package org.alfresco.repo.security.authentication;

import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.context.Context;
import net.sf.acegisecurity.context.ContextHolder;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.User;
import org.alfresco.repo.tenant.TenantService;
import org.alfresco.service.cmr.security.PermissionService;
import org.apache.log4j.NDC;

/* loaded from: input_file:org/alfresco/repo/security/authentication/AuthenticationUtil.class */
public abstract class AuthenticationUtil {
    public static final String SYSTEM_USER_NAME = "System";
    private static boolean mtEnabled = false;

    /* loaded from: input_file:org/alfresco/repo/security/authentication/AuthenticationUtil$RunAsWork.class */
    public interface RunAsWork<Result> {
        Result doWork() throws Exception;
    }

    private AuthenticationUtil() {
    }

    public static void setMtEnabled(boolean z) {
        if (mtEnabled) {
            return;
        }
        mtEnabled = z;
    }

    public static boolean isMtEnabled() {
        return mtEnabled;
    }

    public static Authentication setCurrentUser(String str) {
        return setCurrentUser(str, getDefaultUserDetails(str));
    }

    public static Authentication setCurrentRealUser(String str) {
        return setCurrentRealUser(str, getDefaultUserDetails(str));
    }

    public static Authentication setCurrentEffectiveUser(String str) {
        return setCurrentEffectiveUser(str, getDefaultUserDetails(str));
    }

    public static Authentication setCurrentStoredUser(String str) {
        return setCurrentStoredUser(str, getDefaultUserDetails(str));
    }

    public static Authentication setCurrentUser(String str, UserDetails userDetails) throws AuthenticationException {
        if (str == null) {
            throw new AuthenticationException("Null user name");
        }
        try {
            return setCurrentAuthentication(getAuthenticationToken(str, userDetails));
        } catch (net.sf.acegisecurity.AuthenticationException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    public static Authentication setCurrentRealUser(String str, UserDetails userDetails) throws AuthenticationException {
        if (str == null) {
            throw new AuthenticationException("Null user name");
        }
        try {
            return setCurrentRealAuthentication(getAuthenticationToken(str, userDetails));
        } catch (net.sf.acegisecurity.AuthenticationException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    public static Authentication setCurrentEffectiveUser(String str, UserDetails userDetails) throws AuthenticationException {
        if (str == null) {
            throw new AuthenticationException("Null user name");
        }
        try {
            return setCurrentEffectiveAuthentication(getAuthenticationToken(str, userDetails));
        } catch (net.sf.acegisecurity.AuthenticationException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    public static Authentication setCurrentStoredUser(String str, UserDetails userDetails) throws AuthenticationException {
        if (str == null) {
            throw new AuthenticationException("Null user name");
        }
        try {
            return setCurrentStoredAuthentication(getAuthenticationToken(str, userDetails));
        } catch (net.sf.acegisecurity.AuthenticationException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    private static UsernamePasswordAuthenticationToken getAuthenticationToken(String str, UserDetails userDetails) {
        UserDetails userDetails2;
        if (str.equals(SYSTEM_USER_NAME)) {
            userDetails2 = new User(SYSTEM_USER_NAME, "", true, true, true, true, new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_SYSTEM")});
        } else if (str.equalsIgnoreCase(PermissionService.GUEST_AUTHORITY)) {
            userDetails2 = new User(PermissionService.GUEST_AUTHORITY.toLowerCase(), "", true, true, true, true, new GrantedAuthority[0]);
        } else {
            if (!userDetails.getUsername().equals(str)) {
                throw new AuthenticationException("Provided user details do not match the user name");
            }
            userDetails2 = userDetails;
        }
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userDetails2, "", userDetails2.getAuthorities());
        usernamePasswordAuthenticationToken.setDetails(userDetails2);
        usernamePasswordAuthenticationToken.setAuthenticated(true);
        return usernamePasswordAuthenticationToken;
    }

    private static UserDetails getDefaultUserDetails(String str) {
        return new User(str, "", true, true, true, true, new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_AUTHENTICATED")});
    }

