package de.acosix.alfresco.mtsupport.repo.auth;

import de.acosix.alfresco.mtsupport.repo.beans.TenantBeanUtils;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.security.authentication.AbstractAuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.tenant.TenantAdminService;
import org.alfresco.repo.tenant.TenantService;
import org.alfresco.util.ParameterCheck;
import org.alfresco.util.PropertyCheck;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanNameAware;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;

/* loaded from: input_file:de/acosix/alfresco/mtsupport/repo/auth/TenantRoutingAuthenticationComponentFacade.class */
public class TenantRoutingAuthenticationComponentFacade extends AbstractAuthenticationComponent implements InitializingBean, ApplicationContextAware, ActivateableBean, BeanNameAware {
    private static final Logger LOGGER = LoggerFactory.getLogger(TenantRoutingAuthenticationComponentFacade.class);
    protected ApplicationContext applicationContext;
    protected String beanName;
    protected TenantService tenantService;
    protected TenantAdminService tenantAdminService;
    protected List<String> enabledTenants;

    public void afterPropertiesSet() {
        PropertyCheck.mandatory(this, "tenantService", this.tenantService);
        PropertyCheck.mandatory(this, "tenantAdminService", this.tenantAdminService);
        PropertyCheck.mandatory(this, "enabledTenants", this.enabledTenants);
    }

    public void setApplicationContext(ApplicationContext applicationContext) {
        this.applicationContext = applicationContext;
    }

    public void setBeanName(String str) {
        this.beanName = str;
    }

    public void setTenantService(TenantService tenantService) {
        this.tenantService = tenantService;
    }

    public void setTenantAdminService(TenantAdminService tenantAdminService) {
        this.tenantAdminService = tenantAdminService;
    }

    public void setEnabledTenants(String str) {
        ParameterCheck.mandatoryString("enabledTenants", str);
        this.enabledTenants = Arrays.asList(str.split(","));
    }

    public boolean isActive() {
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        LOGGER.trace("Checking isActive for enabled tenants (until first active tenant)");
        for (String str : this.enabledTenants) {
            if (!atomicBoolean.get()) {
                atomicBoolean.set(isActive(str));
            }
        }
        LOGGER.trace("Component is active: {}", Boolean.valueOf(atomicBoolean.get()));
        return atomicBoolean.get();
    }

    protected boolean isActive(String str) {
        boolean z = false;
        LOGGER.trace("Checking isActive for tenant {}", str);
        if (this.enabledTenants.contains(str) && ("-default-".equals(str) || (this.tenantAdminService.existsTenant(str) && this.tenantAdminService.isEnabledTenant(str)))) {
            ActivateableBean activateableBean = (AuthenticationComponent) TenantBeanUtils.getBeanForTenant(this.applicationContext, this.beanName, str, AuthenticationComponent.class);
            if (activateableBean instanceof ActivateableBean) {
                z = activateableBean.isActive();
            }
            LOGGER.trace("Tenant {} configured as active: {}", str, Boolean.valueOf(z));
        } else {
            LOGGER.trace("Tenant {} does not exist or has not been enabled", str);
        }
        return z;
    }

    protected boolean implementationAllowsGuestLogin() {
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        LOGGER.debug("Checking guestUserAuthenticationAllowed for enabled tenants (until first supporting tenant)");
        for (String str : this.enabledTenants) {
            if (!atomicBoolean.get() && ("-default-".equals(str) || (this.tenantAdminService.existsTenant(str) && this.tenantAdminService.isEnabledTenant(str)))) {
                boolean guestUserAuthenticationAllowed = ((AuthenticationComponent) TenantBeanUtils.getBeanForTenant(this.applicationContext, this.beanName, str, AuthenticationComponent.class)).guestUserAuthenticationAllowed();
                LOGGER.trace("Tenant {} allows guest user authentication: {}", str, Boolean.valueOf(guestUserAuthenticationAllowed));
                atomicBoolean.set(guestUserAuthenticationAllowed);
            }
        }
        LOGGER.debug("Component allowed guest authentication: {}", Boolean.valueOf(atomicBoolean.get()));
        return atomicBoolean.get();
    }

    protected void authenticateImpl(String str, char[] cArr) {
        AuthenticationComponent authenticationComponent;
        ParameterCheck.mandatoryString("userName", str);
        String primaryDomain = this.tenantService.getPrimaryDomain(str);
        LOGGER.debug("Extracted primary domain {} from user {}", (primaryDomain == null || "".equals(primaryDomain)) ? "-default-" : primaryDomain, str);
        if (primaryDomain == null || "".equals(primaryDomain)) {
            if (!isActive("-default-")) {
                LOGGER.debug("Failing authentication for user {} as tenant {} has not been enabled for this authentication subsystem", str, "-default-");
                throw new AuthenticationException("-default- tenant does not support authentication");
            }
            authenticationComponent = (AuthenticationComponent) TenantBeanUtils.getBeanForTenant(this.applicationContext, this.beanName, "-default-", AuthenticationComponent.class);
        } else {
            if (!isActive(primaryDomain)) {
                LOGGER.debug("Failing authentication for user {} as tenant {} has not been enabled for this authentication subsystem", str, primaryDomain);
                throw new AuthenticationException(primaryDomain + " tenant does not support authentication");
            }
            authenticationComponent = (AuthenticationComponent) TenantBeanUtils.getBeanForTenant(this.applicationContext, this.beanName, primaryDomain, AuthenticationComponent.class);
        }
        authenticationComponent.authenticate(str, cArr);
        LOGGER.debug("Authenticated user {} with tenant {}", str, (primaryDomain == null || "".equals(primaryDomain)) ? "-default-" : primaryDomain);
    }
}
