package org.apache.jackrabbit.core.security.authentication;

import java.security.Principal;
import java.util.Map;
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.SessionImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/drools/workbench/jcr2vfsmigration/migrationExample.jcr/libs/jackrabbit-core-2.2.8.jar:org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.class */
public class DefaultLoginModule extends AbstractLoginModule {
    private static final Logger log = LoggerFactory.getLogger(DefaultLoginModule.class);
    protected User user;
    private UserManager userManager;

    @Override // org.apache.jackrabbit.core.security.authentication.AbstractLoginModule
    protected void doInit(CallbackHandler callbackHandler, Session session, Map map) throws LoginException {
        if (!(session instanceof SessionImpl)) {
            throw new LoginException("Unable to initialize LoginModule: SessionImpl expected.");
        }
        try {
            this.userManager = ((SessionImpl) session).getUserManager();
            log.debug("- UserManager -> '" + this.userManager.getClass().getName() + "'");
        } catch (RepositoryException e) {
            throw new LoginException("Unable to initialize LoginModule: " + e.getMessage());
        }
    }

    @Override // org.apache.jackrabbit.core.security.authentication.AbstractLoginModule
    protected Principal getPrincipal(Credentials credentials) {
        Principal principal = null;
        String userID = getUserID(credentials);
        try {
            Authorizable authorizable = this.userManager.getAuthorizable(userID);
            if (authorizable != null && !authorizable.isGroup()) {
                this.user = (User) authorizable;
                if (this.user.isDisabled()) {
                    log.debug("User " + userID + " has been disabled.");
                } else {
                    principal = this.user.getPrincipal();
                }
            }
        } catch (RepositoryException e) {
            log.warn("Error while retrieving principal.", e.getMessage());
        }
        return principal;
    }

    @Override // org.apache.jackrabbit.core.security.authentication.AbstractLoginModule
    protected Authentication getAuthentication(Principal principal, Credentials credentials) throws RepositoryException {
        if (this.user == null) {
            return null;
        }
        SimpleCredentialsAuthentication simpleCredentialsAuthentication = new SimpleCredentialsAuthentication(this.user);
        if (simpleCredentialsAuthentication.canHandle(credentials)) {
            return simpleCredentialsAuthentication;
        }
        return null;
    }

    @Override // org.apache.jackrabbit.core.security.authentication.AbstractLoginModule
    protected boolean impersonate(Principal principal, Credentials credentials) throws RepositoryException, FailedLoginException {
        if (this.user == null) {
            log.debug("Failed to retrieve user to impersonate for principal name " + principal.getName());
            return false;
        }
        if (this.user.getImpersonation().allows(getImpersonatorSubject(credentials))) {
            return true;
        }
        throw new FailedLoginException("attempt to impersonate denied for " + principal.getName());
    }
}
