package com.day.crx.security.authentication;

import com.day.crx.CRXSession;
import com.day.crx.security.User;
import com.day.crx.security.UserManager;
import java.security.Principal;
import java.util.Map;
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:com/day/crx/security/authentication/CRXLoginModule.class */
public class CRXLoginModule extends AbstractLoginModule {
    static final String CVS_ID = "$URL: http://svn.day.com/repos/crx/tags/crx-1.4.2-load5/repository/crx-core/src/main/java/com/day/crx/security/authentication/CRXLoginModule.java $ $Rev: 34076 $ $Date: 2008-03-07 13:07:28 +0100 (Fri, 07 Mar 2008) $";
    protected static final String KEY_SET_USER = "setUser";
    private UserManager userManager;

    @Override // com.day.crx.security.authentication.AbstractLoginModule
    protected void doInit(CallbackHandler callbackHandler, CRXSession cRXSession, Map map) throws LoginException {
        try {
            this.userManager = cRXSession.getUserManager();
        } catch (RepositoryException e) {
            throw new LoginException(e.getMessage());
        }
    }

    @Override // com.day.crx.security.authentication.AbstractLoginModule
    protected boolean authenticate(Principal principal, Credentials credentials) throws RepositoryException, LoginException {
        User covenantee = this.userManager.getCovenantee(principal);
        if (covenantee != null && covenantee.isUser() && covenantee.authenticate(credentials)) {
            return true;
        }
        throw new FailedLoginException();
    }

    @Override // com.day.crx.security.authentication.AbstractLoginModule
    protected boolean impersonate(Principal principal, Credentials credentials) throws RepositoryException, FailedLoginException {
        User covenantee = this.userManager.getCovenantee(principal);
        if (covenantee == null || !covenantee.isUser()) {
            return false;
        }
        if (covenantee.getImpersonation().impersonates(getImpersonator(credentials))) {
            return true;
        }
        throw new FailedLoginException(new StringBuffer().append("attempt to impersonate denied for ").append(principal.getName()).toString());
    }

    @Override // com.day.crx.security.authentication.AbstractLoginModule
    protected Principal getPrincipal(Credentials credentials) {
        Principal principal = null;
        if (credentials == null || isAnonymous(credentials)) {
            principal = this.principalProvider.hasPrincipal(this.anonymousPrincipal) ? this.principalProvider.getPrincipal(this.anonymousPrincipal) : this.defaultProvider.getEveryone();
        } else {
            String userID = getUserID(credentials);
            try {
                User user = this.userManager.getUser(userID);
                if (user != null) {
                    principal = user.isAdmin() ? this.defaultProvider.getAdmin() : user.getPrincipal();
                }
            } catch (RepositoryException e) {
                log.error("Failed to access user for ''{}'' -> set to ignore", userID);
                log.debug("cause:", e);
            }
        }
        return principal;
    }

    @Override // com.day.crx.security.authentication.AbstractLoginModule
    protected boolean verifyPassword(String str, Principal principal, char[] cArr) throws LoginException {
        if (cArr.length < 1) {
            log.warn("Login-attemp from ''{}'' with empty password -> invalidated", str);
            return false;
        }
        try {
            Credentials credentials = getCredentials();
            User covenantee = this.userManager.getCovenantee(principal);
            if (covenantee != null && covenantee.isUser()) {
                if (covenantee.authenticate(credentials)) {
                    return true;
                }
            }
            return false;
        } catch (RepositoryException e) {
            log.error("Login-attempt for {} failed: {}", str, e.getMessage());
            return false;
        }
    }
}
