package org.apache.sling.extensions.webconsolesecurityprovider.internal;

import java.util.Iterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.felix.webconsole.WebConsoleSecurityProvider2;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.auth.core.AuthenticationSupport;

/* loaded from: input_file:org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider2.class */
public class SlingWebConsoleSecurityProvider2 extends AbstractWebConsoleSecurityProvider implements WebConsoleSecurityProvider2 {
    private AuthenticationSupport authenticator;

    public void setService(AuthenticationSupport authenticationSupport) {
        this.authenticator = authenticationSupport;
    }

    private void invokeAuthenticator(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AuthenticationSupport authenticationSupport = this.authenticator;
        if (authenticationSupport != null) {
            authenticationSupport.handleSecurity(httpServletRequest, httpServletResponse);
        }
    }

    public boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Session session;
        invokeAuthenticator(httpServletRequest, httpServletResponse);
        Object attribute = httpServletRequest.getAttribute("org.apache.sling.auth.core.ResourceResolver");
        ResourceResolver resourceResolver = attribute instanceof ResourceResolver ? (ResourceResolver) attribute : null;
        if (resourceResolver == null || (session = (Session) resourceResolver.adaptTo(Session.class)) == null) {
            return false;
        }
        try {
            User authenticate = authenticate(session);
            if (authenticate == null) {
                return false;
            }
            httpServletRequest.setAttribute("org.apache.felix.webconsole.user", authenticate);
            return true;
        } catch (Exception e) {
            this.logger.info("authenticate: Generic problem trying grant User  access to the Web Console", e);
            return false;
        }
    }

    /* renamed from: authenticate, reason: merged with bridge method [inline-methods] */
    public User m1authenticate(String str, String str2) {
        return null;
    }

    private User authenticate(Session session) throws RepositoryException {
        String userID = session.getUserID();
        if (!(session instanceof JackrabbitSession)) {
            this.logger.info("authenticate: Jackrabbit Session required to grant access to the Web Console for {}; got {}", userID, session.getClass());
            return null;
        }
        User authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(userID);
        if (!(authorizable instanceof User)) {
            this.logger.error("authenticate: Expected user ID {} to refer to a user", userID);
            return null;
        }
        if (this.users.contains(userID)) {
            return authorizable;
        }
        Iterator memberOf = authorizable.memberOf();
        while (memberOf.hasNext()) {
            if (this.groups.contains(((Group) memberOf.next()).getID())) {
                return authorizable;
            }
        }
        this.logger.info("authenticate: User {} is denied Web Console access", userID);
        return null;
    }

    public boolean authorize(Object obj, String str) {
        this.logger.debug("authorize: Grant user {} access for role {}", obj, str);
        return true;
    }
}
