package org.nuxeo.runtime.api.login;

import java.io.Serializable;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.runtime.api.RuntimeInstanceIdentifier;
import org.nuxeo.runtime.model.ComponentContext;
import org.nuxeo.runtime.model.ComponentInstance;
import org.nuxeo.runtime.model.ComponentName;
import org.nuxeo.runtime.model.DefaultComponent;

/* loaded from: input_file:org/nuxeo/runtime/api/login/LoginComponent.class */
public class LoginComponent extends DefaultComponent implements LoginService {
    public static final String SYSTEM_LOGIN = "nuxeo-system-login";
    public static final String CLIENT_LOGIN = "nuxeo-client-login";
    public static final String SYSTEM_USERNAME = "system";
    private LoginConfiguration config;
    private final Map<String, SecurityDomain> domains = new Hashtable();
    private SecurityDomain systemLogin;
    private SecurityDomain clientLogin;
    public static final ComponentName NAME = new ComponentName("org.nuxeo.runtime.LoginComponent");
    protected static final String instanceId = RuntimeInstanceIdentifier.getId();
    protected static final SystemLoginRestrictionManager systemLoginManager = new SystemLoginRestrictionManager();
    protected static final Log log = LogFactory.getLog(LoginComponent.class);

    /* loaded from: input_file:org/nuxeo/runtime/api/login/LoginComponent$SystemID.class */
    public static class SystemID implements Principal, Serializable {
        private static final long serialVersionUID = 2758247997191809993L;
        private final String userName;
        protected final String sourceInstanceId;

        public SystemID() {
            this.sourceInstanceId = LoginComponent.instanceId;
            this.userName = null;
        }

        public SystemID(String str) {
            this.sourceInstanceId = LoginComponent.instanceId;
            this.userName = str == null ? LoginComponent.SYSTEM_USERNAME : str;
        }

        @Override // java.security.Principal
        public String getName() {
            return this.userName;
        }

        public String getSourceInstanceId() {
            return this.sourceInstanceId;
        }

        @Override // java.security.Principal
        public boolean equals(Object obj) {
            if (!(obj instanceof Principal)) {
                return false;
            }
            String name = ((Principal) obj).getName();
            if ((this.userName == null && name != null) || !this.userName.equals(name)) {
                return false;
            }
            if (!LoginComponent.systemLoginManager.isRemoteSystemLoginRestricted() || !(obj instanceof SystemID)) {
                return true;
            }
            String str = ((SystemID) obj).sourceInstanceId;
            return this.sourceInstanceId == null ? str == null : this.sourceInstanceId.equals(str);
        }

        @Override // java.security.Principal
        public int hashCode() {
            if (LoginComponent.systemLoginManager.isRemoteSystemLoginRestricted()) {
                if (this.userName == null) {
                    return 0;
                }
                return this.userName.hashCode() + this.sourceInstanceId.hashCode();
            }
            if (this.userName == null) {
                return 0;
            }
            return this.userName.hashCode();
        }
    }

    @Override // org.nuxeo.runtime.model.DefaultComponent, org.nuxeo.runtime.model.Component
    public void activate(ComponentContext componentContext) throws Exception {
        Configuration configuration = null;
        try {
            configuration = Configuration.getConfiguration();
        } catch (Exception e) {
        }
        this.config = new LoginConfiguration(this, configuration);
        Configuration.setConfiguration(this.config);
    }

    @Override // org.nuxeo.runtime.model.DefaultComponent, org.nuxeo.runtime.model.Component
    public void deactivate(ComponentContext componentContext) throws Exception {
        Configuration.setConfiguration(this.config.getParent());
        this.config = null;
    }

    @Override // org.nuxeo.runtime.model.DefaultComponent
    public void registerContribution(Object obj, String str, ComponentInstance componentInstance) {
        if (str.equals("domains")) {
            addSecurityDomain((SecurityDomain) obj);
        }
    }

    @Override // org.nuxeo.runtime.model.DefaultComponent
    public void unregisterContribution(Object obj, String str, ComponentInstance componentInstance) {
        if (str.equals("domains")) {
            removeSecurityDomain(((SecurityDomain) obj).getName());
        }
    }

    public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
        SecurityDomain securityDomain = this.domains.get(str);
        if (securityDomain != null) {
            return securityDomain.getAppConfigurationEntries();
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.nuxeo.runtime.model.DefaultComponent, org.nuxeo.runtime.model.Adaptable
    public <T> T getAdapter(Class<T> cls) {
        if (LoginService.class.isAssignableFrom(cls)) {
            return this;
        }
        return null;
    }

