package org.apache.brooklyn.rest.security.provider;

import javax.servlet.http.HttpSession;
import org.apache.brooklyn.api.mgmt.ManagementContext;
import org.apache.brooklyn.rest.BrooklynWebConfig;
import org.apache.brooklyn.util.javalang.JavaClassNames;
import org.apache.brooklyn.util.net.Networking;
import org.apache.brooklyn.util.text.Identifiers;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/brooklyn/rest/security/provider/BrooklynUserWithRandomPasswordSecurityProvider.class */
public class BrooklynUserWithRandomPasswordSecurityProvider extends AbstractSecurityProvider implements SecurityProvider {
    public static final Logger LOG = LoggerFactory.getLogger(BrooklynUserWithRandomPasswordSecurityProvider.class);
    private static final String USER = "brooklyn";
    private final String password;

    public BrooklynUserWithRandomPasswordSecurityProvider() {
        this.password = Identifiers.makeRandomId(10);
        LOG.info("Allowing access to web console from localhost or with {}:{}", "brooklyn", this.password);
    }

    public BrooklynUserWithRandomPasswordSecurityProvider(ManagementContext managementContext) {
        this();
    }

    @Override // org.apache.brooklyn.rest.security.provider.SecurityProvider
    public boolean authenticate(HttpSession httpSession, String str, String str2) {
        if (("brooklyn".equals(str) && this.password.equals(str2)) || isRemoteAddressLocalhost(httpSession)) {
            return allow(httpSession, str);
        }
        return false;
    }

    private boolean isRemoteAddressLocalhost(HttpSession httpSession) {
        Object attribute = httpSession.getAttribute(BrooklynWebConfig.REMOTE_ADDRESS_SESSION_ATTRIBUTE);
        if (!(attribute instanceof String)) {
            return false;
        }
        if (!Networking.isLocalhost((String) attribute)) {
            LOG.debug(this + ": password required for " + httpSession + " originating from " + attribute);
            return false;
        }
        if (!LOG.isTraceEnabled()) {
            return true;
        }
        LOG.trace(this + ": granting passwordless access to " + httpSession + " originating from " + attribute);
        return true;
    }

    public String toString() {
        return JavaClassNames.cleanSimpleClassName(this);
    }

    @Override // org.apache.brooklyn.rest.security.provider.SecurityProvider
    public boolean requiresUserPass() {
        return true;
    }
}
