package org.apache.jetspeed.sso.impl;

import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import javax.security.auth.Subject;
import org.apache.jetspeed.security.JetspeedPrincipal;
import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityDomain;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserManager;
import org.apache.jetspeed.security.impl.SecurityDomainImpl;
import org.apache.jetspeed.security.spi.SecurityDomainAccessManager;
import org.apache.jetspeed.security.spi.SecurityDomainStorageManager;
import org.apache.jetspeed.security.spi.impl.PasswordCredentialImpl;
import org.apache.jetspeed.sso.SSOClient;
import org.apache.jetspeed.sso.SSOException;
import org.apache.jetspeed.sso.SSOManager;
import org.apache.jetspeed.sso.SSOSite;
import org.apache.jetspeed.sso.SSOUser;
import org.apache.jetspeed.sso.spi.SSOSiteManagerSPI;
import org.apache.jetspeed.sso.spi.SSOUserManagerSPI;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:tomcat-portal.zip:webapps/jetspeed/WEB-INF/lib/jetspeed-sso-2.2.1.jar:org/apache/jetspeed/sso/impl/SSOManagerImpl.class */
public class SSOManagerImpl implements SSOManager {
    private static final Logger log = LoggerFactory.getLogger(SSOManagerImpl.class);
    private UserManager userManager;
    private SSOUserManagerSPI ssoUserManagerSPI;
    private SecurityDomainAccessManager domainAccessManager;
    private SecurityDomainStorageManager domainStorageManager;
    private SSOSiteManagerSPI ssoSiteManagerSPI;
    private Long defaultDomainId;

    @Override // org.apache.jetspeed.sso.SSOManager
    public SSOClient getClient(SSOSite sSOSite, SSOUser sSOUser) throws SSOException {
        return new SSOClientImpl(sSOSite, getCredentials(sSOUser));
    }

    protected User getUser(String str) {
        User user = null;
        try {
            user = this.userManager.getUser(str);
        } catch (SecurityException e) {
        }
        return user;
    }

    protected Collection<SSOUser> getRemoteUsers(JetspeedPrincipal jetspeedPrincipal) throws SSOException {
        try {
            return this.ssoUserManagerSPI.getUsers(jetspeedPrincipal);
        } catch (SecurityException e) {
            throw new SSOException(e);
        }
    }

    @Override // org.apache.jetspeed.sso.SSOUserManager
    public Collection<SSOUser> getRemoteUsers(SSOSite sSOSite, Subject subject) throws SSOException {
        HashMap hashMap = new HashMap();
        for (Principal principal : subject.getPrincipals()) {
            if (principal instanceof JetspeedPrincipal) {
                try {
                    for (SSOUser sSOUser : getRemoteUsers(sSOSite, (JetspeedPrincipal) principal)) {
                        if (!hashMap.containsKey(sSOUser.getId())) {
                            hashMap.put(sSOUser.getId(), sSOUser);
                        }
                    }
                } catch (SSOException e) {
                    throw new SSOException(e);
                }
            }
        }
        return hashMap.values();
    }

    @Override // org.apache.jetspeed.sso.SSOUserManager
    public Collection<SSOUser> getRemoteUsers(SSOSite sSOSite, JetspeedPrincipal jetspeedPrincipal) throws SSOException {
        try {
            return this.ssoUserManagerSPI.getUsers(jetspeedPrincipal, sSOSite.getSecurityDomainId());
        } catch (SecurityException e) {
            throw new SSOException(e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v9, types: [org.apache.jetspeed.security.PasswordCredential] */
    @Override // org.apache.jetspeed.sso.SSOUserManager
    public void setPassword(SSOUser sSOUser, String str) throws SSOException {
        PasswordCredentialImpl passwordCredentialImpl = null;
        try {
            passwordCredentialImpl = this.ssoUserManagerSPI.getPasswordCredential(sSOUser);
        } catch (SecurityException e) {
        }
        if (passwordCredentialImpl != null) {
            passwordCredentialImpl.setPassword(str, false);
        } else {
            passwordCredentialImpl = new PasswordCredentialImpl(sSOUser, str);
        }
        try {
            this.ssoUserManagerSPI.storePasswordCredential(passwordCredentialImpl);
        } catch (SecurityException e2) {
            throw new SSOException(e2);
        }
    }

    @Override // org.apache.jetspeed.sso.SSOUserManager
    public Collection<JetspeedPrincipal> getPortalPrincipals(SSOUser sSOUser) {
        SSOSite site = this.ssoSiteManagerSPI.getSite(sSOUser);
        if (site == null) {
            return Collections.emptyList();
        }
        return this.ssoUserManagerSPI.getPortalPrincipals(sSOUser, this.domainAccessManager.getDomain(this.domainAccessManager.getDomain(site.getSecurityDomainId()).getOwnerDomainId()).getDomainId());
    }

    protected Long getDefaultDomainId() {
        if (this.defaultDomainId == null) {
            SecurityDomain domainByName = this.domainAccessManager.getDomainByName(SecurityDomain.DEFAULT_NAME);
            if (domainByName == null) {
                throw new RuntimeException("Could not find default security domain.");
            }
            this.defaultDomainId = domainByName.getDomainId();
        }
        return this.defaultDomainId;
    }

