package org.alfresco.filesys.auth.nfs;

import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.alfresco.filesys.AlfrescoConfigSection;
import org.alfresco.filesys.alfresco.AlfrescoClientInfo;
import org.alfresco.jlan.oncrpc.AuthType;
import org.alfresco.jlan.oncrpc.RpcAuthenticationException;
import org.alfresco.jlan.oncrpc.RpcAuthenticator;
import org.alfresco.jlan.oncrpc.RpcPacket;
import org.alfresco.jlan.server.SrvSession;
import org.alfresco.jlan.server.auth.ClientInfo;
import org.alfresco.jlan.server.config.InvalidConfigurationException;
import org.alfresco.jlan.server.config.ServerConfiguration;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.GUID;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.extensions.config.ConfigElement;

/* loaded from: input_file:WEB-INF/lib/alfresco-repository-5.0.a.jar:org/alfresco/filesys/auth/nfs/AlfrescoRpcAuthenticator.class */
public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingBean {
    private static final Log logger = LogFactory.getLog("org.alfresco.nfs.protocol.auth");
    private int[] _authTypes = {1};
    private Map<Integer, String> m_idMap = Collections.emptyMap();
    private List<UserMapping> userMappings;
    private AuthenticationComponent authenticationComponent;
    private MutableAuthenticationService authenticationService;
    private TransactionService transactionService;

    public void setUserMappings(List<UserMapping> list) {
        this.userMappings = list;
    }

    public void setAuthenticationComponent(AuthenticationComponent authenticationComponent) {
        this.authenticationComponent = authenticationComponent;
    }

    public void setAuthenticationService(MutableAuthenticationService mutableAuthenticationService) {
        this.authenticationService = mutableAuthenticationService;
    }

    public void setTransactionService(TransactionService transactionService) {
        this.transactionService = transactionService;
    }

    @Override // org.alfresco.jlan.oncrpc.RpcAuthenticator
    public Object authenticateRpcClient(int i, RpcPacket rpcPacket) throws RpcAuthenticationException {
        Long l = null;
        if (i == 1) {
            rpcPacket.positionAtCredentialsData();
            rpcPacket.skipBytes(4);
            rpcPacket.skipBytes(rpcPacket.unpackInt());
            int unpackInt = rpcPacket.unpackInt();
            int unpackInt2 = rpcPacket.unpackInt();
            if (logger.isDebugEnabled()) {
                logger.debug("RpcAuth: Type=Unix uid=" + unpackInt + ", gid=" + unpackInt2);
            }
            if (this.m_idMap.get(new Integer((unpackInt2 << 16) + unpackInt)) == null) {
                throw new RpcAuthenticationException(13);
            }
            l = new Long((rpcPacket.getClientAddress().hashCode() << 32) + (unpackInt2 << 16) + unpackInt);
        }
        if (l == null) {
            throw new RpcAuthenticationException(1, "Unsupported auth type, " + i);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("RpcAuth: RPC from " + rpcPacket.getClientDetails() + ", authType=" + AuthType.getTypeAsString(i) + ", sessKey=" + l);
        }
        return l;
    }

    @Override // org.alfresco.jlan.oncrpc.RpcAuthenticator
    public int[] getRpcAuthenticationTypes() {
        return this._authTypes;
    }

