package org.apache.brooklyn.rest.security.provider;

import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.function.Supplier;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.brooklyn.api.mgmt.ManagementContext;
import org.apache.brooklyn.config.StringConfigMap;
import org.apache.brooklyn.core.mgmt.ha.OsgiManager;
import org.apache.brooklyn.rest.BrooklynWebConfig;
import org.apache.brooklyn.rest.security.provider.SecurityProvider;
import org.apache.brooklyn.util.core.ClassLoaderUtils;
import org.apache.brooklyn.util.exceptions.Exceptions;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.class */
public class DelegatingSecurityProvider implements SecurityProvider {
    private static final Logger log = LoggerFactory.getLogger(DelegatingSecurityProvider.class);
    protected final ManagementContext mgmt;
    private SecurityProvider delegate;

    public DelegatingSecurityProvider(ManagementContext managementContext) {
        this.mgmt = managementContext;
    }

    public static SecurityProvider getTarget(SecurityProvider securityProvider) {
        return securityProvider instanceof DelegatingSecurityProvider ? getTarget(((DelegatingSecurityProvider) securityProvider).getDelegate()) : securityProvider;
    }

    public synchronized SecurityProvider getDelegate() {
        if (this.delegate == null) {
            this.delegate = loadDelegate();
        }
        return this.delegate;
    }

    private synchronized SecurityProvider loadDelegate() {
        String str;
        StringConfigMap config = this.mgmt.getConfig();
        SecurityProvider securityProvider = (SecurityProvider) config.getConfig(BrooklynWebConfig.SECURITY_PROVIDER_INSTANCE);
        if (securityProvider != null) {
            log.trace("Brooklyn security: using pre-set security provider {}", securityProvider);
            return securityProvider;
        }
        String str2 = (String) config.getConfig(BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME);
        if (this.delegate != null && BrooklynWebConfig.hasNoSecurityOptions(this.mgmt.getConfig())) {
            log.debug("Brooklyn security: {} refusing to change from {}: No security provider set in reloaded properties.", this, this.delegate);
            return this.delegate;
        }
        try {
            str = (String) config.getConfig(BrooklynWebConfig.SECURITY_PROVIDER_BUNDLE);
        } catch (Exception e) {
            log.warn("Brooklyn security: unable to instantiate security provider " + str2 + "; all logins are being disallowed", e);
            this.delegate = new BlackholeSecurityProvider();
        }
        synchronized (DelegatingSecurityProvider.class) {
            SecurityProvider securityProvider2 = (SecurityProvider) config.getConfig(BrooklynWebConfig.SECURITY_PROVIDER_INSTANCE);
            if (securityProvider2 != null) {
                log.trace("Brooklyn security: using pre-set security provider, found late - {}", securityProvider2);
                return securityProvider2;
            }
            if (str != null) {
                String str3 = (String) config.getConfig(BrooklynWebConfig.SECURITY_PROVIDER_BUNDLE_VERSION);
                log.info("Brooklyn security: using security provider " + str2 + " from " + str + ":" + str3);
                this.delegate = loadProviderFromBundle(this.mgmt, ((OsgiManager) this.mgmt.getOsgiManager().get()).getFramework().getBundleContext(), str, str3, str2);
                saveDelegate();
            } else {
                log.info("Brooklyn security: using security provider " + str2);
                this.delegate = createSecurityProviderInstance(this.mgmt, new ClassLoaderUtils(this, this.mgmt).loadClass(str2));
                saveDelegate();
            }
            return this.delegate;
        }
    }

    private void saveDelegate() {
        this.mgmt.getConfig().put(BrooklynWebConfig.SECURITY_PROVIDER_INSTANCE, this.delegate);
        this.mgmt.getScratchpad().put(BrooklynWebConfig.SECURITY_PROVIDER_INSTANCE, this.delegate);
    }

