package info.magnolia.jaas.sp.jcr;

import info.magnolia.cms.beans.config.ContentRepository;
import info.magnolia.cms.core.Content;
import info.magnolia.cms.core.HierarchyManager;
import info.magnolia.cms.core.ItemType;
import info.magnolia.cms.security.MgnlUser;
import info.magnolia.cms.security.PermissionImpl;
import info.magnolia.cms.security.SecuritySupport;
import info.magnolia.cms.security.User;
import info.magnolia.cms.security.auth.ACL;
import info.magnolia.cms.security.auth.PrincipalCollection;
import info.magnolia.cms.security.auth.callback.CredentialsCallbackHandler;
import info.magnolia.cms.util.SimpleUrlPattern;
import info.magnolia.context.MgnlContext;
import info.magnolia.jaas.principal.ACLImpl;
import info.magnolia.jaas.principal.GroupListImpl;
import info.magnolia.jaas.principal.PrincipalCollectionImpl;
import info.magnolia.jaas.principal.RoleListImpl;
import info.magnolia.jaas.sp.AbstractLoginModule;
import java.security.Principal;
import java.util.Iterator;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.security.auth.login.LoginException;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:info/magnolia/jaas/sp/jcr/JCRAuthorizationModule.class */
public class JCRAuthorizationModule extends AbstractLoginModule {
    private static final Logger log = LoggerFactory.getLogger(JCRAuthorizationModule.class);

    @Override // info.magnolia.jaas.sp.AbstractLoginModule
    public void validateUser() throws LoginException {
    }

    @Override // info.magnolia.jaas.sp.AbstractLoginModule
    public boolean login() throws LoginException {
        this.success = true;
        setSharedStatus(1);
        return this.success;
    }

    @Override // info.magnolia.jaas.sp.AbstractLoginModule
    public void setACL() {
        String[] strArr = (String[]) getRoleNames().toArray(new String[getRoleNames().size()]);
        String[] strArr2 = (String[]) getGroupNames().toArray(new String[getGroupNames().size()]);
        if (log.isDebugEnabled()) {
            log.debug("Roles: {}", ArrayUtils.toString(strArr));
            log.debug("Groups: {}", ArrayUtils.toString(strArr2));
        }
        addRoles(strArr);
        addGroups(strArr2);
        PrincipalCollectionImpl principalCollectionImpl = new PrincipalCollectionImpl();
        setACLForRoles(strArr, principalCollectionImpl);
        setACLForGroups(strArr2, principalCollectionImpl);
        User user = null;
        if (this.callbackHandler instanceof CredentialsCallbackHandler) {
            user = this.callbackHandler.getUser();
        }
        if (user == null) {
            user = SecuritySupport.Factory.getInstance().getUserManager().getUser(this.subject);
        }
        if (user instanceof MgnlUser) {
            setACL(((MgnlUser) user).getUserNode(), principalCollectionImpl);
        }
        if (log.isDebugEnabled()) {
            Iterator it = principalCollectionImpl.iterator();
            while (it.hasNext()) {
                log.debug("ACL: {}", (Principal) it.next());
            }
        }
        this.subject.getPrincipals().add(principalCollectionImpl);
    }

    @Override // info.magnolia.jaas.sp.AbstractLoginModule
    public void setEntity() {
    }

    protected void addGroups(String[] strArr) {
        GroupListImpl groupListImpl = new GroupListImpl();
        Iterator it = getGroupNames().iterator();
        while (it.hasNext()) {
            groupListImpl.add((String) it.next());
        }
        this.subject.getPrincipals().add(groupListImpl);
    }

    protected void addRoles(String[] strArr) {
        RoleListImpl roleListImpl = new RoleListImpl();
        Iterator it = getRoleNames().iterator();
        while (it.hasNext()) {
            roleListImpl.add((String) it.next());
        }
        this.subject.getPrincipals().add(roleListImpl);
    }

    protected void setACLForRoles(String[] strArr, PrincipalCollection principalCollection) {
        HierarchyManager hierarchyManager = MgnlContext.getSystemContext().getHierarchyManager("userroles");
        for (String str : strArr) {
            try {
                setACL(hierarchyManager.getContent(str), principalCollection);
            } catch (PathNotFoundException e) {
                log.info("Role {} not found", str);
            } catch (RepositoryException e2) {
                log.warn("Error accessing {} role: {}", str, e2.getMessage());
            }
        }
    }

    protected void setACLForGroups(String[] strArr, PrincipalCollection principalCollection) {
        HierarchyManager hierarchyManager = MgnlContext.getSystemContext().getHierarchyManager("usergroups");
        for (String str : strArr) {
            try {
                setACL(hierarchyManager.getContent(str), principalCollection);
            } catch (PathNotFoundException e) {
                log.info("Group {} not found", str);
            } catch (RepositoryException e2) {
                log.warn("Error accessing {} group: {}", str, e2.getMessage());
            }
        }
    }

    private void setACL(Content content, PrincipalCollection principalCollection) {
        String str;
        String str2;
        ACL acl;
        for (Content content2 : content.getChildren(ItemType.CONTENTNODE.getSystemName(), "acl*")) {
            String substringAfter = StringUtils.substringAfter(content2.getName(), "acl_");
            if (StringUtils.contains(substringAfter, "_")) {
                String[] split = StringUtils.split(substringAfter, "_");
                str = split[0];
                str2 = split[1];
            } else {
                str = substringAfter;
                str2 = ContentRepository.getDefaultWorkspace(substringAfter);
                substringAfter = substringAfter + "_" + str2;
            }
            if (principalCollection.contains(substringAfter)) {
                acl = principalCollection.get(substringAfter);
            } else {
                acl = new ACLImpl();
                principalCollection.add(acl);
            }
            acl.setName(substringAfter);
            acl.setRepository(str);
            acl.setWorkspace(str2);
            for (Content content3 : content2.getChildren()) {
                SimpleUrlPattern simpleUrlPattern = new SimpleUrlPattern(content3.getNodeData("path").getString());
                PermissionImpl permissionImpl = new PermissionImpl();
                permissionImpl.setPattern(simpleUrlPattern);
                permissionImpl.setPermissions(content3.getNodeData("permissions").getLong());
                acl.addPermission(permissionImpl);
            }
        }
    }

    @Override // info.magnolia.jaas.sp.AbstractLoginModule
    public boolean release() {
        return true;
    }
}