    @Override // org.alfresco.jlan.oncrpc.RpcAuthenticator
    public ClientInfo getRpcClientInformation(Object obj, RpcPacket rpcPacket) {
        ClientInfo clientInfo = null;
        int credentialsType = rpcPacket.getCredentialsType();
        if (credentialsType == 1) {
            rpcPacket.positionAtCredentialsData();
            rpcPacket.skipBytes(4);
            String unpackString = rpcPacket.unpackString();
            int unpackInt = rpcPacket.unpackInt();
            int unpackInt2 = rpcPacket.unpackInt();
            int unpackInt3 = rpcPacket.unpackInt();
            int[] iArr = null;
            if (unpackInt3 > 0) {
                iArr = new int[unpackInt3];
                rpcPacket.unpackIntArray(iArr);
            }
            String str = this.m_idMap.get(new Integer((unpackInt2 << 16) + unpackInt));
            if (logger.isDebugEnabled()) {
                logger.debug("RpcClientInfo: username=" + str + ", uid=" + unpackInt + ", gid=" + unpackInt2);
            }
            if (str != null) {
                clientInfo = ClientInfo.getFactory().createInfo(str, null);
                clientInfo.setNFSAuthenticationType(credentialsType);
                clientInfo.setClientAddress(unpackString);
                clientInfo.setUid(unpackInt);
                clientInfo.setGid(unpackInt2);
                clientInfo.setGroupsList(iArr);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("RpcAuth: Client info, type=" + AuthType.getTypeAsString(credentialsType) + ", name=" + unpackString + ", uid=" + unpackInt + ", gid=" + unpackInt2 + ", groups=" + unpackInt3);
            }
        } else if (credentialsType == 0) {
            clientInfo = ClientInfo.getFactory().createInfo("", null);
            clientInfo.setClientAddress(rpcPacket.getClientAddress().getHostAddress());
            if (logger.isDebugEnabled()) {
                logger.debug("RpcAuth: Client info, type=" + AuthType.getTypeAsString(credentialsType) + ", addr=" + rpcPacket.getClientAddress().getHostAddress());
            }
        }
        return clientInfo;
    }

    @Override // org.alfresco.jlan.oncrpc.RpcAuthenticator
    public void setCurrentUser(SrvSession srvSession, final ClientInfo clientInfo) {
        try {
            doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>() { // from class: org.alfresco.filesys.auth.nfs.AlfrescoRpcAuthenticator.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
                public Void execute() throws Throwable {
                    if (clientInfo == null || clientInfo.isNullSession() || !(clientInfo instanceof AlfrescoClientInfo)) {
                        AlfrescoRpcAuthenticator.this.getAuthenticationComponent().clearCurrentSecurityContext();
                        if (!AlfrescoRpcAuthenticator.logger.isDebugEnabled()) {
                            return null;
                        }
                        AlfrescoRpcAuthenticator.logger.debug("Clear security context, client=" + clientInfo);
                        return null;
                    }
                    if (clientInfo.isGuest()) {
                        AlfrescoRpcAuthenticator.this.getAuthenticationComponent().setGuestUserAsCurrentUser();
                        if (!AlfrescoRpcAuthenticator.logger.isDebugEnabled()) {
                            return null;
                        }
                        AlfrescoRpcAuthenticator.logger.debug("Set guest user");
                        return null;
                    }
                    AlfrescoClientInfo alfrescoClientInfo = (AlfrescoClientInfo) clientInfo;
                    if (alfrescoClientInfo.hasAuthenticationTicket()) {
                        try {
                            AlfrescoRpcAuthenticator.this.getAuthenticationService().validate(alfrescoClientInfo.getAuthenticationTicket());
                            if (AlfrescoRpcAuthenticator.logger.isDebugEnabled()) {
                                AlfrescoRpcAuthenticator.logger.debug("Set user using auth ticket, ticket=" + alfrescoClientInfo.getAuthenticationTicket());
                            }
                        } catch (AuthenticationException e) {
                            alfrescoClientInfo.setAuthenticationTicket(null);
                            if (AlfrescoRpcAuthenticator.logger.isDebugEnabled()) {
                                AlfrescoRpcAuthenticator.logger.debug("Failed to set user using auth ticket, ticket=" + alfrescoClientInfo.getAuthenticationTicket() + ", re-authenticating");
                                AlfrescoRpcAuthenticator.logger.debug("  Exception=" + e.getMessage());
                            }
                        }
                    }
                    if (alfrescoClientInfo.hasAuthenticationTicket()) {
                        return null;
                    }
                    if (!AlfrescoRpcAuthenticator.this.authenticationService.authenticationExists(clientInfo.getUserName()) && AlfrescoRpcAuthenticator.this.authenticationService.isAuthenticationCreationAllowed()) {
                        AlfrescoRpcAuthenticator.this.authenticationService.createAuthentication(clientInfo.getUserName(), GUID.generate().toCharArray());
                    }
                    AlfrescoRpcAuthenticator.this.getAuthenticationComponent().setCurrentUser(clientInfo.getUserName());
                    alfrescoClientInfo.setAuthenticationTicket(AlfrescoRpcAuthenticator.this.getAuthenticationService().getCurrentTicket());
                    if (!AlfrescoRpcAuthenticator.logger.isDebugEnabled()) {
                        return null;
                    }
                    AlfrescoRpcAuthenticator.logger.debug("Set user name=" + clientInfo.getUserName() + ", ticket=" + alfrescoClientInfo.getAuthenticationTicket());
                    return null;
                }
            });
        } catch (Exception e) {
            if (logger.isErrorEnabled()) {
                logger.error("Error in RPC authenticator setting current user", e);
            }
        }
    }

