package org.fcrepo.auth.common;

import java.security.Principal;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.jcr.Credentials;
import javax.servlet.http.HttpServletRequest;
import org.modeshape.jcr.ExecutionContext;
import org.modeshape.jcr.api.ServletCredentials;
import org.modeshape.jcr.security.AuthenticationProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/fcrepo/auth/common/ServletContainerAuthenticationProvider.class */
public class ServletContainerAuthenticationProvider implements AuthenticationProvider {
    public static final String EVERYONE_NAME = "EVERYONE";
    public static final String FEDORA_ADMIN_ROLE = "fedoraAdmin";
    public static final String FEDORA_USER_ROLE = "fedoraUser";
    private Set<PrincipalProvider> principalProviders = Collections.emptySet();
    private FedoraAuthorizationDelegate fad;
    private static ServletContainerAuthenticationProvider _instance = null;
    public static final Principal EVERYONE = new Principal() { // from class: org.fcrepo.auth.common.ServletContainerAuthenticationProvider.1
        @Override // java.security.Principal
        public String getName() {
            return ServletContainerAuthenticationProvider.EVERYONE_NAME;
        }

        @Override // java.security.Principal
        public String toString() {
            return getName();
        }
    };
    private static final Logger LOGGER = LoggerFactory.getLogger(ServletContainerAuthenticationProvider.class);

    private ServletContainerAuthenticationProvider() {
        _instance = this;
    }

    public static synchronized AuthenticationProvider getInstance() {
        if (_instance != null) {
            return _instance;
        }
        _instance = new ServletContainerAuthenticationProvider();
        LOGGER.warn("Security is MINIMAL, no Policy Enforcement Point configured.");
        return _instance;
    }

    public Set<PrincipalProvider> getPrincipalProviders() {
        return this.principalProviders;
    }

    public void setPrincipalProviders(Set<PrincipalProvider> set) {
        this.principalProviders = set;
    }

    public ExecutionContext authenticate(Credentials credentials, String str, String str2, ExecutionContext executionContext, Map<String, Object> map) {
        LOGGER.debug("Trying to authenticate: {}; FAD: {}", credentials, this.fad);
        if (!(credentials instanceof ServletCredentials)) {
            return null;
        }
        HttpServletRequest request = ((ServletCredentials) credentials).getRequest();
        Principal userPrincipal = request.getUserPrincipal();
        if (userPrincipal != null && request.isUserInRole(FEDORA_ADMIN_ROLE)) {
            return executionContext.with(new FedoraAdminSecurityContext(userPrincipal.getName()));
        }
        if (userPrincipal != null) {
            map.put(FedoraAuthorizationDelegate.FEDORA_SERVLET_REQUEST, request);
            map.put(FedoraAuthorizationDelegate.FEDORA_USER_PRINCIPAL, userPrincipal);
            Set<Principal> collectPrincipals = collectPrincipals(credentials);
            collectPrincipals.add(userPrincipal);
            collectPrincipals.add(EVERYONE);
            map.put(FedoraAuthorizationDelegate.FEDORA_ALL_PRINCIPALS, collectPrincipals);
        } else {
            map.put(FedoraAuthorizationDelegate.FEDORA_USER_PRINCIPAL, EVERYONE);
            map.put(FedoraAuthorizationDelegate.FEDORA_ALL_PRINCIPALS, Collections.singleton(EVERYONE));
        }
        return executionContext.with(new FedoraUserSecurityContext(userPrincipal, this.fad));
    }

    public FedoraAuthorizationDelegate getFad() {
        return this.fad;
    }

    public void setFad(FedoraAuthorizationDelegate fedoraAuthorizationDelegate) {
        this.fad = fedoraAuthorizationDelegate;
    }

    private Set<Principal> collectPrincipals(Credentials credentials) {
        HashSet hashSet = new HashSet();
        for (PrincipalProvider principalProvider : getPrincipalProviders()) {
            if (principalProvider.getPrincipals(credentials) != null) {
                hashSet.addAll(principalProvider.getPrincipals(credentials));
            }
        }
        return hashSet;
    }
}
