package org.apache.jackrabbit.core.security;

import java.security.Principal;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.jcr.Credentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.commons.id.IdentifierGenerator;
import org.apache.commons.id.IdentifierGeneratorFactory;
import org.apache.jackrabbit.core.security.authentication.CredentialsCallback;
import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
import org.jahia.jaas.JahiaPrincipal;
import org.jahia.services.content.decorator.JCRUserNode;
import org.jahia.services.usermanager.JahiaGroupManagerService;
import org.jahia.services.usermanager.JahiaUserManagerService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jackrabbit/core/security/JahiaLoginModule.class */
public class JahiaLoginModule implements LoginModule {
    public static final String SYSTEM = " system ";
    public static final String GUEST = " guest ";
    public static final String REALM_ATTRIBUTE = "org.jahia.realm";
    private Subject subject;
    private Set<Principal> principals = new HashSet();
    private CallbackHandler callbackHandler;
    private static final Logger logger = LoggerFactory.getLogger(JahiaLoginModule.class);
    private static IdentifierGenerator idGen = IdentifierGeneratorFactory.newInstance().sessionIdGenerator();
    private static Map<String, Token> systemPass = new ConcurrentHashMap();

    /* loaded from: input_file:org/apache/jackrabbit/core/security/JahiaLoginModule$Token.class */
    public static class Token {
        public String username;
        public List<String> deniedPath;

        Token(String str, List<String> list) {
            this.username = str;
            this.deniedPath = list;
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
    }

    public boolean login() throws LoginException {
        String name2;
        char[] password;
        try {
            String str = null;
            String str2 = null;
            char[] cArr = null;
            CredentialsCallback[] credentialsCallbackArr = {new CredentialsCallback()};
            this.callbackHandler.handle(credentialsCallbackArr);
            SimpleCredentials credentials = credentialsCallbackArr[0].getCredentials();
            if (credentials instanceof SimpleCredentials) {
                SimpleCredentials simpleCredentials = credentials;
                name2 = simpleCredentials.getUserID();
                password = simpleCredentials.getPassword();
                str = (String) simpleCredentials.getAttribute(REALM_ATTRIBUTE);
                SimpleCredentials simpleCredentials2 = (SimpleCredentials) simpleCredentials.getAttribute("org.apache.jackrabbit.core.security.impersonator");
                if (simpleCredentials2 != null) {
                    str2 = simpleCredentials2.getUserID();
                    cArr = simpleCredentials2.getPassword();
                }
            } else {
                NameCallback[] nameCallbackArr = {new NameCallback("name?"), new PasswordCallback("pass?", false)};
                this.callbackHandler.handle(nameCallbackArr);
                name2 = nameCallbackArr[0].getName();
                password = ((PasswordCallback) nameCallbackArr[1]).getPassword();
            }
            if (name2 != null) {
                if (SYSTEM.equals(name2)) {
                    if (removeToken(name2, new String(password)) != null) {
                        this.principals.add(new JahiaPrincipal(SYSTEM, str, true, false));
                        this.principals.add(new SystemPrincipal());
                    }
                } else if (name2.startsWith(SYSTEM)) {
                    if (removeToken(name2, new String(password)) != null) {
                        this.principals.add(new JahiaPrincipal(name2.substring(SYSTEM.length()), str, true, false));
                        this.principals.add(new SystemPrincipal());
                    }
                } else if (GUEST.equals(name2)) {
                    this.principals.add(new JahiaPrincipal(GUEST, (String) null, false, true));
                    this.principals.add(new AnonymousPrincipal());
                } else {
                    String str3 = new String(cArr != null ? cArr : password);
                    String str4 = str2 != null ? str2 : name2;
                    boolean z = removeToken(str4, str3) != null;
                    JCRUserNode jCRUserNode = null;
                    if (!z) {
                        jCRUserNode = JahiaUserManagerService.getInstance().lookupUser(str4);
                        z = jCRUserNode != null && jCRUserNode.verifyPassword(str3);
                    }
                    if (z && str2 != null) {
                        if (jCRUserNode == null) {
                            jCRUserNode = JahiaUserManagerService.getInstance().lookupUser(str4);
                        }
                        if (jCRUserNode == null || !jCRUserNode.isRoot()) {
                            throw new FailedLoginException("Only root user credentials can be used as an impersonator.");
                        }
                        if (!JahiaUserManagerService.getInstance().userExists(name2)) {
                            if (logger.isDebugEnabled()) {
                                logger.debug("User {} is not known, a the guest will be used instead", name2, str2);
                            }
                            this.principals.add(new JahiaPrincipal(GUEST, (String) null, false, true));
                            z = false;
                        }
                    }
                    if (z) {
                        this.principals.add(new JahiaPrincipal(name2, str, false, false));
                        if (str == null && JahiaGroupManagerService.getInstance().isAdminMember(name2, null, null)) {
                            this.principals.add(new AdminPrincipal(name2));
                        }
                    }
                }
                if (this.principals.isEmpty()) {
                    throw new FailedLoginException();
                }
            }
        } catch (UnsupportedCallbackException e) {
        } catch (Exception e2) {
            logger.error(e2.getMessage(), e2);
        }
        return !this.principals.isEmpty();
    }

