.acls.sid.GrantedAuthoritySid;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.acegisecurity.acls.sid.Sid;
import org.acegisecurity.context.SecurityContextHolder;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/atlassian/bamboo/security/acegi/acls/BambooAclUpdateHelper.class */
public class BambooAclUpdateHelper {
    private static final Logger log;
    private static final String BAMBOO_PERMISSION_FORM_USER = "user";
    private static final String BAMBOO_PERMISSION_FORM_GROUP = "group";
    private static final String BAMBOO_PERMISSION_FORM_ROLE = "role";
    public static final String BAMBOO_PERMISSION_PREFIX = "bambooPermission";
    private static final String BAMBOO_PERMISSION_FORM_SEPARATOR = "_";
    private static final String BAMBOO_PERMISSION_FORM_USER_PREFIX = "bambooPermission_user_";
    public static final String BAMBOO_PERMISSION_FORM_GROUP_PREFIX = "bambooPermission_group_";
    private static final String BAMBOO_PERMISSION_FORM_ROLE_PREFIX = "bambooPermission_role_";
    public static Joiner PERMISSION_KEY_JOINER;
    static final /* synthetic */ boolean $assertionsDisabled;

    public static String createUserPermissionKey(String str, String str2) {
        return createPermissionKey(BAMBOO_PERMISSION_FORM_USER, str, str2);
    }

    public static String createGroupPermissionKey(String str, String str2) {
        return createPermissionKey(BAMBOO_PERMISSION_FORM_GROUP, str, str2);
    }

    public static String createRolePermissionKey(String str, String str2) {
        return createPermissionKey(BAMBOO_PERMISSION_FORM_ROLE, str, str2);
    }

    public static String createPermissionKey(@NotNull Sid sid, @NotNull String str) {
        return createPermissionKey(extractSidTypeFromSid(sid), extractPrincipalFromSid(sid), str);
    }

    public static String createPermissionKey(@NotNull String str, @NotNull String str2, @NotNull String str3) {
        return PERMISSION_KEY_JOINER.join(BAMBOO_PERMISSION_PREFIX, str, new Object[]{str2, str3});
    }

    public static Optional<String> getPermissionKeyFromAce(@NotNull AccessControlEntry accessControlEntry) {
        String determineNameFromPermission = BambooPermission.determineNameFromPermission(accessControlEntry.getPermission());
        if (determineNameFromPermission != null) {
            PrincipalSid sid = accessControlEntry.getSid();
            if (sid instanceof PrincipalSid) {
                return Optional.of(createUserPermissionKey(sid.getPrincipal(), determineNameFromPermission));
            }
            if (sid instanceof GroupPrincipalSid) {
                return Optional.of(createGroupPermissionKey(((GroupPrincipalSid) sid).getPrincipal(), determineNameFromPermission));
            }
            if (sid instanceof GrantedAuthoritySid) {
                return Optional.of(createRolePermissionKey(((GrantedAuthoritySid) sid).getGrantedAuthority(), determineNameFromPermission));
            }
        }
        return Optional.empty();
    }

    public void buildUserGroupListsFromPermissions(List<String> list, List<String> list2, List<String> list3) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String[] permissionKeyToParts = permissionKeyToParts(it.next());
            String permissionType = getPermissionType(permissionKeyToParts);
            if (BAMBOO_PERMISSION_FORM_USER.equals(permissionType)) {
                String permissionPrincipal = getPermissionPrincipal(permissionKeyToParts);
                if (!list2.contains(permissionPrincipal)) {
                    list2.add(permissionPrincipal);
                }
            } else if (BAMBOO_PERMISSION_FORM_GROUP.equals(permissionType)) {
                String permissionPrincipal2 = getPermissionPrincipal(permissionKeyToParts);
                if (!list3.contains(permissionPrincipal2)) {
                    list3.add(permissionPrincipal2);
                }
            }
        }
    }

