package org.apache.jackrabbit.oak.spi.security.authentication;

import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.jcr.Credentials;
import javax.jcr.NoSuchWorkspaceException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.PrincipalProviderCallback;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.RepositoryCallback;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.UserManagerCallback;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.WhiteboardCallback;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/oak-core-1.5.17.jar:org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.class
  input_file:WEB-INF/lib/oak-upgrade-1.5.17.jar:org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.class
 */
/* loaded from: input_file:WEB-INF/lib/oak-core-1.0.0.jar:org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.class */
public abstract class AbstractLoginModule implements LoginModule {
    public static final String SHARED_KEY_CREDENTIALS = "org.apache.jackrabbit.credentials";
    public static final String SHARED_KEY_LOGIN_NAME = "javax.security.auth.login.name";
    public static final String SHARED_KEY_ATTRIBUTES = "javax.security.auth.login.attributes";
    protected Subject subject;
    protected CallbackHandler callbackHandler;
    protected Map sharedState;
    protected ConfigurationParameters options;
    private SecurityProvider securityProvider;
    private Whiteboard whiteboard;
    private ContentSession systemSession;
    private Root root;
    private static final Logger log = LoggerFactory.getLogger(AbstractLoginModule.class);
    public static final String SHARED_KEY_PRE_AUTH_LOGIN = PreAuthenticatedLogin.class.getName();

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2 == null ? ConfigurationParameters.EMPTY : ConfigurationParameters.of(map2);
    }

    public boolean logout() throws LoginException {
        boolean z = false;
        if (!this.subject.getPrincipals().isEmpty() && !this.subject.getPublicCredentials(Credentials.class).isEmpty()) {
            if (!this.subject.isReadOnly()) {
                this.subject.getPrincipals().clear();
                this.subject.getPublicCredentials().clear();
            }
            z = true;
        }
        return z;
    }

    public boolean abort() throws LoginException {
        clearState();
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void clearState() {
        this.securityProvider = null;
        this.root = null;
        if (this.systemSession != null) {
            try {
                this.systemSession.close();
            } catch (IOException e) {
                log.debug(e.getMessage());
            }
        }
    }

    @Nonnull
    protected abstract Set<Class> getSupportedCredentials();

    /* JADX INFO: Access modifiers changed from: protected */
    @CheckForNull
    public Credentials getCredentials() {
        Set<Class> supportedCredentials = getSupportedCredentials();
        if (this.callbackHandler != null) {
            log.debug("Login: retrieving Credentials using callback.");
            try {
                CredentialsCallback credentialsCallback = new CredentialsCallback();
                this.callbackHandler.handle(new Callback[]{credentialsCallback});
                Credentials credentials = credentialsCallback.getCredentials();
                if (credentials != null && supportedCredentials.contains(credentials.getClass())) {
                    log.debug("Login: Credentials '{}' obtained from callback", credentials);
                    return credentials;
                }
                log.debug("Login: No supported credentials obtained from callback; trying shared state.");
            } catch (IOException e) {
                log.error(e.getMessage());
            } catch (UnsupportedCallbackException e2) {
                log.warn(e2.getMessage());
            }
        }
        Credentials sharedCredentials = getSharedCredentials();
        if (sharedCredentials != null && supportedCredentials.contains(sharedCredentials.getClass())) {
            log.debug("Login: Credentials obtained from shared state.");
            return sharedCredentials;
        }
        log.debug("Login: No supported credentials found in shared state; looking for credentials in subject.");
        Iterator<Class> it = getSupportedCredentials().iterator();
        while (it.hasNext()) {
            Set publicCredentials = this.subject.getPublicCredentials(it.next());
            if (!publicCredentials.isEmpty()) {
                log.debug("Login: Credentials found in subject.");
                return (Credentials) publicCredentials.iterator().next();
            }
        }
        log.debug("No credentials found.");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @CheckForNull
    public Credentials getSharedCredentials() {
        Credentials credentials = null;
        if (this.sharedState.containsKey(SHARED_KEY_CREDENTIALS)) {
            Object obj = this.sharedState.get(SHARED_KEY_CREDENTIALS);
            if (obj instanceof Credentials) {
                credentials = (Credentials) obj;
            } else {
                log.debug("Login: Invalid value for share state entry org.apache.jackrabbit.credentials. Credentials expected.");
            }
        }
        return credentials;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @CheckForNull
    public String getSharedLoginName() {
        if (this.sharedState.containsKey(SHARED_KEY_LOGIN_NAME)) {
            return this.sharedState.get(SHARED_KEY_LOGIN_NAME).toString();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @CheckForNull
    public PreAuthenticatedLogin getSharedPreAuthLogin() {
        Object obj = this.sharedState.get(SHARED_KEY_PRE_AUTH_LOGIN);
        if (obj instanceof PreAuthenticatedLogin) {
            return (PreAuthenticatedLogin) obj;
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @CheckForNull
    public SecurityProvider getSecurityProvider() {
        if (this.securityProvider == null && this.callbackHandler != null) {
            RepositoryCallback repositoryCallback = new RepositoryCallback();
            try {
                this.callbackHandler.handle(new Callback[]{repositoryCallback});
                this.securityProvider = repositoryCallback.getSecurityProvider();
            } catch (Exception e) {
                log.debug("Unable to retrieve the SecurityProvider via callback", (Throwable) e);
            }
        }
        return this.securityProvider;
    }

