package org.apache.jackrabbit.core.security.simple;

import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import javax.jcr.AccessDeniedException;
import javax.jcr.Credentials;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.security.auth.Subject;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.RepositoryImpl;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.config.AccessManagerConfig;
import org.apache.jackrabbit.core.config.LoginModuleConfig;
import org.apache.jackrabbit.core.config.SecurityConfig;
import org.apache.jackrabbit.core.config.SecurityManagerConfig;
import org.apache.jackrabbit.core.security.AMContext;
import org.apache.jackrabbit.core.security.AccessManager;
import org.apache.jackrabbit.core.security.AnonymousPrincipal;
import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.core.security.UserPrincipal;
import org.apache.jackrabbit.core.security.authentication.AuthContext;
import org.apache.jackrabbit.core.security.authentication.AuthContextProvider;
import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
import org.apache.jackrabbit.core.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.core.security.principal.GroupPrincipals;
import org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter;
import org.apache.jackrabbit.core.security.principal.PrincipalManagerImpl;
import org.apache.jackrabbit.core.security.principal.PrincipalProvider;
import org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry;
import org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/jackrabbit-core-2.20.3.jar:org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.class */
public class SimpleSecurityManager implements JackrabbitSecurityManager {
    private static Logger log = LoggerFactory.getLogger((Class<?>) SimpleSecurityManager.class);
    private boolean initialized;
    private SecurityConfig config;
    private Session systemSession;
    private PrincipalProviderRegistry principalProviderRegistry;
    private WorkspaceAccessManager workspaceAccessManager;
    private AuthContextProvider authCtxProvider;
    private String adminID;
    private String anonymID;

    /* loaded from: input_file:WEB-INF/lib/jackrabbit-core-2.20.3.jar:org/apache/jackrabbit/core/security/simple/SimpleSecurityManager$SimplePrincipalProvider.class */
    private class SimplePrincipalProvider implements PrincipalProvider {
        private final Map<String, Principal> principals;

        private SimplePrincipalProvider() {
            this.principals = new HashMap();
            if (SimpleSecurityManager.this.adminID != null) {
                this.principals.put(SimpleSecurityManager.this.adminID, new AdminPrincipal(SimpleSecurityManager.this.adminID));
            }
            if (SimpleSecurityManager.this.anonymID != null) {
                this.principals.put(SimpleSecurityManager.this.anonymID, new AnonymousPrincipal());
            }
            EveryonePrincipal everyonePrincipal = EveryonePrincipal.getInstance();
            this.principals.put(everyonePrincipal.getName(), everyonePrincipal);
        }

        @Override // org.apache.jackrabbit.core.security.principal.PrincipalProvider
        public Principal getPrincipal(String str) {
            return this.principals.containsKey(str) ? this.principals.get(str) : new UserPrincipal(str);
        }

        @Override // org.apache.jackrabbit.core.security.principal.PrincipalProvider
        public PrincipalIterator findPrincipals(String str) {
            return findPrincipals(str, 3);
        }

        @Override // org.apache.jackrabbit.core.security.principal.PrincipalProvider
        public PrincipalIterator findPrincipals(String str, int i) {
            Principal principal = getPrincipal(str);
            return principal == null ? PrincipalIteratorAdapter.EMPTY : (!(GroupPrincipals.isGroup(principal) && i == 1) && (GroupPrincipals.isGroup(principal) || i != 2)) ? new PrincipalIteratorAdapter(Collections.singletonList(principal)) : PrincipalIteratorAdapter.EMPTY;
        }

        @Override // org.apache.jackrabbit.core.security.principal.PrincipalProvider
        public PrincipalIterator getPrincipals(int i) {
            PrincipalIteratorAdapter principalIteratorAdapter;
            switch (i) {
                case 1:
                    HashSet hashSet = new HashSet(this.principals.values());
                    hashSet.remove(EveryonePrincipal.getInstance());
                    principalIteratorAdapter = new PrincipalIteratorAdapter(hashSet);
                    break;
                case 2:
                    principalIteratorAdapter = new PrincipalIteratorAdapter(Collections.singletonList(EveryonePrincipal.getInstance()));
                    break;
                case 3:
                    principalIteratorAdapter = new PrincipalIteratorAdapter(this.principals.values());
                    break;
                default:
                    throw new IllegalArgumentException("Unknown search type " + i);
            }
            return principalIteratorAdapter;
        }

        @Override // org.apache.jackrabbit.core.security.principal.PrincipalProvider
        public PrincipalIterator getGroupMembership(Principal principal) {
            return principal instanceof EveryonePrincipal ? PrincipalIteratorAdapter.EMPTY : new PrincipalIteratorAdapter(Collections.singletonList(EveryonePrincipal.getInstance()));
        }

        @Override // org.apache.jackrabbit.core.security.principal.PrincipalProvider
        public void init(Properties properties) {
        }

        @Override // org.apache.jackrabbit.core.security.principal.PrincipalProvider
        public void close() {
        }

        @Override // org.apache.jackrabbit.core.security.principal.PrincipalProvider
        public boolean canReadPrincipal(Session session, Principal principal) {
            return true;
        }
    }

    protected AccessControlProvider getAccessControlProvider(Session session, String str) {
        return null;
    }