    @Override // org.nuxeo.runtime.api.login.LoginService
    public SecurityDomain getSecurityDomain(String str) {
        return this.domains.get(str);
    }

    @Override // org.nuxeo.runtime.api.login.LoginService
    public void addSecurityDomain(SecurityDomain securityDomain) {
        this.domains.put(securityDomain.getName(), securityDomain);
        if (SYSTEM_LOGIN.equals(securityDomain.getName())) {
            this.systemLogin = securityDomain;
        } else if (CLIENT_LOGIN.equals(securityDomain.getName())) {
            this.clientLogin = securityDomain;
        }
    }

    @Override // org.nuxeo.runtime.api.login.LoginService
    public void removeSecurityDomain(String str) {
        this.domains.remove(str);
        if (SYSTEM_LOGIN.equals(str)) {
            this.systemLogin = null;
        } else if (CLIENT_LOGIN.equals(str)) {
            this.clientLogin = null;
        }
    }

    @Override // org.nuxeo.runtime.api.login.LoginService
    public SecurityDomain[] getSecurityDomains() {
        return (SecurityDomain[]) this.domains.values().toArray(new SecurityDomain[this.domains.size()]);
    }

    @Override // org.nuxeo.runtime.api.login.LoginService
    public void removeSecurityDomains() {
        this.domains.clear();
        this.systemLogin = null;
        this.clientLogin = null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public LoginContext systemLogin(String str) throws LoginException {
        if (this.systemLogin == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        SystemID systemID = new SystemID(str);
        hashSet.add(systemID);
        return this.systemLogin.login(new Subject(false, hashSet, new HashSet(), new HashSet()), new CredentialsCallbackHandler(systemID.getName(), systemID));
    }

    @Override // org.nuxeo.runtime.api.login.LoginService
    public LoginContext login() throws LoginException {
        return loginAs(null);
    }

    @Override // org.nuxeo.runtime.api.login.LoginService
    public LoginContext loginAs(final String str) throws LoginException {
        try {
            return (LoginContext) AccessController.doPrivileged(new PrivilegedExceptionAction<LoginContext>() { // from class: org.nuxeo.runtime.api.login.LoginComponent.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public LoginContext run() throws LoginException {
                    SecurityManager securityManager = System.getSecurityManager();
                    if (securityManager != null) {
                        securityManager.checkPermission(new SystemLoginPermission());
                    }
                    return LoginComponent.this.systemLogin(str);
                }
            });
        } catch (PrivilegedActionException e) {
            throw ((LoginException) e.getException());
        }
    }

    @Override // org.nuxeo.runtime.api.login.LoginService
    public LoginContext login(String str, Object obj) throws LoginException {
        if (this.clientLogin != null) {
            return this.clientLogin.login(str, obj);
        }
        return null;
    }

    @Override // org.nuxeo.runtime.api.login.LoginService
    public LoginContext login(CallbackHandler callbackHandler) throws LoginException {
        if (this.clientLogin != null) {
            return this.clientLogin.login(callbackHandler);
        }
        return null;
    }

    @Override // org.nuxeo.runtime.api.login.LoginService
    public boolean isSystemId(Principal principal) {
        return isSystemLogin(principal);
    }

    public static boolean isSystemLogin(Object obj) {
        if (obj == null || obj.getClass() != SystemID.class) {
            return false;
        }
        if (!systemLoginManager.isRemoteSystemLoginRestricted()) {
            return true;
        }
        String sourceInstanceId = ((SystemID) obj).getSourceInstanceId();
        if (sourceInstanceId == null) {
            log.warn("Can not accept a system login without InstanceID of the source : System login is rejected");
            return false;
        }
        if (sourceInstanceId.equals(instanceId)) {
            return true;
        }
        if (!systemLoginManager.isRemoveSystemLoginAllowedForInstance(sourceInstanceId)) {
            log.warn("Remote SystemLogin attempt from instance " + sourceInstanceId + " was denied");
            return false;
        }
        if (!log.isTraceEnabled()) {
            return true;
        }
        log.trace("Remote SystemLogin from instance " + sourceInstanceId + " accepted");
        return true;
    }
}