    @CheckForNull
    protected Whiteboard getWhiteboard() {
        if (this.whiteboard == null && this.callbackHandler != null) {
            WhiteboardCallback whiteboardCallback = new WhiteboardCallback();
            try {
                this.callbackHandler.handle(new Callback[]{whiteboardCallback});
                this.whiteboard = whiteboardCallback.getWhiteboard();
            } catch (Exception e) {
                log.debug("Unable to retrieve the Whiteboard via callback", (Throwable) e);
            }
        }
        return this.whiteboard;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @CheckForNull
    public Root getRoot() {
        if (this.root == null && this.callbackHandler != null) {
            try {
                final RepositoryCallback repositoryCallback = new RepositoryCallback();
                this.callbackHandler.handle(new Callback[]{repositoryCallback});
                final ContentRepository contentRepository = repositoryCallback.getContentRepository();
                this.systemSession = (ContentSession) Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<ContentSession>() { // from class: org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public ContentSession run() throws LoginException, NoSuchWorkspaceException {
                        return contentRepository.login(null, repositoryCallback.getWorkspaceName());
                    }
                });
                this.root = this.systemSession.getLatestRoot();
            } catch (IOException e) {
                log.debug(e.getMessage());
            } catch (PrivilegedActionException e2) {
                log.debug(e2.getMessage());
            } catch (UnsupportedCallbackException e3) {
                log.debug(e3.getMessage());
            }
        }
        return this.root;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @CheckForNull
    public UserManager getUserManager() {
        UserManager userManager = null;
        SecurityProvider securityProvider = getSecurityProvider();
        Root root = getRoot();
        if (root != null && securityProvider != null) {
            userManager = ((UserConfiguration) this.securityProvider.getConfiguration(UserConfiguration.class)).getUserManager(root, NamePathMapper.DEFAULT);
        }
        if (userManager == null && this.callbackHandler != null) {
            try {
                UserManagerCallback userManagerCallback = new UserManagerCallback();
                this.callbackHandler.handle(new Callback[]{userManagerCallback});
                userManager = userManagerCallback.getUserManager();
            } catch (IOException e) {
                log.debug(e.getMessage());
            } catch (UnsupportedCallbackException e2) {
                log.debug(e2.getMessage());
            }
        }
        return userManager;
    }

    @CheckForNull
    protected PrincipalProvider getPrincipalProvider() {
        PrincipalProvider principalProvider = null;
        SecurityProvider securityProvider = getSecurityProvider();
        Root root = getRoot();
        if (root != null && securityProvider != null) {
            principalProvider = ((PrincipalConfiguration) securityProvider.getConfiguration(PrincipalConfiguration.class)).getPrincipalProvider(root, NamePathMapper.DEFAULT);
        }
        if (principalProvider == null && this.callbackHandler != null) {
            try {
                PrincipalProviderCallback principalProviderCallback = new PrincipalProviderCallback();
                this.callbackHandler.handle(new Callback[]{principalProviderCallback});
                principalProvider = principalProviderCallback.getPrincipalProvider();
            } catch (IOException e) {
                log.debug(e.getMessage());
            } catch (UnsupportedCallbackException e2) {
                log.debug(e2.getMessage());
            }
        }
        return principalProvider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public Set<? extends Principal> getPrincipals(String str) {
        PrincipalProvider principalProvider = getPrincipalProvider();
        if (principalProvider != null) {
            return principalProvider.getPrincipals(str);
        }
        log.debug("Cannot retrieve principals. No principal provider configured.");
        return Collections.emptySet();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void setAuthInfo(@Nonnull AuthInfo authInfo, @Nonnull Subject subject) {
        Set publicCredentials = subject.getPublicCredentials(AuthInfo.class);
        if (!publicCredentials.isEmpty()) {
            subject.getPublicCredentials().removeAll(publicCredentials);
        }
        subject.getPublicCredentials().add(authInfo);
    }
}
