package org.graylog2.bindings.providers;

import com.google.common.collect.Lists;
import javax.inject.Inject;
import javax.inject.Provider;
import javax.inject.Singleton;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authc.pam.FirstSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.authz.ModularRealmAuthorizer;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
import org.apache.shiro.mgt.DefaultSubjectDAO;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.mgt.DefaultSessionManager;
import org.apache.shiro.subject.Subject;
import org.graylog2.Configuration;
import org.graylog2.security.MongoDbSessionDAO;
import org.graylog2.security.realm.AccessTokenAuthenticator;
import org.graylog2.security.realm.GraylogSimpleAccountRealm;
import org.graylog2.security.realm.LdapUserAuthenticator;
import org.graylog2.security.realm.MongoDbAuthorizationRealm;
import org.graylog2.security.realm.PasswordAuthenticator;
import org.graylog2.security.realm.SessionAuthenticator;
import org.graylog2.users.UserImpl;

@Singleton
/* loaded from: input_file:org/graylog2/bindings/providers/DefaultSecurityManagerProvider.class */
public class DefaultSecurityManagerProvider implements Provider<DefaultSecurityManager> {
    private static DefaultSecurityManager sm = null;

    /* JADX WARN: Multi-variable type inference failed */
    @Inject
    public DefaultSecurityManagerProvider(MongoDbSessionDAO mongoDbSessionDAO, PasswordAuthenticator passwordAuthenticator, MongoDbAuthorizationRealm mongoDbAuthorizationRealm, LdapUserAuthenticator ldapUserAuthenticator, SessionAuthenticator sessionAuthenticator, AccessTokenAuthenticator accessTokenAuthenticator, Configuration configuration) {
        GraylogSimpleAccountRealm graylogSimpleAccountRealm = new GraylogSimpleAccountRealm();
        graylogSimpleAccountRealm.setCachingEnabled(false);
        graylogSimpleAccountRealm.addRootAccount(configuration.getRootUsername(), configuration.getRootPasswordSha2());
        graylogSimpleAccountRealm.setCredentialsMatcher(new HashedCredentialsMatcher("SHA-256"));
        passwordAuthenticator.setCachingEnabled(false);
        passwordAuthenticator.setCredentialsMatcher(new HashedCredentialsMatcher(UserImpl.HASH_ALGORITHM));
        mongoDbAuthorizationRealm.setCachingEnabled(false);
        ldapUserAuthenticator.setCachingEnabled(false);
        sessionAuthenticator.setCachingEnabled(false);
        accessTokenAuthenticator.setCachingEnabled(false);
        sm = new DefaultSecurityManager(Lists.newArrayList(new Realm[]{sessionAuthenticator, accessTokenAuthenticator, ldapUserAuthenticator, passwordAuthenticator, graylogSimpleAccountRealm}));
        ModularRealmAuthenticator authenticator = sm.getAuthenticator();
        if (authenticator instanceof ModularRealmAuthenticator) {
            authenticator.setAuthenticationStrategy(new FirstSuccessfulStrategy());
        }
        sm.setAuthorizer(new ModularRealmAuthorizer(Lists.newArrayList(new Realm[]{mongoDbAuthorizationRealm, graylogSimpleAccountRealm})));
        DefaultSubjectDAO defaultSubjectDAO = new DefaultSubjectDAO();
        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator() { // from class: org.graylog2.bindings.providers.DefaultSecurityManagerProvider.1
            public boolean isSessionStorageEnabled(Subject subject) {
                return subject.getSession(false) != null;
            }
        };
        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
        defaultSubjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
        sm.setSubjectDAO(defaultSubjectDAO);
        DefaultSessionManager sessionManager = sm.getSessionManager();
        sessionManager.setSessionDAO(mongoDbSessionDAO);
        sessionManager.setDeleteInvalidSessions(true);
        sessionManager.setCacheManager(new MemoryConstrainedCacheManager());
        SecurityUtils.setSecurityManager(sm);
    }

    /* renamed from: get, reason: merged with bridge method [inline-methods] */
    public DefaultSecurityManager m21get() {
        return sm;
    }
}