    public static SecurityProvider loadProviderFromBundle(ManagementContext managementContext, BundleContext bundleContext, String str, String str2, String str3) {
        try {
            Collection<Bundle> matchingBundles = getMatchingBundles(bundleContext, str, str2);
            if (matchingBundles.isEmpty()) {
                throw new IllegalStateException("No bundle " + str + ":" + str2 + " found");
            }
            if (matchingBundles.size() > 1) {
                log.warn("Brooklyn security: found multiple bundles matching symbolicName " + str + " and version " + str2 + " while trying to load security provider " + str3 + ". Will use first one that loads the class successfully.");
            }
            SecurityProvider tryLoadClass = tryLoadClass(managementContext, str3, matchingBundles);
            if (tryLoadClass == null) {
                throw new ClassNotFoundException("Unable to load class " + str3 + " from bundle " + str + ":" + str2);
            }
            return tryLoadClass;
        } catch (Exception e) {
            Exceptions.propagateIfFatal(e);
            throw new IllegalStateException("Can not load or create security provider " + str3 + " for bundle " + str + ":" + str2, e);
        }
    }

    private static SecurityProvider tryLoadClass(ManagementContext managementContext, String str, Collection<Bundle> collection) throws NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException {
        Iterator<Bundle> it = collection.iterator();
        while (it.hasNext()) {
            try {
                return createSecurityProviderInstance(managementContext, it.next().loadClass(str));
            } catch (ClassNotFoundException e) {
            }
        }
        return null;
    }

    private static Collection<Bundle> getMatchingBundles(BundleContext bundleContext, String str, String str2) {
        ArrayList arrayList = new ArrayList();
        for (Bundle bundle : bundleContext.getBundles()) {
            if (bundle.getSymbolicName().equals(str) && (str2 == null || bundle.getVersion().toString().equals(str2))) {
                arrayList.add(bundle);
            }
        }
        return arrayList;
    }

    public static SecurityProvider createSecurityProviderInstance(ManagementContext managementContext, Class<? extends SecurityProvider> cls) throws NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException {
        SecurityProvider newInstance;
        Constructor<? extends SecurityProvider> constructor = null;
        try {
            constructor = cls.getConstructor(ManagementContext.class);
        } catch (NoSuchMethodException e) {
        }
        if (constructor != null) {
            newInstance = constructor.newInstance(managementContext);
        } else {
            try {
                constructor = cls.getConstructor(new Class[0]);
            } catch (NoSuchMethodException e2) {
            }
            if (constructor == null) {
                throw new NoSuchMethodException("Security provider " + cls + " does not have required no-arg or 1-arg (mgmt) constructor");
            }
            newInstance = constructor.newInstance(new Object[0]);
        }
        if (newInstance instanceof SecurityProvider) {
            return newInstance;
        }
        throw new ClassCastException("Delegate is either not a security provider or has an incompatible classloader: " + newInstance);
    }

    @Override // org.apache.brooklyn.rest.security.provider.SecurityProvider
    public boolean isAuthenticated(HttpSession httpSession) {
        return getDelegate().isAuthenticated(httpSession);
    }

    @Override // org.apache.brooklyn.rest.security.provider.SecurityProvider
    public boolean authenticate(HttpServletRequest httpServletRequest, Supplier<HttpSession> supplier, String str, String str2) throws SecurityProvider.SecurityProviderDeniedAuthentication {
        boolean authenticate = getDelegate().authenticate(httpServletRequest, supplier, str, str2);
        if (log.isTraceEnabled() && authenticate) {
            log.trace("User {} authenticated with provider {}", str, getDelegate());
        } else if (!authenticate && log.isDebugEnabled()) {
            log.debug("Failed authentication for user {} with provider {}", str, getDelegate());
        }
        return authenticate;
    }

    @Override // org.apache.brooklyn.rest.security.provider.SecurityProvider
    public boolean logout(HttpSession httpSession) {
        return getDelegate().logout(httpSession);
    }

    @Override // org.apache.brooklyn.rest.security.provider.SecurityProvider
    public boolean requiresUserPass() {
        return getDelegate().requiresUserPass();
    }

    public String toString() {
        return super.toString() + "[" + getDelegate() + "]";
    }
}
