package org.apache.jackrabbit.core.security.authentication;

import java.io.IOException;
import java.security.Principal;
import java.util.Map;
import java.util.Set;
import javax.jcr.Credentials;
import javax.jcr.RangeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.commons.collections.set.ListOrderedSet;
import org.apache.jackrabbit.api.jsr283.GuestCredentials;
import org.apache.jackrabbit.core.config.LoginModuleConfig;
import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.core.security.principal.PrincipalProvider;
import org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/jackrabbit-core-1.6.2.jar:org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.class */
public abstract class AbstractLoginModule implements LoginModule {
    private static final Logger log;
    private static final String KEY_CREDENTIALS = "org.apache.jackrabbit.credentials";
    private static final String KEY_LOGIN_NAME = "javax.security.auth.login.name";
    protected String adminId;
    protected String anonymousId;
    private String principalProviderClassName;
    private CallbackHandler callbackHandler;
    private boolean initialized;
    protected Principal principal;
    protected SimpleCredentials credentials;
    protected Subject subject;
    protected PrincipalProvider principalProvider;
    private Map sharedState;
    static Class class$org$apache$jackrabbit$core$security$authentication$AbstractLoginModule;
    static Class class$javax$jcr$SimpleCredentials;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.callbackHandler = callbackHandler;
        this.subject = subject;
        this.sharedState = map;
        try {
            log.debug("Initalize LoginModule: ");
            RepositoryCallback repositoryCallback = new RepositoryCallback();
            callbackHandler.handle(new Callback[]{repositoryCallback});
            PrincipalProviderRegistry principalProviderRegistry = repositoryCallback.getPrincipalProviderRegistry();
            if (map2.containsKey(LoginModuleConfig.PARAM_PRINCIPAL_PROVIDER_CLASS)) {
                this.principalProviderClassName = (String) map2.get(LoginModuleConfig.PARAM_PRINCIPAL_PROVIDER_CLASS);
                this.principalProvider = principalProviderRegistry.getProvider(this.principalProviderClassName);
            } else if (this.principalProviderClassName != null) {
                this.principalProvider = principalProviderRegistry.getProvider(this.principalProviderClassName);
            }
            if (this.principalProvider == null) {
                this.principalProvider = principalProviderRegistry.getDefault();
                if (this.principalProvider == null) {
                    return;
                }
            }
            log.debug(new StringBuffer().append("- PrincipalProvider -> '").append(this.principalProvider.getClass().getName()).append("'").toString());
            doInit(callbackHandler, repositoryCallback.getSession(), map2);
            if (map2.containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
                this.adminId = (String) map2.get(LoginModuleConfig.PARAM_ADMIN_ID);
            }
            if (this.adminId == null) {
                this.adminId = repositoryCallback.getAdminId();
            }
            if (map2.containsKey(LoginModuleConfig.PARAM_ANONYMOUS_ID)) {
                this.anonymousId = (String) map2.get(LoginModuleConfig.PARAM_ANONYMOUS_ID);
            }
            if (this.anonymousId == null) {
                this.anonymousId = repositoryCallback.getAnonymousId();
            }
            if (log.isDebugEnabled()) {
                for (String str : map2.keySet()) {
                    log.debug(new StringBuffer().append("- Option: ").append(str).append(" -> '").append(map2.get(str)).append("'").toString());
                }
            }
            this.initialized = this.subject != null;
        } catch (Exception e) {
            log.error("LoginModule failed to initialize.", e);
        }
    }

    protected abstract void doInit(CallbackHandler callbackHandler, Session session, Map map) throws LoginException;