    @NotNull
    public List<String> addViewPermissionsForEditPermissions(@NotNull List<String> list) {
        HashSet hashSet = new HashSet();
        for (String str : list) {
            String[] permissionKeyToParts = permissionKeyToParts(str);
            if (BambooPermission.WRITE.getName().equals(getPermissionName(permissionKeyToParts))) {
                hashSet.add(PERMISSION_KEY_JOINER.join(BAMBOO_PERMISSION_PREFIX, getPermissionType(permissionKeyToParts), new Object[]{getPermissionPrincipal(permissionKeyToParts), BambooPermission.READ.getName()}));
            }
            hashSet.add(str);
        }
        return new ArrayList(hashSet);
    }

    public Iterable<Permission> getUserPermissions(@NotNull String str, @NotNull Acl acl, @NotNull BambooPermissionManager bambooPermissionManager, boolean z) {
        if (!bambooPermissionManager.hasGlobalPermission(BambooPermission.RESTRICTEDADMINISTRATION)) {
            throw new UnauthorisedException("Restricted admin permission required");
        }
        String str2 = "bambooPermission_user_" + str + "_";
        return (Iterable) getGrantedPermissions(acl, bambooPermissionManager, z).stream().filter(str3 -> {
            return str3.startsWith(str2);
        }).map(str4 -> {
            return str4.substring(str2.length());
        }).map(BambooPermission::buildFromName).collect(Collectors.toList());
    }

    public Iterable<Permission> getGroupPermissions(@NotNull String str, @NotNull Acl acl, @NotNull BambooPermissionManager bambooPermissionManager, boolean z) {
        if (!bambooPermissionManager.hasGlobalPermission(BambooPermission.RESTRICTEDADMINISTRATION)) {
            throw new UnauthorisedException("Restricted admin permission required");
        }
        String str2 = "bambooPermission_group_" + str + "_";
        return (Iterable) getGrantedPermissions(acl, bambooPermissionManager, z).stream().filter(str3 -> {
            return str3.startsWith(str2);
        }).map(str4 -> {
            return str4.substring(str2.length());
        }).map(BambooPermission::buildFromName).collect(Collectors.toList());
    }

    public Map<String, List<Permission>> getRolePermissions(@NotNull Acl acl, @NotNull BambooPermissionManager bambooPermissionManager, boolean z) {
        if (!bambooPermissionManager.hasGlobalPermission(BambooPermission.RESTRICTEDADMINISTRATION)) {
            throw new UnauthorisedException("Restricted admin permission required");
        }
        ImmutableMap of = ImmutableMap.of(Authority.USER.getAuthority(), new ArrayList(), Authority.ANONYMOUS.getAuthority(), new ArrayList());
        for (String str : getGrantedPermissions(acl, bambooPermissionManager, z)) {
            if (str.startsWith(BAMBOO_PERMISSION_FORM_ROLE_PREFIX)) {
                int lastIndexOf = str.lastIndexOf(BAMBOO_PERMISSION_FORM_SEPARATOR);
                String substring = str.substring(BAMBOO_PERMISSION_FORM_ROLE_PREFIX.length(), lastIndexOf);
                Permission buildFromName = BambooPermission.buildFromName(str.substring(lastIndexOf + 1));
                if (of.containsKey(substring)) {
                    ((List) of.get(substring)).add(buildFromName);
                } else {
                    log.info("Unknown role:" + substring);
                }
            }
        }
        return of;
    }

    private List<String> getGrantedPermissions(@NotNull Acl acl, @NotNull BambooPermissionManager bambooPermissionManager, boolean z) {
        ArrayList arrayList = new ArrayList();
        buildPermissionAndUserGroupListsFromAcl(arrayList, new ArrayList(), new ArrayList(), new ArrayList(), acl, z, bambooPermissionManager);
        return arrayList;
    }

    public void updateRolePermissions(@Nullable String str, @NotNull List<Permission> list, @NotNull BambooPermissionManager bambooPermissionManager, @NotNull HibernateMutableAclService hibernateMutableAclService, @NotNull AdministrationConfigurationAccessor administrationConfigurationAccessor, @NotNull AdministrationConfigurationPersister administrationConfigurationPersister) throws WebValidationException {
        if (!bambooPermissionManager.hasGlobalPermission(BambooPermission.RESTRICTEDADMINISTRATION)) {
            throw new UnauthorisedException("Restricted admin permission required");
        }
        BambooValidationUtils.checkErrors(validateRolePermissionUpdateRequest(str, list));
        updatePermissions("bambooPermission_role_" + str + "_", list, hibernateMutableAclService);
        if (Authority.ANONYMOUS.getAuthority().equals(str)) {
            boolean contains = list.contains(BambooPermission.READ);
            AdministrationConfiguration administrationConfiguration = administrationConfigurationAccessor.getAdministrationConfiguration();
            administrationConfiguration.setEnableAnonymousAccess(contains);
            administrationConfigurationPersister.saveAdministrationConfiguration(administrationConfiguration);
        }
    }

