package org.alfresco.repo.web.scripts;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.model.Repository;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.tenant.TenantAdminService;
import org.alfresco.repo.tenant.TenantDeployer;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.TemplateService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.descriptor.DescriptorService;
import org.alfresco.web.scripts.AbstractRuntimeContainer;
import org.alfresco.web.scripts.Authenticator;
import org.alfresco.web.scripts.Description;
import org.alfresco.web.scripts.Registry;
import org.alfresco.web.scripts.ServerModel;
import org.alfresco.web.scripts.WebScript;
import org.alfresco.web.scripts.WebScriptException;
import org.alfresco.web.scripts.WebScriptRequest;
import org.alfresco.web.scripts.WebScriptResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.ObjectFactory;

/* loaded from: input_file:WEB-INF/lib/alfresco-remote-api.jar:org/alfresco/repo/web/scripts/RepositoryContainer.class */
public class RepositoryContainer extends AbstractRuntimeContainer implements TenantDeployer {
    protected static final Log logger = LogFactory.getLog(RepositoryContainer.class);
    private Repository repository;
    private RepositoryImageResolver imageResolver;
    private RetryingTransactionHelper retryingTransactionHelper;
    private AuthorityService authorityService;
    private DescriptorService descriptorService;
    private TenantAdminService tenantAdminService;
    private ObjectFactory registryFactory;
    private SimpleCache<String, Registry> webScriptsRegistryCache;

    public void setWebScriptsRegistryCache(SimpleCache<String, Registry> simpleCache) {
        this.webScriptsRegistryCache = simpleCache;
    }

    public void setRegistryFactory(ObjectFactory objectFactory) {
        this.registryFactory = objectFactory;
    }

    public void setRepository(Repository repository) {
        this.repository = repository;
    }

    public void setRepositoryImageResolver(RepositoryImageResolver repositoryImageResolver) {
        this.imageResolver = repositoryImageResolver;
    }

    public void setTransactionHelper(RetryingTransactionHelper retryingTransactionHelper) {
        this.retryingTransactionHelper = retryingTransactionHelper;
    }

    public void setDescriptorService(DescriptorService descriptorService) {
        this.descriptorService = descriptorService;
    }

    public void setAuthorityService(AuthorityService authorityService) {
        this.authorityService = authorityService;
    }

    public void setTenantAdminService(TenantAdminService tenantAdminService) {
        this.tenantAdminService = tenantAdminService;
    }

    @Override // org.alfresco.web.scripts.Container
    public ServerModel getDescription() {
        return new RepositoryServerModel(this.descriptorService.getCurrentRepositoryDescriptor());
    }

    @Override // org.alfresco.web.scripts.AbstractRuntimeContainer, org.alfresco.web.scripts.Container
    public Map<String, Object> getScriptParameters() {
        HashMap hashMap = new HashMap();
        hashMap.putAll(super.getScriptParameters());
        addRepoParameters(hashMap);
        return hashMap;
    }

    @Override // org.alfresco.web.scripts.AbstractRuntimeContainer, org.alfresco.web.scripts.Container
    public Map<String, Object> getTemplateParameters() {
        HashMap hashMap = new HashMap();
        hashMap.putAll(super.getTemplateParameters());
        hashMap.put(TemplateService.KEY_IMAGE_RESOLVER, this.imageResolver.getImageResolver());
        addRepoParameters(hashMap);
        return hashMap;
    }

    private void addRepoParameters(Map<String, Object> map) {
        if (AlfrescoTransactionSupport.getTransactionId() == null || AuthenticationUtil.getCurrentAuthentication() == null) {
            return;
        }
        Object rootHome = this.repository.getRootHome();
        if (rootHome != null) {
            map.put("roothome", rootHome);
        }
        Object companyHome = this.repository.getCompanyHome();
        if (companyHome != null) {
            map.put("companyhome", companyHome);
        }
        NodeRef person = this.repository.getPerson();
        if (person != null) {
            map.put("person", person);
            Object userHome = this.repository.getUserHome(person);
            if (userHome != null) {
                map.put("userhome", userHome);
            }
        }
    }

