package org.apache.jackrabbit.core.security.authentication.token;

import java.util.Date;
import javax.jcr.Credentials;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.authentication.Authentication;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/jackrabbit-core-2.6.10.jar:org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthentication.class */
public class TokenBasedAuthentication implements Authentication {
    private static final Logger log = LoggerFactory.getLogger(TokenBasedAuthentication.class);
    public static final long TOKEN_EXPIRATION = 7200000;
    public static final String TOKEN_ATTRIBUTE = ".token";
    public static final String PARAM_COMPAT = "TokenCompatMode";
    private final TokenInfo tokenInfo;

    public TokenBasedAuthentication(String str, long j, Session session) throws RepositoryException {
        if (compatMode()) {
            this.tokenInfo = new CompatTokenProvider((SessionImpl) session, j).getTokenInfo(str);
        } else {
            this.tokenInfo = new TokenProvider((SessionImpl) session, j).getTokenInfo(str);
        }
    }

    @Override // org.apache.jackrabbit.core.security.authentication.Authentication
    public boolean canHandle(Credentials credentials) {
        return this.tokenInfo != null && isTokenBasedLogin(credentials);
    }

    @Override // org.apache.jackrabbit.core.security.authentication.Authentication
    public boolean authenticate(Credentials credentials) throws RepositoryException {
        if (credentials instanceof TokenCredentials) {
            return validateCredentials((TokenCredentials) credentials);
        }
        throw new RepositoryException("TokenCredentials expected. Cannot handle " + credentials.getClass().getName());
    }

    private boolean validateCredentials(TokenCredentials tokenCredentials) throws RepositoryException {
        if (this.tokenInfo == null) {
            log.debug("No valid TokenInfo for token.");
            return false;
        }
        long time = new Date().getTime();
        if (this.tokenInfo.isExpired(time)) {
            log.debug("Token is expired");
            this.tokenInfo.remove();
            return false;
        }
        if (!this.tokenInfo.matches(tokenCredentials)) {
            return false;
        }
        this.tokenInfo.resetExpiration(time);
        return true;
    }

    public static boolean isTokenBasedLogin(Credentials credentials) {
        return credentials instanceof TokenCredentials;
    }

    public static boolean isMandatoryAttribute(String str) {
        return compatMode() ? CompatTokenProvider.isMandatoryAttribute(str) : TokenProvider.isMandatoryAttribute(str);
    }

    public static boolean doCreateToken(Credentials credentials) {
        Object attribute;
        return (credentials instanceof SimpleCredentials) && (attribute = ((SimpleCredentials) credentials).getAttribute(TOKEN_ATTRIBUTE)) != null && "".equals(attribute.toString());
    }

    public static Credentials createToken(User user, SimpleCredentials simpleCredentials, long j, Session session) throws RepositoryException {
        String name = session.getWorkspace().getName();
        if (user == null) {
            throw new RepositoryException("Cannot create login token: No corresponding node for 'null' user in workspace '" + name + "'.");
        }
        TokenInfo createToken = compatMode() ? new CompatTokenProvider((SessionImpl) session, j).createToken(user, simpleCredentials) : new TokenProvider((SessionImpl) session, j).createToken(user, simpleCredentials);
        if (createToken != null) {
            return createToken.getCredentials();
        }
        throw new RepositoryException("Cannot create login token.");
    }

    public static Node getTokenNode(TokenCredentials tokenCredentials, Session session) throws RepositoryException {
        return compatMode() ? CompatTokenProvider.getTokenNode(tokenCredentials.getToken(), session) : TokenProvider.getTokenNode(tokenCredentials.getToken(), session);
    }

    public static String getUserId(TokenCredentials tokenCredentials, Session session) throws RepositoryException {
        if (compatMode()) {
            return CompatTokenProvider.getUserId(tokenCredentials, session);
        }
        if (session instanceof JackrabbitSession) {
            return TokenProvider.getUserId((NodeImpl) getTokenNode(tokenCredentials, session), ((JackrabbitSession) session).getUserManager());
        }
        throw new RepositoryException("JackrabbitSession expected");
    }

    private static boolean compatMode() {
        return Boolean.parseBoolean(System.getProperty(PARAM_COMPAT));
    }
}
