package org.jabylon.security.auth;

import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.felix.scr.annotations.Service;
import org.eclipse.emf.cdo.util.CommitException;
import org.eclipse.emf.ecore.EObject;
import org.eclipse.equinox.security.auth.ILoginContext;
import org.eclipse.equinox.security.auth.LoginContextFactory;
import org.jabylon.cdo.connector.Modification;
import org.jabylon.cdo.connector.RepositoryConnector;
import org.jabylon.cdo.connector.TransactionUtil;
import org.jabylon.cdo.server.ServerConstants;
import org.jabylon.security.CommonPermissions;
import org.jabylon.security.JabylonSecurityBundle;
import org.jabylon.security.SubjectAttribute;
import org.jabylon.users.User;
import org.jabylon.users.UserManagement;
import org.jabylon.users.UsersFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(enabled = true, immediate = true)
/* loaded from: input_file:org/jabylon/security/auth/AuthenticatorServiceImpl.class */
public class AuthenticatorServiceImpl implements AuthenticationService {
    private Logger logger = LoggerFactory.getLogger(AuthenticatorServiceImpl.class);
    private static final String JAAS_CONFIG_FILE = "jaas.config";

    @Reference(policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.MANDATORY_UNARY, bind = "setRepositoryConnector", unbind = "unbindRepositoryConnector")
    private RepositoryConnector repositoryConnector;
    private UserManagement userManagement;
    private User anonymous;

    @Override // org.jabylon.security.auth.AuthenticationService
    public boolean authenticate(String str, String str2) {
        return doAuthenticate(str, str2) != null;
    }

    protected Subject doAuthenticate(final String str, final String str2) {
        ILoginContext createLoginContext = createLoginContext(new CallbackHandler() { // from class: org.jabylon.security.auth.AuthenticatorServiceImpl.1
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                for (Callback callback : callbackArr) {
                    if (callback instanceof NameCallback) {
                        ((NameCallback) callback).setName(str);
                    } else if (callback instanceof PasswordCallback) {
                        ((PasswordCallback) callback).setPassword(str2.toCharArray());
                    }
                }
            }
        });
        try {
            createLoginContext.login();
            Subject subject = createLoginContext.getSubject();
            Set publicCredentials = subject.getPublicCredentials(String.class);
            this.logger.info("Login for user {} successful", publicCredentials.isEmpty() ? str : (String) publicCredentials.iterator().next());
            return subject;
        } catch (LoginException e) {
            this.logger.error("Login for user " + str + " failed: " + e.getMessage());
            return null;
        }
    }

    @Override // org.jabylon.security.auth.AuthenticationService
    public User authenticateUser(String str, String str2) {
        String str3 = str;
        final Subject doAuthenticate = doAuthenticate(str, str2);
        if (doAuthenticate == null) {
            return null;
        }
        Set publicCredentials = doAuthenticate.getPublicCredentials(String.class);
        if (!publicCredentials.isEmpty()) {
            str3 = (String) publicCredentials.iterator().next();
        }
        UserManagement userManagement = getUserManagement();
        if (userManagement == null) {
            return null;
        }
        EObject findUserByName = userManagement.findUserByName(str3);
        try {
            if (findUserByName == null) {
                this.logger.info("User {} logged in for the first time. Creating DB Entry", str3);
                final User createUser = UsersFactory.eINSTANCE.createUser();
                createUser.setName(str3);
                findUserByName = (User) TransactionUtil.commit(userManagement, new Modification<UserManagement, User>() { // from class: org.jabylon.security.auth.AuthenticatorServiceImpl.2
                    public User apply(UserManagement userManagement2) {
                        CommonPermissions.addDefaultPermissions(userManagement2, createUser);
                        AuthenticatorServiceImpl.this.applyAttributes(createUser, doAuthenticate);
                        userManagement2.getUsers().add(createUser);
                        return createUser;
                    }
                });
            } else {
                findUserByName = (User) TransactionUtil.commit(findUserByName, new Modification<User, User>() { // from class: org.jabylon.security.auth.AuthenticatorServiceImpl.3
                    public User apply(User user) {
                        AuthenticatorServiceImpl.this.applyAttributes(user, doAuthenticate);
                        return user;
                    }
                });
            }
        } catch (CommitException e) {
            this.logger.error("Failed to commit new user or updating exsiting after login", e);
        }
        return findUserByName;
    }

    protected void applyAttributes(User user, Subject subject) {
        Iterator it = subject.getPublicCredentials(SubjectAttribute.class).iterator();
        while (it.hasNext()) {
            ((SubjectAttribute) it.next()).applyTo(user);
        }
    }

    private ILoginContext createLoginContext(CallbackHandler callbackHandler) {
        return LoginContextFactory.createContext("Jabylon", getJAASConfig(), callbackHandler);
    }

    private URL getJAASConfig() {
        String property = System.getProperty("osgi.configuration.area");
        if (property == null || property.isEmpty()) {
            property = new File(new File(ServerConstants.WORKING_DIR), "configuration").toURI().toString();
        }
        try {
            File file = new File(new File(new URI(property)), JAAS_CONFIG_FILE);
            if (file.isFile()) {
                return file.toURI().toURL();
            }
        } catch (Exception e) {
            this.logger.error("invalid jaas url", e);
        }
        return JabylonSecurityBundle.getBundleContext().getBundle().getEntry("META-INF/jaas.config");
    }

    private UserManagement getUserManagement() {
        if (this.userManagement == null) {
            Object obj = getRepositoryConnector().openView().getResource("users").getContents().get(0);
            if (obj instanceof UserManagement) {
                this.userManagement = (UserManagement) obj;
            } else {
                this.logger.error("Failed to obtain UserManagement");
            }
        }
        return this.userManagement;
    }

    public RepositoryConnector getRepositoryConnector() {
        return this.repositoryConnector;
    }

    public void setRepositoryConnector(RepositoryConnector repositoryConnector) {
        this.repositoryConnector = repositoryConnector;
    }

    public void unbindRepositoryConnector(RepositoryConnector repositoryConnector) {
        if (repositoryConnector == this.repositoryConnector) {
            if (this.userManagement != null) {
                this.userManagement.cdoView().close();
            }
            this.userManagement = null;
            this.repositoryConnector = null;
        }
    }

    @Deactivate
    protected void deactivate() {
        if (this.userManagement != null) {
            this.userManagement.cdoView().close();
        }
        this.userManagement = null;
    }

    @Override // org.jabylon.security.auth.AuthenticationService
    public User getAnonymousUser() {
        if (this.anonymous == null) {
            this.anonymous = getUserManagement().findUserByName("Anonymous");
        }
        return this.anonymous;
    }
}