    public static Authentication setCurrentAuthentication(Authentication authentication) {
        Context alfrescoSecureContextImpl;
        if (authentication == null) {
            clearCurrentSecurityContext();
            return null;
        }
        Context context = ContextHolder.getContext();
        if (context == null || !(context instanceof AlfrescoSecureContext)) {
            alfrescoSecureContextImpl = new AlfrescoSecureContextImpl();
            ContextHolder.setContext(alfrescoSecureContextImpl);
        } else {
            alfrescoSecureContextImpl = (AlfrescoSecureContext) context;
        }
        authentication.setAuthenticated(true);
        alfrescoSecureContextImpl.setAuthentication(authentication);
        String str = SYSTEM_USER_NAME;
        if (authentication.getPrincipal() instanceof UserDetails) {
            str = ((UserDetails) authentication.getPrincipal()).getUsername();
        }
        logNDC(str);
        return authentication;
    }

    public static void logNDC(String str) {
        NDC.remove();
        if (!isMtEnabled()) {
            NDC.push("User:" + str);
            return;
        }
        int indexOf = str.indexOf(TenantService.SEPARATOR);
        if (indexOf == -1 || indexOf >= str.length() - 1) {
            NDC.push("User:" + str);
        } else {
            NDC.push("Tenant:" + str.substring(indexOf + 1) + " User:" + str.substring(0, indexOf));
        }
    }

    public static Authentication setCurrentRealAuthentication(Authentication authentication) {
        Context alfrescoSecureContextImpl;
        if (authentication == null) {
            clearCurrentSecurityContext();
            return null;
        }
        Context context = ContextHolder.getContext();
        if (context == null || !(context instanceof AlfrescoSecureContext)) {
            alfrescoSecureContextImpl = new AlfrescoSecureContextImpl();
            ContextHolder.setContext(alfrescoSecureContextImpl);
        } else {
            alfrescoSecureContextImpl = (AlfrescoSecureContext) context;
        }
        authentication.setAuthenticated(true);
        alfrescoSecureContextImpl.setRealAuthentication(authentication);
        return authentication;
    }

    public static Authentication setCurrentEffectiveAuthentication(Authentication authentication) {
        Context alfrescoSecureContextImpl;
        if (authentication == null) {
            clearCurrentSecurityContext();
            return null;
        }
        Context context = ContextHolder.getContext();
        if (context == null || !(context instanceof AlfrescoSecureContext)) {
            alfrescoSecureContextImpl = new AlfrescoSecureContextImpl();
            ContextHolder.setContext(alfrescoSecureContextImpl);
        } else {
            alfrescoSecureContextImpl = (AlfrescoSecureContext) context;
        }
        authentication.setAuthenticated(true);
        alfrescoSecureContextImpl.setEffectiveAuthentication(authentication);
        return authentication;
    }

    public static Authentication setCurrentStoredAuthentication(Authentication authentication) {
        Context alfrescoSecureContextImpl;
        if (authentication == null) {
            clearCurrentSecurityContext();
            return null;
        }
        Context context = ContextHolder.getContext();
        if (context == null || !(context instanceof AlfrescoSecureContext)) {
            alfrescoSecureContextImpl = new AlfrescoSecureContextImpl();
            ContextHolder.setContext(alfrescoSecureContextImpl);
        } else {
            alfrescoSecureContextImpl = (AlfrescoSecureContext) context;
        }
        authentication.setAuthenticated(true);
        alfrescoSecureContextImpl.setStoredAuthentication(authentication);
        return authentication;
    }

    public static Authentication getCurrentAuthentication() throws AuthenticationException {
        return getCurrentRealAuthentication();
    }

    public static Authentication getCurrentRealAuthentication() throws AuthenticationException {
        AlfrescoSecureContext context = ContextHolder.getContext();
        if (context == null || !(context instanceof AlfrescoSecureContext)) {
            return null;
        }
        return context.getRealAuthentication();
    }

    public static Authentication getCurrentEffectiveAuthentication() throws AuthenticationException {
        AlfrescoSecureContext context = ContextHolder.getContext();
        if (context == null || !(context instanceof AlfrescoSecureContext)) {
            return null;
        }
        return context.getEffectiveAuthentication();
    }

