package org.apache.sling.jcr.resource.internal.helper.jcr;

import java.util.Map;
import java.util.concurrent.atomic.AtomicReference;
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.api.resource.external.URIProvider;
import org.apache.sling.commons.classloader.DynamicClassLoaderManager;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.jcr.resource.api.JcrResourceConstants;
import org.apache.sling.jcr.resource.internal.HelperData;
import org.apache.sling.spi.resource.provider.ResourceProvider;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:resources/install/0/org.apache.sling.jcr.resource-3.0.18.jar:org/apache/sling/jcr/resource/internal/helper/jcr/JcrProviderStateFactory.class */
public class JcrProviderStateFactory {
    private final Logger logger = LoggerFactory.getLogger((Class<?>) JcrProviderStateFactory.class);
    private final ServiceReference<SlingRepository> repositoryReference;
    private final SlingRepository repository;
    private final AtomicReference<DynamicClassLoaderManager> dynamicClassLoaderManagerReference;
    private final AtomicReference<URIProvider[]> uriProviderReference;
    static final /* synthetic */ boolean $assertionsDisabled;

    public JcrProviderStateFactory(ServiceReference<SlingRepository> serviceReference, SlingRepository slingRepository, AtomicReference<DynamicClassLoaderManager> atomicReference, AtomicReference<URIProvider[]> atomicReference2) {
        this.repository = slingRepository;
        this.repositoryReference = serviceReference;
        this.dynamicClassLoaderManagerReference = atomicReference;
        this.uriProviderReference = atomicReference2;
    }

    @Nullable
    private Bundle extractCallingBundle(@NotNull Map<String, Object> map) throws LoginException {
        Object obj = map.get("sling.service.bundle");
        if (obj == null || (obj instanceof Bundle)) {
            return (Bundle) obj;
        }
        throw new LoginException("Invalid calling bundle object in authentication info");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JcrProviderState createProviderState(@NotNull Map<String, Object> map) throws LoginException {
        Session login;
        boolean equals = Boolean.TRUE.equals(map.get(ResourceProvider.AUTH_ADMIN));
        Session session = getSession(map);
        if (session != null && !equals) {
            return createJcrProviderState(session, false, map, null);
        }
        BundleContext bundleContext = null;
        try {
            Bundle extractCallingBundle = extractCallingBundle(map);
            if (extractCallingBundle != null) {
                bundleContext = extractCallingBundle.getBundleContext();
                SlingRepository slingRepository = (SlingRepository) bundleContext.getService(this.repositoryReference);
                if (slingRepository == null) {
                    Logger logger = this.logger;
                    Object[] objArr = new Object[3];
                    objArr[0] = equals ? "admin" : "service";
                    objArr[1] = extractCallingBundle.getSymbolicName();
                    objArr[2] = Long.valueOf(extractCallingBundle.getBundleId());
                    logger.warn("Cannot login {} because cannot get SlingRepository on behalf of bundle {} ({})", objArr);
                    throw new LoginException("Repository unavailable");
                }
                try {
                    if (equals) {
                        login = slingRepository.loginAdministrative(null);
                    } else {
                        Object obj = map.get(ResourceResolverFactory.SUBSERVICE);
                        login = slingRepository.loginService(obj instanceof String ? (String) obj : null, null);
                    }
                } catch (Throwable th) {
                    if (session == null) {
                        bundleContext.ungetService(this.repositoryReference);
                    }
                    throw th;
                }
            } else {
                if (equals) {
                    throw new LoginException("Calling bundle missing in authentication info");
                }
                login = this.repository.login(getCredentials(map), null);
            }
            return createJcrProviderState(login, true, map, bundleContext);
        } catch (RepositoryException e) {
            throw getLoginException(e);
        }
    }

    private JcrProviderState createJcrProviderState(@NotNull Session session, boolean z, @NotNull Map<String, Object> map, @Nullable BundleContext bundleContext) throws LoginException {
        boolean z2 = getSession(map) != null;
        Session handleImpersonation = handleImpersonation(session, map, z, z2);
        if (handleImpersonation != session && z2) {
            map.put(JcrResourceConstants.AUTHENTICATION_INFO_SESSION, handleImpersonation);
        }
        return new JcrProviderState(handleImpersonation, new HelperData(this.dynamicClassLoaderManagerReference, this.uriProviderReference), z || handleImpersonation != session, bundleContext, bundleContext == null ? null : this.repositoryReference);
    }

