package org.graylog2.bindings.providers;

import com.google.common.collect.ImmutableList;
import java.util.concurrent.TimeUnit;
import javax.inject.Inject;
import javax.inject.Provider;
import javax.inject.Singleton;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.pam.FirstSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.authz.ModularRealmAuthorizer;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
import org.apache.shiro.mgt.DefaultSubjectDAO;
import org.apache.shiro.session.mgt.DefaultSessionManager;
import org.apache.shiro.subject.Subject;
import org.graylog2.security.InMemoryRolePermissionResolver;
import org.graylog2.security.MongoDbSessionDAO;
import org.graylog2.security.OrderedAuthenticatingRealms;
import org.graylog2.security.realm.MongoDbAuthorizationRealm;
import org.graylog2.security.realm.RootAccountRealm;

@Singleton
/* loaded from: input_file:org/graylog2/bindings/providers/DefaultSecurityManagerProvider.class */
public class DefaultSecurityManagerProvider implements Provider<DefaultSecurityManager> {
    private DefaultSecurityManager sm;

    @Inject
    public DefaultSecurityManagerProvider(MongoDbSessionDAO mongoDbSessionDAO, MongoDbAuthorizationRealm mongoDbAuthorizationRealm, RootAccountRealm rootAccountRealm, InMemoryRolePermissionResolver inMemoryRolePermissionResolver, OrderedAuthenticatingRealms orderedAuthenticatingRealms) {
        this.sm = null;
        this.sm = new DefaultSecurityManager(orderedAuthenticatingRealms);
        ModularRealmAuthenticator authenticator = this.sm.getAuthenticator();
        if (authenticator instanceof ModularRealmAuthenticator) {
            authenticator.setAuthenticationStrategy(new FirstSuccessfulStrategy());
        }
        ModularRealmAuthorizer modularRealmAuthorizer = new ModularRealmAuthorizer(ImmutableList.of(mongoDbAuthorizationRealm, rootAccountRealm));
        modularRealmAuthorizer.setRolePermissionResolver(inMemoryRolePermissionResolver);
        this.sm.setAuthorizer(modularRealmAuthorizer);
        DefaultSubjectDAO defaultSubjectDAO = new DefaultSubjectDAO();
        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator() { // from class: org.graylog2.bindings.providers.DefaultSecurityManagerProvider.1
            public boolean isSessionStorageEnabled(Subject subject) {
                return subject.getSession(false) != null;
            }
        };
        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
        defaultSubjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
        this.sm.setSubjectDAO(defaultSubjectDAO);
        DefaultSessionManager sessionManager = this.sm.getSessionManager();
        sessionManager.setSessionDAO(mongoDbSessionDAO);
        sessionManager.setDeleteInvalidSessions(true);
        sessionManager.setSessionValidationInterval(TimeUnit.MINUTES.toMillis(5L));
        sessionManager.setCacheManager(new MemoryConstrainedCacheManager());
        SecurityUtils.setSecurityManager(this.sm);
    }

    /* renamed from: get, reason: merged with bridge method [inline-methods] */
    public DefaultSecurityManager m242get() {
        return this.sm;
    }
}
