package com.day.crx.core;

import com.day.crx.CRXSession;
import com.day.crx.core.config.CRXWorkspaceConfig;
import com.day.crx.core.config.WorkspaceSecurityConfig;
import com.day.crx.core.security.SecuritySetup;
import com.day.crx.security.UserManager;
import com.day.crx.security.authentication.LoginHandler;
import com.day.crx.security.authorization.DefaultACLProviderFactory;
import com.day.crx.security.authorization.DefaultCompiledACLProviderFactory;
import com.day.crx.security.authorization.DefaultWorkspaceACLProvider;
import com.day.crx.security.principals.DefaultPrincipalProvider;
import com.day.crx.security.principals.DefaultProviderRegistry;
import com.day.crx.security.principals.PrincipalManagerImpl;
import com.day.crx.security.principals.PrincipalProviderRegistry;
import com.day.crx.security.spi.ACLProvider;
import com.day.crx.security.spi.ACLProviderFactory;
import com.day.crx.security.spi.CompiledACLProvider;
import com.day.crx.security.spi.CompiledACLProviderFactory;
import com.day.crx.security.user.UserManagerImpl;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import javax.jcr.AccessDeniedException;
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.security.auth.Subject;
import org.apache.jackrabbit.core.config.BeanConfig;
import org.apache.jackrabbit.core.config.ConfigurationException;
import org.apache.jackrabbit.core.config.RepositoryConfig;
import org.apache.jackrabbit.core.security.AuthContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/day/crx/core/CRXSecurityManager.class */
public class CRXSecurityManager {
    static final String CVS_ID = "$URL: http://svn.day.com/repos/crx/tags/crx-1.4.2-load5/repository/crx-core/src/main/java/com/day/crx/core/CRXSecurityManager.java $ $Rev: 46871 $ $Date: 2008-12-19 14:46:55 +0100 (Fri, 19 Dec 2008) $";
    private static final Logger log;
    private final CRXRepositoryImpl rep;
    private final CRXSystemSession securitySession;
    private static final String OPTION_CREDENTIALS_CACHE_EXPIRATION = "credentialsCacheExpiration";
    private static final String OPTION_PRINCIPAL_SEARCHMODE = "userSearchMode";
    private static final String MODE_INDEX = "searchindex";
    private static final long DEFAULT_CREDENTIALS_EXPIRATION = 120;
    private final DefaultACLProviderFactory defaultACLProviderFac;
    private final DefaultCompiledACLProviderFactory defaultCompiledACLFac;
    private final DefaultProviderRegistry registry;
    private final DefaultWorkspaceACLProvider wspAclProvider;
    private final SecuritySetup setup;
    private final LoginHandler loginHandler;
    private boolean userMgrUseIndex;
    static Class class$com$day$crx$core$CRXSecurityManager;
    private final Map aclProviders = new HashMap();
    private final Map aclProviderFactories = new HashMap();
    private final Map compiledAclProviderFactories = new HashMap();

