package org.apache.felix.jaas.internal;

import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.ConfigurationSpi;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.felix.jaas.LoginContextFactory;
import org.apache.felix.jaas.LoginModuleFactory;
import org.apache.felix.jaas.boot.ProxyLoginModule;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceReference;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.cm.ConfigurationException;
import org.osgi.service.cm.ManagedService;
import org.osgi.util.tracker.ServiceTracker;
import org.osgi.util.tracker.ServiceTrackerCustomizer;

/* loaded from: input_file:org/apache/felix/jaas/internal/ConfigSpiOsgi.class */
public class ConfigSpiOsgi extends ConfigurationSpi implements ManagedService, ServiceTrackerCustomizer, LoginContextFactory {
    public static final String JAAS_CONFIG_ALGO_NAME = "JavaLoginConfig";
    public static final String SERVICE_PID = "org.apache.felix.jaas.ConfigurationSpi";
    private final Logger log;
    private static final String DEFAULT_REALM_NAME = "other";
    private static final String JAAS_DEFAULT_REALM_NAME = "jaas.defaultRealmName";
    private String defaultRealmName;
    private static final String DEFAULT_CONFIG_PROVIDER_NAME = "FelixJaasProvider";
    private static final String JAAS_CONFIG_PROVIDER_NAME = "jaas.configProviderName";
    static final String JAAS_CONFIG_POLICY = "jaas.globalConfigPolicy";
    private volatile String jaasConfigProviderName;
    private final BundleContext context;
    private final ServiceTracker tracker;
    private ServiceRegistration spiReg;
    private Map<String, Realm> configs = Collections.emptyMap();
    private final Configuration osgiConfig = new OsgiConfiguration();
    private volatile GlobalConfigurationPolicy globalConfigPolicy = GlobalConfigurationPolicy.DEFAULT;
    private final Map<ServiceReference, LoginModuleProvider> providerMap = new ConcurrentHashMap();
    private final Object lock = new Object();
    private final Configuration originalConfig = getGlobalConfiguration();
    private final Configuration proxyConfig = new DelegatingConfiguration(this.osgiConfig, this.originalConfig);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/felix/jaas/internal/ConfigSpiOsgi$AppConfigurationHolder.class */
    public static final class AppConfigurationHolder implements Comparable<AppConfigurationHolder> {
        private static final String LOGIN_MODULE_CLASS = ProxyLoginModule.class.getName();
        private final LoginModuleProvider provider;
        private final int ranking;
        private final AppConfigurationEntry entry;

        public AppConfigurationHolder(LoginModuleProvider loginModuleProvider) {
            this.provider = loginModuleProvider;
            this.ranking = loginModuleProvider.ranking();
            HashMap hashMap = new HashMap(loginModuleProvider.options());
            hashMap.put(ProxyLoginModule.PROP_LOGIN_MODULE_FACTORY, loginModuleProvider);
            this.entry = new AppConfigurationEntry(LOGIN_MODULE_CLASS, loginModuleProvider.getControlFlag(), Collections.unmodifiableMap(hashMap));
        }

        @Override // java.lang.Comparable
        public int compareTo(AppConfigurationHolder appConfigurationHolder) {
            if (this.ranking == appConfigurationHolder.ranking) {
                return 0;
            }
            return this.ranking > appConfigurationHolder.ranking ? -1 : 1;
        }

        public AppConfigurationEntry getEntry() {
            return this.entry;
        }

        public LoginModuleProvider getProvider() {
            return this.provider;
        }
    }

    /* loaded from: input_file:org/apache/felix/jaas/internal/ConfigSpiOsgi$ConfigurationService.class */
    private class ConfigurationService extends Provider.Service {
        public ConfigurationService(Provider provider) {
            super(provider, OSGiProvider.TYPE_CONFIGURATION, ConfigSpiOsgi.JAAS_CONFIG_ALGO_NAME, ConfigSpiOsgi.class.getName(), Collections.emptyList(), Collections.emptyMap());
        }