    public static Token removeToken(String str, String str2) {
        if (systemPass.get(str2) == null || !systemPass.get(str2).username.equals(str)) {
            return null;
        }
        return systemPass.remove(str2);
    }

    public static Token getToken(String str, String str2) {
        if (systemPass.get(str2) == null || !systemPass.get(str2).username.equals(str)) {
            return null;
        }
        return systemPass.get(str2);
    }

    public boolean commit() throws LoginException {
        if (this.principals.isEmpty()) {
            return false;
        }
        this.subject.getPrincipals().addAll(this.principals);
        return true;
    }

    public boolean abort() throws LoginException {
        if (this.principals.isEmpty()) {
            return false;
        }
        logout();
        return true;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().removeAll(this.principals);
        this.principals.clear();
        return true;
    }

    private static String getSystemPass(String str, List<String> list) {
        String obj = idGen.nextIdentifier().toString();
        systemPass.put(obj, new Token(str, list));
        return obj;
    }

    public static Credentials getSystemCredentials() {
        return getSystemCredentials(null, null, null);
    }

    @Deprecated
    public static Credentials getSystemCredentials(String str) {
        logger.warn("Getting system credentials with empty realm for " + str);
        return getSystemCredentials(str, null, null);
    }

    public static Credentials getSystemCredentials(String str, String str2) {
        return getSystemCredentials(str, str2, null);
    }

    @Deprecated
    public static Credentials getSystemCredentials(String str, List<String> list) {
        logger.warn("Getting system credentials with empty realm for " + str);
        return getSystemCredentials(str, null, list);
    }

    public static Credentials getSystemCredentials(String str, String str2, List<String> list) {
        if (str == null) {
            return new SimpleCredentials(SYSTEM, getSystemPass(SYSTEM, list).toCharArray());
        }
        String str3 = SYSTEM + str;
        SimpleCredentials simpleCredentials = new SimpleCredentials(str3, getSystemPass(str3, list).toCharArray());
        simpleCredentials.setAttribute(REALM_ATTRIBUTE, str2);
        return simpleCredentials;
    }

    public static Credentials getGuestCredentials() {
        return new SimpleCredentials(GUEST, new char[0]);
    }

    @Deprecated
    public static Credentials getCredentials(String str) {
        logger.warn("Getting credentials with empty realm for " + str);
        return getCredentials(str, null, null);
    }

    public static Credentials getCredentials(String str, String str2) {
        return getCredentials(str, str2, null);
    }

    @Deprecated
    public static Credentials getCredentials(String str, List<String> list) {
        logger.warn("Getting credentials with empty realm for " + str);
        return getCredentials(str, null, list);
    }

    public static Credentials getCredentials(String str, String str2, List<String> list) {
        SimpleCredentials simpleCredentials = new SimpleCredentials(str, getSystemPass(str, list).toCharArray());
        simpleCredentials.setAttribute(REALM_ATTRIBUTE, str2);
        return simpleCredentials;
    }
}