    public CRXSecurityManager(CRXRepositoryImpl cRXRepositoryImpl) throws RepositoryException {
        this.rep = cRXRepositoryImpl;
        this.securitySession = cRXRepositoryImpl.internalGetSystemSession("crx.system");
        cRXRepositoryImpl.onSessionCreated(this.securitySession);
        RepositoryConfig config = cRXRepositoryImpl.getConfig();
        Properties parameters = config.getAccessManagerConfig().getParameters();
        this.setup = new SecuritySetup(this, this.securitySession, parameters.getProperty(SecuritySetup.KEY_PROTECTION_LEVEL, SecuritySetup.OPTION_PROTECTION_LEVEL_HIGH));
        this.setup.assertPrincipals();
        this.userMgrUseIndex = MODE_INDEX.equals(parameters.getProperty(OPTION_PRINCIPAL_SEARCHMODE));
        this.securitySession.setUserManager(new UserManagerImpl(this.securitySession, this.userMgrUseIndex));
        this.wspAclProvider = new DefaultWorkspaceACLProvider(this.setup, this.securitySession);
        this.defaultACLProviderFac = new DefaultACLProviderFactory(this);
        this.defaultCompiledACLFac = new DefaultCompiledACLProviderFactory(this);
        String property = parameters.getProperty(OPTION_CREDENTIALS_CACHE_EXPIRATION);
        long j = 120;
        if (property != null) {
            try {
                j = Long.valueOf(property).longValue();
            } catch (NumberFormatException e) {
                log.debug("Configuration for {} contained invalid long value: ", OPTION_CREDENTIALS_CACHE_EXPIRATION, property);
            }
        }
        this.loginHandler = new LoginHandler(config.getAppName(), config.getLoginModuleConfig(), j, this.securitySession);
        if (this.loginHandler.isJAAS()) {
            log.info(new StringBuffer().append("init: use JAAS login-configuration for ").append(config.getAppName()).toString());
        } else {
            if (!this.loginHandler.isLocal()) {
                StringBuffer stringBuffer = new StringBuffer("Neither JAAS nor");
                stringBuffer.append("RepositoryConfig contained a valid Configuriation for ");
                stringBuffer.append(config.getAppName());
                log.error(stringBuffer.toString());
                throw new RepositoryException(stringBuffer.toString());
            }
            log.info(new StringBuffer().append("init: use Repository Login-Configuration for ").append(config.getAppName()).toString());
        }
        DefaultPrincipalProvider defaultPrincipalProvider = new DefaultPrincipalProvider(this.securitySession);
        this.registry = new DefaultProviderRegistry();
        this.registry.addProvider(defaultPrincipalProvider.getClass().getName(), defaultPrincipalProvider);
        Properties[] moduleConfig = this.loginHandler.getModuleConfig();
        for (int i = 0; i < moduleConfig.length; i++) {
            if (moduleConfig[i].containsKey(PrincipalProviderRegistry.PRINCIPAL_PROVIDER_CLASS)) {
                Properties properties = new Properties();
                for (Object obj : moduleConfig[i].keySet()) {
                    properties.put(obj, moduleConfig[i].get(obj).toString());
                }
                this.registry.addProvider(properties);
            }
        }
        this.securitySession.setPrincipalManager(getSystemPrincipalManager());
    }

    public DefaultWorkspaceACLProvider getWorkspaceACLProvider() {
        return this.wspAclProvider;
    }

    public SecuritySetup getSecuritySetup() {
        return this.setup;
    }

    public ACLProvider createACLProvider(String str) throws RepositoryException {
        ACLProvider aCLProvider;
        synchronized (this.aclProviders) {
            ACLProvider aCLProvider2 = (ACLProvider) this.aclProviders.get(str);
            if (aCLProvider2 == null) {
                CRXSystemSession internalGetSystemSession = this.rep.internalGetSystemSession(str);
                aCLProvider2 = getACLProviderFactory(str).createACLProvider(internalGetSystemSession);
                if (aCLProvider2 == null) {
                    aCLProvider2 = this.defaultACLProviderFac.createACLProvider(internalGetSystemSession);
                    log.debug(new StringBuffer().append("createACLProvider: no factory configured or factory ignored workspace ").append(str).append(": take default").toString());
                }
                this.aclProviders.put(str, aCLProvider2);
            }
            aCLProvider = aCLProvider2;
        }
        return aCLProvider;
    }

    public CompiledACLProvider createCompiledACLProvider(Subject subject, String str) throws RepositoryException {
        CompiledACLProvider createCompiledACLProvider = getCompiledACLProviderFactory(str).createCompiledACLProvider(subject, str);
        if (createCompiledACLProvider == null) {
            log.warn(new StringBuffer().append("No compiled acl provider for given subject on ").append(str).toString());
        }
        return createCompiledACLProvider;
    }

    public synchronized PrincipalManagerImpl getSystemPrincipalManager() throws RepositoryException {
        return new PrincipalManagerImpl(this.securitySession.getSubject(), this.registry);
    }