    @VisibleForTesting
    protected ErrorCollection validateRolePermissionUpdateRequest(@NotNull String str, @NotNull List<Permission> list) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        if (!Authority.USER.getAuthority().equals(str) && !Authority.ANONYMOUS.getAuthority().equals(str)) {
            simpleErrorCollection.addErrorMessage(String.format("Invalid role name: %s. Must be %s or %s", str, Authority.USER.getAuthority(), Authority.ANONYMOUS.getAuthority()));
            return simpleErrorCollection;
        }
        if (!Authority.USER.getAuthority().equals(str) && list.stream().anyMatch(permission -> {
            return !BambooPermission.READ.equals(permission);
        })) {
            simpleErrorCollection.addErrorMessage("Anonymous cannot have any update permission");
        }
        return simpleErrorCollection;
    }

    public void updateUserPermissions(@Nullable String str, @NotNull List<Permission> list, @NotNull BambooUserManager bambooUserManager, @NotNull BambooPermissionManager bambooPermissionManager, @NotNull HibernateMutableAclService hibernateMutableAclService, @NotNull I18nResolver i18nResolver) throws WebValidationException {
        BambooValidationUtils.validateField("name", StringUtils.isNotBlank(str), () -> {
            return i18nResolver.getText("user.username.error.required");
        });
        if (!bambooPermissionManager.hasGlobalPermission(BambooPermission.RESTRICTEDADMINISTRATION)) {
            throw new UnauthorisedException("Restricted admin permission required");
        }
        User user = bambooUserManager.getUser(str);
        if (user == null) {
            throw new NotFoundException(i18nResolver.getText("user.not.exists"));
        }
        BambooValidationUtils.checkErrors(validateUserPermissionsUpdateRequest(user, list, bambooUserManager, bambooPermissionManager));
        updatePermissions("bambooPermission_user_" + user.getName() + "_", list, hibernateMutableAclService);
    }

    public void updateGroupPermissions(@Nullable String str, @NotNull List<Permission> list, @NotNull BambooPermissionManager bambooPermissionManager, @NotNull HibernateMutableAclService hibernateMutableAclService, @NotNull BambooUserManager bambooUserManager, @NotNull I18nResolver i18nResolver) throws WebValidationException {
        BambooValidationUtils.validateField("name", StringUtils.isNotBlank(str), () -> {
            return i18nResolver.getText("group.groupName.error.required");
        });
        Group group = bambooUserManager.getGroup(str);
        if (group == null) {
            throw new NotFoundException(i18nResolver.getText("group.not.exists"));
        }
        updateGroupPermissions(group, list, bambooPermissionManager, hibernateMutableAclService);
    }

    public void updateGroupPermissions(@Nullable String str, @NotNull List<Permission> list, @NotNull BambooPermissionManager bambooPermissionManager, @NotNull HibernateMutableAclService hibernateMutableAclService, @NotNull BambooUserManager bambooUserManager, @NotNull TextProvider textProvider) throws WebValidationException {
        BambooValidationUtils.validateField("name", StringUtils.isNotBlank(str), () -> {
            return textProvider.getText("group.groupName.error.required");
        });
        Group group = bambooUserManager.getGroup(str);
        if (group == null) {
            throw new NotFoundException(textProvider.getText("group.not.exists"));
        }
        updateGroupPermissions(group, list, bambooPermissionManager, hibernateMutableAclService);
    }

    public void updateGroupPermissions(@NotNull Group group, @NotNull List<Permission> list, @NotNull BambooPermissionManager bambooPermissionManager, @NotNull HibernateMutableAclService hibernateMutableAclService) throws WebValidationException {
        if (!bambooPermissionManager.hasGlobalPermission(BambooPermission.RESTRICTEDADMINISTRATION)) {
            throw new UnauthorisedException("Restricted admin permission required");
        }
        BambooValidationUtils.checkErrors(validateUpdateRequest(group, list, bambooPermissionManager));
        updatePermissions("bambooPermission_group_" + group.getName() + "_", list, hibernateMutableAclService);
    }

    private void updatePermissions(String str, List<Permission> list, HibernateMutableAclService hibernateMutableAclService) {
        hibernateMutableAclService.updateAclAces(hibernateMutableAclService.getAclOfGlobalPermission(), (List) Stream.concat(Arrays.stream(hibernateMutableAclService.getAclOfGlobalPermission().getEntries()).map(BambooAclUpdateHelper::getPermissionKeyFromAce).flatMap(BambooOptionals::stream).filter(str2 -> {
            return !str2.startsWith(str);
        }), list.stream().map(BambooPermission::determineNameFromPermission).map(str3 -> {
            return str + str3;
        })).collect(Collectors.toList()));
    }

