package org.alfresco.repo.security.authentication;

import java.util.Arrays;
import java.util.Collections;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.atomic.AtomicInteger;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.providers.dao.User;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.sync.UserRegistrySynchronizer;
import org.alfresco.repo.tenant.TenantContextHolder;
import org.alfresco.repo.tenant.TenantUtil;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.Pair;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.class */
public abstract class AbstractAuthenticationComponent implements AuthenticationComponent {
    private AuthenticationContext authenticationContext;
    private PersonService personService;
    private NodeService nodeService;
    private TransactionService transactionService;
    private UserRegistrySynchronizer userRegistrySynchronizer;
    private Boolean allowGuestLogin = null;
    private Set<String> defaultAdministratorUserNames = Collections.emptySet();
    private Set<String> defaultGuestUserNames = Collections.emptySet();
    protected final Log logger = LogFactory.getLog(getClass());
    AtomicInteger numberSuccessfulAuthentications = new AtomicInteger(0);
    AtomicInteger numberFailedAuthentications = new AtomicInteger(0);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/alfresco/repo/security/authentication/AbstractAuthenticationComponent$CheckCurrentUserCallback.class */
    public class CheckCurrentUserCallback extends CurrentUserCallback {
        CheckCurrentUserCallback(String str) {
            super(str);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
        public Authentication execute() throws Throwable {
            if (AbstractAuthenticationComponent.this.logger.isTraceEnabled()) {
                AbstractAuthenticationComponent.this.logger.trace("Check current user: " + AuthenticationUtil.maskUsername(this.userNameIn));
            }
            try {
                Pair userTenant = AuthenticationUtil.getUserTenant(this.userNameIn);
                final String str = (String) userTenant.getFirst();
                String str2 = (String) userTenant.getSecond();
                Authentication currentUserImpl = AbstractAuthenticationComponent.this.setCurrentUserImpl(str);
                TenantUtil.runAsSystemTenant(new TenantUtil.TenantRunAsWork<Object>() { // from class: org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.CheckCurrentUserCallback.1
                    public Object doWork() throws Exception {
                        String userIdentifier = AbstractAuthenticationComponent.this.personService.getUserIdentifier(str);
                        if (userIdentifier != null && userIdentifier.equals(str)) {
                            return null;
                        }
                        if (AbstractAuthenticationComponent.this.logger.isDebugEnabled()) {
                            AbstractAuthenticationComponent.this.logger.debug("User \"" + AuthenticationUtil.maskUsername(str) + "\" does not exist in Alfresco. Failing validation.");
                        }
                        throw new AuthenticationException("User \"" + AuthenticationUtil.maskUsername(str) + "\" does not exist in Alfresco");
                    }
                }, str2);
                TenantContextHolder.setTenantDomain(str2);
                return currentUserImpl;
            } catch (AuthenticationException e) {
                this.ae = e;
                return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/alfresco/repo/security/authentication/AbstractAuthenticationComponent$CurrentUserCallback.class */
    public abstract class CurrentUserCallback implements RetryingTransactionHelper.RetryingTransactionCallback<Authentication> {
        AuthenticationException ae = null;
        String userNameIn;

        CurrentUserCallback(String str) {
            this.userNameIn = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/alfresco/repo/security/authentication/AbstractAuthenticationComponent$FixCurrentUserCallback.class */
    public class FixCurrentUserCallback extends CurrentUserCallback {
        FixCurrentUserCallback(String str) {
            super(str);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
        public Authentication execute() throws Throwable {
            if (AbstractAuthenticationComponent.this.logger.isTraceEnabled()) {
                AbstractAuthenticationComponent.this.logger.trace("Fix current user: " + AuthenticationUtil.maskUsername(this.userNameIn));
            }
            try {
                Pair userTenant = AuthenticationUtil.getUserTenant(this.userNameIn);
                final String str = (String) userTenant.getFirst();
                String str2 = (String) userTenant.getSecond();
                Authentication currentUserImpl = AbstractAuthenticationComponent.this.setCurrentUserImpl((String) TenantUtil.runAsSystemTenant(new TenantUtil.TenantRunAsWork<String>() { // from class: org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.FixCurrentUserCallback.1
                    /* renamed from: doWork, reason: merged with bridge method [inline-methods] */
                    public String m886doWork() throws Exception {
                        if (!AbstractAuthenticationComponent.this.personService.personExists(str)) {
                            if (AbstractAuthenticationComponent.this.logger.isDebugEnabled()) {
                                AbstractAuthenticationComponent.this.logger.debug("User \"" + AuthenticationUtil.maskUsername(str) + "\" does not exist in Alfresco. Attempting to import / create the user.");
                            }
                            if (!AbstractAuthenticationComponent.this.userRegistrySynchronizer.createMissingPerson(str)) {
                                if (AbstractAuthenticationComponent.this.logger.isDebugEnabled()) {
                                    AbstractAuthenticationComponent.this.logger.debug("Failed to import / create user \"" + AuthenticationUtil.maskUsername(str) + '\"');
                                }
                                throw new AuthenticationException("User \"" + AuthenticationUtil.maskUsername(str) + "\" does not exist in Alfresco");
                            }
                        }
                        return (String) AbstractAuthenticationComponent.this.nodeService.getProperty(AbstractAuthenticationComponent.this.personService.getPerson(str), ContentModel.PROP_USERNAME);
                    }
                }, str2));
                TenantContextHolder.setTenantDomain(str2);
                return currentUserImpl;
            } catch (AuthenticationException e) {
                this.ae = e;
                return null;
            }
        }
    }

