package org.apache.jackrabbit.core;

import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.jcr.Credentials;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.security.auth.Subject;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.config.LoginModuleConfig;
import org.apache.jackrabbit.core.config.UserManagerConfig;
import org.apache.jackrabbit.core.security.authentication.AuthContext;
import org.apache.jackrabbit.core.security.authentication.AuthContextProvider;
import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
import org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider;
import org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider;
import org.apache.jackrabbit.core.security.principal.PrincipalManagerImpl;
import org.apache.jackrabbit.core.security.principal.PrincipalProvider;
import org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry;
import org.apache.jackrabbit.core.security.user.MembershipCache;
import org.apache.jackrabbit.core.security.user.UserManagerImpl;
import org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager;

/* loaded from: input_file:jackrabbit-core-2.8.8.jar:org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.class */
public class UserPerWorkspaceSecurityManager extends DefaultSecurityManager {
    private final Map<String, PrincipalProviderRegistry> ppRegistries = new HashMap();
    private final Object monitor = new Object();
    private final List<String> systemUsersInitialized = new ArrayList();

    /* loaded from: input_file:jackrabbit-core-2.8.8.jar:org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager$WorkspaceAccessManagerImpl.class */
    private final class WorkspaceAccessManagerImpl implements WorkspaceAccessManager {
        private WorkspaceAccessManagerImpl() {
        }

        @Override // org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager
        public void init(Session session) throws RepositoryException {
        }

        @Override // org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager
        public void close() throws RepositoryException {
        }

        @Override // org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager
        public boolean grants(Set<Principal> set, String str) throws RepositoryException {
            if (!Arrays.asList(((RepositoryImpl) UserPerWorkspaceSecurityManager.this.getRepository()).getWorkspaceNames()).contains(str)) {
                return false;
            }
            UserManager systemUserManager = UserPerWorkspaceSecurityManager.this.getSystemUserManager(str);
            for (Principal principal : set) {
                if (!(principal instanceof Group) && systemUserManager.getAuthorizable(principal) != null) {
                    return true;
                }
            }
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jackrabbit-core-2.8.8.jar:org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager$WorkspaceBasedPrincipalProviderRegistry.class */
    public final class WorkspaceBasedPrincipalProviderRegistry implements PrincipalProviderRegistry {
        private final PrincipalProvider defaultPrincipalProvider;

        public WorkspaceBasedPrincipalProviderRegistry(PrincipalProvider principalProvider) {
            this.defaultPrincipalProvider = principalProvider;
        }

        @Override // org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry
        public PrincipalProvider registerProvider(Properties properties) throws RepositoryException {
            return UserPerWorkspaceSecurityManager.this.getPrincipalProviderRegistry().registerProvider(properties);
        }

        @Override // org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry
        public PrincipalProvider getDefault() {
            return this.defaultPrincipalProvider;
        }

        @Override // org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry
        public PrincipalProvider getProvider(String str) {
            PrincipalProvider provider = UserPerWorkspaceSecurityManager.this.getPrincipalProviderRegistry().getProvider(str);
            if (provider == null && this.defaultPrincipalProvider.getClass().getName().equals(str)) {
                provider = this.defaultPrincipalProvider;
            }
            return provider;
        }

        @Override // org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry
        public PrincipalProvider[] getProviders() {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(Arrays.asList(UserPerWorkspaceSecurityManager.this.getPrincipalProviderRegistry().getProviders()));
            arrayList.add(this.defaultPrincipalProvider);
            return (PrincipalProvider[]) arrayList.toArray(new PrincipalProvider[arrayList.size()]);
        }
    }

    private PrincipalProviderRegistry getPrincipalProviderRegistry(SessionImpl sessionImpl) throws RepositoryException {
        PrincipalProviderRegistry principalProviderRegistry;
        SystemSession systemSession;
        String name = sessionImpl.getWorkspace().getName();
        synchronized (this.monitor) {
            PrincipalProviderRegistry principalProviderRegistry2 = this.ppRegistries.get(name);
            if (principalProviderRegistry2 == null) {
                if (sessionImpl instanceof SystemSession) {
                    systemSession = (SystemSession) sessionImpl;
                } else {
                    RepositoryImpl repositoryImpl = (RepositoryImpl) getRepository();
                    systemSession = repositoryImpl.getSystemSession(name);
                    repositoryImpl.markWorkspaceActive(name);
                }
                Properties[] moduleConfig = new AuthContextProvider("", ((RepositoryImpl) getRepository()).getConfig().getSecurityConfig().getLoginModuleConfig()).getModuleConfig();
                DefaultPrincipalProvider defaultPrincipalProvider = new DefaultPrincipalProvider(systemSession, (UserManagerImpl) getUserManager(systemSession));
                boolean z = false;
                int length = moduleConfig.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    Properties properties = moduleConfig[i];
                    if (!properties.containsKey(LoginModuleConfig.PARAM_PRINCIPAL_PROVIDER_CLASS) && properties.containsKey(AbstractPrincipalProvider.MAXSIZE_KEY)) {
                        defaultPrincipalProvider.init(properties);
                        z = true;
                        break;
                    }
                    i++;
                }
                if (!z) {
                    defaultPrincipalProvider.init(new Properties());
                }
                principalProviderRegistry2 = new WorkspaceBasedPrincipalProviderRegistry(defaultPrincipalProvider);
                this.ppRegistries.put(name, principalProviderRegistry2);
            }
            principalProviderRegistry = principalProviderRegistry2;
        }
        return principalProviderRegistry;
    }