    @Deprecated
    public static String retrievePermissionFromACE(@NotNull AccessControlEntry accessControlEntry) {
        return getPermissionKeyFromAce(accessControlEntry).orElse(null);
    }

    @VisibleForTesting
    @NotNull
    protected ErrorCollection validateUpdateRequest(@Nullable Group group, @NotNull List<Permission> list, @NotNull BambooPermissionManager bambooPermissionManager) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        Collection adminGroups = bambooPermissionManager.getAdminGroups();
        if (!isSystemAdministrator(bambooPermissionManager) && (adminGroups.contains(group.getName()) || list.contains(BambooPermission.ADMINISTRATION))) {
            throw new UnauthorisedException("Current user cannot modify System Admin permissions");
        }
        Collection adminUsers = bambooPermissionManager.getAdminUsers();
        String name = group.getName();
        if (!list.contains(BambooPermission.ADMINISTRATION) && adminGroups.size() == 1 && adminGroups.contains(name) && adminUsers.isEmpty()) {
            simpleErrorCollection.addError("permissions", "You must have at least one administrator");
        }
        return simpleErrorCollection;
    }

    @VisibleForTesting
    @NotNull
    ErrorCollection validateUserPermissionsUpdateRequest(@NotNull User user, @NotNull List<Permission> list, @NotNull BambooUserManager bambooUserManager, @NotNull BambooPermissionManager bambooPermissionManager) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        Collection adminUsers = bambooPermissionManager.getAdminUsers();
        if (!isSystemAdministrator(bambooPermissionManager) && (adminUsers.contains(user.getName()) || list.contains(BambooPermission.ADMINISTRATION))) {
            throw new UnauthorisedException("Current user cannot modify System Admin permissions");
        }
        if (!list.contains(BambooPermission.ADMINISTRATION) && adminUsers.size() == 1 && adminUsers.contains(user.getName())) {
            Stream stream = bambooPermissionManager.getAdminGroups().stream();
            Objects.requireNonNull(bambooUserManager);
            Stream map = stream.map(bambooUserManager::getGroup);
            Objects.requireNonNull(bambooUserManager);
            if (!map.map(bambooUserManager::getMemberNamesAsList).anyMatch((v0) -> {
                return CollectionUtils.isNotEmpty(v0);
            })) {
                simpleErrorCollection.addError("permissions", "You must have at least one administrator");
            }
        }
        return simpleErrorCollection;
    }

    private boolean isSystemAdministrator(@NotNull BambooPermissionManager bambooPermissionManager) {
        return bambooPermissionManager.hasGlobalPermission(BambooPermission.ADMINISTRATION);
    }

    public void buildPermissionAndUserGroupListsFromAcl(@NotNull List<String> list, @NotNull List<String> list2, @NotNull List<String> list3, @NotNull List<String> list4, @NotNull Acl acl, boolean z, @NotNull BambooPermissionManager bambooPermissionManager) {
        for (AccessControlEntry accessControlEntry : acl.getEntries()) {
            GroupPrincipalSid sid = accessControlEntry.getSid();
            String determineNameFromPermission = BambooPermission.determineNameFromPermission(accessControlEntry.getPermission());
            if (sid instanceof GroupPrincipalSid) {
                String principal = sid.getPrincipal();
                if (!bambooPermissionManager.getAdminGroups().contains(principal) || z) {
                    if (!list3.contains(principal)) {
                        list3.add(principal);
                    }
                    if (determineNameFromPermission != null) {
                        list.add(createGroupPermissionKey(principal, determineNameFromPermission));
                    }
                } else {
                    list4.add(createGroupPermissionKey(principal, determineNameFromPermission));
                }
            } else if (sid instanceof PrincipalSid) {
                String principal2 = ((PrincipalSid) sid).getPrincipal();
                if (!bambooPermissionManager.hasPermission(principal2, BambooPermission.ADMINISTRATION, GlobalApplicationSecureObject.INSTANCE) || z) {
                    if (!list2.contains(principal2)) {
                        list2.add(principal2);
                    }
                    if (determineNameFromPermission != null) {
                        list.add(createUserPermissionKey(principal2, determineNameFromPermission));
                    }
                } else {
                    list4.add(createUserPermissionKey(principal2, determineNameFromPermission));
                }
            } else if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                if (Authority.ADMIN.getAuthority().equals(grantedAuthority) && !z) {
                    list4.add(createRolePermissionKey(grantedAuthority, determineNameFromPermission));
                } else if (determineNameFromPermission != null) {
                    list.add(createRolePermissionKey(grantedAuthority, determineNameFromPermission));
                }
            }
        }
    }