    protected boolean isInitialized() {
        return this.initialized;
    }

    public boolean login() throws LoginException {
        if (!isInitialized()) {
            log.warn("Unable to perform login: initialization not completed.");
            return false;
        }
        SimpleCredentials credentials = getCredentials();
        if (credentials == null) {
            log.warn("No credentials available -> try default (anonymous) authentication.");
        }
        try {
            Principal principal = getPrincipal(credentials);
            if (principal == null) {
                log.debug("Unknown User -> ignore.");
                return false;
            }
            if (!(isAnonymous(credentials) ? true : isImpersonation(credentials) ? impersonate(principal, credentials) : authenticate(principal, credentials))) {
                return false;
            }
            if (credentials instanceof SimpleCredentials) {
                this.credentials = credentials;
            } else {
                this.credentials = new SimpleCredentials(getUserID(credentials), new char[0]);
            }
            this.principal = principal;
            return true;
        } catch (RepositoryException e) {
            log.error("Login failed:", e);
            return false;
        }
    }

    public boolean commit() throws LoginException {
        if (this.credentials == null) {
            abort();
        }
        if (!isInitialized() || this.principal == null) {
            return false;
        }
        this.subject.getPrincipals().addAll(getPrincipals());
        this.subject.getPublicCredentials().add(this.credentials);
        return true;
    }

    public boolean abort() throws LoginException {
        if (!isInitialized()) {
            return false;
        }
        this.sharedState.remove(KEY_CREDENTIALS);
        this.callbackHandler = null;
        this.principal = null;
        this.credentials = null;
        return logout();
    }

    public boolean logout() throws LoginException {
        Class cls;
        Set<Principal> principals = this.subject.getPrincipals();
        Subject subject = this.subject;
        if (class$javax$jcr$SimpleCredentials == null) {
            cls = class$("javax.jcr.SimpleCredentials");
            class$javax$jcr$SimpleCredentials = cls;
        } else {
            cls = class$javax$jcr$SimpleCredentials;
        }
        Set publicCredentials = subject.getPublicCredentials(cls);
        if (principals == null || publicCredentials == null || principals.isEmpty() || publicCredentials.isEmpty()) {
            return false;
        }
        principals.clear();
        publicCredentials.clear();
        return true;
    }

    protected boolean authenticate(Principal principal, Credentials credentials) throws FailedLoginException, RepositoryException {
        Authentication authentication = getAuthentication(principal, credentials);
        if (authentication == null) {
            return false;
        }
        if (authentication.authenticate(credentials)) {
            return true;
        }
        throw new FailedLoginException();
    }

    protected boolean isImpersonation(Credentials credentials) {
        return getImpersonatorSubject(credentials) != null;
    }

    protected abstract boolean impersonate(Principal principal, Credentials credentials) throws RepositoryException, LoginException;

    protected abstract Authentication getAuthentication(Principal principal, Credentials credentials) throws RepositoryException;

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject getImpersonatorSubject(Credentials credentials) {
        Subject subject = null;
        if (credentials == null) {
            try {
                ImpersonationCallback impersonationCallback = new ImpersonationCallback();
                this.callbackHandler.handle(new Callback[]{impersonationCallback});
                subject = impersonationCallback.getImpersonator();
            } catch (IOException e) {
                log.error(new StringBuffer().append("Impersonation-Callback failed: ").append(e.getMessage()).append(": Unable to perform Impersonation.").toString());
            } catch (UnsupportedCallbackException e2) {
                log.warn(new StringBuffer().append(e2.getCallback().getClass().getName()).append(" not supported: Unable to perform Impersonation.").toString());
            }
        } else if (credentials instanceof SimpleCredentials) {
            subject = (Subject) ((SimpleCredentials) credentials).getAttribute(SecurityConstants.IMPERSONATOR_ATTRIBUTE);
        }
        return subject;
    }

