package org.apache.meecrowave.jolokia;

import io.hawt.HawtioContextListener;
import io.hawt.web.AuthenticationFilter;
import io.hawt.web.CORSFilter;
import io.hawt.web.CacheHeadersFilter;
import io.hawt.web.ContextFormatterServlet;
import io.hawt.web.ExportContextServlet;
import io.hawt.web.GitServlet;
import io.hawt.web.JavaDocServlet;
import io.hawt.web.JolokiaConfiguredAgentServlet;
import io.hawt.web.LoginServlet;
import io.hawt.web.LogoutServlet;
import io.hawt.web.PluginServlet;
import io.hawt.web.ProxyServlet;
import io.hawt.web.RedirectFilter;
import io.hawt.web.SessionExpiryFilter;
import io.hawt.web.UploadServlet;
import io.hawt.web.UserServlet;
import io.hawt.web.XFrameOptionsFilter;
import io.hawt.web.keycloak.KeycloakServlet;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.security.Principal;
import java.security.Security;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import javax.enterprise.context.spi.Contextual;
import javax.enterprise.inject.spi.BeanManager;
import javax.enterprise.inject.spi.CDI;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.servlet.DispatcherType;
import javax.servlet.ServletContainerInitializer;
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import javax.servlet.ServletException;
import javax.servlet.ServletRegistration;
import javax.servlet.http.HttpServletRequest;
import org.apache.catalina.WebResourceRoot;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.webresources.JarResourceSet;
import org.apache.commons.fileupload.servlet.FileCleanerCleanup;
import org.apache.meecrowave.Meecrowave;
import org.apache.meecrowave.jolokia.JolokiaInitializer;
import org.apache.meecrowave.runner.Cli;
import org.apache.meecrowave.runner.cli.CliOption;

/* loaded from: input_file:org/apache/meecrowave/jolokia/HawtioInitializer.class */
public class HawtioInitializer implements ServletContainerInitializer {

    /* loaded from: input_file:org/apache/meecrowave/jolokia/HawtioInitializer$Delegate.class */
    private static class Delegate {
        private Delegate() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void doSetup(ServletContext servletContext) {
            Meecrowave.Builder builder = (Meecrowave.Builder) Meecrowave.Builder.class.cast(servletContext.getAttribute("meecrowave.configuration"));
            HawtioConfiguration hawtioConfiguration = (HawtioConfiguration) builder.getExtension(HawtioConfiguration.class);
            JolokiaInitializer.JolokiaConfiguration jolokiaConfiguration = (JolokiaInitializer.JolokiaConfiguration) builder.getExtension(JolokiaInitializer.JolokiaConfiguration.class);
            if (hawtioConfiguration.isActive()) {
                doSetupJaas(hawtioConfiguration, servletContext);
                String str = (String) Optional.ofNullable(hawtioConfiguration.getMapping()).orElse("/hawtio/");
                servletContext.addServlet("hawtio-user", UserServlet.class).addMapping(new String[]{str + "user/*"});
                servletContext.addServlet("hawtio-proxy", ProxyServlet.class).addMapping(new String[]{str + "proxy/*"});
                servletContext.addServlet("hawtio-file-upload", UploadServlet.class).addMapping(new String[]{str + "file-upload/*"});
                servletContext.addServlet("hawtio-login", LoginServlet.class).addMapping(new String[]{str + "auth/login/*"});
                servletContext.addServlet("hawtio-logout", LogoutServlet.class).addMapping(new String[]{str + "auth/logout/*"});
                servletContext.addServlet("hawtio-keycloak", KeycloakServlet.class).addMapping(new String[]{str + "keycloak/*"});
                servletContext.addServlet("hawtio-exportContext", ExportContextServlet.class).addMapping(new String[]{str + "exportContext/*"});
                servletContext.addServlet("hawtio-javadoc", JavaDocServlet.class).addMapping(new String[]{str + "javadoc/*"});
                servletContext.addServlet("hawtio-plugin", PluginServlet.class).addMapping(new String[]{str + "plugin/*"});
                servletContext.addServlet("hawtio-contextFormatter", ContextFormatterServlet.class).addMapping(new String[]{str + "contextFormatter/*"});
                servletContext.addServlet("hawtio-git", GitServlet.class).addMapping(new String[]{str + "git/*"});
                ServletRegistration.Dynamic addServlet = servletContext.addServlet("hawtio-jolokia", JolokiaConfiguredAgentServlet.class);
                addServlet.setInitParameter("mbeanQualifier", "qualifier=hawtio");
                addServlet.setInitParameter("includeStackTrace", "false");
                addServlet.setInitParameter("restrictorClass", "io.hawt.web.RBACRestrictor");
                addServlet.addMapping(new String[]{str + "jolokia/*"});
                WebResourceRoot webResourceRoot = (WebResourceRoot) WebResourceRoot.class.cast(servletContext.getAttribute("org.apache.catalina.resources"));
                String externalForm = servletContext.getClassLoader().getResource("static/hawtio").toExternalForm();
                int lastIndexOf = externalForm.lastIndexOf("!/");
                String str2 = externalForm;
                if (str2.startsWith("jar:")) {
                    str2 = externalForm.substring("jar:".length(), lastIndexOf);
                }
                if (str2.startsWith("file:")) {
                    str2 = str2.substring("file:".length());
                }
                webResourceRoot.addPostResources(new JarResourceSet(webResourceRoot, str, str2, "/static/hawtio/"));
                servletContext.addListener(HawtioContextListener.class);
                servletContext.addListener(FileCleanerCleanup.class);
                servletContext.addFilter("hawtio-redirect", RedirectFilter.class).addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), false, new String[]{str + "*"});
                servletContext.addFilter("hawtio-cacheheaders", CacheHeadersFilter.class).addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), false, new String[]{str + "*"});
                servletContext.addFilter("hawtio-cors", CORSFilter.class).addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), false, new String[]{str + "*"});
                servletContext.addFilter("hawtio-xframe", XFrameOptionsFilter.class).addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), false, new String[]{str + "*"});
                servletContext.addFilter("hawtio-sessionexpiry", SessionExpiryFilter.class).addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), false, new String[]{str + "*"});
                servletContext.addFilter("hawtio-authentication", AuthenticationFilter.class).addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), false, new String[]{str + "auth/*", str + "upload/*", str + "javadoc/*", str + "jolokia/*", (String) Optional.ofNullable(jolokiaConfiguration.getMapping()).orElse("/jolokia/*")});
                servletContext.log("Installed Hawt.io on " + str);
            }
        }

