package com.adobe.granite.auth.oauth.impl;

import com.adobe.granite.auth.oauth.CredentialsValidator;
import com.adobe.granite.auth.oauth.ProviderConfigProperties;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import javax.jcr.Credentials;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.oak.spi.security.authentication.credentials.AbstractCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.credentials.CredentialsSupport;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/granite/auth/oauth/impl/OAuthIdentityProvider.class */
public class OAuthIdentityProvider implements ExternalIdentityProvider, CredentialsSupport {
    private final Logger log;
    private final String name;
    private final LinkedHashSet<CredentialsValidator> validators;

    /* loaded from: input_file:com/adobe/granite/auth/oauth/impl/OAuthIdentityProvider$OAuthExternalGroup.class */
    class OAuthExternalGroup implements ExternalGroup {
        final ExternalIdentityRef ref;

        public OAuthExternalGroup(ExternalIdentityRef externalIdentityRef) {
            this.ref = externalIdentityRef;
        }

        public ExternalIdentityRef getExternalId() {
            return this.ref;
        }

        public String getId() {
            return this.ref.getId();
        }

        public String getPrincipalName() {
            return this.ref.getId();
        }

        public String getIntermediatePath() {
            return null;
        }

        public Iterable<ExternalIdentityRef> getDeclaredGroups() throws ExternalIdentityException {
            return ImmutableList.of();
        }

        public Map<String, ?> getProperties() {
            return ImmutableMap.of();
        }

        public Iterable<ExternalIdentityRef> getDeclaredMembers() throws ExternalIdentityException {
            return ImmutableList.of();
        }
    }

    /* loaded from: input_file:com/adobe/granite/auth/oauth/impl/OAuthIdentityProvider$OAuthExternalUser.class */
    class OAuthExternalUser implements ExternalUser {
        final AbstractCredentials externalCredentials;

        OAuthExternalUser(AbstractCredentials abstractCredentials) {
            this.externalCredentials = abstractCredentials;
        }

        public ExternalIdentityRef getExternalId() {
            return new ExternalIdentityRef((String) this.externalCredentials.getAttribute(":externalId"), OAuthIdentityProvider.this.getName());
        }

        public String getId() {
            return this.externalCredentials.getUserId();
        }

        public String getPrincipalName() {
            this.externalCredentials.setAttribute(":userCreation", true);
            return this.externalCredentials.getUserId();
        }

        public String getIntermediatePath() {
            String id = getId();
            if (id == null || id.length() <= 4) {
                return id;
            }
            String substring = id.substring(id.indexOf("-") + 1);
            return substring.length() > 4 ? substring.substring(0, 4) : substring;
        }

        public Iterable<ExternalIdentityRef> getDeclaredGroups() throws ExternalIdentityException {
            Iterable<ExternalIdentityRef> groups = getGroups();
            if (groups == null) {
                return ImmutableList.of();
            }
            ImmutableList.Builder builder = new ImmutableList.Builder();
            Iterator<ExternalIdentityRef> it = groups.iterator();
            while (it.hasNext()) {
                builder.add(new OAuthGroupExternalIdentityRef(it.next().getId(), OAuthIdentityProvider.this.getName()));
            }
            return builder.build();
        }

        public Map<String, ?> getProperties() {
            return this.externalCredentials.getAttributes();
        }

        Iterable<ExternalIdentityRef> getGroups() {
            for (Object obj : getProperties().values()) {
                if (obj instanceof ExternalUser) {
                    ExternalUser externalUser = (ExternalUser) obj;
                    if (getExternalId().getId().equals(externalUser.getExternalId().getId())) {
                        try {
                            return externalUser.getDeclaredGroups();
                        } catch (ExternalIdentityException e) {
                            OAuthIdentityProvider.this.log.warn("issue while retrieving groups", e);
                            return null;
                        }
                    }
                }
            }
            return null;
        }
    }

    /* loaded from: input_file:com/adobe/granite/auth/oauth/impl/OAuthIdentityProvider$OAuthGroupExternalIdentityRef.class */
    class OAuthGroupExternalIdentityRef extends ExternalIdentityRef {
        public OAuthGroupExternalIdentityRef(String str, String str2) {
            super(str, str2);
        }
    }

    /* loaded from: input_file:com/adobe/granite/auth/oauth/impl/OAuthIdentityProvider$OauthConfigIdCredentialsValidator.class */
    public static final class OauthConfigIdCredentialsValidator implements CredentialsValidator {
        private final String provider;
        private final String name;

        private OauthConfigIdCredentialsValidator(String str, String str2) {
            this.provider = str;
            this.name = str2;
        }

