package org.apache.jackrabbit.core.security.authentication;

import java.security.Principal;
import java.util.Map;
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.SessionImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/jackrabbit-core-1.5.7.jar:org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.class */
public class DefaultLoginModule extends AbstractLoginModule {
    private static final Logger log;
    private User user;
    private UserManager userManager;
    static Class class$org$apache$jackrabbit$core$security$authentication$AbstractLoginModule;

    @Override // org.apache.jackrabbit.core.security.authentication.AbstractLoginModule
    protected void doInit(CallbackHandler callbackHandler, Session session, Map map) throws LoginException {
        if (!(session instanceof SessionImpl)) {
            throw new LoginException("Unable to initialize LoginModule: SessionImpl expected.");
        }
        try {
            this.userManager = ((SessionImpl) session).getUserManager();
            log.debug(new StringBuffer().append("- UserManager -> '").append(this.userManager.getClass().getName()).append("'").toString());
        } catch (RepositoryException e) {
            throw new LoginException(new StringBuffer().append("Unable to initialize LoginModule: ").append(e.getMessage()).toString());
        }
    }

    @Override // org.apache.jackrabbit.core.security.authentication.AbstractLoginModule
    protected Principal getPrincipal(Credentials credentials) {
        Principal principal = null;
        try {
            Authorizable authorizable = this.userManager.getAuthorizable(getUserID(credentials));
            if (authorizable != null && !authorizable.isGroup()) {
                this.user = (User) authorizable;
                principal = this.user.getPrincipal();
            }
        } catch (RepositoryException e) {
            log.warn("Error while retrieving principal.", e.getMessage());
        }
        return principal;
    }

    @Override // org.apache.jackrabbit.core.security.authentication.AbstractLoginModule
    protected Authentication getAuthentication(Principal principal, Credentials credentials) throws RepositoryException {
        if (this.user == null) {
            return null;
        }
        SimpleCredentialsAuthentication simpleCredentialsAuthentication = new SimpleCredentialsAuthentication(this.user);
        if (simpleCredentialsAuthentication.canHandle(credentials)) {
            return simpleCredentialsAuthentication;
        }
        return null;
    }

    @Override // org.apache.jackrabbit.core.security.authentication.AbstractLoginModule
    protected boolean impersonate(Principal principal, Credentials credentials) throws RepositoryException, FailedLoginException {
        Authorizable authorizable = this.userManager.getAuthorizable(principal);
        if (authorizable == null || authorizable.isGroup()) {
            return false;
        }
        if (((User) authorizable).getImpersonation().allows(getImpersonatorSubject(credentials))) {
            return true;
        }
        throw new FailedLoginException(new StringBuffer().append("attempt to impersonate denied for ").append(principal.getName()).toString());
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$jackrabbit$core$security$authentication$AbstractLoginModule == null) {
            cls = class$("org.apache.jackrabbit.core.security.authentication.AbstractLoginModule");
            class$org$apache$jackrabbit$core$security$authentication$AbstractLoginModule = cls;
        } else {
            cls = class$org$apache$jackrabbit$core$security$authentication$AbstractLoginModule;
        }
        log = LoggerFactory.getLogger(cls);
    }
}
