package org.apache.jackrabbit.oak.security;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import java.util.HashSet;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.jackrabbit.oak.osgi.OsgiWhiteboard;
import org.apache.jackrabbit.oak.security.authentication.AuthenticationConfigurationImpl;
import org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl;
import org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl;
import org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeConfigurationImpl;
import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.CompositeTokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.principal.CompositePrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardAuthorizableActionProvider;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardAuthorizableNodeName;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardAware;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardRestrictionProvider;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardUserAuthenticationFactory;
import org.osgi.framework.BundleContext;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/SecurityProviderImpl.class */
public class SecurityProviderImpl implements SecurityProvider, WhiteboardAware {
    private volatile AuthorizationConfiguration authorizationConfiguration;
    private volatile AuthenticationConfiguration authenticationConfiguration;
    private volatile PrivilegeConfiguration privilegeConfiguration;
    private volatile UserConfiguration userConfiguration;
    private final CompositePrincipalConfiguration principalConfiguration;
    private final CompositeTokenConfiguration tokenConfiguration;
    private final WhiteboardAuthorizableNodeName authorizableNodeName;
    private final WhiteboardAuthorizableActionProvider authorizableActionProvider;
    private final WhiteboardRestrictionProvider restrictionProvider;
    private final WhiteboardUserAuthenticationFactory userAuthenticationFactory;
    private ConfigurationParameters configuration;
    private Whiteboard whiteboard;

    public SecurityProviderImpl() {
        this(ConfigurationParameters.EMPTY);
    }

    public SecurityProviderImpl(@Nonnull ConfigurationParameters configurationParameters) {
        this.principalConfiguration = new CompositePrincipalConfiguration(this);
        this.tokenConfiguration = new CompositeTokenConfiguration(this);
        this.authorizableNodeName = new WhiteboardAuthorizableNodeName();
        this.authorizableActionProvider = new WhiteboardAuthorizableActionProvider();
        this.restrictionProvider = new WhiteboardRestrictionProvider();
        this.userAuthenticationFactory = new WhiteboardUserAuthenticationFactory(UserConfigurationImpl.getDefaultAuthenticationFactory());
        Preconditions.checkNotNull(configurationParameters);
        this.configuration = configurationParameters;
        this.authenticationConfiguration = new AuthenticationConfigurationImpl(this);
        this.authorizationConfiguration = new AuthorizationConfigurationImpl(this);
        this.userConfiguration = new UserConfigurationImpl(this);
        this.privilegeConfiguration = new PrivilegeConfigurationImpl();
        this.principalConfiguration.setDefaultConfig(new PrincipalConfigurationImpl(this));
        this.tokenConfiguration.setDefaultConfig(new TokenConfigurationImpl(this));
    }

    @Override // org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardAware
    public void setWhiteboard(@Nonnull Whiteboard whiteboard) {
        this.whiteboard = whiteboard;
    }

    @Override // org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardAware
    public Whiteboard getWhiteboard() {
        return this.whiteboard;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.SecurityProvider
    @Nonnull
    public ConfigurationParameters getParameters(@Nullable String str) {
        if (str == null) {
            return this.configuration;
        }
        ConfigurationParameters configurationParameters = (ConfigurationParameters) this.configuration.getConfigValue(str, ConfigurationParameters.EMPTY);
        for (SecurityConfiguration securityConfiguration : getConfigurations()) {
            if (securityConfiguration != null && securityConfiguration.getName().equals(str)) {
                return ConfigurationParameters.of(configurationParameters, securityConfiguration.getParameters());
            }
        }
        return configurationParameters;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.SecurityProvider
    @Nonnull
    public Iterable<? extends SecurityConfiguration> getConfigurations() {
        HashSet hashSet = new HashSet();
        hashSet.add(this.authenticationConfiguration);
        hashSet.add(this.authorizationConfiguration);
        hashSet.add(this.userConfiguration);
        hashSet.add(this.principalConfiguration);
        hashSet.add(this.privilegeConfiguration);
        hashSet.add(this.tokenConfiguration);
        return hashSet;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.SecurityProvider
    @Nonnull
    public <T> T getConfiguration(@Nonnull Class<T> cls) {
        if (AuthenticationConfiguration.class == cls) {
            return (T) this.authenticationConfiguration;
        }
        if (AuthorizationConfiguration.class == cls) {
            return (T) this.authorizationConfiguration;
        }
        if (UserConfiguration.class == cls) {
            return (T) this.userConfiguration;
        }
        if (PrincipalConfiguration.class == cls) {
            return (T) this.principalConfiguration;
        }
        if (PrivilegeConfiguration.class == cls) {
            return (T) this.privilegeConfiguration;
        }
        if (TokenConfiguration.class == cls) {
            return (T) this.tokenConfiguration;
        }
        throw new IllegalArgumentException("Unsupported security configuration class " + cls);
    }

