package com.adobe.livecycle.dsc.clientsdk.internal.security;

import com.adobe.ep.auth.ticket.TicketService;
import com.adobe.idp.dsc.DSCException;
import com.adobe.idp.dsc.InvocationRequest;
import com.adobe.idp.dsc.InvocationResponse;
import com.adobe.idp.dsc.clientsdk.ServiceClientFactoryProperties;
import com.adobe.livecycle.dsc.clientsdk.InvocationInterceptor;
import com.adobe.livecycle.dsc.clientsdk.InvocationInterceptorChain;
import com.adobe.livecycle.dsc.clientsdk.InvocationProperties;
import com.adobe.livecycle.dsc.clientsdk.ServiceClientFactoryConfigProvider;
import com.adobe.livecycle.dsc.clientsdk.internal.ConfigChangeListener;
import com.adobe.livecycle.dsc.clientsdk.internal.ConfigConstants;
import com.adobe.livecycle.dsc.clientsdk.internal.ConfigUtil;
import com.adobe.livecycle.dsc.clientsdk.internal.DSCConfigService;
import com.adobe.livecycle.dsc.clientsdk.security.PasswordCredential;
import java.util.Collections;
import java.util.Set;
import org.apache.sling.settings.SlingSettingsService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/livecycle/dsc/clientsdk/internal/security/SecurityInterceptor.class */
public class SecurityInterceptor implements InvocationInterceptor, ConfigChangeListener {
    private static final String LISTENER_NAME = SecurityInterceptor.class.getName();
    private ServiceClientFactoryConfigProvider configProvider;
    private TicketService ticketService;
    private SlingSettingsService settingsService;
    private DSCConfigService configService;
    private CurrentUserCredentialProvider currentUserCredentialProvider;
    private CredentialProvider systemUserCredentialProvider;
    private Logger log = LoggerFactory.getLogger(SecurityInterceptor.class);
    private Set<String> whiteListServiceNames = Collections.emptySet();

    private void activate() {
        if (ConfigUtil.isEmbeddedMode(this.settingsService)) {
            this.systemUserCredentialProvider = new SystemUserCredentialProvider();
            this.log.debug("Detected embedded mode deployment, would be using System user credentials");
        } else {
            this.systemUserCredentialProvider = new ProfileUserCredentialProvider(this.configProvider);
        }
        this.currentUserCredentialProvider = new CurrentUserCredentialProvider(this.configProvider);
        this.configService.registerListener(LISTENER_NAME, this);
        configChanged();
    }

    @Override // com.adobe.livecycle.dsc.clientsdk.internal.ConfigChangeListener
    public void configChanged() {
        this.whiteListServiceNames = this.configService.getServiceNames();
        this.log.debug("Registering following services as part of whiteList {}", this.whiteListServiceNames);
    }

    private void deactivate() {
        this.configService.removeListener(LISTENER_NAME);
    }

    @Override // com.adobe.livecycle.dsc.clientsdk.InvocationInterceptor
    public InvocationResponse intercept(InvocationRequest invocationRequest, InvocationInterceptorChain invocationInterceptorChain) throws DSCException {
        PasswordCredential passwordCredential;
        String str = (String) invocationRequest.getProperty("livecycleProfileName");
        if (str == null) {
            throw new IllegalArgumentException("ProfileName not specified");
        }
        PasswordCredential passwordCredential2 = (PasswordCredential) invocationRequest.getProperty(ConfigConstants._RENEWED_CREDENTIAL);
        if (passwordCredential2 != null) {
            passwordCredential = passwordCredential2;
            invocationRequest.removeProperty(ConfigConstants._RENEWED_CREDENTIAL);
        } else if (isInvocationForSystemUser(invocationRequest)) {
            passwordCredential = this.systemUserCredentialProvider.getCredentials(str);
            this.log.trace("Using system credentials for InvocationRequest");
        } else {
            passwordCredential = invokingUserCredentials(str);
        }
        InvocationResponse invocationResponse = null;
        if (passwordCredential != null) {
            com.adobe.idp.dsc.authentication.PasswordCredential passwordCredential3 = new com.adobe.idp.dsc.authentication.PasswordCredential();
            passwordCredential3.setUserName(passwordCredential.getUsername());
            passwordCredential3.setPassword(passwordCredential.getPassword());
            invocationRequest.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL, passwordCredential3);
            Object attribute = passwordCredential.getAttribute(ConfigConstants._PRINCIPAL_NAME);
            if (attribute != null) {
                invocationRequest.setProperty(ConfigConstants._PRINCIPAL_NAME, attribute);
            }
        } else {
            invocationRequest.removeProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL);
        }
        invocationRequest.removeProperty(ServiceClientFactoryProperties.DSC_CONTEXT);
        try {
            invocationResponse = invocationInterceptorChain.doIntercept(invocationRequest);
            if (invocationResponse != null) {
                invocationResponse.removeProperty(ServiceClientFactoryProperties.DSC_CONTEXT);
            }
            return invocationResponse;
        } catch (Throwable th) {
            if (invocationResponse != null) {
                invocationResponse.removeProperty(ServiceClientFactoryProperties.DSC_CONTEXT);
            }
            throw th;
        }
    }

    private PasswordCredential invokingUserCredentials(String str) {
        PasswordCredential invokingCredentials = RunAsManagerImpl.getInvokingCredentials();
        return invokingCredentials != null ? invokingCredentials : this.currentUserCredentialProvider.getCredentials(str);
    }

    private boolean isInvocationForSystemUser(InvocationRequest invocationRequest) {
        if (InvocationProperties.INVOKER_TYPE_SYSTEM.equals(invocationRequest.getProperty(InvocationProperties.INVOKER_TYPE)) || RunAsManagerImpl.isInvocationForSystemUser()) {
            return true;
        }
        String serviceName = invocationRequest.getServiceName();
        if (!shouldServiceBeInvokedAsSystemUser(serviceName)) {
            return false;
        }
        this.log.debug("Service {} part of white list and would be invoked with system user credential", serviceName);
        return true;
    }

    private boolean shouldServiceBeInvokedAsSystemUser(String str) {
        return this.whiteListServiceNames.contains(str);
    }

    private void bindTicketService(TicketService ticketService) {
        this.currentUserCredentialProvider.setTicketService(ticketService);
    }

    private void unbindTicketService(TicketService ticketService) {
        this.currentUserCredentialProvider.setTicketService(null);
    }

    protected void bindConfigProvider(ServiceClientFactoryConfigProvider serviceClientFactoryConfigProvider) {
        this.configProvider = serviceClientFactoryConfigProvider;
    }

    protected void unbindConfigProvider(ServiceClientFactoryConfigProvider serviceClientFactoryConfigProvider) {
        if (this.configProvider == serviceClientFactoryConfigProvider) {
            this.configProvider = null;
        }
    }

    protected void bindSettingsService(SlingSettingsService slingSettingsService) {
        this.settingsService = slingSettingsService;
    }

    protected void unbindSettingsService(SlingSettingsService slingSettingsService) {
        if (this.settingsService == slingSettingsService) {
            this.settingsService = null;
        }
    }

    protected void bindConfigService(DSCConfigService dSCConfigService) {
        this.configService = dSCConfigService;
    }

    protected void unbindConfigService(DSCConfigService dSCConfigService) {
        if (this.configService == dSCConfigService) {
            this.configService = null;
        }
    }
}
