package org.apache.jackrabbit.core;

import java.security.Principal;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.Credentials;
import javax.jcr.NoSuchWorkspaceException;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlException;
import javax.security.auth.Subject;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.config.AccessManagerConfig;
import org.apache.jackrabbit.core.config.LoginModuleConfig;
import org.apache.jackrabbit.core.config.SecurityConfig;
import org.apache.jackrabbit.core.config.SecurityManagerConfig;
import org.apache.jackrabbit.core.config.UserManagerConfig;
import org.apache.jackrabbit.core.config.WorkspaceConfig;
import org.apache.jackrabbit.core.config.WorkspaceSecurityConfig;
import org.apache.jackrabbit.core.security.AMContext;
import org.apache.jackrabbit.core.security.AccessManager;
import org.apache.jackrabbit.core.security.DefaultAccessManager;
import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.core.security.authentication.AuthContext;
import org.apache.jackrabbit.core.security.authentication.AuthContextProvider;
import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.core.security.authorization.AccessControlProviderFactory;
import org.apache.jackrabbit.core.security.authorization.AccessControlProviderFactoryImpl;
import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
import org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider;
import org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider;
import org.apache.jackrabbit.core.security.principal.PrincipalManagerImpl;
import org.apache.jackrabbit.core.security.principal.PrincipalProvider;
import org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry;
import org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl;
import org.apache.jackrabbit.core.security.user.MembershipCache;
import org.apache.jackrabbit.core.security.user.UserManagerImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/jackrabbit-core-2.4.7.jar:org/apache/jackrabbit/core/DefaultSecurityManager.class
 */
/* loaded from: input_file:org/apache/jackrabbit/core/DefaultSecurityManager.class */
public class DefaultSecurityManager implements JackrabbitSecurityManager {
    private static final Logger log = LoggerFactory.getLogger(DefaultSecurityManager.class);
    private boolean initialized;
    private RepositoryImpl repository;
    private SystemSession systemSession;
    private UserManager systemUserManager;
    protected String adminId;
    protected String anonymousId;
    private final Map<String, AccessControlProvider> acProviders = new HashMap();
    private AccessControlProviderFactory acProviderFactory;
    private WorkspaceAccessManager workspaceAccessManager;
    private PrincipalProviderRegistry principalProviderRegistry;
    private AuthContextProvider authContextProvider;

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/jackrabbit-core-2.4.7.jar:org/apache/jackrabbit/core/DefaultSecurityManager$WorkspaceAccessManagerImpl.class
     */
    /* loaded from: input_file:org/apache/jackrabbit/core/DefaultSecurityManager$WorkspaceAccessManagerImpl.class */
    public final class WorkspaceAccessManagerImpl implements SecurityConstants, WorkspaceAccessManager {
        private WorkspaceAccessManagerImpl() {
        }

        @Override // org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager
        public void init(Session session) throws RepositoryException {
        }

        @Override // org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager
        public void close() throws RepositoryException {
        }

        @Override // org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager
        public boolean grants(Set<Principal> set, String str) throws RepositoryException {
            return DefaultSecurityManager.this.getAccessControlProvider(str).canAccessRoot(set);
        }
    }

    @Override // org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public synchronized void init(Repository repository, Session session) throws RepositoryException {
        if (this.initialized) {
            throw new IllegalStateException("already initialized");
        }
        if (!(repository instanceof RepositoryImpl)) {
            throw new RepositoryException("RepositoryImpl expected");
        }
        if (!(session instanceof SystemSession)) {
            throw new RepositoryException("SystemSession expected");
        }
        this.systemSession = (SystemSession) session;
        this.repository = (RepositoryImpl) repository;
        SecurityConfig securityConfig = this.repository.getConfig().getSecurityConfig();
        this.authContextProvider = new AuthContextProvider(securityConfig.getAppName(), securityConfig.getLoginModuleConfig());
        if (this.authContextProvider.isLocal()) {
            log.info("init: use Repository Login-Configuration for " + securityConfig.getAppName());
        } else {
            if (!this.authContextProvider.isJAAS()) {
                String str = "Neither JAAS nor RepositoryConfig contained a valid configuration for " + securityConfig.getAppName();
                log.error(str);
                throw new RepositoryException(str);
            }
            log.info("init: use JAAS login-configuration for " + securityConfig.getAppName());
        }
        Properties[] moduleConfig = this.authContextProvider.getModuleConfig();
        for (Properties properties : moduleConfig) {
            if (properties.containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
                this.adminId = properties.getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
            }
            if (properties.containsKey("anonymousId")) {
                this.anonymousId = properties.getProperty("anonymousId");
            }
        }
        if (this.adminId == null) {
            log.debug("No adminID defined in LoginModule/JAAS config -> using default.");
            this.adminId = SecurityConstants.ADMIN_ID;
        }
        if (this.anonymousId == null) {
            log.debug("No anonymousID defined in LoginModule/JAAS config -> using default.");
            this.anonymousId = SecurityConstants.ANONYMOUS_ID;
        }
        this.systemUserManager = createUserManager(this.systemSession);
        createSystemUsers(this.systemUserManager, this.systemSession, this.adminId, this.anonymousId);
        this.acProviderFactory = new AccessControlProviderFactoryImpl();
        this.acProviderFactory.init(this.systemSession);
        SecurityManagerConfig securityManagerConfig = securityConfig.getSecurityManagerConfig();
        if (securityManagerConfig == null || securityManagerConfig.getWorkspaceAccessConfig() == null) {
            log.debug("No WorkspaceAccessManager configured; using default.");
            this.workspaceAccessManager = createDefaultWorkspaceAccessManager();
        } else {
            this.workspaceAccessManager = (WorkspaceAccessManager) securityManagerConfig.getWorkspaceAccessConfig().newInstance(WorkspaceAccessManager.class);
        }
        this.workspaceAccessManager.init(this.systemSession);
        this.principalProviderRegistry = new ProviderRegistryImpl(createDefaultPrincipalProvider(moduleConfig));
        for (Properties properties2 : moduleConfig) {
            this.principalProviderRegistry.registerProvider(properties2);
        }
        this.initialized = true;
    }

