package org.alfresco.repo.web.scripts.portlet;

import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
import javax.transaction.UserTransaction;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.web.scripts.Authenticator;
import org.alfresco.web.scripts.Description;
import org.alfresco.web.scripts.WebScriptException;
import org.alfresco.web.scripts.portlet.PortletAuthenticatorFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:org/alfresco/repo/web/scripts/portlet/JSR168PortletAuthenticatorFactory.class */
public class JSR168PortletAuthenticatorFactory implements PortletAuthenticatorFactory {
    private static final Log logger = LogFactory.getLog(JSR168PortletAuthenticatorFactory.class);
    private AuthenticationService unprotAuthenticationService;
    private TransactionService txnService;

    /* loaded from: input_file:org/alfresco/repo/web/scripts/portlet/JSR168PortletAuthenticatorFactory$JSR168PortletAuthenticator.class */
    public class JSR168PortletAuthenticator implements Authenticator {
        private RenderRequest req;

        public JSR168PortletAuthenticator(RenderRequest renderRequest, RenderResponse renderResponse) {
            this.req = renderRequest;
        }

        public boolean authenticate(Description.RequiredAuthentication requiredAuthentication, boolean z) {
            String str = (String) this.req.getPortletSession().getAttribute("alfportletusername");
            if (str == null) {
                str = this.req.getRemoteUser();
            }
            if (JSR168PortletAuthenticatorFactory.logger.isDebugEnabled()) {
                JSR168PortletAuthenticatorFactory.logger.debug("JSR-168 Remote user: " + str);
            }
            if (z || str == null) {
                if (JSR168PortletAuthenticatorFactory.logger.isDebugEnabled()) {
                    JSR168PortletAuthenticatorFactory.logger.debug("Authenticating as Guest");
                }
                AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getGuestUserName());
                return true;
            }
            if (JSR168PortletAuthenticatorFactory.logger.isDebugEnabled()) {
                JSR168PortletAuthenticatorFactory.logger.debug("Authenticating as user " + str);
            }
            UserTransaction userTransaction = null;
            try {
                try {
                    UserTransaction userTransaction2 = JSR168PortletAuthenticatorFactory.this.txnService.getUserTransaction();
                    userTransaction2.begin();
                    if (!JSR168PortletAuthenticatorFactory.this.unprotAuthenticationService.authenticationExists(str)) {
                        throw new WebScriptException(403, "User " + str + " is not a known Alfresco user");
                    }
                    AuthenticationUtil.setFullyAuthenticatedUser(str);
                    if (userTransaction2 != null) {
                        try {
                            userTransaction2.rollback();
                        } catch (Exception e) {
                            return true;
                        }
                    }
                    return true;
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            userTransaction.rollback();
                        } catch (Exception e2) {
                            throw th;
                        }
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                throw new AlfrescoRuntimeException("Error authenticating user: " + str, th2);
            }
        }

        public boolean emptyCredentials() {
            String str = (String) this.req.getPortletSession().getAttribute("alfportletusername");
            if (str == null) {
                str = this.req.getRemoteUser();
            }
            return str == null;
        }
    }

    public void setUnprotAuthenticationService(AuthenticationService authenticationService) {
        this.unprotAuthenticationService = authenticationService;
    }

    public void setTransactionService(TransactionService transactionService) {
        this.txnService = transactionService;
    }

    public Authenticator create(RenderRequest renderRequest, RenderResponse renderResponse) {
        return new JSR168PortletAuthenticator(renderRequest, renderResponse);
    }
}