    @Override // org.apache.jackrabbit.core.DefaultSecurityManager, org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public void init(Repository repository, Session session) throws RepositoryException {
        super.init(repository, session);
        this.systemUsersInitialized.add(session.getWorkspace().getName());
    }

    @Override // org.apache.jackrabbit.core.DefaultSecurityManager, org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public void dispose(String str) {
        super.dispose(str);
        synchronized (this.monitor) {
            PrincipalProviderRegistry remove = this.ppRegistries.remove(str);
            if (remove != null) {
                remove.getDefault().close();
            }
        }
    }

    @Override // org.apache.jackrabbit.core.DefaultSecurityManager, org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public void close() {
        super.close();
        synchronized (this.monitor) {
            Iterator<PrincipalProviderRegistry> it = this.ppRegistries.values().iterator();
            while (it.hasNext()) {
                it.next().getDefault().close();
            }
            this.ppRegistries.clear();
        }
    }

    @Override // org.apache.jackrabbit.core.DefaultSecurityManager, org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public UserManager getUserManager(Session session) throws RepositoryException {
        checkInitialized();
        if (session == getSystemSession()) {
            return super.getUserManager(session);
        }
        if (!(session instanceof SessionImpl)) {
            throw new RepositoryException("Internal error: SessionImpl expected.");
        }
        UserManagerImpl createUserManager = createUserManager((SessionImpl) session);
        String name = session.getWorkspace().getName();
        if ((session instanceof SystemSession) && !this.systemUsersInitialized.contains(name)) {
            createSystemUsers(createUserManager, (SystemSession) session, this.adminId, this.anonymousId);
            this.systemUsersInitialized.add(name);
        }
        return createUserManager;
    }

    @Override // org.apache.jackrabbit.core.DefaultSecurityManager, org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public AuthContext getAuthContext(Credentials credentials, Subject subject, String str) throws RepositoryException {
        checkInitialized();
        SystemSession systemSession = ((RepositoryImpl) getRepository()).getSystemSession(str);
        return getAuthContextProvider().getAuthContext(credentials, subject, systemSession, getPrincipalProviderRegistry(systemSession), this.adminId, this.anonymousId);
    }

    @Override // org.apache.jackrabbit.core.DefaultSecurityManager
    protected PrincipalProvider createDefaultPrincipalProvider(Properties[] propertiesArr) throws RepositoryException {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.core.DefaultSecurityManager
    public UserManager getSystemUserManager(String str) throws RepositoryException {
        return str.equals(getSystemSession().getWorkspace().getName()) ? super.getSystemUserManager(str) : ((RepositoryImpl) getRepository()).getWorkspaceInfo(str).getSystemSession().getUserManager();
    }

    @Override // org.apache.jackrabbit.core.DefaultSecurityManager
    protected UserManagerImpl createUserManager(SessionImpl sessionImpl) throws RepositoryException {
        UserManagerConfig userManagerConfig = getConfig().getUserManagerConfig();
        UserPerWorkspaceUserManager userPerWorkspaceUserManager = userManagerConfig != null ? (UserPerWorkspaceUserManager) userManagerConfig.getUserManager(UserPerWorkspaceUserManager.class, new Class[]{SessionImpl.class, String.class, Properties.class, MembershipCache.class}, sessionImpl, this.adminId, userManagerConfig.getParameters(), getMembershipCache(sessionImpl)) : new UserPerWorkspaceUserManager(sessionImpl, this.adminId, null, getMembershipCache(sessionImpl));
        if (userManagerConfig != null && !(sessionImpl instanceof SystemSession)) {
            userPerWorkspaceUserManager.setAuthorizableActions(userManagerConfig.getAuthorizableActions());
        }
        return userPerWorkspaceUserManager;
    }

    @Override // org.apache.jackrabbit.core.DefaultSecurityManager
    protected PrincipalManager createPrincipalManager(SessionImpl sessionImpl) throws RepositoryException {
        return new PrincipalManagerImpl(sessionImpl, getPrincipalProviderRegistry(sessionImpl).getProviders());
    }

    @Override // org.apache.jackrabbit.core.DefaultSecurityManager
    protected WorkspaceAccessManager createDefaultWorkspaceAccessManager() {
        return new WorkspaceAccessManagerImpl();
    }
}