    public void modifyAclAces(MutableAcl mutableAcl, List<String> list) {
        ArrayList<String> arrayList = new ArrayList(list);
        for (AccessControlEntry accessControlEntry : mutableAcl.getEntries()) {
            String orElse = getPermissionKeyFromAce(accessControlEntry).orElse("");
            if (arrayList.contains(orElse)) {
                arrayList.remove(orElse);
            } else {
                mutableAcl.deleteAce(accessControlEntry.getId());
            }
        }
        for (String str : arrayList) {
            String permissionName = getPermissionName(permissionKeyToParts(str));
            Sid sid = null;
            try {
                sid = getSidFromPermissionKey(str);
            } catch (IllegalArgumentException e) {
                log.debug("Ignoring permission key " + str + " as it is invalid");
            }
            if (sid != null) {
                mutableAcl.insertAce((Serializable) null, BambooPermission.buildFromName(permissionName), sid, true);
            }
        }
    }

    public void addPermissionsToAclForCurrentUser(@NotNull MutableAcl mutableAcl, @NotNull List<BambooPermission> list) {
        ContainerManager.autowireComponent(mutableAcl);
        PrincipalSid principalSid = new PrincipalSid(SecurityContextHolder.getContext().getAuthentication());
        list.forEach(bambooPermission -> {
            mutableAcl.insertAce((Serializable) null, bambooPermission, principalSid, true);
        });
    }

    private PrincipalSid getCreatorSid(@Nullable User user) {
        return user != null ? new PrincipalSid(user.getName()) : new PrincipalSid(SecurityContextHolder.getContext().getAuthentication());
    }

    @NotNull
    public MutableAcl createNewDefaultAcl(@Nullable User user, Class<? extends Plan> cls, boolean z) {
        PrincipalSid creatorSid = getCreatorSid(user);
        HibernateAclImpl hibernateAclImpl = new HibernateAclImpl(new HibernateObjectIdentityImpl((Class) cls, (Serializable) (-1L)), null, true, creatorSid);
        ContainerManager.autowireComponent(hibernateAclImpl);
        if (z) {
            addBasicAclsForUsers(hibernateAclImpl, true);
        }
        if (user != null) {
            addBasicAclsForCreator(creatorSid, hibernateAclImpl);
            hibernateAclImpl.insertAce((Serializable) null, BambooPermission.BUILD, creatorSid, true);
            hibernateAclImpl.insertAce((Serializable) null, BambooPermission.CREATE_PLAN_BRANCH, creatorSid, true);
        }
        return hibernateAclImpl;
    }

    @NotNull
    public MutableAcl createNewObjectAcl(@Nullable User user, Class<? extends BambooIdProvider> cls, long j, boolean z) {
        PrincipalSid creatorSid = getCreatorSid(user);
        HibernateAclImpl hibernateAclImpl = new HibernateAclImpl(new HibernateObjectIdentityImpl((Class) cls, (Serializable) (-1L)), null, true, creatorSid);
        ContainerManager.autowireComponent(hibernateAclImpl);
        if (z) {
            addBasicAclsForUsers(hibernateAclImpl, false);
        }
        if (user != null) {
            addBasicAclsForCreator(creatorSid, hibernateAclImpl);
            hibernateAclImpl.insertAce((Serializable) null, BambooPermission.APPROVE_RELEASE, creatorSid, true);
            hibernateAclImpl.insertAce((Serializable) null, BambooPermission.CREATE_RELEASE, creatorSid, true);
        }
        hibernateAclImpl.setObjectIdentity(new HibernateObjectIdentityImpl(cls, Long.valueOf(j)));
        return hibernateAclImpl;
    }