    private static Session handleImpersonation(Session session, Map<String, Object> map, boolean z, boolean z2) throws LoginException {
        String sudoUser = getSudoUser(map);
        boolean z3 = (sudoUser == null || session.getUserID().equals(sudoUser)) ? false : true;
        boolean z4 = !z3 && z2 && map.containsKey(ResourceProvider.AUTH_CLONE);
        if (!z3 && !z4) {
            return session;
        }
        try {
            try {
                if (z3) {
                    SimpleCredentials simpleCredentials = new SimpleCredentials(sudoUser, new char[0]);
                    copyAttributes(simpleCredentials, map);
                    simpleCredentials.setAttribute(ResourceResolver.USER_IMPERSONATOR, session.getUserID());
                    Session impersonate = session.impersonate(simpleCredentials);
                    if (z) {
                        session.logout();
                    }
                    return impersonate;
                }
                if (!$assertionsDisabled && !z4) {
                    throw new AssertionError();
                }
                SimpleCredentials simpleCredentials2 = new SimpleCredentials(session.getUserID(), new char[0]);
                copyAttributes(simpleCredentials2, map);
                Session impersonate2 = session.impersonate(simpleCredentials2);
                if (z) {
                    session.logout();
                }
                return impersonate2;
            } catch (RepositoryException e) {
                throw getLoginException(e);
            }
        } catch (Throwable th) {
            if (z) {
                session.logout();
            }
            throw th;
        }
    }

    private static LoginException getLoginException(RepositoryException repositoryException) {
        return repositoryException instanceof javax.jcr.LoginException ? new LoginException(repositoryException.getMessage(), repositoryException.getCause()) : new LoginException("Unable to login " + repositoryException.getMessage(), repositoryException);
    }

    private static Credentials getCredentials(Map<String, Object> map) {
        Credentials credentials = null;
        if (map != null) {
            Object obj = map.get(JcrResourceConstants.AUTHENTICATION_INFO_CREDENTIALS);
            if (obj instanceof Credentials) {
                credentials = (Credentials) obj;
            } else {
                Object obj2 = map.get(ResourceResolverFactory.USER);
                if (obj2 instanceof String) {
                    Object obj3 = map.get(ResourceResolverFactory.PASSWORD);
                    SimpleCredentials simpleCredentials = new SimpleCredentials((String) obj2, obj3 instanceof char[] ? (char[]) obj3 : new char[0]);
                    copyAttributes(simpleCredentials, map);
                    credentials = simpleCredentials;
                }
            }
        }
        if ((credentials instanceof SimpleCredentials) && (map.get("user.newpassword") instanceof String)) {
            ((SimpleCredentials) credentials).setAttribute("user.newpassword", map.get("user.newpassword"));
        }
        return credentials;
    }

    private static void copyAttributes(SimpleCredentials simpleCredentials, Map<String, Object> map) {
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            if (isAttributeVisible(entry.getKey())) {
                simpleCredentials.setAttribute(entry.getKey(), entry.getValue());
            }
        }
    }

    private static boolean isAttributeVisible(String str) {
        return (str.equals(JcrResourceConstants.AUTHENTICATION_INFO_CREDENTIALS) || str.contains("password")) ? false : true;
    }

    private static String getSudoUser(Map<String, Object> map) {
        Object obj = map.get(ResourceResolverFactory.USER_IMPERSONATION);
        if (obj instanceof String) {
            return (String) obj;
        }
        return null;
    }

    private static Session getSession(Map<String, Object> map) {
        Object obj = map.get(JcrResourceConstants.AUTHENTICATION_INFO_SESSION);
        if (obj instanceof Session) {
            return (Session) obj;
        }
        return null;
    }

    static {
        $assertionsDisabled = !JcrProviderStateFactory.class.desiredAssertionStatus();
    }
}
