package org.hippoecm.hst.security.impl;

import java.text.MessageFormat;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.jcr.Credentials;
import javax.jcr.LoginException;
import javax.jcr.NodeIterator;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hst-security-2.28.07.jar:org/hippoecm/hst/security/impl/HippoAuthenticationProvider.class */
public class HippoAuthenticationProvider extends JcrAuthenticationProvider {
    static final Logger log = LoggerFactory.getLogger(HippoAuthenticationProvider.class);
    public static final String DEFAULT_GROUPS_OF_USER_QUERY = "//element(*, hipposys:group)[(@hipposys:members = ''{0}'' or @hipposys:members = ''*'') and @hipposys:securityprovider = ''internal'']";
    public static final String DEFAULT_ROLES_OF_USER_AND_GROUP_QUERY = "//hippo:configuration/hippo:domains/{0}/element(*, hipposys:authrole)[ @hipposys:users = ''{1}'' {2}]";
    private String groupsOfUserQuery;
    private String roleDomainName;
    private String rolesOfUserAndGroupQuery;

    public HippoAuthenticationProvider(Repository repository, Credentials credentials, Repository repository2) {
        super(repository, credentials, repository2);
        this.groupsOfUserQuery = "//element(*, hipposys:group)[(@hipposys:members = ''{0}'' or @hipposys:members = ''*'') and @hipposys:securityprovider = ''internal'']";
        this.roleDomainName = "everywhere";
        this.rolesOfUserAndGroupQuery = DEFAULT_ROLES_OF_USER_AND_GROUP_QUERY;
    }

    public void setGroupsOfUserQuery(String str) {
        this.groupsOfUserQuery = str;
    }

    public String getGroupsOfUserQuery() {
        return this.groupsOfUserQuery;
    }

    public void setRoleDomainName(String str) {
        this.roleDomainName = str;
    }

    public String getRoleDomainName() {
        return this.roleDomainName;
    }

    public void setRolesOfUserAndGroupQuery(String str) {
        this.rolesOfUserAndGroupQuery = str;
    }

    public String getRolesOfUserAndGroupQuery() {
        return this.rolesOfUserAndGroupQuery;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v43, types: [java.util.Set] */
    @Override // org.hippoecm.hst.security.impl.JcrAuthenticationProvider
    protected Set<String> getRoleNamesOfUser(String str) throws LoginException, RepositoryException {
        Session session = null;
        try {
            session = getSystemCredentials() != null ? getSystemRepository().login(getSystemCredentials()) : getSystemRepository().login();
            String format = MessageFormat.format(getGroupsOfUserQuery(), str);
            log.debug("Searching groups of user with query: " + format);
            NodeIterator nodes = session.getWorkspace().getQueryManager().createQuery(format, getQueryLanguage()).execute().getNodes();
            StringBuilder sb = new StringBuilder(100);
            while (nodes.hasNext()) {
                sb.append("or @hipposys:groups = '").append(nodes.nextNode().getName()).append("' ");
            }
            NodeIterator nodes2 = session.getWorkspace().getQueryManager().createQuery(MessageFormat.format(getRolesOfUserAndGroupQuery(), getRoleDomainName(), str, sb.toString()), getQueryLanguage()).execute().getNodes();
            HashSet hashSet = new HashSet();
            while (nodes2.hasNext()) {
                hashSet.add(nodes2.nextNode().getProperty("hipposys:role").getString());
            }
            if (hashSet == null) {
                hashSet = Collections.emptySet();
            }
            return hashSet;
        } finally {
            if (session != null) {
                try {
                    session.logout();
                } catch (Exception e) {
                }
            }
        }
    }
}
