package org.exist.xquery.functions.xmldb;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.EXistException;
import org.exist.dom.QName;
import org.exist.http.servlets.RequestWrapper;
import org.exist.http.servlets.SessionWrapper;
import org.exist.security.AuthenticationException;
import org.exist.security.Subject;
import org.exist.storage.BrokerPool;
import org.exist.xmldb.XmldbURI;
import org.exist.xquery.ErrorCodes;
import org.exist.xquery.FunctionSignature;
import org.exist.xquery.UserSwitchingBasicFunction;
import org.exist.xquery.Variable;
import org.exist.xquery.XPathException;
import org.exist.xquery.XQueryContext;
import org.exist.xquery.functions.request.RequestModule;
import org.exist.xquery.functions.session.SessionModule;
import org.exist.xquery.value.BooleanValue;
import org.exist.xquery.value.FunctionParameterSequenceType;
import org.exist.xquery.value.FunctionReturnSequenceType;
import org.exist.xquery.value.JavaObjectValue;
import org.exist.xquery.value.Sequence;
import org.exist.xquery.value.SequenceType;
import org.xmldb.api.DatabaseManager;
import org.xmldb.api.base.XMLDBException;

/* loaded from: input_file:WEB-INF/lib/exist.jar:org/exist/xquery/functions/xmldb/XMLDBAuthenticate.class */
public class XMLDBAuthenticate extends UserSwitchingBasicFunction {
    private static final Logger logger = LogManager.getLogger((Class<?>) XMLDBAuthenticate.class);
    public static final FunctionSignature authenticateSignature = new FunctionSignature(new QName("authenticate", XMLDBModule.NAMESPACE_URI, "xmldb"), "Check if the user, $user-id, can authenticate against the database collection $collection-uri. The function simply tries to read the collection $collection-uri, using the credentials $user-id and $password. Collection URIs can be specified either as a simple collection path or an XMLDB URI. It returns true if the authentication succeeds, false otherwise.", new SequenceType[]{new FunctionParameterSequenceType("collection-uri", 22, 2, "The collection URI"), new FunctionParameterSequenceType("user-id", 22, 3, "The user-id"), new FunctionParameterSequenceType("password", 22, 3, "The password")}, new FunctionReturnSequenceType(23, 2, "true() on successful authentication, false() otherwise"));
    public static final FunctionSignature[] loginSignatures = {new FunctionSignature(new QName("login", XMLDBModule.NAMESPACE_URI, "xmldb"), "Login the user, $user-id, and set it as the owner of the currently executing XQuery. Collection URIs can be specified either as a simple collection path or an XMLDB URI. It returns true if the authentication succeeds, false otherwise. If called from a HTTP context the login is cached for the lifetime of the HTTP session and may be used for any XQuery run in that session. If an HTTP session does not already exist, none will be created.", new SequenceType[]{new FunctionParameterSequenceType("collection-uri", 22, 2, "The collection URI"), new FunctionParameterSequenceType("user-id", 22, 3, "The user-id"), new FunctionParameterSequenceType("password", 22, 3, "The password")}, new FunctionReturnSequenceType(23, 2, "true() on successful authentication and owner elevation, false() otherwise")), new FunctionSignature(new QName("login", XMLDBModule.NAMESPACE_URI, "xmldb"), "Login the user, $user-id, and set it as the owner of the currently executing XQuery. Collection URIs can be specified either as a simple collection path or an XMLDB URI. It returns true() if the authentication succeeds, false() otherwise. If called from a HTTP context the login is cached for the lifetime of the HTTP session and may be used for any XQueryrun in that session. $create-session specifies whether to create an HTTP session on successful authentication or not. If $create-session is false() or the empty sequence no session will be created if one does not already exist.", new SequenceType[]{new FunctionParameterSequenceType("collection-uri", 22, 2, "The collection URI"), new FunctionParameterSequenceType("user-id", 22, 3, "The user-id"), new FunctionParameterSequenceType("password", 22, 3, "The password"), new FunctionParameterSequenceType("create-session", 23, 3, "whether to create the session or not on successful authentication, default false()")}, new FunctionReturnSequenceType(23, 2, "true() on successful authentication and owner elevation, false() otherwise"))};

    public XMLDBAuthenticate(XQueryContext xQueryContext, FunctionSignature functionSignature) {
        super(xQueryContext, functionSignature);
    }

