package org.hippoecm.hst.core.jcr;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.jcr.Credentials;
import javax.jcr.LoginException;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import org.hippoecm.hst.configuration.hosting.Mount;
import org.hippoecm.hst.container.RequestContextProvider;
import org.hippoecm.hst.core.request.HstRequestContext;
import org.hippoecm.repository.api.HippoSession;
import org.onehippo.repository.security.domain.DomainRuleExtension;
import org.onehippo.repository.security.domain.FacetRule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hst-core-2.28.06.jar:org/hippoecm/hst/core/jcr/SessionSecurityDelegationImpl.class */
public class SessionSecurityDelegationImpl implements SessionSecurityDelegation {
    private static final Logger log = LoggerFactory.getLogger(SessionSecurityDelegationImpl.class);
    private static final String SESSIONS_KEY_MAP_ATTR_NAME = SessionSecurityDelegationImpl.class.getName() + ".sessions.map";
    private static final String SESSIONS_KEY_LIST_ATTR_NAME = SessionSecurityDelegationImpl.class.getName() + ".sessions.list";
    private Repository repository;
    private Credentials previewCredentials;
    private Credentials liveCredentials;
    private boolean securityDelegationEnabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hst-core-2.28.06.jar:org/hippoecm/hst/core/jcr/SessionSecurityDelegationImpl$DelegateSessionKey.class */
    public class DelegateSessionKey implements Serializable {
        final Credentials cred1;
        final Credentials cred2;
        final String key;
        final DomainRuleExtension[] domainExtensions;

        DelegateSessionKey(Credentials credentials, Credentials credentials2, String str, DomainRuleExtension... domainRuleExtensionArr) {
            this.cred1 = credentials;
            this.cred2 = credentials2;
            this.key = str;
            this.domainExtensions = domainRuleExtensionArr;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof DelegateSessionKey)) {
                return false;
            }
            DelegateSessionKey delegateSessionKey = (DelegateSessionKey) obj;
            if (credentialsEqual(this.cred1, delegateSessionKey.cred1) && credentialsEqual(this.cred2, delegateSessionKey.cred2) && Arrays.equals(this.domainExtensions, delegateSessionKey.domainExtensions)) {
                return this.key != null ? this.key.equals(delegateSessionKey.key) : delegateSessionKey.key == null;
            }
            return false;
        }

        private boolean credentialsEqual(Credentials credentials, Credentials credentials2) {
            if (!(credentials instanceof SimpleCredentials) || !(credentials2 instanceof SimpleCredentials)) {
                return credentials == credentials2;
            }
            SimpleCredentials simpleCredentials = (SimpleCredentials) credentials;
            if (simpleCredentials.getUserID().equals(((SimpleCredentials) credentials2).getUserID())) {
                return Arrays.equals(simpleCredentials.getPassword(), ((SimpleCredentials) credentials2).getPassword());
            }
            return false;
        }

        public int hashCode() {
            return (31 * ((31 * ((31 * (this.domainExtensions != null ? Arrays.hashCode(this.domainExtensions) : 0)) + getCredentialsHashCode(this.cred1))) + getCredentialsHashCode(this.cred2))) + (this.key != null ? this.key.hashCode() : 0);
        }

        private int getCredentialsHashCode(Credentials credentials) {
            if (credentials instanceof SimpleCredentials) {
                SimpleCredentials simpleCredentials = (SimpleCredentials) credentials;
                return (simpleCredentials.getUserID().hashCode() * 31) + Arrays.hashCode(simpleCredentials.getPassword());
            }
            if (credentials != null) {
                return credentials.hashCode();
            }
            return 0;
        }
    }

    public void setRepository(Repository repository) {
        this.repository = repository;
    }

    public void setPreviewCredentials(Credentials credentials) {
        this.previewCredentials = credentials;
    }

    public void setLiveCredentials(Credentials credentials) {
        this.liveCredentials = credentials;
    }

    public void setSecurityDelegationEnabled(boolean z) {
        this.securityDelegationEnabled = z;
    }

    @Override // org.hippoecm.hst.core.jcr.SessionSecurityDelegation
    public boolean sessionSecurityDelegationEnabled() {
        return this.securityDelegationEnabled;
    }

    @Override // org.hippoecm.hst.core.jcr.SessionSecurityDelegation
    public void cleanupSessionDelegates(HstRequestContext hstRequestContext) {
        List<Session> sessionList = getSessionList(hstRequestContext);
        if (sessionList != null) {
            for (Session session : sessionList) {
                if (session.isLive()) {
                    session.logout();
                }
            }
            sessionList.clear();
        }
        Map<DelegateSessionKey, Session> sessionMap = getSessionMap(hstRequestContext);
        if (sessionMap != null) {
            for (Session session2 : sessionMap.values()) {
                if (session2.isLive()) {
                    session2.logout();
                }
            }
            sessionMap.clear();
        }
    }

    @Override // org.hippoecm.hst.core.jcr.SessionSecurityDelegation
    public Session getDelegatedSession(Credentials credentials) throws RepositoryException {
        return this.repository.login(credentials);
    }

    @Override // org.hippoecm.hst.core.jcr.SessionSecurityDelegation
    public Session getOrCreateLiveSecurityDelegate(Credentials credentials, String str) throws RepositoryException, IllegalStateException {
        return createLiveSecurityDelegate(credentials, str, true);
    }

    @Override // org.hippoecm.hst.core.jcr.SessionSecurityDelegation
    public Session createLiveSecurityDelegate(Credentials credentials, boolean z) throws RepositoryException, IllegalStateException {
        return createLiveSecurityDelegate(credentials, null, z);
    }

    private Session createLiveSecurityDelegate(Credentials credentials, String str, boolean z) throws RepositoryException, IllegalStateException {
        return createSecurityDelegate(this.liveCredentials, credentials, str, z, new DomainRuleExtension("*", "*", Arrays.asList(new FacetRule("hippo:availability", Mount.LIVE_NAME, true, true, 1))));
    }

