package org.apache.sling.extensions.webconsolesecurityprovider.internal;

import java.util.Iterator;
import javax.jcr.LoginException;
import javax.jcr.Repository;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;

@Component(ds = false, metatype = true, label = "Apache Sling Web Console Security Provider", description = "Configuration for the security provider used to verfiy user credentials and grant access to the Apache Felix Web Console based on registered JCR Repository users.")
@Properties({@Property(name = "users", value = {AbstractWebConsoleSecurityProvider.PROP_GROUPS_DEFAULT_USER}, cardinality = 20, label = "User Names", description = "Names of users granted full access to the Apache Felix Web Console. By default this lists the \"admin\" user. A maximum of 20 users may be configured. Administrators are encouraged to create a group whose members are to be granted access to Web Console instead of allowing access to individual users."), @Property(name = "groups", cardinality = 20, label = "Group Names", description = "Names of groups whose members are granted full access to the Apache Felix Web Console. The default lists no groups. Administrators are encouraged to create a group whose members are to be granted access to the Web Console. A maximum of 20 groups may be configured. Using groups to control access requires a Jackrabbit based repository.")})
/* loaded from: input_file:org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider.class */
public class SlingWebConsoleSecurityProvider extends AbstractWebConsoleSecurityProvider {
    private Repository repository;

    public void setService(Repository repository) {
        this.repository = repository;
    }

    public Object authenticate(String str, String str2) {
        Session session = null;
        try {
            try {
                try {
                    JackrabbitSession login = this.repository.login(new SimpleCredentials(str, str2 == null ? new char[0] : str2.toCharArray()));
                    if (login instanceof JackrabbitSession) {
                        UserManager userManager = login.getUserManager();
                        String userID = login.getUserID();
                        Authorizable authorizable = userManager.getAuthorizable(userID);
                        if (!(authorizable instanceof User)) {
                            this.logger.error("authenticate: Expected user ID {} to refer to a user", userID);
                        } else {
                            if (this.users.contains(userID)) {
                                if (login != null) {
                                    login.logout();
                                }
                                return true;
                            }
                            Iterator memberOf = authorizable.memberOf();
                            while (memberOf.hasNext()) {
                                if (this.groups.contains(((Group) memberOf.next()).getID())) {
                                    if (login != null) {
                                        login.logout();
                                    }
                                    return str;
                                }
                            }
                            this.logger.debug("authenticate: User {} is denied Web Console access", str);
                        }
                    } else {
                        this.logger.info("authenticate: Jackrabbit Session required to grant access to the Web Console for {}; got {}", str, login.getClass());
                    }
                    if (login == null) {
                        return null;
                    }
                    login.logout();
                    return null;
                } catch (Exception e) {
                    this.logger.info("authenticate: Generic problem trying grant User " + str + " access to the Web Console", e);
                    if (0 == 0) {
                        return null;
                    }
                    session.logout();
                    return null;
                }
            } catch (LoginException e2) {
                this.logger.info("authenticate: User " + str + " failed to authenticate with the repository for Web Console access", e2);
                if (0 == 0) {
                    return null;
                }
                session.logout();
                return null;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                session.logout();
            }
            throw th;
        }
    }

    public boolean authorize(Object obj, String str) {
        this.logger.debug("authorize: Grant user {} access for role {}", obj, str);
        return true;
    }
}