    @Override // org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public void init(Repository repository, Session session) throws RepositoryException {
        if (this.initialized) {
            throw new IllegalStateException("already initialized");
        }
        if (!(repository instanceof RepositoryImpl)) {
            throw new RepositoryException("RepositoryImpl expected");
        }
        this.systemSession = session;
        this.config = ((RepositoryImpl) repository).getConfig().getSecurityConfig();
        this.authCtxProvider = new AuthContextProvider(this.config.getAppName(), this.config.getLoginModuleConfig());
        if (this.authCtxProvider.isLocal()) {
            log.info("init: using Repository LoginModule configuration for " + this.config.getAppName());
        } else {
            if (!this.authCtxProvider.isJAAS()) {
                String str = "No valid LoginModule configuriation for " + this.config.getAppName();
                log.error(str);
                throw new RepositoryException(str);
            }
            log.info("init: using JAAS LoginModule configuration for " + this.config.getAppName());
        }
        Properties[] moduleConfig = this.authCtxProvider.getModuleConfig();
        for (Properties properties : moduleConfig) {
            if (properties.containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
                this.adminID = properties.getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
            }
            if (properties.containsKey("anonymousId")) {
                this.anonymID = properties.getProperty("anonymousId");
            }
        }
        if (this.adminID == null) {
            log.debug("No adminID defined in LoginModule/JAAS config -> using default.");
            this.adminID = SecurityConstants.ADMIN_ID;
        }
        if (this.anonymID == null) {
            log.debug("No anonymousID defined in LoginModule/JAAS config -> using default.");
            this.anonymID = SecurityConstants.ANONYMOUS_ID;
        }
        this.principalProviderRegistry = new ProviderRegistryImpl(new SimplePrincipalProvider());
        for (Properties properties2 : moduleConfig) {
            this.principalProviderRegistry.registerProvider(properties2);
        }
        SecurityManagerConfig securityManagerConfig = this.config.getSecurityManagerConfig();
        if (securityManagerConfig == null || securityManagerConfig.getWorkspaceAccessConfig() == null) {
            log.debug("No WorkspaceAccessManager configured; using default.");
            this.workspaceAccessManager = new SimpleWorkspaceAccessManager();
        } else {
            this.workspaceAccessManager = (WorkspaceAccessManager) securityManagerConfig.getWorkspaceAccessConfig().newInstance(WorkspaceAccessManager.class);
        }
        this.workspaceAccessManager.init(session);
        this.initialized = true;
    }

    @Override // org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public void dispose(String str) {
        checkInitialized();
    }

    @Override // org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public void close() {
        checkInitialized();
    }

    @Override // org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public AccessManager getAccessManager(Session session, AMContext aMContext) throws RepositoryException {
        checkInitialized();
        try {
            AccessControlProvider accessControlProvider = getAccessControlProvider(this.systemSession, session.getWorkspace().getName());
            AccessManagerConfig accessManagerConfig = this.config.getAccessManagerConfig();
            AccessManager simpleAccessManager = accessManagerConfig == null ? new SimpleAccessManager() : (AccessManager) accessManagerConfig.newInstance(AccessManager.class);
            simpleAccessManager.init(aMContext, accessControlProvider, this.workspaceAccessManager);
            return simpleAccessManager;
        } catch (AccessDeniedException e) {
            throw e;
        } catch (Exception e2) {
            String str = "failed to instantiate AccessManager implementation: " + SimpleAccessManager.class.getName();
            log.error(str, (Throwable) e2);
            throw new RepositoryException(str, e2);
        }
    }

    @Override // org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public synchronized PrincipalManager getPrincipalManager(Session session) throws RepositoryException {
        checkInitialized();
        if (session instanceof SessionImpl) {
            return new PrincipalManagerImpl((SessionImpl) session, this.principalProviderRegistry.getProviders());
        }
        throw new RepositoryException("Internal error: SessionImpl expected.");
    }

    @Override // org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public UserManager getUserManager(Session session) throws RepositoryException {
        checkInitialized();
        throw new UnsupportedRepositoryOperationException("UserManager not supported.");
    }

    @Override // org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public String getUserID(Subject subject, String str) throws RepositoryException {
        String str2 = null;
        Iterator it = subject.getPublicCredentials(SimpleCredentials.class).iterator();
        if (it.hasNext()) {
            str2 = ((SimpleCredentials) it.next()).getUserID();
        } else if (this.anonymID == null || subject.getPrincipals(AnonymousPrincipal.class).isEmpty()) {
            Iterator<Principal> it2 = subject.getPrincipals().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Principal next = it2.next();
                if (!GroupPrincipals.isGroup(next)) {
                    str2 = next.getName();
                    break;
                }
            }
        } else {
            str2 = this.anonymID;
        }
        return str2;
    }

    @Override // org.apache.jackrabbit.core.security.JackrabbitSecurityManager
    public AuthContext getAuthContext(Credentials credentials, Subject subject, String str) throws RepositoryException {
        checkInitialized();
        return this.authCtxProvider.getAuthContext(credentials, subject, this.systemSession, this.principalProviderRegistry, this.adminID, this.anonymID);
    }

    private void checkInitialized() {
        if (!this.initialized) {
            throw new IllegalStateException("Not initialized");
        }
    }
}