    @Override // org.hippoecm.hst.core.jcr.SessionSecurityDelegation
    public Session getOrCreatePreviewSecurityDelegate(Credentials credentials, String str) throws RepositoryException, IllegalStateException {
        return createPreviewSecurityDelegate(credentials, str, true);
    }

    @Override // org.hippoecm.hst.core.jcr.SessionSecurityDelegation
    public Session createPreviewSecurityDelegate(Credentials credentials, boolean z) throws RepositoryException, IllegalStateException {
        return createPreviewSecurityDelegate(credentials, null, z);
    }

    private Session createPreviewSecurityDelegate(Credentials credentials, String str, boolean z) throws RepositoryException, IllegalStateException {
        return createSecurityDelegate(this.previewCredentials, credentials, str, z, new DomainRuleExtension("*", "*", Arrays.asList(new FacetRule("hippo:availability", Mount.PREVIEW_NAME, true, true, 1))));
    }

    @Override // org.hippoecm.hst.core.jcr.SessionSecurityDelegation
    public Session createSecurityDelegate(Credentials credentials, Credentials credentials2, boolean z, DomainRuleExtension... domainRuleExtensionArr) throws RepositoryException, IllegalStateException {
        return createSecurityDelegate(credentials, credentials2, null, z, domainRuleExtensionArr);
    }

    private Session createSecurityDelegate(Credentials credentials, Credentials credentials2, String str, boolean z, DomainRuleExtension... domainRuleExtensionArr) throws RepositoryException, IllegalStateException {
        Session session;
        if (!this.securityDelegationEnabled) {
            throw new IllegalStateException("Security delegation is not enabled");
        }
        HstRequestContext hstRequestContext = RequestContextProvider.get();
        if (z && str != null) {
            if (hstRequestContext == null) {
                throw new IllegalStateException("Cannot automatically logout jcr session since there is no HstRequestContext");
            }
            Map<DelegateSessionKey, Session> sessionMap = getSessionMap(hstRequestContext);
            if (sessionMap != null && (session = sessionMap.get(new DelegateSessionKey(credentials, credentials2, str, domainRuleExtensionArr))) != null) {
                return session;
            }
        }
        long currentTimeMillis = System.currentTimeMillis();
        Session session2 = null;
        try {
            session2 = this.repository.login(credentials);
        } catch (LoginException e) {
            logWarningAndRethrow(credentials, e);
        }
        if (!(session2 instanceof HippoSession)) {
            session2.logout();
            throw new IllegalStateException("Repository returned Session is not a HippoSession.");
        }
        Session session3 = null;
        try {
            try {
                session3 = this.repository.login(credentials2);
            } catch (Throwable th) {
                if (session2 != null) {
                    session2.logout();
                }
                if (session3 != null) {
                    session3.logout();
                }
                throw th;
            }
        } catch (LoginException e2) {
            logWarningAndRethrow(credentials2, e2);
        }
        Session createSecurityDelegate = ((HippoSession) session2).createSecurityDelegate(session3, domainRuleExtensionArr);
        if (session2 != null) {
            session2.logout();
        }
        if (session3 != null) {
            session3.logout();
        }
        log.debug("Acquiring security delegate session took '{}' ms.", Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        if (z) {
            if (hstRequestContext == null) {
                throw new IllegalStateException("Cannot automatically logout jcr session since there is no HstRequestContext");
            }
            if (str == null) {
                storeInList(createSecurityDelegate, hstRequestContext);
            } else {
                storeInMap(createSecurityDelegate, new DelegateSessionKey(credentials, credentials2, str, domainRuleExtensionArr), hstRequestContext);
            }
        }
        return createSecurityDelegate;
    }

    private void logWarningAndRethrow(Credentials credentials, LoginException loginException) throws LoginException {
        if (credentials == this.previewCredentials) {
            log.error("Cannot create security delegate due to LoginException due to invalid preview credentials : {}", loginException.toString());
        } else if (credentials == this.liveCredentials) {
            log.error("Cannot create security delegate due to LoginException due to invalid live credentials : {}", loginException.toString());
        } else {
            log.info("Cannot create security delegate due to LoginException : {}", loginException.toString());
        }
        throw loginException;
    }

    private void storeInList(Session session, HstRequestContext hstRequestContext) {
        List<Session> sessionList = getSessionList(hstRequestContext);
        if (sessionList == null) {
            sessionList = new ArrayList();
            hstRequestContext.setAttribute(SESSIONS_KEY_LIST_ATTR_NAME, sessionList);
        }
        sessionList.add(session);
    }

    private void storeInMap(Session session, DelegateSessionKey delegateSessionKey, HstRequestContext hstRequestContext) {
        Map<DelegateSessionKey, Session> sessionMap = getSessionMap(hstRequestContext);
        if (sessionMap == null) {
            sessionMap = new HashMap();
            hstRequestContext.setAttribute(SESSIONS_KEY_MAP_ATTR_NAME, sessionMap);
        }
        sessionMap.put(delegateSessionKey, session);
    }

    private Map<DelegateSessionKey, Session> getSessionMap(HstRequestContext hstRequestContext) {
        return (Map) hstRequestContext.getAttribute(SESSIONS_KEY_MAP_ATTR_NAME);
    }

    private List<Session> getSessionList(HstRequestContext hstRequestContext) {
        return (List) hstRequestContext.getAttribute(SESSIONS_KEY_LIST_ATTR_NAME);
    }
}
