package com.day.crx.security.token;

import com.adobe.granite.crypto.CryptoException;
import com.day.crx.security.token.impl.TokenAuthenticationHandler;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.apache.sling.jcr.api.SlingRepository;

/* loaded from: input_file:com/day/crx/security/token/TokenUtil.class */
public class TokenUtil {
    private static final String AUTH_TYPE = "TOKEN";
    private static final String TOKEN_ATTRIBUTE = ".token";
    private static final String JCR_CREDENTIALS_ATTRIBUTE = "user.jcr.credentials";

    private TokenUtil() {
    }

    public static AuthenticationInfo createCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SlingRepository slingRepository, String str, boolean z) throws RepositoryException {
        Session session = null;
        Session session2 = null;
        try {
            try {
                Session loginAdministrative = slingRepository.loginAdministrative((String) null);
                AuthenticationInfo authenticationInfo = new AuthenticationInfo(AUTH_TYPE, str);
                boolean isEncapsulatedToken = TokenAuthenticationHandler.isEncapsulatedToken();
                if (isEncapsulatedToken) {
                    TokenCredentials tokenCredentials = new TokenCredentials(TokenAuthenticationHandler.buildEncapsulatedToken(str));
                    authenticationInfo.put(JCR_CREDENTIALS_ATTRIBUTE, tokenCredentials);
                    TokenCookie.update(httpServletRequest, httpServletResponse, getRepositoryId(isEncapsulatedToken), tokenCredentials.getToken(), loginAdministrative.getWorkspace().getName(), z);
                } else {
                    SimpleCredentials simpleCredentials = new SimpleCredentials(str, new char[0]);
                    simpleCredentials.setAttribute(TOKEN_ATTRIBUTE, "");
                    session2 = loginAdministrative.impersonate(simpleCredentials);
                    TokenCredentials tokenCredentials2 = new TokenCredentials((String) simpleCredentials.getAttribute(TOKEN_ATTRIBUTE));
                    authenticationInfo.put(JCR_CREDENTIALS_ATTRIBUTE, tokenCredentials2);
                    TokenCookie.update(httpServletRequest, httpServletResponse, getRepositoryId(isEncapsulatedToken), tokenCredentials2.getToken(), loginAdministrative.getWorkspace().getName(), z);
                }
                if (session2 != null) {
                    session2.logout();
                }
                if (loginAdministrative != null) {
                    loginAdministrative.logout();
                }
                return authenticationInfo;
            } catch (CryptoException e) {
                throw new RepositoryException("Failed to generate login-token", e);
            } catch (RepositoryException e2) {
                throw new RepositoryException("Failed to generate login-token: Could not access Repository", e2);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                session2.logout();
            }
            if (0 != 0) {
                session.logout();
            }
            throw th;
        }
    }

    private static String getRepositoryId(boolean z) {
        return TokenAuthenticationHandler.getRepositoryId(z);
    }
}