    @Override // org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public void dispose(String str) {
        checkInitialized();
        synchronized (this.acProviders) {
            AccessControlProvider remove = this.acProviders.remove(str);
            if (remove != null) {
                remove.close();
            }
        }
    }

    @Override // org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public void close() {
        checkInitialized();
        synchronized (this.acProviders) {
            Iterator<AccessControlProvider> it = this.acProviders.values().iterator();
            while (it.hasNext()) {
                it.next().close();
            }
            this.acProviders.clear();
        }
    }

    @Override // org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public AccessManager getAccessManager(Session session, AMContext aMContext) throws RepositoryException {
        AccessManager accessManager;
        checkInitialized();
        AccessManagerConfig accessManagerConfig = this.repository.getConfig().getSecurityConfig().getAccessManagerConfig();
        try {
            AccessControlProvider accessControlProvider = getAccessControlProvider(session.getWorkspace().getName());
            if (accessManagerConfig == null) {
                log.debug("No configuration entry for AccessManager. Using org.apache.jackrabbit.core.security.DefaultAccessManager");
                accessManager = new DefaultAccessManager();
            } else {
                accessManager = (AccessManager) accessManagerConfig.newInstance(AccessManager.class);
            }
            accessManager.init(aMContext, accessControlProvider, this.workspaceAccessManager);
            return accessManager;
        } catch (AccessDeniedException e) {
            throw e;
        } catch (Exception e2) {
            String str = "Failed to instantiate AccessManager (" + (accessManagerConfig == null ? "-- missing access manager configuration --" : accessManagerConfig.getClassName()) + ")";
            log.error(str, (Throwable) e2);
            throw new RepositoryException(str, e2);
        }
    }

    @Override // org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public PrincipalManager getPrincipalManager(Session session) throws RepositoryException {
        checkInitialized();
        if (session instanceof SessionImpl) {
            return createPrincipalManager((SessionImpl) session);
        }
        throw new RepositoryException("Internal error: SessionImpl expected.");
    }

    @Override // org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public UserManager getUserManager(Session session) throws RepositoryException {
        UserManagerImpl createUserManager;
        checkInitialized();
        if (session == this.systemSession) {
            return this.systemUserManager;
        }
        if (!(session instanceof SessionImpl)) {
            throw new RepositoryException("Internal error: SessionImpl expected.");
        }
        String name = this.systemSession.getWorkspace().getName();
        try {
            SessionImpl sessionImpl = (SessionImpl) session;
            if (name.equals(sessionImpl.getWorkspace().getName())) {
                createUserManager = createUserManager(sessionImpl);
            } else {
                createUserManager = createUserManager((SessionImpl) sessionImpl.createSession(name));
                sessionImpl.addListener(createUserManager);
            }
            return createUserManager;
        } catch (NoSuchWorkspaceException e) {
            throw new AccessControlException("Cannot build UserManager for " + session.getUserID(), e);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:37:0x010e, code lost:
    
        r8 = r0.getID();
     */
    @Override // org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String getUserID(javax.security.auth.Subject r5, java.lang.String r6) throws javax.jcr.RepositoryException {
        /*
            Method dump skipped, instructions count: 353
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.jackrabbit.core.DefaultSecurityManager.getUserID(javax.security.auth.Subject, java.lang.String):java.lang.String");
    }