    protected void activate(BundleContext bundleContext) {
        this.whiteboard = new OsgiWhiteboard(bundleContext);
        this.authorizableActionProvider.start(this.whiteboard);
        this.authorizableNodeName.start(this.whiteboard);
        this.restrictionProvider.start(this.whiteboard);
        this.userAuthenticationFactory.start(this.whiteboard);
        initializeConfigurations();
    }

    protected void deactivate() {
        this.authorizableActionProvider.stop();
        this.authorizableNodeName.stop();
        this.restrictionProvider.stop();
        this.userAuthenticationFactory.stop();
    }

    protected void bindPrincipalConfiguration(@Nonnull PrincipalConfiguration principalConfiguration) {
        this.principalConfiguration.addConfiguration(initConfiguration(principalConfiguration));
    }

    protected void unbindPrincipalConfiguration(@Nonnull PrincipalConfiguration principalConfiguration) {
        this.principalConfiguration.removeConfiguration(principalConfiguration);
    }

    protected void bindTokenConfiguration(@Nonnull TokenConfiguration tokenConfiguration) {
        this.tokenConfiguration.addConfiguration(initConfiguration(tokenConfiguration));
    }

    protected void unbindTokenConfiguration(@Nonnull TokenConfiguration tokenConfiguration) {
        this.tokenConfiguration.removeConfiguration(tokenConfiguration);
    }

    protected void bindAuthorizationConfiguration(@Nonnull AuthorizationConfiguration authorizationConfiguration) {
        this.authorizationConfiguration = (AuthorizationConfiguration) initConfiguration(authorizationConfiguration);
    }

    protected void unbindAuthorizationConfiguration(@Nonnull AuthorizationConfiguration authorizationConfiguration) {
        this.authorizationConfiguration = new AuthorizationConfigurationImpl(this);
    }

    private void initializeConfigurations() {
        initConfiguration(this.authorizationConfiguration, ConfigurationParameters.of(AccessControlConstants.PARAM_RESTRICTION_PROVIDER, (Object) this.restrictionProvider));
        initConfiguration(this.userConfiguration, ConfigurationParameters.of(ImmutableMap.of(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, (WhiteboardUserAuthenticationFactory) this.authorizableActionProvider, UserConstants.PARAM_AUTHORIZABLE_NODE_NAME, (WhiteboardUserAuthenticationFactory) this.authorizableNodeName, UserConstants.PARAM_USER_AUTHENTICATION_FACTORY, this.userAuthenticationFactory)));
        initConfiguration(this.authenticationConfiguration);
        initConfiguration(this.privilegeConfiguration);
    }

    private <T extends SecurityConfiguration> T initConfiguration(@Nonnull T t) {
        if (t instanceof ConfigurationBase) {
            ConfigurationBase configurationBase = (ConfigurationBase) t;
            configurationBase.setSecurityProvider(this);
            configurationBase.setParameters(ConfigurationParameters.of(ConfigurationParameters.EMPTY, configurationBase.getParameters()));
        }
        return t;
    }

    private <T extends SecurityConfiguration> T initConfiguration(@Nonnull T t, @Nonnull ConfigurationParameters configurationParameters) {
        if (t instanceof ConfigurationBase) {
            ConfigurationBase configurationBase = (ConfigurationBase) t;
            configurationBase.setSecurityProvider(this);
            configurationBase.setParameters(ConfigurationParameters.of(configurationParameters, configurationBase.getParameters()));
        }
        return t;
    }

    protected void bindAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
        this.authenticationConfiguration = authenticationConfiguration;
    }

    protected void unbindAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
        this.authenticationConfiguration = null;
    }

    protected void bindPrivilegeConfiguration(PrivilegeConfiguration privilegeConfiguration) {
        this.privilegeConfiguration = privilegeConfiguration;
    }

    protected void unbindPrivilegeConfiguration(PrivilegeConfiguration privilegeConfiguration) {
        this.privilegeConfiguration = null;
    }

    protected void bindUserConfiguration(UserConfiguration userConfiguration) {
        this.userConfiguration = userConfiguration;
    }

    protected void unbindUserConfiguration(UserConfiguration userConfiguration) {
        this.userConfiguration = null;
    }
}