        @Override // java.security.Provider.Service
        public Object newInstance(Object obj) throws NoSuchAlgorithmException {
            return ConfigSpiOsgi.this;
        }
    }

    /* loaded from: input_file:org/apache/felix/jaas/internal/ConfigSpiOsgi$DelegatingConfiguration.class */
    private class DelegatingConfiguration extends Configuration {
        private final Configuration primary;
        private final Configuration secondary;

        private DelegatingConfiguration(Configuration configuration, Configuration configuration2) {
            this.primary = configuration;
            this.secondary = configuration2;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            AppConfigurationEntry[] appConfigurationEntryArr = null;
            try {
                appConfigurationEntryArr = this.primary.getAppConfigurationEntry(str);
            } catch (Exception e) {
            }
            if (appConfigurationEntryArr == null) {
                try {
                    appConfigurationEntryArr = this.secondary.getAppConfigurationEntry(str);
                } catch (Exception e2) {
                }
            }
            return appConfigurationEntryArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/felix/jaas/internal/ConfigSpiOsgi$GlobalConfigurationPolicy.class */
    public enum GlobalConfigurationPolicy {
        DEFAULT,
        REPLACE,
        PROXY
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/felix/jaas/internal/ConfigSpiOsgi$OSGiProvider.class */
    public class OSGiProvider extends Provider {
        public static final String TYPE_CONFIGURATION = "Configuration";

        OSGiProvider(String str) {
            super(str, 1.0d, "OSGi based provider for Jaas configuration");
        }

        @Override // java.security.Provider
        public synchronized Provider.Service getService(String str, String str2) {
            return (TYPE_CONFIGURATION.equals(str) && ConfigSpiOsgi.JAAS_CONFIG_ALGO_NAME.equals(str2)) ? new ConfigurationService(this) : super.getService(str, str2);
        }
    }

    /* loaded from: input_file:org/apache/felix/jaas/internal/ConfigSpiOsgi$OsgiConfiguration.class */
    private class OsgiConfiguration extends Configuration {
        private OsgiConfiguration() {
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            return ConfigSpiOsgi.this.engineGetAppConfigurationEntry(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/felix/jaas/internal/ConfigSpiOsgi$Realm.class */
    public static final class Realm {
        private final String realmName;
        private AppConfigurationEntry[] configArray;
        private List<AppConfigurationHolder> configs = new ArrayList();

        Realm(String str) {
            this.realmName = str;
        }

        public void add(AppConfigurationHolder appConfigurationHolder) {
            this.configs.add(appConfigurationHolder);
        }

        public void afterPropertiesSet() {
            Collections.sort(this.configs);
            this.configArray = new AppConfigurationEntry[this.configs.size()];
            for (int i = 0; i < this.configs.size(); i++) {
                this.configArray[i] = this.configs.get(i).getEntry();
            }
            this.configs = Collections.unmodifiableList(this.configs);
        }

        public String getRealmName() {
            return this.realmName;
        }

        public List<AppConfigurationHolder> getConfigs() {
            return this.configs;
        }

        public AppConfigurationEntry[] engineGetAppConfigurationEntry() {
            return (AppConfigurationEntry[]) Arrays.copyOf(this.configArray, this.configArray.length);
        }

        public String toString() {
            return "Realm{realmName='" + this.realmName + "'}";
        }
    }

    public ConfigSpiOsgi(BundleContext bundleContext, Logger logger) throws ConfigurationException {
        this.context = bundleContext;
        this.log = logger;
        updated(getDefaultConfig());
        this.tracker = new ServiceTracker(bundleContext, LoginModuleFactory.class.getName(), this);
        Properties properties = new Properties();
        properties.setProperty("service.vendor", "Apache Software Foundation");
        properties.setProperty("service.pid", SERVICE_PID);
        this.context.registerService(ManagedService.class.getName(), this, properties);
        this.context.registerService(LoginContextFactory.class.getName(), this, new Properties());
    }