    @Override // org.alfresco.web.scripts.RuntimeContainer
    public void executeScript(WebScriptRequest webScriptRequest, WebScriptResponse webScriptResponse, Authenticator authenticator) throws IOException {
        WebScript webScript = webScriptRequest.getServiceMatch().getWebScript();
        Description description = webScript.getDescription();
        Description.RequiredAuthentication requiredAuthentication = description.getRequiredAuthentication();
        boolean isGuest = webScriptRequest.isGuest();
        if (requiredAuthentication == Description.RequiredAuthentication.none) {
            if (!AuthenticationUtil.isMtEnabled()) {
                AuthenticationUtil.clearCurrentSecurityContext();
            }
            transactionedExecuteAs(webScript, webScriptRequest, webScriptResponse);
            return;
        }
        if ((requiredAuthentication == Description.RequiredAuthentication.user || requiredAuthentication == Description.RequiredAuthentication.admin) && isGuest) {
            throw new WebScriptException(401, "Web Script " + description.getId() + " requires user authentication; however, a guest has attempted access.");
        }
        try {
            String currentUserName = AuthenticationUtil.getCurrentUserName();
            if (logger.isDebugEnabled()) {
                logger.debug("Current authentication: " + (currentUserName == null ? "unauthenticated" : "authenticated as " + currentUserName));
                logger.debug("Authentication required: " + requiredAuthentication);
                logger.debug("Guest login requested: " + isGuest);
            }
            if (authenticator == null || authenticator.authenticate(requiredAuthentication, isGuest)) {
                if (requiredAuthentication == Description.RequiredAuthentication.admin && !this.authorityService.hasAdminAuthority() && !AuthenticationUtil.getCurrentUserName().equals(AuthenticationUtil.getSystemUserName())) {
                    throw new WebScriptException(401, "Web Script " + description.getId() + " requires admin authentication; however, a non-admin has attempted access.");
                }
                transactionedExecuteAs(webScript, webScriptRequest, webScriptResponse);
            }
            AuthenticationUtil.clearCurrentSecurityContext();
            if (currentUserName != null) {
                AuthenticationUtil.setCurrentUser(currentUserName);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Authentication reset: " + (currentUserName == null ? "unauthenticated" : "authenticated as " + currentUserName));
            }
        } catch (Throwable th) {
            AuthenticationUtil.clearCurrentSecurityContext();
            if (0 != 0) {
                AuthenticationUtil.setCurrentUser(null);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Authentication reset: " + (0 == 0 ? "unauthenticated" : "authenticated as " + ((String) null)));
            }
            throw th;
        }
    }

    protected void transactionedExecute(final WebScript webScript, final WebScriptRequest webScriptRequest, final WebScriptResponse webScriptResponse) throws IOException {
        final Description description = webScript.getDescription();
        if (description.getRequiredTransaction() == Description.RequiredTransaction.none) {
            webScript.execute(webScriptRequest, webScriptResponse);
            return;
        }
        RetryingTransactionHelper.RetryingTransactionCallback<Object> retryingTransactionCallback = new RetryingTransactionHelper.RetryingTransactionCallback<Object>() { // from class: org.alfresco.repo.web.scripts.RepositoryContainer.1
            @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
            /* renamed from: execute */
            public Object execute2() throws Exception {
                if (RepositoryContainer.logger.isDebugEnabled()) {
                    RepositoryContainer.logger.debug("Begin transaction: " + description.getRequiredTransaction());
                }
                webScript.execute(webScriptRequest, webScriptResponse);
                if (!RepositoryContainer.logger.isDebugEnabled()) {
                    return null;
                }
                RepositoryContainer.logger.debug("End transaction: " + description.getRequiredTransaction());
                return null;
            }
        };
        if (description.getRequiredTransaction() == Description.RequiredTransaction.required) {
            this.retryingTransactionHelper.doInTransaction(retryingTransactionCallback);
        } else {
            this.retryingTransactionHelper.doInTransaction(retryingTransactionCallback, false, true);
        }
    }

    private void transactionedExecuteAs(final WebScript webScript, final WebScriptRequest webScriptRequest, final WebScriptResponse webScriptResponse) throws IOException {
        String runAs = webScript.getDescription().getRunAs();
        if (runAs == null) {
            transactionedExecute(webScript, webScriptRequest, webScriptResponse);
        } else {
            AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() { // from class: org.alfresco.repo.web.scripts.RepositoryContainer.2
                @Override // org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork
                /* renamed from: doWork */
                public Object doWork2() throws Exception {
                    RepositoryContainer.this.transactionedExecute(webScript, webScriptRequest, webScriptResponse);
                    return null;
                }
            }, runAs);
        }
    }

    @Override // org.alfresco.web.scripts.AbstractRuntimeContainer, org.alfresco.web.scripts.Container
    public Registry getRegistry() {
        String currentUserDomain = this.tenantAdminService.getCurrentUserDomain();
        Registry registry = this.webScriptsRegistryCache.get(currentUserDomain);
        if (registry == null) {
            init();
            registry = this.webScriptsRegistryCache.get(currentUserDomain);
        }
        return registry;
    }

    @Override // org.alfresco.web.scripts.AbstractRuntimeContainer, org.alfresco.web.scripts.Container
    public void reset() {
        destroy();
        init();
    }

    @Override // org.alfresco.repo.tenant.TenantDeployer
    public void onEnableTenant() {
        init();
    }

    @Override // org.alfresco.repo.tenant.TenantDeployer
    public void onDisableTenant() {
        destroy();
    }

    @Override // org.alfresco.repo.tenant.TenantDeployer
    public void init() {
        this.tenantAdminService.register(this);
        this.webScriptsRegistryCache.put(this.tenantAdminService.getCurrentUserDomain(), (Registry) this.registryFactory.getObject());
        super.reset();
    }

    @Override // org.alfresco.repo.tenant.TenantDeployer
    public void destroy() {
        this.webScriptsRegistryCache.remove(this.tenantAdminService.getCurrentUserDomain());
    }
}
