package org.hippoecm.hst.security.impl;

import java.text.MessageFormat;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.jcr.Credentials;
import javax.jcr.LoginException;
import javax.jcr.NodeIterator;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import org.hippoecm.hst.security.AuthenticationProvider;
import org.hippoecm.hst.security.Role;
import org.hippoecm.hst.security.TransientRole;
import org.hippoecm.hst.security.TransientUser;
import org.hippoecm.hst.security.User;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hst-security-2.28.06.jar:org/hippoecm/hst/security/impl/JcrAuthenticationProvider.class */
public class JcrAuthenticationProvider implements AuthenticationProvider {
    static final Logger log = LoggerFactory.getLogger(JcrAuthenticationProvider.class);
    public static final String DEFAULT_ROLES_OF_USER_QUERY = "//element(*, hipposys:group)[(@hipposys:members = ''{0}'' or @hipposys:members = ''*'') and @hipposys:securityprovider = ''internal'']";
    private Repository systemRepository;
    private Credentials systemCreds;
    private Repository userAuthRepository;
    private String rolesOfUserQuery = "//element(*, hipposys:group)[(@hipposys:members = ''{0}'' or @hipposys:members = ''*'') and @hipposys:securityprovider = ''internal'']";
    private String queryLanguage = "xpath";
    private String defaultRoleName;

    public JcrAuthenticationProvider(Repository repository, Credentials credentials, Repository repository2) {
        this.systemRepository = repository;
        this.systemCreds = credentials;
        this.userAuthRepository = repository2;
    }

    public Repository getSystemRepository() {
        return this.systemRepository;
    }

    public Credentials getSystemCredentials() {
        return this.systemCreds;
    }

    public Repository getUserAuthRepository() {
        return this.userAuthRepository;
    }

    public void setRolesOfUserQuery(String str) {
        this.rolesOfUserQuery = str;
    }

    public String getRolesOfUserQuery() {
        return this.rolesOfUserQuery;
    }

    public void setQueryLanguage(String str) {
        this.queryLanguage = str;
    }

    public String getQueryLanguage() {
        return this.queryLanguage;
    }

    public void setDefaultRoleName(String str) {
        this.defaultRoleName = str;
    }

    public String getDefaultRoleName() {
        return this.defaultRoleName;
    }

    public User authenticate(String str, char[] cArr) throws SecurityException {
        Session session = null;
        SimpleCredentials simpleCredentials = new SimpleCredentials(str, cArr);
        try {
            try {
                session = this.userAuthRepository.login(new SimpleCredentials(str, cArr));
                if (session != null) {
                    try {
                        session.logout();
                    } catch (Exception e) {
                    }
                }
                return new TransientUser(simpleCredentials.getUserID());
            } catch (Throwable th) {
                if (session != null) {
                    try {
                        session.logout();
                    } catch (Exception e2) {
                    }
                }
                throw th;
            }
        } catch (RepositoryException e3) {
            throw new SecurityException(e3.getLocalizedMessage(), e3);
        } catch (LoginException e4) {
            throw new SecurityException(e4.getLocalizedMessage(), e4);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v27, types: [java.util.Set] */
    public Set<Role> getRolesByUsername(String str) throws SecurityException {
        try {
            Set<String> roleNamesOfUser = getRoleNamesOfUser(str);
            HashSet hashSet = new HashSet();
            if (this.defaultRoleName == null) {
                Iterator<String> it = roleNamesOfUser.iterator();
                while (it.hasNext()) {
                    hashSet.add(new TransientRole(it.next()));
                }
            } else {
                boolean z = false;
                for (String str2 : roleNamesOfUser) {
                    hashSet.add(new TransientRole(str2));
                    if (this.defaultRoleName.equals(str2)) {
                        z = true;
                    }
                }
                if (!z) {
                    hashSet.add(new TransientRole(this.defaultRoleName));
                }
            }
            if (hashSet == null) {
                hashSet = Collections.emptySet();
            }
            return hashSet;
        } catch (RepositoryException e) {
            throw new SecurityException("System repository throws RepositoryException: " + e, e);
        } catch (LoginException e2) {
            throw new SecurityException("System repository throws LoginException: " + e2, e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v29, types: [java.util.Set] */
    protected Set<String> getRoleNamesOfUser(String str) throws LoginException, RepositoryException {
        Session session = null;
        try {
            session = getSystemCredentials() != null ? getSystemRepository().login(getSystemCredentials()) : getSystemRepository().login();
            String format = MessageFormat.format(getRolesOfUserQuery(), str);
            log.debug("Searching roles of user with query: " + format);
            NodeIterator nodes = session.getWorkspace().getQueryManager().createQuery(format, getQueryLanguage()).execute().getNodes();
            HashSet hashSet = new HashSet();
            while (nodes.hasNext()) {
                hashSet.add(nodes.nextNode().getName());
            }
            if (hashSet == null) {
                hashSet = Collections.emptySet();
            }
            return hashSet;
        } finally {
            if (session != null) {
                try {
                    session.logout();
                } catch (Exception e) {
                }
            }
        }
    }
}