        private static void doSetupJaas(HawtioConfiguration hawtioConfiguration, ServletContext servletContext) {
            if (hawtioConfiguration.isJaas()) {
                final String property = Security.getProperty("login.configuration.provider");
                Security.setProperty("login.configuration.provider", EmbeddedConfiguration.class.getName());
                servletContext.addListener(new ServletContextListener() { // from class: org.apache.meecrowave.jolokia.HawtioInitializer.Delegate.1
                    public void contextDestroyed(ServletContextEvent servletContextEvent) {
                        Security.setProperty("login.configuration.provider", property == null ? "sun.security.provider.ConfigFile" : property);
                    }
                });
            }
        }
    }

    /* loaded from: input_file:org/apache/meecrowave/jolokia/HawtioInitializer$EmbeddedConfiguration.class */
    public static class EmbeddedConfiguration extends Configuration {
        private final AppConfigurationEntry[] entries = {new AppConfigurationEntry(EmbeddedLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap())};

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            if ("karaf".equals(str)) {
                return this.entries;
            }
            return null;
        }
    }

    /* loaded from: input_file:org/apache/meecrowave/jolokia/HawtioInitializer$EmbeddedLoginModule.class */
    public static class EmbeddedLoginModule implements LoginModule {
        private Subject subject;
        private CallbackHandler callbackHandler;
        private Principal principal;

        public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
            this.subject = subject;
            this.callbackHandler = callbackHandler;
        }

        public boolean login() throws LoginException {
            Callback[] callbackArr = {new NameCallback("Username: "), new PasswordCallback("Password: ", false)};
            try {
                this.callbackHandler.handle(callbackArr);
                BeanManager beanManager = CDI.current().getBeanManager();
                HttpServletRequest httpServletRequest = (HttpServletRequest) HttpServletRequest.class.cast(beanManager.getReference(beanManager.resolve(beanManager.getBeans(HttpServletRequest.class, new Annotation[0])), HttpServletRequest.class, beanManager.createCreationalContext((Contextual) null)));
                try {
                    httpServletRequest.login(((NameCallback) NameCallback.class.cast(callbackArr[0])).getName(), new String(((PasswordCallback) PasswordCallback.class.cast(callbackArr[1])).getPassword()));
                    this.principal = httpServletRequest.getUserPrincipal();
                    return this.principal != null;
                } catch (ServletException e) {
                    throw new LoginException(e.getMessage());
                }
            } catch (IOException | UnsupportedCallbackException e2) {
                throw new LoginException(e2.toString());
            }
        }

        public boolean commit() throws LoginException {
            if (this.subject.getPrincipals().contains(this.principal)) {
                return true;
            }
            this.subject.getPrincipals().add(this.principal);
            if (!GenericPrincipal.class.isInstance(this.principal)) {
                return true;
            }
            for (String str : ((GenericPrincipal) GenericPrincipal.class.cast(this.principal)).getRoles()) {
                this.subject.getPrincipals().add(new GenericPrincipal(str, (String) null, (List) null));
            }
            return true;
        }

        public boolean abort() throws LoginException {
            this.principal = null;
            return true;
        }

        public boolean logout() throws LoginException {
            this.subject.getPrincipals().remove(this.principal);
            return true;
        }
    }

    /* loaded from: input_file:org/apache/meecrowave/jolokia/HawtioInitializer$HawtioConfiguration.class */
    public static class HawtioConfiguration implements Cli.Options {

        @CliOption(name = "hawtio-mapping", description = "Hawt.io base endpoint")
        private String mapping;

        @CliOption(name = "hawtio-active", description = "Should Hawt.io be deployed if present")
        private boolean active = true;

        @CliOption(name = "hawtio-meecrowave-jaas", description = "Should meecrowave setup jaas")
        private boolean jaas = true;

        public boolean isJaas() {
            return this.jaas;
        }

        public void setJaas(boolean z) {
            this.jaas = z;
        }

        public boolean isActive() {
            return this.active;
        }

        public void setActive(boolean z) {
            this.active = z;
        }

        public String getMapping() {
            return this.mapping;
        }

        public void setMapping(String str) {
            this.mapping = str;
        }
    }

    public void onStartup(Set<Class<?>> set, ServletContext servletContext) throws ServletException {
        try {
            servletContext.getClassLoader().loadClass("io.hawt.web.UserServlet");
            Delegate.doSetup(servletContext);
        } catch (ClassNotFoundException e) {
            servletContext.log("Hawt.io not available, skipping");
        }
    }
}
