package org.apache.jackrabbit.oak.security.internal;

import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Modified;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.PropertyUnbounded;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.felix.scr.annotations.References;
import org.apache.jackrabbit.oak.commons.PropertiesUtil;
import org.apache.jackrabbit.oak.osgi.OsgiWhiteboard;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.CompositeTokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.CompositePrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableNodeName;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardAuthorizableActionProvider;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardRestrictionProvider;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceRegistration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/oak-upgrade-1.0.39.jar:org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.class
 */
@References({@Reference(name = "principalConfiguration", referenceInterface = PrincipalConfiguration.class, cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, policy = ReferencePolicy.DYNAMIC), @Reference(name = "tokenConfiguration", referenceInterface = TokenConfiguration.class, cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, policy = ReferencePolicy.DYNAMIC), @Reference(name = UserConstants.PARAM_AUTHORIZABLE_NODE_NAME, referenceInterface = AuthorizableNodeName.class, cardinality = ReferenceCardinality.OPTIONAL_UNARY, policy = ReferencePolicy.DYNAMIC), @Reference(name = UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, referenceInterface = AuthorizableActionProvider.class, cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, policy = ReferencePolicy.DYNAMIC), @Reference(name = AccessControlConstants.PARAM_RESTRICTION_PROVIDER, referenceInterface = RestrictionProvider.class, cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, policy = ReferencePolicy.DYNAMIC)})
@Component(immediate = true, metatype = true, label = "Apache Jackrabbit Oak SecurityProvider", description = "The default SecurityProvider embedded in Apache Jackrabbit Oak")
@Properties({@Property(name = "requiredServicePids", label = "Required service PIDs", description = "The SecurityProvider will not register itself unless the services identified by these PIDs are registered first. Only the PIDs of implementations of the following interfaces are checked: PrincipalConfiguration, TokenConfiguration, AuthorizableNodeName, AuthorizableActionProvider, and RestrictionProvider.", value = {"org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl", "org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl", "org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider", "org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl"}, unbounded = PropertyUnbounded.ARRAY)})
/* loaded from: input_file:WEB-INF/lib/oak-core-1.0.39.jar:org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.class */
public class SecurityProviderRegistration {
    private static final Logger log = LoggerFactory.getLogger(SecurityProviderRegistration.class);

    @Reference
    private AuthorizationConfiguration authorizationConfiguration;

    @Reference
    private AuthenticationConfiguration authenticationConfiguration;

    @Reference
    private PrivilegeConfiguration privilegeConfiguration;

    @Reference
    private UserConfiguration userConfiguration;
    private BundleContext context;
    private ServiceRegistration registration;
    private boolean registering;
    private final Preconditions preconditions = new Preconditions();
    private final List<PrincipalConfiguration> principalConfigurations = Lists.newCopyOnWriteArrayList();
    private final List<TokenConfiguration> tokenConfigurations = Lists.newCopyOnWriteArrayList();
    private final List<AuthorizableActionProvider> authorizableActionProviders = Lists.newCopyOnWriteArrayList();
    private final List<RestrictionProvider> restrictionProviders = Lists.newCopyOnWriteArrayList();
    private volatile AuthorizableNodeName authorizableNodeName = AuthorizableNodeName.DEFAULT;

    @Activate
    public void activate(BundleContext bundleContext, Map<String, Object> map) {
        String[] requiredServicePids = getRequiredServicePids(map);
        synchronized (this) {
            for (String str : requiredServicePids) {
                this.preconditions.addPrecondition(str);
            }
            this.context = bundleContext;
        }
        maybeRegister();
    }

    @Modified
    public void modified(Map<String, Object> map) {
        String[] requiredServicePids = getRequiredServicePids(map);
        synchronized (this) {
            this.preconditions.clearPreconditions();
            for (String str : requiredServicePids) {
                this.preconditions.addPrecondition(str);
            }
        }
        maybeUnregister();
        maybeRegister();
    }

    @Deactivate
    public void deactivate() {
        ServiceRegistration serviceRegistration;
        synchronized (this) {
            serviceRegistration = this.registration;
            this.registration = null;
            this.registering = false;
            this.context = null;
            this.preconditions.clearPreconditions();
        }
        if (serviceRegistration != null) {
            serviceRegistration.unregister();
        }
    }

    public void bindAuthorizationConfiguration(AuthorizationConfiguration authorizationConfiguration) {
        this.authorizationConfiguration = authorizationConfiguration;
    }

    public void unbindAuthorizationConfiguration(AuthorizationConfiguration authorizationConfiguration) {
        this.authorizationConfiguration = null;
    }

    public void bindAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
        this.authenticationConfiguration = authenticationConfiguration;
    }

    public void unbindAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
        this.authenticationConfiguration = null;
    }

    public void bindPrivilegeConfiguration(PrivilegeConfiguration privilegeConfiguration) {
        this.privilegeConfiguration = privilegeConfiguration;
    }

    public void unbindPrivilegeConfiguration(PrivilegeConfiguration privilegeConfiguration) {
        this.privilegeConfiguration = null;
    }

