package org.apache.sling.auth.core.impl.hc;

import java.util.Arrays;
import java.util.List;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import org.apache.felix.hc.api.FormattingResultLog;
import org.apache.felix.hc.api.HealthCheck;
import org.apache.felix.hc.api.Result;
import org.apache.sling.jcr.api.SlingRepository;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Designate(ocd = Config.class, factory = true)
@Component(service = {HealthCheck.class}, name = "org.apache.sling.auth.core.DefaultLoginsHealthCheck", configurationPolicy = ConfigurationPolicy.REQUIRE)
/* loaded from: input_file:org/apache/sling/auth/core/impl/hc/DefaultLoginsHealthCheck.class */
public class DefaultLoginsHealthCheck implements HealthCheck {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultLoginsHealthCheck.class);
    public static final String HC_LABEL = "Health Check: Default Logins";
    private List<String> logins;

    @Reference
    private SlingRepository repository;

    @ObjectClassDefinition(name = DefaultLoginsHealthCheck.HC_LABEL, description = "Expects default logins to fail, used to verify that they are disabled on production systems")
    /* loaded from: input_file:org/apache/sling/auth/core/impl/hc/DefaultLoginsHealthCheck$Config.class */
    @interface Config {
        @AttributeDefinition(name = "Name", description = "Name of this health check.")
        String hc_name() default "Default Logins Check";

        @AttributeDefinition(name = "Tags", description = "List of tags for this health check, used to select subsets of health checks for execution e.g. by a composite health check.")
        String[] hc_tags() default {};

        @AttributeDefinition(name = "Default Logins", description = "Which credentials to check. Each one is in the format \"user:password\" like \"admin:admin\" for example. Do *not* put any confidential passwords here, the goal is just to check that the default/demo logins, which passwords are known anyway, are disabled.")
        String[] logins() default {"logins"};

        @AttributeDefinition
        String webconsole_configurationFactory_nameHint() default "Default Logins Check: {logins}";
    }

    @Activate
    protected void activate(Config config) {
        this.logins = Arrays.asList(config.logins());
        LOG.info("Activated, logins={}", this.logins);
    }

    /* JADX WARN: Finally extract failed */
    public Result execute() {
        FormattingResultLog formattingResultLog = new FormattingResultLog();
        int i = 0;
        int i2 = 0;
        for (String str : this.logins) {
            String[] split = str.split(":");
            if (split.length != 2) {
                formattingResultLog.warn("Expected login in the form username:password, got [{}]", new Object[]{str});
            } else {
                i++;
                String trim = split[0].trim();
                Session session = null;
                try {
                    try {
                        session = this.repository.login(new SimpleCredentials(trim, split[1].trim().toCharArray()));
                        if (session != null) {
                            i2++;
                            formattingResultLog.warn("Login as [{}] succeeded, was expecting it to fail", new Object[]{trim});
                        } else {
                            formattingResultLog.debug("Login as [{}] didn't throw an Exception but returned null Session", new Object[]{trim});
                        }
                        if (session != null) {
                            session.logout();
                        }
                    } catch (RepositoryException e) {
                        formattingResultLog.debug("Login as [{}] failed, as expected", new Object[]{trim});
                        if (session != null) {
                            session.logout();
                        }
                    }
                } catch (Throwable th) {
                    if (session != null) {
                        session.logout();
                    }
                    throw th;
                }
            }
        }
        if (i == 0) {
            formattingResultLog.warn("Did not check any logins, configured logins={}", new Object[]{this.logins});
        } else if (i2 != 0) {
            formattingResultLog.warn("Checked {} logins, {} failures", new Object[]{Integer.valueOf(i), Integer.valueOf(i2)});
        } else {
            formattingResultLog.debug("Checked {} logins, all successful", new Object[]{Integer.valueOf(i), Integer.valueOf(i2)});
        }
        return new Result(formattingResultLog);
    }
}
