package org.jahia.bundles.jaas;

import java.io.IOException;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.apache.karaf.jaas.boot.principal.GroupPrincipal;
import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.apache.karaf.jaas.boot.principal.UserPrincipal;
import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
import org.jahia.api.usermanager.JahiaUserManagerService;
import org.jahia.services.content.JCRTemplate;
import org.jahia.services.content.decorator.JCRUserNode;

/* loaded from: input_file:org/jahia/bundles/jaas/JahiaLoginModule.class */
public class JahiaLoginModule extends AbstractKarafLoginModule {
    private JahiaUserManagerService userManagerService;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map2);
        this.userManagerService = (JahiaUserManagerService) this.bundleContext.getService(this.bundleContext.getServiceReference(JahiaUserManagerService.class));
    }

    public boolean login() throws LoginException {
        NameCallback[] nameCallbackArr = {new NameCallback("Username: "), new PasswordCallback("Password: ", false)};
        if (this.callbackHandler != null) {
            try {
                this.callbackHandler.handle(nameCallbackArr);
            } catch (IOException e) {
                throw new LoginException(e.getMessage());
            } catch (UnsupportedCallbackException e2) {
                throw new LoginException(e2.getMessage() + " not available to obtain information from user");
            }
        }
        if (nameCallbackArr[0].getName() == null) {
            throw new LoginException("Username can not be null");
        }
        checkPermissions(checkUser(nameCallbackArr));
        this.succeeded = true;
        return true;
    }

    private JCRUserNode checkUser(Callback[] callbackArr) throws LoginException {
        this.user = ((NameCallback) callbackArr[0]).getName();
        if (((PasswordCallback) callbackArr[1]).getPassword() == null) {
            throw new LoginException("Password can not be null");
        }
        String str = new String(((PasswordCallback) callbackArr[1]).getPassword());
        JCRUserNode lookup = this.userManagerService.lookup(this.user);
        if (!(lookup != null)) {
            throw new FailedLoginException("User " + this.user + " does not exist");
        }
        if (lookup.verifyPassword(str)) {
            return lookup;
        }
        throw new FailedLoginException("Password for " + this.user + " does not match");
    }

    private void checkPermissions(JCRUserNode jCRUserNode) throws FailedLoginException {
        this.principals = new HashSet();
        this.principals.add(new UserPrincipal(this.user));
        try {
            if (((Boolean) JCRTemplate.getInstance().doExecute(jCRUserNode.getJahiaUser(), (String) null, (Locale) null, jCRSessionWrapper -> {
                return Boolean.valueOf(jCRSessionWrapper.getNode("/tools").hasPermission("jcr:write"));
            })).booleanValue()) {
                this.principals.add(new GroupPrincipal("admingroup"));
                this.principals.add(new RolePrincipal("group"));
                this.principals.add(new RolePrincipal("admin"));
                this.principals.add(new RolePrincipal("manager"));
                this.principals.add(new RolePrincipal("viewer"));
                this.principals.add(new RolePrincipal("ssh"));
                this.principals.add(new RolePrincipal("systembundles"));
            }
        } catch (PathNotFoundException e) {
        } catch (RepositoryException e2) {
            throw new FailedLoginException("Cannot check permission : " + e2.getMessage());
        }
    }
}
