package info.magnolia.jaas.sp.jcr;

import info.magnolia.cms.security.ACLImpl;
import info.magnolia.cms.security.MgnlUser;
import info.magnolia.cms.security.PrincipalUtil;
import info.magnolia.cms.security.SecuritySupport;
import info.magnolia.cms.security.User;
import info.magnolia.cms.security.auth.ACL;
import info.magnolia.cms.security.auth.PrincipalCollection;
import info.magnolia.cms.security.auth.PrincipalCollectionImpl;
import info.magnolia.jaas.principal.GroupListImpl;
import info.magnolia.jaas.principal.RoleListImpl;
import info.magnolia.jaas.sp.AbstractLoginModule;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import javax.security.auth.login.LoginException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/magnolia-jaas-5.5.3.jar:info/magnolia/jaas/sp/jcr/JCRAuthorizationModule.class */
public class JCRAuthorizationModule extends AbstractLoginModule {
    private static final Logger log = LoggerFactory.getLogger(JCRAuthorizationModule.class);

    @Override // info.magnolia.jaas.sp.AbstractLoginModule
    public void validateUser() throws LoginException {
    }

    @Override // info.magnolia.jaas.sp.AbstractLoginModule
    public boolean login() throws LoginException {
        this.success = true;
        setSharedStatus(1);
        return this.success;
    }

    @Override // info.magnolia.jaas.sp.AbstractLoginModule
    public void setACL() {
        String[] strArr = (String[]) getRoleNames().toArray(new String[getRoleNames().size()]);
        String[] strArr2 = (String[]) getGroupNames().toArray(new String[getGroupNames().size()]);
        log.debug("Roles: {}", Arrays.toString(strArr));
        log.debug("Groups: {}", Arrays.toString(strArr2));
        addRoles(strArr);
        addGroups(strArr2);
        PrincipalCollectionImpl principalCollectionImpl = new PrincipalCollectionImpl();
        setACLForRoles(strArr, principalCollectionImpl);
        setACLForGroups(strArr2, principalCollectionImpl);
        SecuritySupport factory = SecuritySupport.Factory.getInstance();
        User user = (User) PrincipalUtil.findPrincipal(this.subject, User.class);
        if (user == null) {
            user = factory.getUserManager().getUser(this.subject);
        }
        if (user instanceof MgnlUser) {
            setACLForUser(principalCollectionImpl, user, factory);
        }
        if (log.isDebugEnabled()) {
            Iterator<Principal> it = principalCollectionImpl.iterator();
            while (it.hasNext()) {
                log.debug("ACL: {}", it.next());
            }
        }
        this.subject.getPrincipals().add(principalCollectionImpl);
    }

    protected void setACLForUser(PrincipalCollection principalCollection, User user, SecuritySupport securitySupport) {
        mergePrincipals(principalCollection, securitySupport.getUserManager(((MgnlUser) user).getRealm()).getACLs(user).values());
    }

    private void mergePrincipals(PrincipalCollection principalCollection, Collection<ACL> collection) {
        for (ACL acl : collection) {
            if (principalCollection.contains(acl.getName())) {
                ACL acl2 = (ACL) principalCollection.get(acl.getName());
                HashSet hashSet = new HashSet(acl2.getList());
                hashSet.addAll(acl.getList());
                principalCollection.remove(acl2);
                acl = new ACLImpl(acl.getName(), new ArrayList(hashSet));
            }
            principalCollection.add(acl);
        }
    }

    @Override // info.magnolia.jaas.sp.AbstractLoginModule
    public void setEntity() {
    }

    protected void addGroups(String[] strArr) {
        GroupListImpl groupListImpl = new GroupListImpl();
        Iterator<String> it = getGroupNames().iterator();
        while (it.hasNext()) {
            groupListImpl.add(it.next());
        }
        this.subject.getPrincipals().add(groupListImpl);
    }

    protected void addRoles(String[] strArr) {
        RoleListImpl roleListImpl = new RoleListImpl();
        Iterator<String> it = getRoleNames().iterator();
        while (it.hasNext()) {
            roleListImpl.add(it.next());
        }
        this.subject.getPrincipals().add(roleListImpl);
    }

    protected void setACLForRoles(String[] strArr, PrincipalCollection principalCollection) {
        SecuritySupport factory = SecuritySupport.Factory.getInstance();
        for (String str : strArr) {
            mergePrincipals(principalCollection, factory.getRoleManager().getACLs(str).values());
        }
    }

    protected void setACLForGroups(String[] strArr, PrincipalCollection principalCollection) {
        SecuritySupport factory = SecuritySupport.Factory.getInstance();
        for (String str : strArr) {
            mergePrincipals(principalCollection, factory.getGroupManager().getACLs(str).values());
        }
    }
}