    @NotNull
    public MutableAcl copyProjectPermissionsToEnvironment(@Nullable User user, Class<? extends BambooIdProvider> cls, long j, Acl acl, boolean z) {
        boolean z2;
        PrincipalSid creatorSid = getCreatorSid(user);
        MutableAcl clonePermissions = clonePermissions(user, cls, j, acl, Set.of(BambooPermission.APPROVE_RELEASE, BambooPermission.CREATE_RELEASE, BambooPermission.CLONE, BambooPermission.ADMINISTRATION));
        if (user != null) {
            clonePermissions.insertAce((Serializable) null, BambooPermission.BUILD, creatorSid, true);
        }
        if (z) {
            try {
                z2 = clonePermissions.isGranted(new Permission[]{BambooPermission.READ}, new Sid[]{new GrantedAuthoritySid(Authority.USER)}, true);
            } catch (org.acegisecurity.acls.NotFoundException e) {
                z2 = false;
            }
            if (z2) {
                addBuildPermissionForAllUsersIfSoxCompliant(clonePermissions);
            }
        }
        return clonePermissions;
    }

    @NotNull
    public MutableAcl clonePermissions(@Nullable User user, Class<? extends BambooIdProvider> cls, long j, Acl acl) {
        return clonePermissions(user, cls, j, acl, Collections.emptySet());
    }

    @NotNull
    public MutableAcl clonePermissions(@Nullable User user, Class<? extends BambooIdProvider> cls, long j, Acl acl, Set<Permission> set) {
        HibernateAclImpl hibernateAclImpl = new HibernateAclImpl(new HibernateObjectIdentityImpl((Class) cls, (Serializable) (-1L)), null, true, getCreatorSid(user));
        ContainerManager.autowireComponent(hibernateAclImpl);
        if (user != null) {
            Arrays.stream(acl.getEntries()).filter(accessControlEntry -> {
                return accessControlEntry.getPermission() == null || !set.contains(accessControlEntry.getPermission());
            }).forEach(accessControlEntry2 -> {
                hibernateAclImpl.insertAce((Serializable) null, accessControlEntry2.getPermission(), accessControlEntry2.getSid(), accessControlEntry2.isGranting());
            });
        }
        hibernateAclImpl.setObjectIdentity(new HibernateObjectIdentityImpl(cls, Long.valueOf(j)));
        return hibernateAclImpl;
    }

    @NotNull
    public static String extractPrincipalFromSid(@NotNull Sid sid) {
        if (sid instanceof GrantedAuthoritySid) {
            return ((GrantedAuthoritySid) sid).getGrantedAuthority();
        }
        if (sid instanceof PrincipalSid) {
            return ((PrincipalSid) sid).getPrincipal();
        }
        if (sid instanceof GroupPrincipalSid) {
            return ((GroupPrincipalSid) sid).getPrincipal();
        }
        throw new IllegalStateException("Unknown SID type: " + sid.getClass().getName());
    }

    public static String extractSidTypeFromSid(@NotNull Sid sid) {
        if (sid instanceof GrantedAuthoritySid) {
            return BAMBOO_PERMISSION_FORM_ROLE;
        }
        if (sid instanceof PrincipalSid) {
            return BAMBOO_PERMISSION_FORM_USER;
        }
        if (sid instanceof GroupPrincipalSid) {
            return BAMBOO_PERMISSION_FORM_GROUP;
        }
        throw new IllegalStateException("Unknown SID type: " + sid.getClass().getName());
    }

    @NotNull
    public Sid getSidFromPermissionKey(@NotNull String str) {
        String[] permissionKeyToParts = permissionKeyToParts(str);
        String permissionPrincipal = getPermissionPrincipal(permissionKeyToParts);
        String permissionType = getPermissionType(permissionKeyToParts);
        if (BAMBOO_PERMISSION_FORM_USER.equals(permissionType)) {
            return new PrincipalSid(permissionPrincipal);
        }
        if (BAMBOO_PERMISSION_FORM_GROUP.equals(permissionType)) {
            return new GroupPrincipalSid(permissionPrincipal);
        }
        if (BAMBOO_PERMISSION_FORM_ROLE.equals(permissionType)) {
            return new GrantedAuthoritySid(permissionPrincipal);
        }
        throw new IllegalArgumentException("Unknown permission type: " + permissionType);
    }

    public void addReadPermissionForAnonymousAndLoggedinUsers(@NotNull MutableAcl mutableAcl) {
        mutableAcl.insertAce((Serializable) null, BambooPermission.READ, new GrantedAuthoritySid(Authority.USER), true);
        mutableAcl.insertAce((Serializable) null, BambooPermission.READ, new GrantedAuthoritySid(Authority.ANONYMOUS), true);
    }