    public void bindUserConfiguration(UserConfiguration userConfiguration) {
        this.userConfiguration = userConfiguration;
    }

    public void unbindUserConfiguration(UserConfiguration userConfiguration) {
        this.userConfiguration = null;
    }

    public void bindPrincipalConfiguration(PrincipalConfiguration principalConfiguration, Map<String, Object> map) {
        synchronized (this) {
            this.principalConfigurations.add(principalConfiguration);
            addCandidate(map);
        }
        maybeRegister();
    }

    public void unbindPrincipalConfiguration(PrincipalConfiguration principalConfiguration, Map<String, Object> map) {
        synchronized (this) {
            this.principalConfigurations.remove(principalConfiguration);
            removeCandidate(map);
        }
        maybeUnregister();
    }

    public void bindTokenConfiguration(TokenConfiguration tokenConfiguration, Map<String, Object> map) {
        synchronized (this) {
            this.tokenConfigurations.add(tokenConfiguration);
            addCandidate(map);
        }
        maybeRegister();
    }

    public void unbindTokenConfiguration(TokenConfiguration tokenConfiguration, Map<String, Object> map) {
        synchronized (this) {
            this.tokenConfigurations.remove(tokenConfiguration);
            removeCandidate(map);
        }
        maybeUnregister();
    }

    public void bindAuthorizableNodeName(AuthorizableNodeName authorizableNodeName, Map<String, Object> map) {
        synchronized (this) {
            this.authorizableNodeName = authorizableNodeName;
            addCandidate(map);
        }
        maybeRegister();
    }

    public void unbindAuthorizableNodeName(AuthorizableNodeName authorizableNodeName, Map<String, Object> map) {
        synchronized (this) {
            if (this.authorizableNodeName == authorizableNodeName) {
                this.authorizableNodeName = AuthorizableNodeName.DEFAULT;
            }
            removeCandidate(map);
        }
        maybeUnregister();
    }

    public void bindAuthorizableActionProvider(AuthorizableActionProvider authorizableActionProvider, Map<String, Object> map) {
        synchronized (this) {
            this.authorizableActionProviders.add(authorizableActionProvider);
            addCandidate(map);
        }
        maybeRegister();
    }

    public void unbindAuthorizableActionProvider(AuthorizableActionProvider authorizableActionProvider, Map<String, Object> map) {
        synchronized (this) {
            this.authorizableActionProviders.remove(authorizableActionProvider);
            removeCandidate(map);
        }
        maybeUnregister();
    }

    public void bindRestrictionProvider(RestrictionProvider restrictionProvider, Map<String, Object> map) {
        synchronized (this) {
            this.restrictionProviders.add(restrictionProvider);
            addCandidate(map);
        }
        maybeRegister();
    }

    public void unbindRestrictionProvider(RestrictionProvider restrictionProvider, Map<String, Object> map) {
        synchronized (this) {
            this.restrictionProviders.remove(restrictionProvider);
            removeCandidate(map);
        }
        maybeUnregister();
    }

    private void maybeRegister() {
        log.info("Trying to register a SecurityProvider...");
        synchronized (this) {
            if (this.context == null) {
                log.info("Aborting: no BundleContext is available");
                return;
            }
            if (!this.preconditions.areSatisfied()) {
                log.info("Aborting: preconditions are not satisfied: {}", this.preconditions);
                return;
            }
            if (this.registration != null) {
                log.info("Aborting: a SecurityProvider is already registered");
                return;
            }
            if (this.registering) {
                log.info("Aborting: a SecurityProvider is already being registered");
                return;
            }
            this.registering = true;
            BundleContext bundleContext = this.context;
            Hashtable hashtable = new Hashtable();
            hashtable.put("type", "default");
            ServiceRegistration registerService = bundleContext.registerService(SecurityProvider.class.getName(), createSecurityProvider(bundleContext), hashtable);
            synchronized (this) {
                this.registration = registerService;
                this.registering = false;
            }
            log.info("SecurityProvider instance registered");
        }
    }

    private void maybeUnregister() {
        log.info("Trying to unregister the SecurityProvider...");
        synchronized (this) {
            if (this.registration == null) {
                log.info("Aborting: no SecurityProvider is registered");
                return;
            }
            if (this.preconditions.areSatisfied()) {
                log.info("Aborting: preconditions are satisfied");
                return;
            }
            ServiceRegistration serviceRegistration = this.registration;
            this.registration = null;
            serviceRegistration.unregister();
            log.info("SecurityProvider instance unregistered");
        }
    }