        @Override // com.adobe.granite.auth.oauth.CredentialsValidator
        public boolean validate(AbstractCredentials abstractCredentials) throws LoginException {
            boolean equals = this.provider.equals(abstractCredentials.getAttribute("oauth.provider.id"));
            if (!equals) {
                abstractCredentials.setAttribute(CredentialsValidator.FAILED_VALIDATION_REASON, "Oauth provider names not matching: validator: " + this.provider + ", credentials: " + abstractCredentials.getAttribute("oauth.provider.id"));
            }
            return equals && (CredentialsValidator.ALL_ID.equals(this.name) || this.name.equals(abstractCredentials.getAttribute(ProviderConfigProperties.CONFIG_ID)));
        }

        @Override // com.adobe.granite.auth.oauth.CredentialsValidator
        public String getId() {
            return CredentialsValidator.ALL_ID;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            OauthConfigIdCredentialsValidator oauthConfigIdCredentialsValidator = (OauthConfigIdCredentialsValidator) obj;
            return this.name != null ? this.name.equals(oauthConfigIdCredentialsValidator.name) && getId().equals(oauthConfigIdCredentialsValidator.getId()) : oauthConfigIdCredentialsValidator.name == null;
        }

        public int hashCode() {
            if (this.name != null) {
                return this.name.hashCode() + getId().hashCode();
            }
            return 0;
        }
    }

    public OAuthIdentityProvider(String str, String str2, Set<CredentialsValidator> set) {
        this(str, str2, set, false);
    }

    public OAuthIdentityProvider(String str, String str2, Set<CredentialsValidator> set, boolean z) {
        this.log = LoggerFactory.getLogger(getClass());
        this.name = str2;
        this.validators = new LinkedHashSet<>(set);
        String str3 = str2;
        if (z) {
            this.log.info("Config {} of Oauth Provider {} accepts sibling configs");
            str3 = CredentialsValidator.ALL_ID;
        }
        this.validators.add(createOauthConfigIdCredentialsValidator(str, str3));
    }

    public static CredentialsValidator createOauthConfigIdCredentialsValidator(String str, String str2) {
        return new OauthConfigIdCredentialsValidator(str, str2);
    }

    public LinkedHashSet<CredentialsValidator> getCredentialsValidators() {
        return this.validators;
    }

    public ExternalUser authenticate(Credentials credentials) throws LoginException {
        if (!(credentials instanceof OAuthCredentials)) {
            this.log.debug("authenticate: Method received non-OAuth credentials, return null.");
            return null;
        }
        this.log.debug("authenticate: OAuth JCR credentials are going to be validated.");
        OAuthCredentials oAuthCredentials = (OAuthCredentials) credentials;
        Iterator<CredentialsValidator> it = this.validators.iterator();
        while (it.hasNext()) {
            if (!it.next().validate(oAuthCredentials)) {
                this.log.info("OAuthIdentityProvider: failed validation of user {} due to {}", oAuthCredentials.getUserId(), null != oAuthCredentials.getAttribute(CredentialsValidator.FAILED_VALIDATION_REASON) ? oAuthCredentials.getAttribute(CredentialsValidator.FAILED_VALIDATION_REASON).toString() : "[unknown]");
                return null;
            }
        }
        this.log.debug("authenticate: The OAuth JCR credentials have been validated.");
        return new OAuthExternalUser(oAuthCredentials);
    }

    public ExternalGroup getGroup(String str) throws ExternalIdentityException {
        return null;
    }

    public ExternalIdentity getIdentity(ExternalIdentityRef externalIdentityRef) throws ExternalIdentityException {
        if (!isForeignRef(externalIdentityRef) && (externalIdentityRef instanceof OAuthGroupExternalIdentityRef)) {
            return new OAuthExternalGroup(externalIdentityRef);
        }
        return null;
    }

    public String getName() {
        return this.name;
    }

    public ExternalUser getUser(String str) throws ExternalIdentityException {
        return null;
    }

    public Iterator<ExternalUser> listUsers() throws ExternalIdentityException {
        return Collections.emptyIterator();
    }

    public Iterator<ExternalGroup> listGroups() throws ExternalIdentityException {
        return Collections.emptyIterator();
    }

    private boolean isForeignRef(ExternalIdentityRef externalIdentityRef) {
        String providerName;
        return (externalIdentityRef == null || (providerName = externalIdentityRef.getProviderName()) == null || providerName.isEmpty() || getName().equals(externalIdentityRef.getProviderName())) ? false : true;
    }

    public Set<Class> getCredentialClasses() {
        return ImmutableSet.of(OAuthCredentials.class);
    }

    public String getUserId(Credentials credentials) {
        if (credentials instanceof OAuthCredentials) {
            return ((OAuthCredentials) credentials).getUserId();
        }
        return null;
    }

    public Map<String, ?> getAttributes(Credentials credentials) {
        return credentials instanceof OAuthCredentials ? ImmutableMap.of(".token", "") : ImmutableMap.of();
    }

    public boolean setAttributes(Credentials credentials, Map<String, ?> map) {
        if (!(credentials instanceof OAuthCredentials) || map == null) {
            return false;
        }
        ((OAuthCredentials) credentials).setAttributes(map);
        return true;
    }
}
