package org.apache.jackrabbit.oak.security.authentication.token;

import java.io.IOException;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.Credentials;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.TokenProviderCallback;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/oak-core-1.0.0.jar:org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.class */
public final class TokenLoginModule extends AbstractLoginModule {
    private static final Logger log = LoggerFactory.getLogger(TokenLoginModule.class);
    private TokenProvider tokenProvider;
    private TokenCredentials tokenCredentials;
    private TokenInfo tokenInfo;
    private String userId;
    private Set<? extends Principal> principals;

    public boolean login() throws LoginException {
        this.tokenProvider = getTokenProvider();
        if (this.tokenProvider == null) {
            return false;
        }
        Credentials credentials = getCredentials();
        if (!(credentials instanceof TokenCredentials)) {
            return false;
        }
        TokenCredentials tokenCredentials = (TokenCredentials) credentials;
        TokenAuthentication tokenAuthentication = new TokenAuthentication(this.tokenProvider);
        if (!tokenAuthentication.authenticate(tokenCredentials)) {
            return false;
        }
        this.tokenCredentials = tokenCredentials;
        this.tokenInfo = tokenAuthentication.getTokenInfo();
        this.userId = this.tokenInfo.getUserId();
        this.principals = getPrincipals(this.userId);
        log.debug("Login: adding login name to shared state.");
        this.sharedState.put(AbstractLoginModule.SHARED_KEY_LOGIN_NAME, this.userId);
        return true;
    }

    public boolean commit() throws LoginException {
        Credentials sharedCredentials;
        if (this.tokenCredentials != null) {
            updateSubject(this.tokenCredentials, getAuthInfo(this.tokenInfo), this.principals);
            return true;
        }
        if (this.tokenProvider != null && this.sharedState.containsKey(AbstractLoginModule.SHARED_KEY_CREDENTIALS) && (sharedCredentials = getSharedCredentials()) != null && this.tokenProvider.doCreateToken(sharedCredentials)) {
            getRoot().refresh();
            TokenInfo createToken = this.tokenProvider.createToken(sharedCredentials);
            if (createToken == null) {
                log.debug("TokenProvider failed to create a login token for user " + this.userId);
                throw new LoginException("Failed to create login token for user " + this.userId);
            }
            TokenCredentials tokenCredentials = new TokenCredentials(createToken.getToken());
            Map<String, String> privateAttributes = createToken.getPrivateAttributes();
            for (String str : privateAttributes.keySet()) {
                tokenCredentials.setAttribute(str, privateAttributes.get(str));
            }
            Map<String, String> publicAttributes = createToken.getPublicAttributes();
            for (String str2 : publicAttributes.keySet()) {
                tokenCredentials.setAttribute(str2, publicAttributes.get(str2));
            }
            this.sharedState.put(AbstractLoginModule.SHARED_KEY_ATTRIBUTES, publicAttributes);
            updateSubject(tokenCredentials, null, null);
        }
        clearState();
        return false;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
    protected Set<Class> getSupportedCredentials() {
        return Collections.singleton(TokenCredentials.class);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
    public void clearState() {
        super.clearState();
        this.tokenCredentials = null;
        this.tokenInfo = null;
        this.userId = null;
        this.principals = null;
    }

    @CheckForNull
    private TokenProvider getTokenProvider() {
        TokenProvider tokenProvider = null;
        SecurityProvider securityProvider = getSecurityProvider();
        Root root = getRoot();
        if (root != null && securityProvider != null) {
            tokenProvider = ((TokenConfiguration) securityProvider.getConfiguration(TokenConfiguration.class)).getTokenProvider(root);
        }
        if (tokenProvider == null && this.callbackHandler != null) {
            try {
                TokenProviderCallback tokenProviderCallback = new TokenProviderCallback();
                this.callbackHandler.handle(new Callback[]{tokenProviderCallback});
                tokenProvider = tokenProviderCallback.getTokenProvider();
            } catch (IOException e) {
                log.warn(e.getMessage());
            } catch (UnsupportedCallbackException e2) {
                log.warn(e2.getMessage());
            }
        }
        return tokenProvider;
    }

    @CheckForNull
    private AuthInfo getAuthInfo(@Nullable TokenInfo tokenInfo) {
        if (tokenInfo == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        Map<String, String> publicAttributes = tokenInfo.getPublicAttributes();
        for (String str : publicAttributes.keySet()) {
            hashMap.put(str, publicAttributes.get(str));
        }
        return new AuthInfoImpl(tokenInfo.getUserId(), hashMap, this.principals);
    }

    private void updateSubject(@Nonnull TokenCredentials tokenCredentials, @Nullable AuthInfo authInfo, @Nullable Set<? extends Principal> set) {
        if (this.subject.isReadOnly()) {
            return;
        }
        this.subject.getPublicCredentials().add(tokenCredentials);
        if (set != null) {
            this.subject.getPrincipals().addAll(set);
        }
        if (authInfo != null) {
            setAuthInfo(authInfo, this.subject);
        }
    }
}