    private SecurityProvider createSecurityProvider(BundleContext bundleContext) {
        InternalSecurityProvider internalSecurityProvider = new InternalSecurityProvider();
        internalSecurityProvider.setAuthenticationConfiguration((AuthenticationConfiguration) initializeConfiguration((SecurityProvider) internalSecurityProvider, (InternalSecurityProvider) this.authenticationConfiguration));
        internalSecurityProvider.setAuthorizationConfiguration(initializeConfiguration((SecurityProvider) internalSecurityProvider, this.authorizationConfiguration));
        internalSecurityProvider.setUserConfiguration(initializeConfiguration((SecurityProvider) internalSecurityProvider, this.userConfiguration));
        internalSecurityProvider.setPrivilegeConfiguration((PrivilegeConfiguration) initializeConfiguration((SecurityProvider) internalSecurityProvider, (InternalSecurityProvider) this.privilegeConfiguration));
        internalSecurityProvider.setPrincipalConfiguration(createCompositePrincipalConfiguration(internalSecurityProvider));
        internalSecurityProvider.setTokenConfiguration(createCompositeTokenConfiguration(internalSecurityProvider));
        internalSecurityProvider.setWhiteboard(new OsgiWhiteboard(bundleContext));
        return internalSecurityProvider;
    }

    private PrincipalConfiguration createCompositePrincipalConfiguration(SecurityProvider securityProvider) {
        return new CompositePrincipalConfiguration(securityProvider) { // from class: org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.jackrabbit.oak.spi.security.CompositeConfiguration
            public List<PrincipalConfiguration> getConfigurations() {
                ArrayList newArrayList = Lists.newArrayList(SecurityProviderRegistration.this.principalConfigurations);
                Iterator it = newArrayList.iterator();
                while (it.hasNext()) {
                    SecurityProviderRegistration.this.initializeConfiguration(getSecurityProvider(), (SecurityProvider) it.next());
                }
                return newArrayList;
            }
        };
    }

    private TokenConfiguration createCompositeTokenConfiguration(SecurityProvider securityProvider) {
        return new CompositeTokenConfiguration(securityProvider) { // from class: org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration.2
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.jackrabbit.oak.spi.security.CompositeConfiguration
            public List<TokenConfiguration> getConfigurations() {
                ArrayList newArrayList = Lists.newArrayList(SecurityProviderRegistration.this.tokenConfigurations);
                Iterator it = newArrayList.iterator();
                while (it.hasNext()) {
                    SecurityProviderRegistration.this.initializeConfiguration(getSecurityProvider(), (SecurityProvider) it.next());
                }
                return newArrayList;
            }
        };
    }

    private AuthorizationConfiguration initializeConfiguration(SecurityProvider securityProvider, AuthorizationConfiguration authorizationConfiguration) {
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(AccessControlConstants.PARAM_RESTRICTION_PROVIDER, createCompositeRestrictionProvider());
        return (AuthorizationConfiguration) initializeConfiguration(securityProvider, authorizationConfiguration, ConfigurationParameters.of(newHashMap));
    }

    private UserConfiguration initializeConfiguration(SecurityProvider securityProvider, UserConfiguration userConfiguration) {
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, createCompositeAuthorizableActionProvider());
        newHashMap.put(UserConstants.PARAM_AUTHORIZABLE_NODE_NAME, this.authorizableNodeName);
        return (UserConfiguration) initializeConfiguration(securityProvider, userConfiguration, ConfigurationParameters.of(newHashMap));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <T extends SecurityConfiguration> T initializeConfiguration(SecurityProvider securityProvider, T t) {
        return (T) initializeConfiguration(securityProvider, t, ConfigurationParameters.EMPTY);
    }

    private <T extends SecurityConfiguration> T initializeConfiguration(SecurityProvider securityProvider, T t, ConfigurationParameters configurationParameters) {
        if (t instanceof ConfigurationBase) {
            ConfigurationBase configurationBase = (ConfigurationBase) t;
            configurationBase.setSecurityProvider(securityProvider);
            configurationBase.setParameters(ConfigurationParameters.of(configurationParameters, configurationBase.getParameters()));
        }
        return t;
    }

    private RestrictionProvider createCompositeRestrictionProvider() {
        return new WhiteboardRestrictionProvider() { // from class: org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration.3
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.jackrabbit.oak.spi.whiteboard.AbstractServiceTracker
            public List<RestrictionProvider> getServices() {
                return Lists.newArrayList(SecurityProviderRegistration.this.restrictionProviders);
            }
        };
    }

    private AuthorizableActionProvider createCompositeAuthorizableActionProvider() {
        return new WhiteboardAuthorizableActionProvider() { // from class: org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration.4
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.jackrabbit.oak.spi.whiteboard.AbstractServiceTracker
            public List<AuthorizableActionProvider> getServices() {
                return Lists.newArrayList(SecurityProviderRegistration.this.authorizableActionProviders);
            }
        };
    }

    private void addCandidate(Map<String, Object> map) {
        String servicePid = getServicePid(map);
        if (servicePid == null) {
            return;
        }
        this.preconditions.addCandidate(servicePid);
    }

    private void removeCandidate(Map<String, Object> map) {
        String servicePid = getServicePid(map);
        if (servicePid == null) {
            return;
        }
        this.preconditions.removeCandidate(servicePid);
    }

    private String getServicePid(Map<String, Object> map) {
        return PropertiesUtil.toString(map.get("service.pid"), null);
    }

    private String[] getRequiredServicePids(Map<String, Object> map) {
        return PropertiesUtil.toStringArray(map.get("requiredServicePids"), new String[0]);
    }
}