    @Override // org.exist.xquery.BasicFunction
    public Sequence eval(Sequence[] sequenceArr, Sequence sequence) throws XPathException {
        if (sequenceArr[1].isEmpty()) {
            return BooleanValue.FALSE;
        }
        String stringValue = sequenceArr[0].getStringValue();
        String stringValue2 = sequenceArr[1].getStringValue();
        if (stringValue2 == null) {
            logger.error("Unable to authenticate username == NULL");
            return BooleanValue.FALSE;
        }
        String stringValue3 = sequenceArr[2].getStringValue();
        boolean z = sequenceArr.length > 3 && sequenceArr[3].effectiveBooleanValue();
        XmldbURI resolveCollectionPath = !stringValue.startsWith("xmldb:") ? XmldbURI.EMBEDDED_SERVER_URI.resolveCollectionPath(XmldbURI.create(stringValue)) : XmldbURI.create(stringValue);
        try {
            try {
                Subject authenticate = BrokerPool.getInstance().getSecurityManager().authenticate(stringValue2, stringValue3);
                if (DatabaseManager.getCollection(resolveCollectionPath.toString(), stringValue2, stringValue3) == null) {
                    logger.error("Unable to authenticate user: target collection " + resolveCollectionPath + " does not exist " + getLocation());
                    return BooleanValue.FALSE;
                }
                if (isCalledAs("login")) {
                    switchUser(authenticate);
                    cacheUserInHttpSession(authenticate, z);
                }
                return BooleanValue.TRUE;
            } catch (EXistException | AuthenticationException e) {
                logger.error("Unable to authenticate user: " + stringValue2 + " " + getLocation(), e);
                return BooleanValue.FALSE;
            }
        } catch (XMLDBException e2) {
            logger.error(getLocation() + " : " + e2.getMessage(), (Throwable) e2);
            return BooleanValue.FALSE;
        }
    }

    private String getLocation() {
        return "@ " + getContext().getSource().path() + " [" + getLine() + ":" + getColumn() + "]";
    }

    private void cacheUserInHttpSession(Subject subject, boolean z) throws XPathException {
        Variable sessionVar = getSessionVar(z);
        if (sessionVar == null || sessionVar.getValue() == null || sessionVar.getValue().getItemType() != 100) {
            return;
        }
        JavaObjectValue javaObjectValue = (JavaObjectValue) sessionVar.getValue().itemAt(0);
        if (javaObjectValue.getObject() instanceof SessionWrapper) {
            ((SessionWrapper) javaObjectValue.getObject()).setAttribute("_eXist_xmldb_user", subject);
        }
    }

    private Variable getSessionVar(boolean z) throws XPathException {
        SessionModule sessionModule = (SessionModule) this.context.getModule(SessionModule.NAMESPACE_URI);
        Variable resolveVariable = sessionModule.resolveVariable(SessionModule.SESSION_VAR);
        if (z && (resolveVariable == null || resolveVariable.getValue() == null)) {
            Variable resolveVariable2 = ((RequestModule) this.context.getModule(RequestModule.NAMESPACE_URI)).resolveVariable(RequestModule.REQUEST_VAR);
            if (resolveVariable2 == null || resolveVariable2.getValue() == null) {
                logger.error("No request object found in the current XQuery context.");
                throw new XPathException(this, ErrorCodes.XPDY0002, "No request object found in the current XQuery context.");
            }
            if (resolveVariable2.getValue().getItemType() != 100) {
                logger.error("Variable $request is not bound to an Java object.");
                throw new XPathException(this, ErrorCodes.XPDY0002, "Variable $request is not bound to an Java object.");
            }
            JavaObjectValue javaObjectValue = (JavaObjectValue) resolveVariable2.getValue().itemAt(0);
            if (javaObjectValue.getObject() instanceof RequestWrapper) {
                resolveVariable = sessionModule.declareVariable(SessionModule.SESSION_VAR, ((RequestWrapper) javaObjectValue.getObject()).getSession(true));
            }
        }
        return resolveVariable;
    }
}
