package org.apache.jackrabbit.oak.security.authentication.token;

import com.google.common.base.Supplier;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.security.Principal;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.jcr.Credentials;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.felix.scr.annotations.References;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.credentials.CredentialsSupport;
import org.apache.jackrabbit.oak.spi.security.authentication.credentials.SimpleCredentialsSupport;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;

@Component(metatype = true, label = "Apache Jackrabbit Oak TokenConfiguration")
@Service({TokenConfiguration.class, SecurityConfiguration.class})
@References({@Reference(name = "credentialsSupport", referenceInterface = CredentialsSupport.class, cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, policy = ReferencePolicy.DYNAMIC)})
@Properties({@Property(name = TokenProvider.PARAM_TOKEN_EXPIRATION, label = "Token Expiration", description = "Expiration time of login tokens in ms."), @Property(name = TokenProvider.PARAM_TOKEN_LENGTH, label = "Token Length", description = "Length of the generated token."), @Property(name = TokenProvider.PARAM_TOKEN_REFRESH, label = "Token Refresh", description = "Enable/disable refresh of login tokens (i.e. resetting the expiration time).", boolValue = {true}), @Property(name = "passwordHashAlgorithm", label = "Hash Algorithm", description = "Name of the algorithm to hash the token.", value = {"SHA-256"}), @Property(name = "passwordHashIterations", label = "Hash Iterations", description = "Number of iterations used to hash the token.", intValue = {1000}), @Property(name = UserConstants.PARAM_PASSWORD_SALT_SIZE, label = "Hash Salt Size", description = "Size of the salt used to generate the hash.", intValue = {8})})
/* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.class */
public class TokenConfigurationImpl extends ConfigurationBase implements TokenConfiguration {
    private final Map<String, CredentialsSupport> credentialsSupport;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl$CompositeCredentialsSupport.class */
    public static class CompositeCredentialsSupport implements CredentialsSupport {

        @Nonnull
        private final Supplier<Collection<CredentialsSupport>> credentialSupplier;

        private CompositeCredentialsSupport(@Nonnull Supplier<Collection<CredentialsSupport>> supplier) {
            this.credentialSupplier = supplier;
        }

        public static CredentialsSupport newInstance(@Nonnull Supplier<Collection<CredentialsSupport>> supplier) {
            return new CompositeCredentialsSupport(supplier);
        }

        @Override // org.apache.jackrabbit.oak.spi.security.authentication.credentials.CredentialsSupport
        @Nonnull
        public Set<Class> getCredentialClasses() {
            Collection<CredentialsSupport> collection = this.credentialSupplier.get();
            if (collection.isEmpty()) {
                return ImmutableSet.of();
            }
            if (collection.size() == 1) {
                return collection.iterator().next().getCredentialClasses();
            }
            HashSet newHashSet = Sets.newHashSet();
            Iterator<CredentialsSupport> it = collection.iterator();
            while (it.hasNext()) {
                newHashSet.addAll(it.next().getCredentialClasses());
            }
            return newHashSet;
        }

        @Override // org.apache.jackrabbit.oak.spi.security.authentication.credentials.CredentialsSupport
        @CheckForNull
        public String getUserId(@Nonnull Credentials credentials) {
            Iterator<CredentialsSupport> it = this.credentialSupplier.get().iterator();
            while (it.hasNext()) {
                String userId = it.next().getUserId(credentials);
                if (userId != null) {
                    return userId;
                }
            }
            return null;
        }

        @Override // org.apache.jackrabbit.oak.spi.security.authentication.credentials.CredentialsSupport
        @Nonnull
        public Map<String, ?> getAttributes(@Nonnull Credentials credentials) {
            Collection<CredentialsSupport> collection = this.credentialSupplier.get();
            if (collection.isEmpty()) {
                return ImmutableMap.of();
            }
            if (collection.size() == 1) {
                return collection.iterator().next().getAttributes(credentials);
            }
            HashMap newHashMap = Maps.newHashMap();
            Iterator<CredentialsSupport> it = collection.iterator();
            while (it.hasNext()) {
                newHashMap.putAll(it.next().getAttributes(credentials));
            }
            return newHashMap;
        }

        @Override // org.apache.jackrabbit.oak.spi.security.authentication.credentials.CredentialsSupport
        public boolean setAttributes(@Nonnull Credentials credentials, @Nonnull Map<String, ?> map) {
            boolean z = false;
            Iterator<CredentialsSupport> it = this.credentialSupplier.get().iterator();
            while (it.hasNext()) {
                z = it.next().setAttributes(credentials, map) || z;
            }
            return z;
        }
    }

    public TokenConfigurationImpl() {
        this.credentialsSupport = new ConcurrentHashMap(ImmutableMap.of(SimpleCredentialsSupport.class.getName(), SimpleCredentialsSupport.getInstance()));
    }

    public TokenConfigurationImpl(SecurityProvider securityProvider) {
        super(securityProvider, securityProvider.getParameters(TokenConfiguration.NAME));
        this.credentialsSupport = new ConcurrentHashMap(ImmutableMap.of(SimpleCredentialsSupport.class.getName(), SimpleCredentialsSupport.getInstance()));
    }

    @Activate
    private void activate(Map<String, Object> map) {
        setParameters(ConfigurationParameters.of(map));
    }

    public void bindCredentialsSupport(CredentialsSupport credentialsSupport) {
        this.credentialsSupport.put(credentialsSupport.getClass().getName(), credentialsSupport);
    }

    public void unbindCredentialsSupport(CredentialsSupport credentialsSupport) {
        this.credentialsSupport.remove(credentialsSupport.getClass().getName());
    }

    @Override // org.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default, org.apache.jackrabbit.oak.spi.security.SecurityConfiguration
    @Nonnull
    public String getName() {
        return TokenConfiguration.NAME;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default, org.apache.jackrabbit.oak.spi.security.SecurityConfiguration
    @Nonnull
    public List<? extends ValidatorProvider> getValidators(@Nonnull String str, @Nonnull Set<Principal> set, @Nonnull MoveTracker moveTracker) {
        return ImmutableList.of(new TokenValidatorProvider(getSecurityProvider().getParameters(UserConfiguration.NAME)));
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration
    @Nonnull
    public TokenProvider getTokenProvider(Root root) {
        return new TokenProviderImpl(root, getParameters(), (UserConfiguration) getSecurityProvider().getConfiguration(UserConfiguration.class), newCredentialsSupport());
    }

    private CredentialsSupport newCredentialsSupport() {
        return !this.credentialsSupport.isEmpty() ? CompositeCredentialsSupport.newInstance(new Supplier<Collection<CredentialsSupport>>() { // from class: org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.google.common.base.Supplier
            public Collection<CredentialsSupport> get() {
                return ImmutableSet.copyOf(TokenConfigurationImpl.this.credentialsSupport.values());
            }
        }) : SimpleCredentialsSupport.getInstance();
    }
}
