package com.adobe.livecycle.dsc.clientsdk.internal;

import com.adobe.idp.dsc.DSCException;
import com.adobe.idp.dsc.InvocationRequest;
import com.adobe.idp.dsc.authentication.PasswordCredential;
import com.adobe.idp.dsc.clientsdk.ServiceClient;
import com.adobe.idp.dsc.clientsdk.ServiceClientFactory;
import com.adobe.idp.dsc.clientsdk.ServiceClientFactoryProperties;
import com.adobe.idp.dsc.provider.MessageDispatcher;
import com.adobe.idp.um.api.AuthenticationManager;
import com.adobe.idp.um.api.DirectoryManager;
import com.adobe.idp.um.api.UMConstants;
import com.adobe.idp.um.api.UMException;
import com.adobe.idp.um.api.infomodel.AuthResult;
import com.adobe.idp.um.api.infomodel.PrincipalSearchFilter;
import com.adobe.idp.um.api.infomodel.User;
import com.adobe.livecycle.dsc.clientsdk.ServiceClientFactoryConfigProvider;
import com.adobe.livecycle.dsc.clientsdk.ServiceClientFactoryProvider;
import com.adobe.livecycle.dsc.clientsdk.security.PrivilegedAction;
import com.adobe.livecycle.dsc.clientsdk.security.RunAsManager;
import com.adobe.livecycle.usermanager.client.AuthenticationManagerServiceClient;
import com.adobe.livecycle.usermanager.client.DirectoryManagerServiceClient;
import com.adobe.livecycle.usermanager.crx.LCPrincipalName;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.settings.SlingSettingsService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/livecycle/dsc/clientsdk/internal/RenewTicketInterceptorAndThrowHandler.class */
public class RenewTicketInterceptorAndThrowHandler implements ServiceClientFactory.ThrowHandler {
    private static final Logger log = LoggerFactory.getLogger(RenewTicketInterceptorAndThrowHandler.class);
    private int maxTries = 2;
    private ServiceClientFactoryProvider scfProvider;
    private ServiceClientFactoryConfigProvider configProvider;
    private SlingRepository slingRepository;
    private SlingSettingsService settingsService;
    private RunAsManager runAsManager;

    /* loaded from: input_file:com/adobe/livecycle/dsc/clientsdk/internal/RenewTicketInterceptorAndThrowHandler$ImpersonationAction.class */
    private static class ImpersonationAction implements PrivilegedAction<AuthResult> {
        private final AuthenticationManager am;
        private final DirectoryManager dm;
        private final LCPrincipalName name;

        private ImpersonationAction(AuthenticationManager authenticationManager, DirectoryManager directoryManager, LCPrincipalName lCPrincipalName) {
            this.am = authenticationManager;
            this.dm = directoryManager;
            this.name = lCPrincipalName;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.adobe.livecycle.dsc.clientsdk.security.PrivilegedAction
        public AuthResult run() {
            try {
                String domainName = this.name.getDomainName();
                return this.am.getAuthResultOnBehalfOfUser(findUser(this.name).getCanonicalName(), domainName, null);
            } catch (UMException e) {
                throw new RuntimeException(e);
            }
        }

        public User findUser(LCPrincipalName lCPrincipalName) {
            PrincipalSearchFilter principalSearchFilter = new PrincipalSearchFilter();
            if (lCPrincipalName.hasDomainSpecified()) {
                principalSearchFilter.setSpecificDomainName(lCPrincipalName.getDomainName());
            }
            if (lCPrincipalName.isUniqueIdUserId()) {
                principalSearchFilter.setUserIdAbsolute(lCPrincipalName.getUniqueIdentifier());
            } else {
                principalSearchFilter.setCanonicalName(lCPrincipalName.getUniqueIdentifier());
            }
            principalSearchFilter.setVisibility(0);
            principalSearchFilter.setRetrieveOnlyActive();
            principalSearchFilter.setObtainCompletePrincipal(false);
            principalSearchFilter.setPrincipalType("USER");
            try {
                List findPrincipals = this.dm.findPrincipals(principalSearchFilter);
                if (findPrincipals.isEmpty()) {
                    throw new RuntimeException("No user found for name [" + this.name + "]");
                }
                if (findPrincipals.size() > 1) {
                    RenewTicketInterceptorAndThrowHandler.log.warn("login: found multiple users with id ''{}'' -> using first.", lCPrincipalName);
                }
                return (User) findPrincipals.get(0);
            } catch (UMException e) {
                RenewTicketInterceptorAndThrowHandler.log.warn("Error connecting to LC ", e);
                return null;
            }
        }
    }

    private void activate() {
        if (ConfigUtil.isEmbeddedMode(this.settingsService)) {
            return;
        }
        ServiceClientFactory.installThrowHandler(this);
        log.info("Installed a ThrowHandler with the ServiceClientFactory to handle session timeouts");
    }