    public void setAllowGuestLogin(Boolean bool) {
        this.allowGuestLogin = bool;
    }

    public void setAuthenticationContext(AuthenticationContext authenticationContext) {
        this.authenticationContext = authenticationContext;
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    public void setNodeService(NodeService nodeService) {
        this.nodeService = nodeService;
    }

    public void setTransactionService(TransactionService transactionService) {
        this.transactionService = transactionService;
    }

    public void setUserRegistrySynchronizer(UserRegistrySynchronizer userRegistrySynchronizer) {
        this.userRegistrySynchronizer = userRegistrySynchronizer;
    }

    public TransactionService getTransactionService() {
        return this.transactionService;
    }

    public Boolean getAllowGuestLogin() {
        return this.allowGuestLogin;
    }

    public NodeService getNodeService() {
        return this.nodeService;
    }

    public PersonService getPersonService() {
        return this.personService;
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public void authenticate(String str, char[] cArr) throws AuthenticationException {
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("Authenticating user \"" + AuthenticationUtil.maskUsername(str) + '\"');
        }
        if (str == null) {
            throw new AuthenticationException("Null user name");
        }
        if (isGuestUserName(str)) {
            if (this.logger.isTraceEnabled()) {
                this.logger.trace("User \"" + AuthenticationUtil.maskUsername(str) + "\" recognized as a guest user");
            }
            setGuestUserAsCurrentUser(getUserDomain(str));
        } else {
            try {
                authenticateImpl(str, cArr);
                onAuthenticate();
            } catch (RuntimeException e) {
                onFail();
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("Failed to authenticate user \"" + AuthenticationUtil.maskUsername(str) + "' , with message: " + e.getMessage(), e);
                }
                throw e;
            }
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("User \"" + AuthenticationUtil.maskUsername(str) + "\" authenticated successfully");
        }
    }

    protected void authenticateImpl(String str, char[] cArr) {
        throw new UnsupportedOperationException();
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public Authentication setCurrentUser(String str) throws AuthenticationException {
        return setCurrentUser(str, AuthenticationComponent.UserNameValidationMode.CHECK_AND_FIX);
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public Authentication setCurrentUser(String str, AuthenticationComponent.UserNameValidationMode userNameValidationMode) {
        Authentication authentication;
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("About to set the current user: " + AuthenticationUtil.maskUsername(str) + " with validation mode: " + userNameValidationMode);
        }
        if (userNameValidationMode == AuthenticationComponent.UserNameValidationMode.NONE || isSystemUserName(str)) {
            return setCurrentUserImpl(str);
        }
        CurrentUserCallback fixCurrentUserCallback = userNameValidationMode == AuthenticationComponent.UserNameValidationMode.CHECK_AND_FIX ? new FixCurrentUserCallback(str) : new CheckCurrentUserCallback(str);
        if (this.transactionService.isReadOnly()) {
            authentication = (Authentication) this.transactionService.getRetryingTransactionHelper().doInTransaction(fixCurrentUserCallback, true, false);
        } else {
            boolean z = userNameValidationMode == AuthenticationComponent.UserNameValidationMode.CHECK;
            authentication = (Authentication) this.transactionService.getRetryingTransactionHelper().doInTransaction(fixCurrentUserCallback, z, !z && AlfrescoTransactionSupport.getTransactionReadState() == AlfrescoTransactionSupport.TxnReadState.TXN_READ_ONLY);
        }
        if (authentication == null || fixCurrentUserCallback.ae != null) {
            throw fixCurrentUserCallback.ae;
        }
        return authentication;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Authentication setCurrentUserImpl(String str) throws AuthenticationException {
        UserDetails userDetails;
        if (str == null) {
            throw new AuthenticationException("Null user name");
        }
        if (isSystemUserName(str)) {
            return setSystemUserAsCurrentUser(getUserDomain(str));
        }
        try {
            if (isGuestUserName(str)) {
                String userDomain = getUserDomain(str);
                if (this.logger.isTraceEnabled()) {
                    this.logger.trace("Setting the current user to the guest user of tenant domain \"" + userDomain + '\"');
                }
                userDetails = new User(str, "", true, true, true, true, new GrantedAuthority[0]);
            } else {
                if (this.logger.isTraceEnabled()) {
                    this.logger.trace("Setting the current user to \"" + AuthenticationUtil.maskUsername(str) + '\"');
                }
                userDetails = getUserDetails(str);
                if (!str.equals(userDetails.getUsername())) {
                    userDetails = new User(str, userDetails.getPassword(), userDetails.isEnabled(), userDetails.isAccountNonExpired(), userDetails.isCredentialsNonExpired(), userDetails.isAccountNonLocked(), userDetails.getAuthorities());
                }
            }
            return setUserDetails(userDetails);
        } catch (AuthenticationException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserDetails getUserDetails(String str) {
        return new User(str, "", true, true, true, true, new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_AUTHENTICATED")});
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationContext
    public Authentication setCurrentAuthentication(Authentication authentication) {
        return this.authenticationContext.setCurrentAuthentication(authentication);
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationContext
    public Authentication getCurrentAuthentication() throws AuthenticationException {
        return this.authenticationContext.getCurrentAuthentication();
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationContext
    public String getCurrentUserName() throws AuthenticationException {
        return this.authenticationContext.getCurrentUserName();
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationContext
    public Authentication setSystemUserAsCurrentUser() {
        return this.authenticationContext.setSystemUserAsCurrentUser();
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationContext
    public String getSystemUserName() {
        return this.authenticationContext.getSystemUserName();
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationContext
    public boolean isSystemUserName(String str) {
        return this.authenticationContext.isSystemUserName(str);
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationContext
    public boolean isCurrentUserTheSystemUser() {
        return this.authenticationContext.isCurrentUserTheSystemUser();
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationContext
    public String getGuestUserName() {
        return this.authenticationContext.getGuestUserName();
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationContext
    public String getGuestUserName(String str) {
        return this.authenticationContext.getGuestUserName(str);
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public Authentication setGuestUserAsCurrentUser() throws AuthenticationException {
        return setGuestUserAsCurrentUser("");
    }

