package org.apache.brooklyn.rest.security.provider;

import java.util.concurrent.atomic.AtomicLong;
import javax.servlet.http.HttpSession;
import org.apache.brooklyn.api.mgmt.ManagementContext;
import org.apache.brooklyn.config.StringConfigMap;
import org.apache.brooklyn.rest.BrooklynWebConfig;
import org.apache.brooklyn.util.text.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.class */
public class DelegatingSecurityProvider implements SecurityProvider {
    private static final Logger log = LoggerFactory.getLogger(DelegatingSecurityProvider.class);
    protected final ManagementContext mgmt;
    private SecurityProvider delegate;
    private final AtomicLong modCount = new AtomicLong();

    /* loaded from: input_file:org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider$PropertiesListener.class */
    private class PropertiesListener implements ManagementContext.PropertiesReloadListener {
        private static final long serialVersionUID = 8148722609022378917L;

        private PropertiesListener() {
        }

        public void reloaded() {
            DelegatingSecurityProvider.log.debug("{} reloading security provider", DelegatingSecurityProvider.this);
            synchronized (DelegatingSecurityProvider.this) {
                DelegatingSecurityProvider.this.loadDelegate();
                DelegatingSecurityProvider.this.invalidateExistingSessions();
            }
        }
    }

    public DelegatingSecurityProvider(ManagementContext managementContext) {
        this.mgmt = managementContext;
        managementContext.addPropertiesReloadListener(new PropertiesListener());
    }

    public synchronized SecurityProvider getDelegate() {
        if (this.delegate == null) {
            this.delegate = loadDelegate();
        }
        return this.delegate;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized SecurityProvider loadDelegate() {
        Class<?> cls;
        StringConfigMap config = this.mgmt.getConfig();
        SecurityProvider securityProvider = (SecurityProvider) config.getConfig(BrooklynWebConfig.SECURITY_PROVIDER_INSTANCE);
        if (securityProvider != null) {
            log.info("REST using pre-set security provider " + securityProvider);
            return securityProvider;
        }
        String str = (String) config.getConfig(BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME);
        if (this.delegate != null && BrooklynWebConfig.hasNoSecurityOptions(this.mgmt.getConfig())) {
            log.debug("{} refusing to change from {}: No security provider set in reloaded properties.", this, this.delegate);
            return this.delegate;
        }
        log.info("REST using security provider " + str);
        try {
            try {
                cls = Class.forName(str);
            } catch (Exception e) {
                if (!str.startsWith("brooklyn.web.console.security.")) {
                    throw e;
                }
                str = DelegatingSecurityProvider.class.getPackage().getName() + "." + Strings.removeFromStart(str, "brooklyn.web.console.security.");
                cls = Class.forName(str);
                log.warn("Deprecated package brooklyn.web.console.security. detected; please update security provider to point to " + str);
            }
            try {
                this.delegate = (SecurityProvider) cls.getConstructor(ManagementContext.class).newInstance(this.mgmt);
            } catch (Exception e2) {
                Object newInstance = cls.getConstructor(new Class[0]).newInstance(new Object[0]);
                if (!(newInstance instanceof SecurityProvider)) {
                    throw new ClassCastException("Delegate is either not a security provider or has an incompatible classloader: " + newInstance);
                }
                this.delegate = (SecurityProvider) newInstance;
            }
        } catch (Exception e3) {
            log.warn("REST unable to instantiate security provider " + str + "; all logins are being disallowed", e3);
            this.delegate = new BlackholeSecurityProvider();
        }
        this.mgmt.getBrooklynProperties().put(BrooklynWebConfig.SECURITY_PROVIDER_INSTANCE, this.delegate);
        return this.delegate;
    }

    protected void invalidateExistingSessions() {
        this.modCount.incrementAndGet();
    }

    @Override // org.apache.brooklyn.rest.security.provider.SecurityProvider
    public boolean isAuthenticated(HttpSession httpSession) {
        if (httpSession == null) {
            return false;
        }
        return getDelegate().isAuthenticated(httpSession) && Long.valueOf(this.modCount.get()).equals(httpSession.getAttribute(getModificationCountKey()));
    }

    @Override // org.apache.brooklyn.rest.security.provider.SecurityProvider
    public boolean authenticate(HttpSession httpSession, String str, String str2) {
        boolean authenticate = getDelegate().authenticate(httpSession, str, str2);
        if (authenticate) {
            httpSession.setAttribute(getModificationCountKey(), Long.valueOf(this.modCount.get()));
        }
        if (log.isTraceEnabled() && authenticate) {
            log.trace("User {} authenticated with provider {}", str, getDelegate());
        } else if (!authenticate && log.isDebugEnabled()) {
            log.debug("Failed authentication for user {} with provider {}", str, getDelegate());
        }
        return authenticate;
    }

    @Override // org.apache.brooklyn.rest.security.provider.SecurityProvider
    public boolean logout(HttpSession httpSession) {
        boolean logout = getDelegate().logout(httpSession);
        if (logout) {
            httpSession.removeAttribute(getModificationCountKey());
        }
        return logout;
    }

    private String getModificationCountKey() {
        return getClass().getName() + ".ModCount";
    }
}