    @NotNull
    public Sid getSidFromIdAndType(@NotNull String str, @NotNull String str2) {
        boolean z = -1;
        switch (str2.hashCode()) {
            case -905228673:
                if (str2.equals(HibernateSidUserType.SID_TYPE_GRANTED_AUTHORITY)) {
                    z = 2;
                    break;
                }
                break;
            case -702591442:
                if (str2.equals(HibernateSidUserType.SID_TYPE_GROUP_PRINCIPAL)) {
                    z = true;
                    break;
                }
                break;
            case 974553102:
                if (str2.equals(HibernateSidUserType.SID_TYPE_PRINCIPAL)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case SUCCESS_VALUE:
                return new PrincipalSid(str);
            case true:
                return new GroupPrincipalSid(str);
            case true:
                return new GrantedAuthoritySid(str);
            default:
                throw new IllegalArgumentException("Unknown sid type: " + str2);
        }
    }

    private void addBasicAclsForUsers(@NotNull MutableAcl mutableAcl, boolean z) {
        addReadPermissionForAnonymousAndLoggedinUsers(mutableAcl);
        if (z) {
            addBuildPermissionForAllUsersIfSoxCompliant(mutableAcl);
        }
    }

    private void addBasicAclsForCreator(@NotNull PrincipalSid principalSid, @NotNull MutableAcl mutableAcl) {
        mutableAcl.insertAce((Serializable) null, BambooPermission.ADMINISTRATION, principalSid, true);
        mutableAcl.insertAce((Serializable) null, BambooPermission.WRITE, principalSid, true);
        mutableAcl.insertAce((Serializable) null, BambooPermission.VIEW_CONFIGURATION, principalSid, true);
        mutableAcl.insertAce((Serializable) null, BambooPermission.READ, principalSid, true);
        mutableAcl.insertAce((Serializable) null, BambooPermission.CLONE, principalSid, true);
    }

    private void addBuildPermissionForAllUsersIfSoxCompliant(MutableAcl mutableAcl) {
        BambooPermissionManager bambooPermissionManager = ComponentAccessor.BAMBOO_PERMISSION_MANAGER.get();
        AdministrationConfigurationAccessor administrationConfigurationAccessor = ComponentAccessor.ADMINISTRATION_CONFIGURATION_ACCESSOR.get();
        boolean hasPermissionForAuthority = bambooPermissionManager.hasPermissionForAuthority(BambooPermission.SOX_COMPLIANCE, GlobalApplicationSecureObject.INSTANCE, Authority.USER);
        if (administrationConfigurationAccessor.getAdministrationConfiguration().isSoxComplianceModeEnabled() && hasPermissionForAuthority) {
            mutableAcl.insertAce((Serializable) null, BambooPermission.BUILD, new GrantedAuthoritySid(Authority.USER), true);
        }
    }

    String[] permissionKeyToParts(@NotNull String str) {
        return str.split(BAMBOO_PERMISSION_FORM_SEPARATOR);
    }

    String getPermissionName(String[] strArr) {
        if ($assertionsDisabled || strArr.length >= 4) {
            return strArr[strArr.length - 1];
        }
        throw new AssertionError();
    }

    public Permission getPermission(String str) {
        return BambooPermission.buildFromName(getPermissionName(permissionKeyToParts(str)));
    }

    String getPermissionPrincipal(String[] strArr) {
        if ($assertionsDisabled || strArr.length >= 4) {
            return Joiner.on(BAMBOO_PERMISSION_FORM_SEPARATOR).join(Arrays.copyOfRange(strArr, 2, strArr.length - 1));
        }
        throw new AssertionError();
    }

    String getPermissionType(String[] strArr) {
        if ($assertionsDisabled || strArr.length >= 4) {
            return strArr[1];
        }
        throw new AssertionError();
    }

    static {
        $assertionsDisabled = !BambooAclUpdateHelper.class.desiredAssertionStatus();
        log = LogManager.getLogger(BambooAclUpdateHelper.class);
        PERMISSION_KEY_JOINER = Joiner.on(BAMBOO_PERMISSION_FORM_SEPARATOR);
    }
}
