package org.apache.stanbol.commons.security.auth;

import java.security.AccessController;
import java.util.Iterator;
import java.util.concurrent.locks.Lock;
import org.apache.clerezza.platform.config.SystemConfig;
import org.apache.clerezza.rdf.core.Literal;
import org.apache.clerezza.rdf.core.NonLiteral;
import org.apache.clerezza.rdf.core.Triple;
import org.apache.clerezza.rdf.core.access.LockableMGraph;
import org.apache.clerezza.rdf.core.impl.PlainLiteralImpl;
import org.apache.clerezza.rdf.ontologies.PERMISSION;
import org.apache.clerezza.rdf.ontologies.PLATFORM;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.stanbol.commons.security.PasswordUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service({AuthenticationChecker.class})
@Component
/* loaded from: input_file:resources/bundles/25/org.apache.stanbol.commons.security.core-1.0.0.jar:org/apache/stanbol/commons/security/auth/AuthenticationCheckerImpl.class */
public class AuthenticationCheckerImpl implements AuthenticationChecker {
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationCheckerImpl.class);

    @Reference(target = SystemConfig.SYSTEM_GRAPH_FILTER)
    private LockableMGraph systemGraph;

    @Override // org.apache.stanbol.commons.security.auth.AuthenticationChecker
    public boolean authenticate(String str, String str2) throws NoSuchAgent {
        if (System.getSecurityManager() != null) {
            AccessController.checkPermission(new CheckAuthenticationPermission());
        }
        if (getPasswordOfAgent(getAgentFromGraph(str)).equals(PasswordUtil.convertPassword(str2))) {
            logger.debug("user {} successfully authenticated", str);
            return true;
        }
        logger.debug("unsuccessful authentication attempt as user {}", str);
        return false;
    }

    private NonLiteral getAgentFromGraph(String str) throws NoSuchAgent {
        Lock readLock = this.systemGraph.getLock().readLock();
        readLock.lock();
        try {
            Iterator<Triple> filter = this.systemGraph.filter(null, PLATFORM.userName, new PlainLiteralImpl(str));
            if (filter.hasNext()) {
                return filter.next().getSubject();
            }
            logger.debug("unsuccessful authentication attempt as non-existent user {}", str);
            throw new NoSuchAgent();
        } finally {
            readLock.unlock();
        }
    }

    private String getPasswordOfAgent(NonLiteral nonLiteral) {
        Lock readLock = this.systemGraph.getLock().readLock();
        readLock.lock();
        try {
            Iterator<Triple> filter = this.systemGraph.filter(nonLiteral, PERMISSION.passwordSha1, null);
            return filter.hasNext() ? ((Literal) filter.next().getObject()).getLexicalForm() : "";
        } finally {
            readLock.unlock();
        }
    }

    protected void bindSystemGraph(LockableMGraph lockableMGraph) {
        this.systemGraph = lockableMGraph;
    }

    protected void unbindSystemGraph(LockableMGraph lockableMGraph) {
        if (this.systemGraph == lockableMGraph) {
            this.systemGraph = null;
        }
    }
}