    public static Authentication getCurrentStoredAuthentication() throws AuthenticationException {
        AlfrescoSecureContext context = ContextHolder.getContext();
        if (context == null || !(context instanceof AlfrescoSecureContext)) {
            return null;
        }
        return context.getStoredAuthentication();
    }

    public static String getCurrentUserName() throws AuthenticationException {
        return getCurrentRealUserName();
    }

    public static String getCurrentRealUserName() throws AuthenticationException {
        AlfrescoSecureContext context = ContextHolder.getContext();
        if (context == null || !(context instanceof AlfrescoSecureContext)) {
            return null;
        }
        AlfrescoSecureContext alfrescoSecureContext = context;
        if (alfrescoSecureContext.getRealAuthentication() == null) {
            return null;
        }
        return getUserName(alfrescoSecureContext.getRealAuthentication());
    }

    public static String getCurrentEffectiveUserName() throws AuthenticationException {
        AlfrescoSecureContext context = ContextHolder.getContext();
        if (context == null || !(context instanceof AlfrescoSecureContext)) {
            return null;
        }
        AlfrescoSecureContext alfrescoSecureContext = context;
        if (alfrescoSecureContext.getEffectiveAuthentication() == null) {
            return null;
        }
        return getUserName(alfrescoSecureContext.getEffectiveAuthentication());
    }

    public static String getCurrentStoredUserName() throws AuthenticationException {
        AlfrescoSecureContext context = ContextHolder.getContext();
        if (context == null || !(context instanceof AlfrescoSecureContext)) {
            return null;
        }
        AlfrescoSecureContext alfrescoSecureContext = context;
        if (alfrescoSecureContext.getStoredAuthentication() == null) {
            return null;
        }
        return getUserName(alfrescoSecureContext.getStoredAuthentication());
    }

    private static String getUserName(Authentication authentication) {
        return authentication.getPrincipal() instanceof UserDetails ? ((UserDetails) authentication.getPrincipal()).getUsername() : authentication.getPrincipal().toString();
    }

    public static Authentication setSystemUserAsCurrentUser() {
        return setCurrentUser(SYSTEM_USER_NAME);
    }

    public static String getSystemUserName() {
        return SYSTEM_USER_NAME;
    }

    public static String getGuestUserName() {
        return PermissionService.GUEST_AUTHORITY.toLowerCase();
    }

    static void clearCurrentSecurityContextOnly() {
        ContextHolder.setContext((Context) null);
        NDC.remove();
    }

    public static void clearCurrentSecurityContext() {
        ContextHolder.setContext((Context) null);
        InMemoryTicketComponentImpl.clearCurrentSecurityContext();
        NDC.remove();
    }

    public static <R> R runAs(RunAsWork<R> runAsWork, String str) {
        int indexOf;
        String currentEffectiveUserName = getCurrentEffectiveUserName();
        String currentRealUserName = getCurrentRealUserName();
        if (currentRealUserName != null) {
            try {
                try {
                    if (isMtEnabled() && (indexOf = currentRealUserName.indexOf(TenantService.SEPARATOR)) != -1 && indexOf < currentRealUserName.length() - 1 && str.equals(getSystemUserName())) {
                        str = str + TenantService.SEPARATOR + currentRealUserName.substring(indexOf + 1);
                    }
                } catch (Throwable th) {
                    if (th instanceof RuntimeException) {
                        throw ((RuntimeException) th);
                    }
                    throw new RuntimeException("Error during run as.", th);
                }
            } catch (Throwable th2) {
                if (currentRealUserName == null) {
                    clearCurrentSecurityContextOnly();
                } else {
                    setCurrentEffectiveUser(currentEffectiveUserName);
                }
                throw th2;
            }
        }
        if (currentRealUserName == null) {
            setCurrentRealUser(str);
        }
        setCurrentEffectiveUser(str);
        R doWork = runAsWork.doWork();
        if (currentRealUserName == null) {
            clearCurrentSecurityContextOnly();
        } else {
            setCurrentEffectiveUser(currentEffectiveUserName);
        }
        return doWork;
    }
}
