package org.apache.jackrabbit.oak.security.authentication.user;

import java.io.IOException;
import java.security.Principal;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl;
import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin;
import org.apache.jackrabbit.oak.spi.security.user.UserAuthenticationFactory;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:resources/install/15/oak-core-1.8.8.jar:org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.class */
public final class LoginModuleImpl extends AbstractLoginModule {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) LoginModuleImpl.class);
    protected static final Set<Class> SUPPORTED_CREDENTIALS = new HashSet(3);
    private Credentials credentials;
    private String userId;
    private Principal principal;
    private boolean success;

    public boolean login() throws LoginException {
        this.credentials = getCredentials();
        PreAuthenticatedLogin sharedPreAuthLogin = getSharedPreAuthLogin();
        String loginId = getLoginId(sharedPreAuthLogin);
        Authentication userAuthentication = getUserAuthentication(loginId);
        if (userAuthentication != null) {
            if (sharedPreAuthLogin != null) {
                this.success = userAuthentication.authenticate(PreAuthenticatedLogin.PRE_AUTHENTICATED);
            } else {
                this.success = userAuthentication.authenticate(this.credentials);
            }
            if (this.success) {
                log.debug("Adding Credentials to shared state.");
                this.sharedState.put(AbstractLoginModule.SHARED_KEY_CREDENTIALS, this.credentials);
                log.debug("Adding login name to shared state.");
                this.sharedState.put(AbstractLoginModule.SHARED_KEY_LOGIN_NAME, loginId);
                this.userId = userAuthentication.getUserId();
                if (this.userId == null) {
                    this.userId = loginId;
                }
                this.principal = userAuthentication.getUserPrincipal();
            }
        } else {
            this.credentials = null;
            this.userId = null;
        }
        return this.success;
    }

    public boolean commit() {
        if (!this.success) {
            clearState();
            return false;
        }
        if (this.subject.isReadOnly()) {
            log.debug("Could not add information to read only subject {}", this.subject);
        } else {
            Set<Principal> principals = this.subject.getPrincipals();
            if (this.principal != null) {
                principals.addAll(getPrincipals(this.principal));
            } else if (this.userId != null) {
                principals.addAll(getPrincipals(this.userId));
            }
            this.subject.getPublicCredentials().add(this.credentials);
            setAuthInfo(createAuthInfo(principals), this.subject);
        }
        clearState();
        return true;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
    @Nonnull
    protected Set<Class> getSupportedCredentials() {
        return SUPPORTED_CREDENTIALS;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
    public void clearState() {
        super.clearState();
        this.credentials = null;
        this.userId = null;
        this.principal = null;
    }

    @CheckForNull
    private String getLoginId(@CheckForNull PreAuthenticatedLogin preAuthenticatedLogin) {
        if (preAuthenticatedLogin != null) {
            return preAuthenticatedLogin.getUserId();
        }
        String str = null;
        if (this.credentials != null) {
            if (this.credentials instanceof SimpleCredentials) {
                str = ((SimpleCredentials) this.credentials).getUserID();
            } else if (this.credentials instanceof GuestCredentials) {
                str = getAnonymousId();
            } else if (this.credentials instanceof ImpersonationCredentials) {
                Credentials baseCredentials = ((ImpersonationCredentials) this.credentials).getBaseCredentials();
                if (baseCredentials instanceof SimpleCredentials) {
                    str = ((SimpleCredentials) baseCredentials).getUserID();
                }
            } else {
                try {
                    Callback nameCallback = new NameCallback("User-ID: ");
                    this.callbackHandler.handle(new Callback[]{nameCallback});
                    str = nameCallback.getName();
                } catch (IOException e) {
                    log.error("Name-Callback failed: " + e.getMessage());
                } catch (UnsupportedCallbackException e2) {
                    log.warn("Credentials- or NameCallback must be supported");
                }
            }
        }
        if (str == null) {
            str = getSharedLoginName();
        }
        return str;
    }

    private String getAnonymousId() {
        SecurityProvider securityProvider = getSecurityProvider();
        if (securityProvider == null) {
            return null;
        }
        return UserUtil.getAnonymousId(((UserConfiguration) securityProvider.getConfiguration(UserConfiguration.class)).getParameters());
    }

    @CheckForNull
    private Authentication getUserAuthentication(@Nullable String str) {
        SecurityProvider securityProvider = getSecurityProvider();
        Root root = getRoot();
        if (securityProvider == null || root == null) {
            return null;
        }
        UserConfiguration userConfiguration = (UserConfiguration) securityProvider.getConfiguration(UserConfiguration.class);
        UserAuthenticationFactory userAuthenticationFactory = (UserAuthenticationFactory) userConfiguration.getParameters().getConfigValue(UserConstants.PARAM_USER_AUTHENTICATION_FACTORY, null, UserAuthenticationFactory.class);
        if (userAuthenticationFactory != null) {
            return userAuthenticationFactory.getAuthentication(userConfiguration, root, str);
        }
        log.error("No user authentication factory configured in user configuration.");
        return null;
    }

    private AuthInfo createAuthInfo(@Nonnull Set<? extends Principal> set) {
        Credentials baseCredentials = this.credentials instanceof ImpersonationCredentials ? ((ImpersonationCredentials) this.credentials).getBaseCredentials() : this.credentials;
        HashMap hashMap = new HashMap();
        Object obj = this.sharedState.get(AbstractLoginModule.SHARED_KEY_ATTRIBUTES);
        if (obj instanceof Map) {
            for (Object obj2 : ((Map) obj).keySet()) {
                hashMap.put(obj2.toString(), ((Map) obj).get(obj2));
            }
        } else if (baseCredentials instanceof SimpleCredentials) {
            SimpleCredentials simpleCredentials = (SimpleCredentials) baseCredentials;
            for (String str : simpleCredentials.getAttributeNames()) {
                hashMap.put(str, simpleCredentials.getAttribute(str));
            }
        }
        return new AuthInfoImpl(this.userId, hashMap, set);
    }

    static {
        SUPPORTED_CREDENTIALS.add(SimpleCredentials.class);
        SUPPORTED_CREDENTIALS.add(GuestCredentials.class);
        SUPPORTED_CREDENTIALS.add(ImpersonationCredentials.class);
    }
}