    @Override // org.apache.felix.jaas.LoginContextFactory
    public LoginContext createLoginContext(String str, Subject subject, CallbackHandler callbackHandler) throws LoginException {
        Thread currentThread = Thread.currentThread();
        ClassLoader contextClassLoader = currentThread.getContextClassLoader();
        try {
            try {
                try {
                    currentThread.setContextClassLoader(ProxyLoginModule.class.getClassLoader());
                    LoginContext loginContext = new LoginContext(str, subject, callbackHandler, Configuration.getInstance(JAAS_CONFIG_ALGO_NAME, (Configuration.Parameters) null, this.jaasConfigProviderName));
                    currentThread.setContextClassLoader(contextClassLoader);
                    return loginContext;
                } catch (NoSuchAlgorithmException e) {
                    throw new LoginException(e.getMessage());
                }
            } catch (NoSuchProviderException e2) {
                throw new LoginException(e2.getMessage());
            }
        } catch (Throwable th) {
            currentThread.setContextClassLoader(contextClassLoader);
            throw th;
        }
    }

    protected AppConfigurationEntry[] engineGetAppConfigurationEntry(String str) {
        Realm realm = this.configs.get(str);
        if (realm != null) {
            return realm.engineGetAppConfigurationEntry();
        }
        this.log.log(2, "No JAAS module configured for realm " + str);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, Realm> getAllConfiguration() {
        return this.configs;
    }

    private void recreateConfigs() {
        HashMap hashMap = new HashMap();
        for (LoginModuleProvider loginModuleProvider : this.providerMap.values()) {
            String realmName = loginModuleProvider.realmName();
            if (realmName == null) {
                realmName = this.defaultRealmName;
            }
            Realm realm = (Realm) hashMap.get(realmName);
            if (realm == null) {
                realm = new Realm(realmName);
                hashMap.put(realmName, realm);
            }
            realm.add(new AppConfigurationHolder(loginModuleProvider));
        }
        Iterator it = hashMap.values().iterator();
        while (it.hasNext()) {
            ((Realm) it.next()).afterPropertiesSet();
        }
        if (!hashMap.isEmpty() && this.spiReg == null) {
            Properties properties = new Properties();
            properties.setProperty("providerName", "felix");
            synchronized (this.lock) {
                this.spiReg = this.context.registerService(ConfigurationSpi.class.getName(), this, properties);
            }
        }
        synchronized (this.lock) {
            this.configs = Collections.unmodifiableMap(hashMap);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void open() {
        this.configs = Collections.emptyMap();
        this.tracker.open();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void close() {
        this.tracker.close();
        deregisterProvider(this.jaasConfigProviderName);
        synchronized (this.lock) {
            this.providerMap.clear();
            this.configs = null;
        }
        if (this.globalConfigPolicy != GlobalConfigurationPolicy.DEFAULT) {
            restoreOriginalConfiguration();
        }
    }

    public synchronized void updated(Dictionary dictionary) throws ConfigurationException {
        if (dictionary == null) {
            return;
        }
        String propertiesUtil = PropertiesUtil.toString(dictionary.get(JAAS_DEFAULT_REALM_NAME), DEFAULT_REALM_NAME);
        if (!propertiesUtil.equals(this.defaultRealmName)) {
            this.defaultRealmName = propertiesUtil;
            recreateConfigs();
        }
        String propertiesUtil2 = PropertiesUtil.toString(dictionary.get(JAAS_CONFIG_PROVIDER_NAME), DEFAULT_CONFIG_PROVIDER_NAME);
        deregisterProvider(this.jaasConfigProviderName);
        registerProvider(propertiesUtil2);
        this.jaasConfigProviderName = propertiesUtil2;
        manageGlobalConfiguration(dictionary);
    }