    @Override // org.apache.jetspeed.sso.SSOSiteManager
    public SSOSite addSite(SSOSite sSOSite) throws SSOException {
        return addSite(getDefaultDomainId(), sSOSite);
    }

    protected SSOSite addSite(Long l, SSOSite sSOSite) throws SSOException {
        if (this.domainAccessManager.getDomainByName(sSOSite.getName()) != null) {
            throw new SSOException(SSOException.SITE_ALREADY_EXISTS);
        }
        SecurityDomainImpl securityDomainImpl = new SecurityDomainImpl();
        securityDomainImpl.setName(sSOSite.getName());
        securityDomainImpl.setOwnerDomainId(l);
        securityDomainImpl.setEnabled(true);
        securityDomainImpl.setRemote(true);
        try {
            this.domainStorageManager.addDomain(securityDomainImpl);
            SecurityDomain domainByName = this.domainAccessManager.getDomainByName(sSOSite.getName());
            if (domainByName == null || domainByName.getDomainId() == null) {
                throw new SSOException(SSOException.SITE_COULD_NOT_BE_CREATED);
            }
            sSOSite.setSecurityDomainId(domainByName.getDomainId());
            try {
                return this.ssoSiteManagerSPI.add(sSOSite);
            } catch (SSOException e) {
                try {
                    this.domainStorageManager.removeDomain(domainByName);
                } catch (SecurityException e2) {
                }
                throw new SSOException(e);
            }
        } catch (SecurityException e3) {
            log.error("Could not add remote security domain with name " + sSOSite.getName() + " for owner domain " + l);
            throw new SSOException(SSOException.SITE_COULD_NOT_BE_CREATED, e3);
        }
    }

    @Override // org.apache.jetspeed.sso.SSOUserManager
    public PasswordCredential getCredentials(SSOUser sSOUser) throws SSOException {
        try {
            return this.ssoUserManagerSPI.getPasswordCredential(sSOUser);
        } catch (SecurityException e) {
            throw new SSOException(e);
        }
    }

    @Override // org.apache.jetspeed.sso.SSOSiteManager
    public Collection<SSOSite> getSites(String str) {
        return this.ssoSiteManagerSPI.getSites(str);
    }

    @Override // org.apache.jetspeed.sso.SSOUserManager
    public Collection<SSOUser> getUsersForSite(SSOSite sSOSite) throws SSOException {
        try {
            return this.ssoUserManagerSPI.getUsers("", sSOSite.getSecurityDomainId());
        } catch (SecurityException e) {
            throw new SSOException("Could not fetch SSO users for site " + sSOSite.getName(), e);
        }
    }

    @Override // org.apache.jetspeed.sso.SSOSiteManager
    public Collection<SSOSite> getSitesForPrincipal(JetspeedPrincipal jetspeedPrincipal) throws SSOException {
        Collection<SSOUser> remoteUsers;
        Collection<SSOSite> collection = null;
        if (jetspeedPrincipal != null && (remoteUsers = getRemoteUsers(jetspeedPrincipal)) != null && remoteUsers.size() > 0) {
            collection = this.ssoSiteManagerSPI.getSites(remoteUsers);
        }
        return collection != null ? collection : Collections.EMPTY_SET;
    }

    @Override // org.apache.jetspeed.sso.SSOSiteManager
    public Collection<SSOSite> getSitesForSubject(Subject subject) throws SSOException {
        HashMap hashMap = new HashMap();
        for (Principal principal : subject.getPrincipals()) {
            if (principal instanceof JetspeedPrincipal) {
                try {
                    for (SSOSite sSOSite : getSitesForPrincipal((JetspeedPrincipal) principal)) {
                        if (!hashMap.containsKey(Integer.valueOf(sSOSite.getId()))) {
                            hashMap.put(Integer.valueOf(sSOSite.getId()), sSOSite);
                        }
                    }
                } catch (SSOException e) {
                }
            }
        }
        return hashMap.values();
    }

    @Override // org.apache.jetspeed.sso.SSOUserManager
    public void addAssociation(SSOUser sSOUser, JetspeedPrincipal jetspeedPrincipal) throws SSOException {
        try {
            this.ssoUserManagerSPI.addSSOUserToPrincipal(sSOUser, jetspeedPrincipal);
        } catch (SecurityException e) {
            throw new SSOException("Unable to associate principal " + jetspeedPrincipal.getName() + " with SSO user " + sSOUser.getName());
        }
    }