    private Authentication setGuestUserAsCurrentUser(String str) throws AuthenticationException {
        if (this.allowGuestLogin == null) {
            if (implementationAllowsGuestLogin()) {
                return setCurrentUser(getGuestUserName(str));
            }
            throw new AuthenticationException("Guest authentication is not allowed");
        }
        if (this.allowGuestLogin.booleanValue()) {
            return setCurrentUser(getGuestUserName(str));
        }
        throw new AuthenticationException("Guest authentication is not allowed");
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationContext
    public boolean isGuestUserName(String str) {
        return this.authenticationContext.isGuestUserName(str);
    }

    protected abstract boolean implementationAllowsGuestLogin();

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public boolean guestUserAuthenticationAllowed() {
        return this.allowGuestLogin == null ? implementationAllowsGuestLogin() : this.allowGuestLogin.booleanValue();
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationContext
    public void clearCurrentSecurityContext() {
        this.authenticationContext.clearCurrentSecurityContext();
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public Set<String> getDefaultAdministratorUserNames() {
        return this.defaultAdministratorUserNames;
    }

    public void setDefaultAdministratorUserNames(Set<String> set) {
        this.defaultAdministratorUserNames = set;
    }

    public void setDefaultAdministratorUserNameList(String str) {
        TreeSet treeSet = new TreeSet();
        if (str.length() > 0) {
            treeSet.addAll(Arrays.asList(str.split(",")));
        }
        setDefaultAdministratorUserNames(treeSet);
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public Set<String> getDefaultGuestUserNames() {
        return this.defaultGuestUserNames;
    }

    public void setDefaultGuestUserNames(Set<String> set) {
        this.defaultGuestUserNames = set;
    }

    public void setDefaultGuestUserNameList(String str) {
        TreeSet treeSet = new TreeSet();
        if (str.length() > 0) {
            treeSet.addAll(Arrays.asList(str.split(",")));
        }
        setDefaultGuestUserNames(treeSet);
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationContext
    public String getSystemUserName(String str) {
        return this.authenticationContext.getSystemUserName(str);
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationContext
    public String getUserDomain(String str) {
        return this.authenticationContext.getUserDomain(str);
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationContext
    public Authentication setSystemUserAsCurrentUser(String str) {
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("Setting the current user to the system user of tenant domain \"" + str + '\"');
        }
        return this.authenticationContext.setSystemUserAsCurrentUser(str);
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationContext
    public Authentication setUserDetails(UserDetails userDetails) {
        return this.authenticationContext.setUserDetails(userDetails);
    }

    protected void onAuthenticate() {
        this.numberSuccessfulAuthentications.getAndIncrement();
    }

    protected void onFail() {
        this.numberFailedAuthentications.getAndIncrement();
    }

    public int getNumberSuccessfulAuthentications() {
        return this.numberSuccessfulAuthentications.get();
    }

    public int getNumberFailedAuthentications() {
        return this.numberFailedAuthentications.get();
    }
}