    private void manageGlobalConfiguration(Dictionary dictionary) {
        String trimToNull = Util.trimToNull(PropertiesUtil.toString(dictionary.get(JAAS_CONFIG_POLICY), GlobalConfigurationPolicy.DEFAULT.name()));
        GlobalConfigurationPolicy globalConfigurationPolicy = GlobalConfigurationPolicy.DEFAULT;
        if (trimToNull != null) {
            globalConfigurationPolicy = GlobalConfigurationPolicy.valueOf(trimToNull.toUpperCase());
        }
        this.globalConfigPolicy = globalConfigurationPolicy;
        if (globalConfigurationPolicy == GlobalConfigurationPolicy.REPLACE) {
            Configuration.setConfiguration(this.osgiConfig);
            this.log.log(3, "Replacing the global JAAS configuration with OSGi based configuration");
        } else if (globalConfigurationPolicy == GlobalConfigurationPolicy.PROXY) {
            Configuration.setConfiguration(this.proxyConfig);
            this.log.log(3, "Replacing the global JAAS configuration with OSGi based proxy configuration. It would look first in the OSGi based configuration and if not found would use the default global configuration");
        } else if (globalConfigurationPolicy == GlobalConfigurationPolicy.DEFAULT) {
            restoreOriginalConfiguration();
        }
    }

    private void restoreOriginalConfiguration() {
        if (this.originalConfig == null || Configuration.getConfiguration() == this.originalConfig) {
            return;
        }
        Configuration.setConfiguration(this.originalConfig);
    }

    private Dictionary<String, String> getDefaultConfig() throws ConfigurationException {
        Hashtable hashtable = new Hashtable();
        put(hashtable, JAAS_DEFAULT_REALM_NAME, DEFAULT_REALM_NAME);
        put(hashtable, JAAS_CONFIG_PROVIDER_NAME, DEFAULT_CONFIG_PROVIDER_NAME);
        put(hashtable, JAAS_CONFIG_POLICY, GlobalConfigurationPolicy.DEFAULT.name());
        return hashtable;
    }

    private void put(Dictionary<String, String> dictionary, String str, String str2) {
        dictionary.put(str, PropertiesUtil.toString(this.context.getProperty(str), str2));
    }

    private void registerProvider(String str) {
        Security.addProvider(new OSGiProvider(str));
        this.log.log(3, "Registered provider " + str + " for managing JAAS config with type " + JAAS_CONFIG_ALGO_NAME);
    }

    private void deregisterProvider(String str) {
        Security.removeProvider(str);
        this.log.log(3, "Removed provider " + str + " type " + JAAS_CONFIG_ALGO_NAME + " from Security providers list");
    }

    public Object addingService(ServiceReference serviceReference) {
        LoginModuleFactory loginModuleFactory = (LoginModuleFactory) this.context.getService(serviceReference);
        registerFactory(serviceReference, loginModuleFactory);
        recreateConfigs();
        return loginModuleFactory;
    }

    public void modifiedService(ServiceReference serviceReference, Object obj) {
        LoginModuleProvider loginModuleProvider = this.providerMap.get(serviceReference);
        if (loginModuleProvider instanceof OsgiLoginModuleProvider) {
            ((OsgiLoginModuleProvider) loginModuleProvider).configure();
        }
        recreateConfigs();
    }

    public void removedService(ServiceReference serviceReference, Object obj) {
        deregisterFactory(serviceReference);
        recreateConfigs();
        this.context.ungetService(serviceReference);
    }

    private void deregisterFactory(ServiceReference serviceReference) {
        LoginModuleProvider remove = this.providerMap.remove(serviceReference);
        if (remove != null) {
            this.log.log(3, "Deregistering LoginModuleFactory " + remove);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v9, types: [org.apache.felix.jaas.internal.LoginModuleProvider] */
    private void registerFactory(ServiceReference serviceReference, LoginModuleFactory loginModuleFactory) {
        OsgiLoginModuleProvider osgiLoginModuleProvider = loginModuleFactory instanceof LoginModuleProvider ? (LoginModuleProvider) loginModuleFactory : new OsgiLoginModuleProvider(serviceReference, loginModuleFactory);
        this.log.log(3, "Registering LoginModuleFactory " + loginModuleFactory);
        this.providerMap.put(serviceReference, osgiLoginModuleProvider);
    }

    private static Configuration getGlobalConfiguration() {
        try {
            return Configuration.getConfiguration();
        } catch (Exception e) {
            return null;
        }
    }
}