    @Override // org.alfresco.jlan.oncrpc.RpcAuthenticator
    public void initialize(ServerConfiguration serverConfiguration, ConfigElement configElement) throws InvalidConfigurationException {
        AlfrescoConfigSection alfrescoConfigSection = (AlfrescoConfigSection) serverConfiguration.getConfigSection("Alfresco");
        setAuthenticationComponent(alfrescoConfigSection.getAuthenticationComponent());
        setAuthenticationService((MutableAuthenticationService) alfrescoConfigSection.getAuthenticationService());
        setTransactionService(alfrescoConfigSection.getTransactionService());
        ConfigElement child = configElement.getChild("userMappings");
        if (child != null) {
            LinkedList linkedList = new LinkedList();
            for (ConfigElement configElement2 : child.getChildren()) {
                if (configElement2.getName().equalsIgnoreCase("user")) {
                    String attribute = configElement2.getAttribute("name");
                    String attribute2 = configElement2.getAttribute("uid");
                    String attribute3 = configElement2.getAttribute("gid");
                    if (attribute == null || attribute.length() == 0) {
                        throw new InvalidConfigurationException("Empty user name, or name not specified");
                    }
                    if (attribute2 == null || attribute2.length() == 0) {
                        throw new InvalidConfigurationException("Invalid uid, or uid not specified, for user " + attribute);
                    }
                    if (attribute3 == null || attribute3.length() == 0) {
                        throw new InvalidConfigurationException("Invalid gid, or gid not specified, for user " + attribute);
                    }
                    try {
                        try {
                            linkedList.add(new UserMapping(attribute, Integer.parseInt(attribute2), Integer.parseInt(attribute3)));
                        } catch (NumberFormatException e) {
                            throw new InvalidConfigurationException("Invalid gid value, " + attribute3 + " for user " + attribute);
                        }
                    } catch (NumberFormatException e2) {
                        throw new InvalidConfigurationException("Invalid uid value, " + attribute2 + " for user " + attribute);
                    }
                }
            }
            setUserMappings(linkedList);
        }
        afterPropertiesSet();
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws InvalidConfigurationException {
        if (this.userMappings != null) {
            this.m_idMap = new HashMap(this.userMappings.size() * 2);
            for (UserMapping userMapping : this.userMappings) {
                String name = userMapping.getName();
                if (name == null || name.length() == 0) {
                    throw new InvalidConfigurationException("Empty user name, or name not specified");
                }
                Integer num = new Integer((userMapping.getGid() << 16) + userMapping.getUid());
                if (!this.m_idMap.containsKey(num)) {
                    this.m_idMap.put(num, name);
                    if (logger.isDebugEnabled()) {
                        logger.debug("Added RPC user mapping for user " + name + " uid=" + userMapping.getUid() + ", gid=" + userMapping.getGid());
                    }
                } else if (logger.isDebugEnabled()) {
                    logger.debug("Ignored duplicate mapping for uid=" + userMapping.getUid() + ", gid=" + userMapping.getGid());
                }
            }
        }
    }

    protected <T> T doInTransaction(RetryingTransactionHelper.RetryingTransactionCallback<T> retryingTransactionCallback) {
        TransactionService transactionService = getTransactionService();
        if (logger.isDebugEnabled()) {
            logger.debug("Using " + (transactionService.isReadOnly() ? "ReadOnly" : PermissionService.WRITE) + " transaction");
        }
        return (T) transactionService.getRetryingTransactionHelper().doInTransaction(retryingTransactionCallback, transactionService.isReadOnly());
    }

    protected AuthenticationComponent getAuthenticationComponent() {
        return this.authenticationComponent;
    }

    protected MutableAuthenticationService getAuthenticationService() {
        return this.authenticationService;
    }

    protected TransactionService getTransactionService() {
        return this.transactionService;
    }
}
