package org.pentaho.platform.repository2.unified.jcr.jackrabbit.security;

import java.security.Principal;
import java.security.acl.Group;
import java.util.HashSet;
import java.util.List;
import java.util.Properties;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.jcr.Session;
import org.apache.commons.collections.map.LRUMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.core.security.AnonymousPrincipal;
import org.apache.jackrabbit.core.security.UserPrincipal;
import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
import org.apache.jackrabbit.core.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter;
import org.apache.jackrabbit.core.security.principal.PrincipalProvider;
import org.pentaho.platform.api.engine.IUserRoleListService;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy;
import org.pentaho.platform.repository2.unified.jcr.JcrTenantUtils;
import org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.messages.Messages;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.userdetails.User;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;
import org.springframework.util.Assert;

/* loaded from: input_file:org/pentaho/platform/repository2/unified/jcr/jackrabbit/security/SpringSecurityPrincipalProvider.class */
public class SpringSecurityPrincipalProvider implements PrincipalProvider {
    private UserDetailsService userDetailsService;
    private IUserRoleListService userRoleListService;
    private String adminId;
    private AdminPrincipal adminPrincipal;
    private String anonymousId;
    private Log logger = LogFactory.getLog(SpringSecurityPrincipalProvider.class);
    private AnonymousPrincipal anonymousPrincipal = new AnonymousPrincipal();
    final boolean ACCOUNT_NON_EXPIRED = true;
    final boolean CREDS_NON_EXPIRED = true;
    final boolean ACCOUNT_NON_LOCKED = true;
    private final AtomicBoolean initialized = new AtomicBoolean(false);
    private final LRUMap userCache = new LRUMap(4096);
    private final LRUMap roleCache = new LRUMap(512);

    public void init(Properties properties) {
        synchronized (this.initialized) {
            if (this.initialized.get()) {
                throw new IllegalStateException(Messages.getInstance().getString("SpringSecurityPrincipalProvider.ERROR_0001_ALREADY_INITIALIZED"));
            }
        }
        this.adminId = properties.getProperty("adminId", "admin");
        this.adminPrincipal = new AdminPrincipal(this.adminId);
        if (this.logger.isTraceEnabled()) {
            this.logger.trace(String.format("using adminId [%s]", this.adminId));
        }
        this.anonymousId = properties.getProperty("anonymousId", "anonymous");
        if (this.logger.isTraceEnabled()) {
            this.logger.trace(String.format("using anonymousId [%s]", this.anonymousId));
        }
        this.initialized.set(true);
    }

    public void close() {
        checkInitialized();
        clearCaches();
        this.initialized.set(false);
    }

    public synchronized void clearCaches() {
        synchronized (this.userCache) {
            this.userCache.clear();
        }
        synchronized (this.roleCache) {
            this.roleCache.clear();
        }
    }

    public synchronized boolean canReadPrincipal(Session session, Principal principal) {
        checkInitialized();
        return true;
    }

    public synchronized Principal getPrincipal(String str) {
        Principal principal;
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("principalName: [" + str + "]");
        }
        checkInitialized();
        Assert.notNull(str);
        if (JcrAclMetadataStrategy.AclMetadataPrincipal.isAclMetadataPrincipal(str)) {
            return new JcrAclMetadataStrategy.AclMetadataPrincipal(str);
        }
        if (this.adminId.equals(str)) {
            return this.adminPrincipal;
        }
        if (this.anonymousId.equals(str)) {
            return this.anonymousPrincipal;
        }
        if (EveryonePrincipal.getInstance().getName().equals(str)) {
            return EveryonePrincipal.getInstance();
        }
        if (!JcrTenantUtils.isTenantedUser(str)) {
            if (!JcrTenantUtils.isTenatedRole(str)) {
                return null;
            }
            Principal principal2 = (Principal) this.roleCache.get(JcrTenantUtils.getTenantedRole(str));
            if (principal2 != null) {
                if (this.logger.isTraceEnabled()) {
                    this.logger.trace("role " + str + " found in cache");
                }
                return principal2;
            }
            if (this.logger.isTraceEnabled()) {
                this.logger.trace("role " + str + " not found in cache");
            }
            SpringSecurityRolePrincipal createSpringSecurityRolePrincipal = createSpringSecurityRolePrincipal(str);
            this.roleCache.put(str, createSpringSecurityRolePrincipal);
            if (this.logger.isTraceEnabled()) {
                this.logger.trace("assuming " + str + " is a role");
            }
            return createSpringSecurityRolePrincipal;
        }
        synchronized (this.userCache) {
            principal = (Principal) this.userCache.get(JcrTenantUtils.getTenantedUser(str));
        }
        if (principal != null) {
            if (this.logger.isTraceEnabled()) {
                this.logger.trace("user " + str + " found in cache");
            }
            return principal;
        }
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("user " + str + " not found in cache");
        }
        if (internalGetUserDetails(str) == null) {
            return null;
        }
        UserPrincipal userPrincipal = new UserPrincipal(str);
        synchronized (this.userCache) {
            this.userCache.put(str, userPrincipal);
        }
        return userPrincipal;
    }

