package org.alfresco.repo.security.authentication;

import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.User;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.tenant.TenantService;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;

/* loaded from: input_file:WEB-INF/lib/alfresco-repository.jar:org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.class */
public abstract class AbstractAuthenticationComponent implements AuthenticationComponent {
    private Boolean allowGuestLogin = null;
    private TenantService tenantService;
    private PersonService personService;
    private NodeService nodeService;
    private TransactionService transactionService;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/alfresco-repository.jar:org/alfresco/repo/security/authentication/AbstractAuthenticationComponent$SetCurrentUserCallback.class */
    public class SetCurrentUserCallback implements RetryingTransactionHelper.RetryingTransactionCallback<Authentication> {
        AuthenticationException ae = null;
        String userName;

        SetCurrentUserCallback(String str) {
            this.userName = str;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
        public Authentication execute() throws Throwable {
            try {
                return AbstractAuthenticationComponent.this.setCurrentUserImpl((String) AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<String>() { // from class: org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.SetCurrentUserCallback.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork
                    public String doWork() throws Exception {
                        NodeRef person;
                        if (AbstractAuthenticationComponent.this.personService.personExists(SetCurrentUserCallback.this.userName) && (person = AbstractAuthenticationComponent.this.personService.getPerson(SetCurrentUserCallback.this.userName)) != null) {
                            return (String) AbstractAuthenticationComponent.this.nodeService.getProperty(person, ContentModel.PROP_USERNAME);
                        }
                        return SetCurrentUserCallback.this.userName;
                    }
                }, AbstractAuthenticationComponent.this.tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), AbstractAuthenticationComponent.this.tenantService.getUserDomain(this.userName))));
            } catch (AuthenticationException e) {
                this.ae = e;
                return null;
            }
        }
    }

    public void setAllowGuestLogin(Boolean bool) {
        this.allowGuestLogin = bool;
    }

    public void setTenantService(TenantService tenantService) {
        this.tenantService = tenantService;
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    public void setNodeService(NodeService nodeService) {
        this.nodeService = nodeService;
    }

    public void setTransactionService(TransactionService transactionService) {
        this.transactionService = transactionService;
    }

    public TransactionService getTransactionService() {
        return this.transactionService;
    }

    public Boolean getAllowGuestLogin() {
        return this.allowGuestLogin;
    }

    public NodeService getNodeService() {
        return this.nodeService;
    }

    public PersonService getPersonService() {
        return this.personService;
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public void authenticate(String str, char[] cArr) throws AuthenticationException {
        if (isGuestUserName(str)) {
            setGuestUserAsCurrentUser(this.tenantService.getUserDomain(str));
        } else {
            authenticateImpl(str, cArr);
        }
    }

    protected void authenticateImpl(String str, char[] cArr) {
        throw new UnsupportedOperationException();
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public Authentication setCurrentUser(String str, AuthenticationComponent.UserNameValidationMode userNameValidationMode) {
        switch (userNameValidationMode) {
            case NONE:
                return setCurrentUserImpl(str);
            case CHECK_AND_FIX:
            default:
                return setCurrentUser(str);
        }
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public Authentication setCurrentUser(String str) throws AuthenticationException {
        if (isSystemUserName(str)) {
            return setCurrentUserImpl(str);
        }
        SetCurrentUserCallback setCurrentUserCallback = new SetCurrentUserCallback(str);
        Authentication authentication = (Authentication) this.transactionService.getRetryingTransactionHelper().doInTransaction(setCurrentUserCallback, this.transactionService.isReadOnly(), false);
        if (authentication == null || setCurrentUserCallback.ae != null) {
            throw setCurrentUserCallback.ae;
        }
        return authentication;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Authentication setCurrentUserImpl(String str) throws AuthenticationException {
        if (str == null) {
            throw new AuthenticationException("Null user name");
        }
        try {
            try {
                UserDetails user = isSystemUserName(str) ? new User(str, "", true, true, true, true, new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_SYSTEM")}) : isGuestUserName(str) ? new User(getGuestUserName(this.tenantService.getUserDomain(str)), "", true, true, true, true, new GrantedAuthority[0]) : getUserDetails(str);
                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(user, "", user.getAuthorities());
                usernamePasswordAuthenticationToken.setDetails(user);
                usernamePasswordAuthenticationToken.setAuthenticated(true);
                return setCurrentAuthentication(usernamePasswordAuthenticationToken);
            } catch (net.sf.acegisecurity.AuthenticationException e) {
                throw new AuthenticationException(e.getMessage(), e);
            }
        } finally {
            AuthenticationUtil.logNDC(str);
        }
    }

    protected UserDetails getUserDetails(String str) {
        return new User(str, "", true, true, true, true, new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_AUTHENTICATED")});
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public Authentication setCurrentAuthentication(Authentication authentication) {
        return AuthenticationUtil.setFullAuthentication(authentication);
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public Authentication getCurrentAuthentication() throws AuthenticationException {
        return AuthenticationUtil.getFullAuthentication();
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public String getCurrentUserName() throws AuthenticationException {
        return AuthenticationUtil.getFullyAuthenticatedUser();
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public Authentication setSystemUserAsCurrentUser() {
        return setCurrentUser(AuthenticationUtil.SYSTEM_USER_NAME);
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public String getSystemUserName() {
        return AuthenticationUtil.SYSTEM_USER_NAME;
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public boolean isSystemUserName(String str) {
        return getSystemUserName().equals(this.tenantService.getBaseNameUser(str));
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public String getGuestUserName() {
        return "guest".toLowerCase();
    }

    private String getGuestUserName(String str) {
        return this.tenantService.getDomainUser(getGuestUserName(), str);
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public Authentication setGuestUserAsCurrentUser() throws AuthenticationException {
        return setGuestUserAsCurrentUser("");
    }

    private Authentication setGuestUserAsCurrentUser(String str) throws AuthenticationException {
        if (this.allowGuestLogin == null) {
            if (implementationAllowsGuestLogin()) {
                return setCurrentUser(getGuestUserName(str));
            }
            throw new AuthenticationException("Guest authentication is not allowed");
        }
        if (this.allowGuestLogin.booleanValue()) {
            return setCurrentUser(getGuestUserName(str));
        }
        throw new AuthenticationException("Guest authentication is not allowed");
    }

    private boolean isGuestUserName(String str) {
        return "guest".equalsIgnoreCase(this.tenantService.getBaseNameUser(str));
    }

    protected abstract boolean implementationAllowsGuestLogin();

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public boolean guestUserAuthenticationAllowed() {
        return this.allowGuestLogin == null ? implementationAllowsGuestLogin() : this.allowGuestLogin.booleanValue();
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public void clearCurrentSecurityContext() {
        AuthenticationUtil.clearCurrentSecurityContext();
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        throw new AlfrescoRuntimeException("Authentication via token not supported");
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public String getMD4HashedPassword(String str) {
        throw new UnsupportedOperationException();
    }

    @Override // org.alfresco.repo.security.authentication.AuthenticationComponent
    public NTLMMode getNTLMMode() {
        return NTLMMode.NONE;
    }
}