    public UserManager getUserManager(CRXSession cRXSession) throws RepositoryException, AccessDeniedException {
        return new UserManagerImpl(cRXSession.getSession("crx.system"), this.userMgrUseIndex);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized PrincipalManagerImpl createPrincipalManager(CRXSessionImpl cRXSessionImpl) throws RepositoryException {
        return new PrincipalManagerImpl(cRXSessionImpl.getSubject(), this.registry);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PrincipalProviderRegistry getPrincipalProviderRegistry() {
        return this.registry;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void close() {
        Iterator it = this.aclProviders.values().iterator();
        while (it.hasNext()) {
            ((ACLProvider) it.next()).close();
        }
        this.loginHandler.close();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthContext getAuthContext(Credentials credentials) throws RepositoryException {
        return getAuthContext(credentials, new Subject());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthContext getAuthContext(Credentials credentials, Subject subject) throws RepositoryException {
        return this.loginHandler.getAuthContext(credentials, subject, this.securitySession);
    }

    private synchronized ACLProviderFactory getACLProviderFactory(String str) throws ConfigurationException {
        WorkspaceSecurityConfig securityConfig;
        BeanConfig aclProviderConfig;
        ACLProviderFactory aCLProviderFactory = null;
        if (this.aclProviderFactories.containsKey(str)) {
            aCLProviderFactory = (ACLProviderFactory) this.aclProviderFactories.get(str);
        } else {
            CRXWorkspaceConfig cRXWorkspaceConfig = (CRXWorkspaceConfig) this.rep.getConfig().getWorkspaceConfig(str);
            if (cRXWorkspaceConfig != null && (securityConfig = cRXWorkspaceConfig.getSecurityConfig()) != null && (aclProviderConfig = securityConfig.getAclProviderConfig()) != null) {
                aCLProviderFactory = (ACLProviderFactory) aclProviderConfig.newInstance();
                aCLProviderFactory.init(this);
            }
            if (aCLProviderFactory == null) {
                aCLProviderFactory = this.defaultACLProviderFac;
            }
            this.aclProviderFactories.put(str, aCLProviderFactory);
        }
        return aCLProviderFactory;
    }

    private synchronized CompiledACLProviderFactory getCompiledACLProviderFactory(String str) throws ConfigurationException {
        WorkspaceSecurityConfig securityConfig;
        BeanConfig compiledAclProvider;
        CompiledACLProviderFactory compiledACLProviderFactory = null;
        if (this.compiledAclProviderFactories.containsKey(str)) {
            compiledACLProviderFactory = (CompiledACLProviderFactory) this.compiledAclProviderFactories.get(str);
        } else {
            CRXWorkspaceConfig cRXWorkspaceConfig = (CRXWorkspaceConfig) this.rep.getConfig().getWorkspaceConfig(str);
            if (cRXWorkspaceConfig != null && (securityConfig = cRXWorkspaceConfig.getSecurityConfig()) != null && (compiledAclProvider = securityConfig.getCompiledAclProvider()) != null) {
                compiledACLProviderFactory = (CompiledACLProviderFactory) compiledAclProvider.newInstance();
                compiledACLProviderFactory.init(this);
            }
            if (compiledACLProviderFactory == null) {
                compiledACLProviderFactory = this.defaultCompiledACLFac;
                log.debug(new StringBuffer().append("createCompiledACLProvider: no factory configured or ").append(str).append(": take default").toString());
            }
            this.compiledAclProviderFactories.put(str, compiledACLProviderFactory);
        }
        return compiledACLProviderFactory;
    }

    public void disposeACLProvider(String str) {
        synchronized (this.aclProviders) {
            ACLProvider aCLProvider = (ACLProvider) this.aclProviders.remove(str);
            if (aCLProvider != null) {
                aCLProvider.close();
            }
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$day$crx$core$CRXSecurityManager == null) {
            cls = class$("com.day.crx.core.CRXSecurityManager");
            class$com$day$crx$core$CRXSecurityManager = cls;
        } else {
            cls = class$com$day$crx$core$CRXSecurityManager;
        }
        log = LoggerFactory.getLogger(cls);
    }
}
