package org.opencastproject.security.util;

import de.schlichtherle.io.Entry;
import java.net.URL;
import java.util.Optional;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.opencastproject.security.api.JaxbOrganization;
import org.opencastproject.security.api.JaxbRole;
import org.opencastproject.security.api.JaxbUser;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.OrganizationDirectoryService;
import org.opencastproject.security.api.SecurityConstants;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.security.api.UnauthorizedException;
import org.opencastproject.security.api.User;
import org.opencastproject.security.api.UserDirectoryService;
import org.opencastproject.util.ConfigurationException;
import org.opencastproject.util.NotFoundException;
import org.opencastproject.util.data.Tuple;
import org.osgi.service.component.ComponentContext;

/* loaded from: input_file:org/opencastproject/security/util/SecurityUtil.class */
public final class SecurityUtil {
    private static final Pattern SANITIZING_PATTERN = Pattern.compile("[^a-zA-Z0-9_]");
    public static final String PROPERTY_KEY_SYS_USER = "org.opencastproject.security.digest.user";

    private SecurityUtil() {
    }

    public static void runAs(SecurityService securityService, Organization organization, User user, Runnable runnable) {
        Organization organization2 = securityService.getOrganization();
        User user2 = organization2 != null ? securityService.getUser() : null;
        securityService.setOrganization(organization);
        securityService.setUser(user);
        try {
            runnable.run();
            securityService.setOrganization(organization2);
            securityService.setUser(user2);
        } catch (Throwable th) {
            securityService.setOrganization(organization2);
            securityService.setUser(user2);
            throw th;
        }
    }

    public static User createSystemUser(String str, Organization organization) {
        JaxbOrganization fromOrganization = JaxbOrganization.fromOrganization(organization);
        return new JaxbUser(str, (String) null, fromOrganization, new JaxbRole("ROLE_ADMIN", fromOrganization), new JaxbRole(organization.getAdminRole(), fromOrganization));
    }

    public static User createAnonymousUser(Organization organization) {
        JaxbOrganization fromOrganization = JaxbOrganization.fromOrganization(organization);
        return new JaxbUser(SecurityConstants.GLOBAL_ANONYMOUS_USERNAME, (String) null, fromOrganization, new JaxbRole(fromOrganization.getAnonymousRole(), fromOrganization));
    }

    public static User createSystemUser(ComponentContext componentContext, Organization organization) {
        return createSystemUser(componentContext.getBundleContext().getProperty("org.opencastproject.security.digest.user"), organization);
    }

    public static String getSystemUserName(ComponentContext componentContext) {
        String property = componentContext.getBundleContext().getProperty("org.opencastproject.security.digest.user");
        if (property != null) {
            return property;
        }
        throw new ConfigurationException("An Opencast installation always needs a system user name. Please configure one under the key org.opencastproject.security.digest.user");
    }

    public static Optional<Tuple<User, Organization>> getUserAndOrganization(SecurityService securityService, OrganizationDirectoryService organizationDirectoryService, String str, UserDirectoryService userDirectoryService, String str2) {
        Organization organization = securityService.getOrganization();
        try {
            try {
                Organization organization2 = organizationDirectoryService.getOrganization(str);
                securityService.setOrganization(organization2);
                Optional<Tuple<User, Organization>> map = Optional.ofNullable(userDirectoryService.loadUser(str2)).map(user -> {
                    return Tuple.tuple(user, organization2);
                });
                securityService.setOrganization(organization);
                return map;
            } catch (NotFoundException e) {
                Optional<Tuple<User, Organization>> empty = Optional.empty();
                securityService.setOrganization(organization);
                return empty;
            }
        } catch (Throwable th) {
            securityService.setOrganization(organization);
            throw th;
        }
    }

    public static Tuple<String, Integer> hostAndPort(URL url) {
        return Tuple.tuple(StringUtils.strip(url.getHost(), "/"), Integer.valueOf(url.getPort()));
    }

    public static void checkAgentAccess(SecurityService securityService, String str) throws UnauthorizedException {
        if (StringUtils.isBlank(str)) {
            return;
        }
        User user = securityService.getUser();
        if (!user.hasRole("ROLE_ADMIN") && !user.hasRole(user.getOrganization().getAdminRole()) && !user.hasRole(getCaptureAgentRole(str))) {
            throw new UnauthorizedException(user, "schedule");
        }
    }

    private static String sanitizeCaName(String str) {
        return SANITIZING_PATTERN.matcher(str).replaceAll(Entry.ROOT_NAME).toUpperCase();
    }

    public static String getCaptureAgentRole(String str) {
        return "ROLE_CAPTURE_AGENT_" + sanitizeCaName(str);
    }
}