    protected Credentials getCredentials() {
        Class cls;
        Credentials credentials = null;
        if (this.sharedState.containsKey(KEY_CREDENTIALS)) {
            credentials = (Credentials) this.sharedState.get(KEY_CREDENTIALS);
        } else {
            try {
                CredentialsCallback credentialsCallback = new CredentialsCallback();
                this.callbackHandler.handle(new Callback[]{credentialsCallback});
                Credentials credentials2 = credentialsCallback.getCredentials();
                if (null != credentials2) {
                    if (credentials2 instanceof SimpleCredentials) {
                        credentials = credentials2;
                    } else if (credentials2 instanceof GuestCredentials) {
                        credentials = credentials2;
                    }
                    this.sharedState.put(KEY_CREDENTIALS, credentials);
                }
            } catch (IOException e) {
                log.error(new StringBuffer().append("Credentials-Callback failed: ").append(e.getMessage()).append(": try Name-Callback").toString());
            } catch (UnsupportedCallbackException e2) {
                log.warn("Credentials-Callback not supported try Name-Callback");
            }
        }
        if (null == credentials) {
            Subject subject = this.subject;
            if (class$javax$jcr$SimpleCredentials == null) {
                cls = class$("javax.jcr.SimpleCredentials");
                class$javax$jcr$SimpleCredentials = cls;
            } else {
                cls = class$javax$jcr$SimpleCredentials;
            }
            Set publicCredentials = subject.getPublicCredentials(cls);
            if (!publicCredentials.isEmpty()) {
                credentials = (Credentials) publicCredentials.iterator().next();
            }
        }
        return credentials;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getUserID(Credentials credentials) {
        String str = null;
        if (credentials != null) {
            if (credentials instanceof GuestCredentials) {
                str = this.anonymousId;
            } else if (credentials instanceof SimpleCredentials) {
                str = ((SimpleCredentials) credentials).getUserID();
            } else {
                try {
                    Callback nameCallback = new NameCallback("User-ID: ");
                    this.callbackHandler.handle(new Callback[]{nameCallback});
                    str = nameCallback.getName();
                } catch (IOException e) {
                    log.error(new StringBuffer().append("Name-Callback failed: ").append(e.getMessage()).toString());
                } catch (UnsupportedCallbackException e2) {
                    log.warn("Credentials- or NameCallback must be supported");
                }
            }
        }
        if (str == null && this.sharedState.containsKey(KEY_LOGIN_NAME)) {
            str = (String) this.sharedState.get(KEY_LOGIN_NAME);
        }
        if (str == null) {
            str = this.anonymousId;
        }
        return str;
    }

    protected boolean isAnonymous(Credentials credentials) {
        if (credentials instanceof GuestCredentials) {
            return true;
        }
        String userID = getUserID(credentials);
        return this.anonymousId == null ? userID == null : this.anonymousId.equals(userID);
    }

    protected abstract Principal getPrincipal(Credentials credentials);

    protected Set getPrincipals() {
        ListOrderedSet listOrderedSet = new ListOrderedSet();
        listOrderedSet.add(this.principal);
        RangeIterator groupMembership = this.principalProvider.getGroupMembership(this.principal);
        while (groupMembership.hasNext()) {
            listOrderedSet.add(groupMembership.next());
        }
        return listOrderedSet;
    }

    public String getAdminId() {
        return this.adminId;
    }

    public void setAdminId(String str) {
        this.adminId = str;
    }

    public String getAnonymousId() {
        return this.anonymousId;
    }

    public void setAnonymousId(String str) {
        this.anonymousId = str;
    }

    public String getPrincipalProvider() {
        return this.principalProviderClassName;
    }

    public void setPrincipalProvider(String str) {
        this.principalProviderClassName = str;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$jackrabbit$core$security$authentication$AbstractLoginModule == null) {
            cls = class$("org.apache.jackrabbit.core.security.authentication.AbstractLoginModule");
            class$org$apache$jackrabbit$core$security$authentication$AbstractLoginModule = cls;
        } else {
            cls = class$org$apache$jackrabbit$core$security$authentication$AbstractLoginModule;
        }
        log = LoggerFactory.getLogger(cls);
    }
}