    @Override // org.apache.jetspeed.sso.SSOUserManager
    public SSOUser addUser(SSOSite sSOSite, JetspeedPrincipal jetspeedPrincipal, String str, String str2) throws SSOException {
        SSOUser sSOUser = null;
        try {
            sSOUser = this.ssoUserManagerSPI.addUser(str, sSOSite.getSecurityDomainId(), jetspeedPrincipal);
            setPassword(sSOUser, str2);
            addAssociation(sSOUser, jetspeedPrincipal);
            return sSOUser;
        } catch (SecurityException e) {
            if (sSOUser != null) {
                removeUser(sSOUser);
            }
            throw new SSOException("Unable to add new SSO User " + str, e);
        }
    }

    @Override // org.apache.jetspeed.sso.SSOUserManager
    public void updateUser(SSOUser sSOUser) throws SSOException {
        try {
            this.ssoUserManagerSPI.updateUser(sSOUser);
        } catch (SecurityException e) {
            throw new SSOException("Unable to update user:", e);
        }
    }

    @Override // org.apache.jetspeed.sso.SSOUserManager
    public void removeUser(SSOUser sSOUser) throws SSOException {
        try {
            this.ssoUserManagerSPI.removeUser(sSOUser.getName(), sSOUser.getDomainId());
        } catch (SecurityException e) {
            throw new SSOException("Unable to remove SSO User " + sSOUser.getName(), e);
        }
    }

    @Override // org.apache.jetspeed.sso.SSOSiteManager
    public void removeSite(SSOSite sSOSite) throws SSOException {
        SecurityDomain domain = this.domainAccessManager.getDomain(sSOSite.getSecurityDomainId());
        if (domain != null) {
            try {
                this.domainStorageManager.removeDomain(domain);
            } catch (SecurityException e) {
                throw new SSOException("Unable to remove security domain (id:" + sSOSite.getSecurityDomainId() + ") associated with the SSO Site " + sSOSite.getName());
            }
        }
        this.ssoSiteManagerSPI.remove(sSOSite);
    }

    @Override // org.apache.jetspeed.sso.SSOSiteManager
    public void updateSite(SSOSite sSOSite) throws SSOException {
        SSOSite byId = this.ssoSiteManagerSPI.getById(sSOSite.getId());
        if (byId == null) {
            throw new SSOException("Unable to update site: site doesn't exist.");
        }
        if (!byId.getName().equals(sSOSite.getName())) {
            if (this.domainAccessManager.getDomainByName(sSOSite.getName()) != null) {
                throw new SSOException("Unable to rename site to '" + sSOSite.getName() + "': a security domain with that name already exists!");
            }
            SecurityDomain domain = this.domainAccessManager.getDomain(byId.getSecurityDomainId());
            SecurityDomainImpl securityDomainImpl = new SecurityDomainImpl(domain);
            securityDomainImpl.setName(sSOSite.getName());
            try {
                this.domainStorageManager.updateDomain(securityDomainImpl);
            } catch (SecurityException e) {
                throw new SSOException("Unable to rename security domain " + domain.getName() + " to " + sSOSite.getName() + ".", e);
            }
        }
        this.ssoSiteManagerSPI.update(sSOSite);
    }

    @Override // org.apache.jetspeed.sso.SSOUserManager
    public SSOUser getRemoteUser(SSOSite sSOSite, String str) {
        try {
            return this.ssoUserManagerSPI.getUser(str, sSOSite.getSecurityDomainId());
        } catch (SecurityException e) {
            log.debug("Could not find SSO user with name " + str + " from remote site " + sSOSite.getName() + " (domain id: " + sSOSite.getSecurityDomainId() + ")", (Throwable) e);
            return null;
        }
    }

    @Override // org.apache.jetspeed.sso.SSOSiteManager
    public SSOSite getSiteByUrl(String str) {
        return this.ssoSiteManagerSPI.getByUrl(str);
    }

    @Override // org.apache.jetspeed.sso.SSOSiteManager
    public SSOSite getSiteByName(String str) {
        return this.ssoSiteManagerSPI.getByName(str);
    }

    @Override // org.apache.jetspeed.sso.SSOSiteManager
    public SSOSite getSiteById(int i) {
        return this.ssoSiteManagerSPI.getById(i);
    }

    @Override // org.apache.jetspeed.sso.SSOSiteManager
    public SSOSite newSite(String str, String str2) {
        return new SSOSiteImpl(str, str2);
    }

    public void setUserManager(UserManager userManager) {
        this.userManager = userManager;
    }

    public void setSSOUserManagerSPI(SSOUserManagerSPI sSOUserManagerSPI) {
        this.ssoUserManagerSPI = sSOUserManagerSPI;
    }

    public void setDomainAccessManager(SecurityDomainAccessManager securityDomainAccessManager) {
        this.domainAccessManager = securityDomainAccessManager;
    }

    public void setDomainStorageManager(SecurityDomainStorageManager securityDomainStorageManager) {
        this.domainStorageManager = securityDomainStorageManager;
    }

    public void setSSOSiteManagerSPI(SSOSiteManagerSPI sSOSiteManagerSPI) {
        this.ssoSiteManagerSPI = sSOSiteManagerSPI;
    }
}