    @Override // com.adobe.idp.dsc.clientsdk.ServiceClientFactory.ThrowHandler
    public boolean handleThrowable(Throwable th, ServiceClient serviceClient, ServiceClientFactory serviceClientFactory, MessageDispatcher messageDispatcher, InvocationRequest invocationRequest, int i) throws DSCException {
        PasswordCredential passwordCredential;
        if (timeoutError(th)) {
            if (i > this.maxTries || (passwordCredential = (PasswordCredential) invocationRequest.getProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL)) == null || !UMConstants.SSOConstants.LC_ASSERTION_USER.equals(passwordCredential.getUserName())) {
                return false;
            }
            String str = (String) invocationRequest.getProperty("livecycleProfileName");
            String str2 = (String) invocationRequest.getProperty(ConfigConstants._PRINCIPAL_NAME);
            if (!LCPrincipalName.isValidName(str2)) {
                return false;
            }
            LCPrincipalName fromPrincipalName = LCPrincipalName.fromPrincipalName(str2);
            if (ConfigUtil.isCustomTicketEnabled(this.configProvider.getConfiguration(str))) {
                return false;
            }
            try {
                String assertion = ((AuthResult) this.runAsManager.doPrivileged(new ImpersonationAction(getAuthenticationManager(str), getDirectoryManager(str), fromPrincipalName))).getAssertion();
                com.adobe.livecycle.dsc.clientsdk.security.PasswordCredential passwordCredential2 = new com.adobe.livecycle.dsc.clientsdk.security.PasswordCredential(UMConstants.SSOConstants.LC_ASSERTION_USER, assertion);
                passwordCredential2.setAttribute(ConfigConstants._PRINCIPAL_NAME, str2);
                invocationRequest.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL, passwordCredential2);
                Map hashMap = new HashMap(invocationRequest.getInputParameters());
                HashMap hashMap2 = new HashMap();
                hashMap2.put(ConfigConstants._CREDENTIAL, passwordCredential2);
                hashMap2.put("livecycleProfileName", str);
                hashMap.put(ConfigConstants._PAYLOAD, hashMap2);
                invocationRequest.setInputParameters(hashMap);
                String tokenIDForCurrentUser = CurrentUserUtil.getTokenIDForCurrentUser();
                if (tokenIDForCurrentUser != null) {
                    Session session = null;
                    try {
                        session = this.slingRepository.loginAdministrative((String) null);
                        session.getNodeByIdentifier(tokenIDForCurrentUser).setProperty(CurrentUserUtil.ATTR_ASSERTION, session.getValueFactory().createValue(assertion));
                        session.save();
                        log.debug("Updated the assertion for user {} upon timeout of current assertion", str2);
                        if (session != null) {
                            session.logout();
                        }
                    } catch (Throwable th2) {
                        if (session != null) {
                            session.logout();
                        }
                        throw th2;
                    }
                }
                log.info("Renewed the assertion and updated the ticket for user {} and retrying the InvocationRequest.", str2);
                return true;
            } catch (RepositoryException e) {
                log.warn("Error occurred while refreshing context ", e);
            } catch (RuntimeException e2) {
                if (!(e2.getCause() instanceof UMException)) {
                    throw e2;
                }
                log.warn("Error occurred while refreshing context ", e2);
            }
        }
        if (th instanceof DSCException) {
            throw ((DSCException) th);
        }
        if (th instanceof RuntimeException) {
            throw ((RuntimeException) th);
        }
        throw new IllegalStateException(th);
    }

    private boolean timeoutError(Throwable th) {
        return (th.getCause() instanceof UMException) && 16421 == ((UMException) th.getCause()).getErrCode();
    }

    private AuthenticationManager getAuthenticationManager(String str) {
        return new AuthenticationManagerServiceClient(this.scfProvider.getServiceClientFactory(str));
    }

    private DirectoryManager getDirectoryManager(String str) {
        return new DirectoryManagerServiceClient(this.scfProvider.getServiceClientFactory(str));
    }

    protected void bindScfProvider(ServiceClientFactoryProvider serviceClientFactoryProvider) {
        this.scfProvider = serviceClientFactoryProvider;
    }

    protected void unbindScfProvider(ServiceClientFactoryProvider serviceClientFactoryProvider) {
        if (this.scfProvider == serviceClientFactoryProvider) {
            this.scfProvider = null;
        }
    }

    protected void bindConfigProvider(ServiceClientFactoryConfigProvider serviceClientFactoryConfigProvider) {
        this.configProvider = serviceClientFactoryConfigProvider;
    }

    protected void unbindConfigProvider(ServiceClientFactoryConfigProvider serviceClientFactoryConfigProvider) {
        if (this.configProvider == serviceClientFactoryConfigProvider) {
            this.configProvider = null;
        }
    }

    protected void bindSlingRepository(SlingRepository slingRepository) {
        this.slingRepository = slingRepository;
    }

    protected void unbindSlingRepository(SlingRepository slingRepository) {
        if (this.slingRepository == slingRepository) {
            this.slingRepository = null;
        }
    }

    protected void bindSettingsService(SlingSettingsService slingSettingsService) {
        this.settingsService = slingSettingsService;
    }

    protected void unbindSettingsService(SlingSettingsService slingSettingsService) {
        if (this.settingsService == slingSettingsService) {
            this.settingsService = null;
        }
    }

    protected void bindRunAsManager(RunAsManager runAsManager) {
        this.runAsManager = runAsManager;
    }

    protected void unbindRunAsManager(RunAsManager runAsManager) {
        if (this.runAsManager == runAsManager) {
            this.runAsManager = null;
        }
    }
}