    @Override // org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public AuthContext getAuthContext(Credentials credentials, Subject subject, String str) throws RepositoryException {
        checkInitialized();
        return getAuthContextProvider().getAuthContext(credentials, subject, this.systemSession, getPrincipalProviderRegistry(), this.adminId, this.anonymousId);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityManagerConfig getConfig() {
        return this.repository.getConfig().getSecurityConfig().getSecurityManagerConfig();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserManager getSystemUserManager(String str) throws RepositoryException {
        return this.systemUserManager;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MembershipCache getMembershipCache(SessionImpl sessionImpl) throws RepositoryException {
        if (sessionImpl == this.systemSession || (sessionImpl instanceof SystemSession)) {
            return null;
        }
        return ((UserManagerImpl) getSystemUserManager(sessionImpl.getWorkspace().getName())).getMembershipCache();
    }

    protected UserManagerImpl createUserManager(SessionImpl sessionImpl) throws RepositoryException {
        UserManagerConfig userManagerConfig = getConfig().getUserManagerConfig();
        Properties parameters = userManagerConfig == null ? null : userManagerConfig.getParameters();
        UserManagerImpl userManagerImpl = userManagerConfig != null ? (UserManagerImpl) userManagerConfig.getUserManager(UserManagerImpl.class, new Class[]{SessionImpl.class, String.class, Properties.class, MembershipCache.class}, sessionImpl, this.adminId, parameters, getMembershipCache(sessionImpl)) : new UserManagerImpl(sessionImpl, this.adminId, parameters, getMembershipCache(sessionImpl));
        if (userManagerConfig != null && !(sessionImpl instanceof SystemSession)) {
            userManagerImpl.setAuthorizableActions(userManagerConfig.getAuthorizableActions());
        }
        return userManagerImpl;
    }

    protected PrincipalManager createPrincipalManager(SessionImpl sessionImpl) throws RepositoryException {
        return new PrincipalManagerImpl(sessionImpl, getPrincipalProviderRegistry().getProviders());
    }

    protected WorkspaceAccessManager createDefaultWorkspaceAccessManager() {
        return new WorkspaceAccessManagerImpl();
    }

    protected PrincipalProvider createDefaultPrincipalProvider(Properties[] propertiesArr) throws RepositoryException {
        boolean z = false;
        DefaultPrincipalProvider defaultPrincipalProvider = new DefaultPrincipalProvider(this.systemSession, (UserManagerImpl) this.systemUserManager);
        int length = propertiesArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            Properties properties = propertiesArr[i];
            if (!properties.containsKey(LoginModuleConfig.PARAM_PRINCIPAL_PROVIDER_CLASS) && properties.containsKey(AbstractPrincipalProvider.MAXSIZE_KEY)) {
                defaultPrincipalProvider.init(properties);
                z = true;
                break;
            }
            i++;
        }
        if (!z) {
            defaultPrincipalProvider.init(new Properties());
        }
        return defaultPrincipalProvider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PrincipalProviderRegistry getPrincipalProviderRegistry() {
        return this.principalProviderRegistry;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthContextProvider getAuthContextProvider() {
        return this.authContextProvider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkInitialized() {
        if (!this.initialized) {
            throw new IllegalStateException("Not initialized");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Session getSystemSession() {
        return this.systemSession;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Repository getRepository() {
        return this.repository;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AccessControlProvider getAccessControlProvider(String str) throws NoSuchWorkspaceException, RepositoryException {
        checkInitialized();
        AccessControlProvider accessControlProvider = this.acProviders.get(str);
        if (accessControlProvider == null || !accessControlProvider.isLive()) {
            this.repository.markWorkspaceActive(str);
            WorkspaceSecurityConfig workspaceSecurityConfig = null;
            WorkspaceConfig workspaceConfig = this.repository.getConfig().getWorkspaceConfig(str);
            if (workspaceConfig != null) {
                workspaceSecurityConfig = workspaceConfig.getSecurityConfig();
            }
            accessControlProvider = this.acProviderFactory.createProvider(this.repository.getSystemSession(str), workspaceSecurityConfig);
            synchronized (this.acProviders) {
                this.acProviders.put(str, accessControlProvider);
            }
        }
        return accessControlProvider;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void createSystemUsers(UserManager userManager, SystemSession systemSession, String str, String str2) throws RepositoryException {
        if (str != null && userManager.getAuthorizable(str) == null) {
            userManager.createUser(str, str);
            if (!userManager.isAutoSave()) {
                systemSession.save();
            }
            log.info("... created admin-user with id '" + str + "' ...");
        }
        if (str2 == null || userManager.getAuthorizable(str2) != null) {
            return;
        }
        try {
            userManager.createUser(str2, "");
            if (!userManager.isAutoSave()) {
                systemSession.save();
            }
            log.info("... created anonymous user with id '" + str2 + "' ...");
        } catch (RepositoryException e) {
            log.error("Failed to create anonymous user.", (Throwable) e);
        }
    }
}