    public PrincipalIterator getGroupMembership(Principal principal) {
        Principal principal2;
        checkInitialized();
        Assert.notNull(principal);
        HashSet hashSet = new HashSet();
        if (!(principal instanceof AnonymousPrincipal) && !(principal instanceof EveryonePrincipal)) {
            if (!(principal instanceof Group) && !(principal instanceof AdminPrincipal) && !(principal instanceof JcrAclMetadataStrategy.AclMetadataPrincipal)) {
                UserDetails internalGetUserDetails = internalGetUserDetails(principal.getName());
                if (internalGetUserDetails == null) {
                    return new PrincipalIteratorAdapter(hashSet);
                }
                for (GrantedAuthority grantedAuthority : internalGetUserDetails.getAuthorities()) {
                    String authority = grantedAuthority.getAuthority();
                    synchronized (this.roleCache) {
                        principal2 = (Principal) this.roleCache.get(authority);
                    }
                    if (principal2 != null) {
                        hashSet.add(principal2);
                    } else {
                        hashSet.add(createSpringSecurityRolePrincipal(authority));
                    }
                }
            }
            hashSet.add(EveryonePrincipal.getInstance());
            if (this.logger.isTraceEnabled()) {
                this.logger.trace("group membership for principal=" + principal + " is " + hashSet);
            }
            return new PrincipalIteratorAdapter(hashSet);
        }
        return PrincipalIteratorAdapter.EMPTY;
    }

    protected UserDetails internalGetUserDetails(String str) {
        GrantedAuthority[] grantedAuthorityArr;
        if (str != null && str.equals("administrators")) {
            return null;
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null) {
            Object principal = authentication.getPrincipal();
            if ((principal instanceof UserDetails) && str.equals(((UserDetails) principal).getUsername())) {
                return (UserDetails) principal;
            }
        }
        UserDetails userDetails = null;
        GrantedAuthority[] grantedAuthorityArr2 = null;
        UserDetails userDetails2 = null;
        if (getUserDetailsService() != null) {
            try {
                userDetails = getUserDetailsService().loadUserByUsername(str);
                if (authentication == null || authentication.getAuthorities() == null || authentication.getAuthorities().length == 0) {
                    if (this.logger.isTraceEnabled()) {
                        this.logger.trace("Authentication object from SecurityContextHolder is null, so getting the roles for [ " + userDetails.getUsername() + " ]  from IUserRoleListService ");
                    }
                    List rolesForUser = getUserRoleListService().getRolesForUser(JcrTenantUtils.getCurrentTenant(), str);
                    grantedAuthorityArr = new GrantedAuthority[rolesForUser.size()];
                    for (int i = 0; i < rolesForUser.size(); i++) {
                        grantedAuthorityArr[i] = new GrantedAuthorityImpl((String) rolesForUser.get(i));
                    }
                } else {
                    grantedAuthorityArr = authentication.getAuthorities();
                }
                grantedAuthorityArr2 = new GrantedAuthority[grantedAuthorityArr.length];
                for (int i2 = 0; i2 < grantedAuthorityArr.length; i2++) {
                    String authority = grantedAuthorityArr[i2].getAuthority();
                    String tenantedRole = JcrTenantUtils.getTenantedRole(authority);
                    synchronized (this.roleCache) {
                        if (!this.roleCache.containsKey(authority)) {
                            this.roleCache.put(authority, new SpringSecurityRolePrincipal(tenantedRole));
                        }
                    }
                    grantedAuthorityArr2[i2] = new GrantedAuthorityImpl(tenantedRole);
                }
                if (this.logger.isTraceEnabled()) {
                    this.logger.trace("found user in back-end " + userDetails.getUsername());
                }
            } catch (UsernameNotFoundException e) {
                if (this.logger.isTraceEnabled()) {
                    this.logger.trace("username " + str + " not in cache or back-end; returning null");
                }
            }
            if (userDetails != null) {
                if (grantedAuthorityArr2 == null || grantedAuthorityArr2.length <= 0) {
                    this.logger.trace("Authorities are null, so creating an empty Auth array ==  " + userDetails.getUsername());
                    grantedAuthorityArr2 = new GrantedAuthority[0];
                }
                userDetails2 = new User(userDetails.getUsername(), userDetails.getPassword() != null ? userDetails.getPassword() : "", userDetails.isEnabled(), true, true, true, grantedAuthorityArr2);
            }
        }
        return userDetails2;
    }

    protected void checkInitialized() {
        synchronized (this.initialized) {
            if (!this.initialized.get()) {
                throw new IllegalStateException(Messages.getInstance().getString("SpringSecurityPrincipalProvider.ERROR_0003_NOT_INITIALIZED"));
            }
        }
    }

    public PrincipalIterator findPrincipals(String str) {
        throw new UnsupportedOperationException();
    }

    public PrincipalIterator findPrincipals(String str, int i) {
        throw new UnsupportedOperationException();
    }

    public PrincipalIterator getPrincipals(int i) {
        throw new UnsupportedOperationException();
    }

    protected UserDetailsService getUserDetailsService() {
        if (null != this.userDetailsService) {
            return this.userDetailsService;
        }
        if (!PentahoSystem.getInitializedOK()) {
            return null;
        }
        this.userDetailsService = (UserDetailsService) PentahoSystem.get(UserDetailsService.class);
        return this.userDetailsService;
    }

    protected IUserRoleListService getUserRoleListService() {
        if (null != this.userRoleListService) {
            return this.userRoleListService;
        }
        if (!PentahoSystem.getInitializedOK()) {
            return null;
        }
        this.userRoleListService = (IUserRoleListService) PentahoSystem.get(IUserRoleListService.class);
        return this.userRoleListService;
    }

    private SpringSecurityRolePrincipal createSpringSecurityRolePrincipal(String str) {
        return new SpringSecurityRolePrincipal(JcrTenantUtils.getTenantedRole(str));
    }
}
