package org.apache.jackrabbit.oak.security.internal;

import com.google.common.collect.Lists;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Modified;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.PropertyUnbounded;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.felix.scr.annotations.References;
import org.apache.jackrabbit.oak.commons.PropertiesUtil;
import org.apache.jackrabbit.oak.osgi.OsgiWhiteboard;
import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl;
import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.CompositeTokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.CompositePrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableNodeName;
import org.apache.jackrabbit.oak.spi.security.user.UserAuthenticationFactory;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardAuthorizableActionProvider;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardAuthorizableNodeName;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardRestrictionProvider;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardUserAuthenticationFactory;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceRegistration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@References({@Reference(name = "authorizationConfiguration", referenceInterface = AuthorizationConfiguration.class, cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, policy = ReferencePolicy.DYNAMIC), @Reference(name = "principalConfiguration", referenceInterface = PrincipalConfiguration.class, cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, policy = ReferencePolicy.DYNAMIC), @Reference(name = "tokenConfiguration", referenceInterface = TokenConfiguration.class, cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, policy = ReferencePolicy.DYNAMIC), @Reference(name = UserConstants.PARAM_AUTHORIZABLE_NODE_NAME, referenceInterface = AuthorizableNodeName.class, cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, policy = ReferencePolicy.DYNAMIC), @Reference(name = UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, referenceInterface = AuthorizableActionProvider.class, cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, policy = ReferencePolicy.DYNAMIC), @Reference(name = AccessControlConstants.PARAM_RESTRICTION_PROVIDER, referenceInterface = RestrictionProvider.class, cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, policy = ReferencePolicy.DYNAMIC), @Reference(name = UserConstants.PARAM_USER_AUTHENTICATION_FACTORY, referenceInterface = UserAuthenticationFactory.class, cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, policy = ReferencePolicy.DYNAMIC)})
@Component(immediate = true, metatype = true, label = "Apache Jackrabbit Oak SecurityProvider", description = "The default SecurityProvider embedded in Apache Jackrabbit Oak")
@Properties({@Property(name = "requiredServicePids", label = "Required Service PIDs", description = "The SecurityProvider will not register itself unless the services identified by these PIDs are registered first. Only the PIDs of implementations of the following interfaces are checked: AuthorizationConfiguration, PrincipalConfiguration, TokenConfiguration, AuthorizableActionProvider, RestrictionProvider and UserAuthenticationFactory.", value = {"org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl", "org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl", "org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl", "org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider", "org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl", "org.apache.jackrabbit.oak.security.user.UserAuthenticationFactoryImpl"}, unbounded = PropertyUnbounded.ARRAY)})
/* loaded from: input_file:WEB-INF/resources/install/15/oak-core-1.6.8.jar:org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.class */
public class SecurityProviderRegistration {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SecurityProviderRegistration.class);

    @Reference
    private AuthenticationConfiguration authenticationConfiguration;

    @Reference
    private PrivilegeConfiguration privilegeConfiguration;

    @Reference
    private UserConfiguration userConfiguration;
    private BundleContext context;
    private ServiceRegistration registration;
    private boolean registering;
    private final Preconditions preconditions = new Preconditions();
    private final CompositeAuthorizationConfiguration authorizationConfiguration = new CompositeAuthorizationConfiguration();
    private final CompositePrincipalConfiguration principalConfiguration = new CompositePrincipalConfiguration();
    private final CompositeTokenConfiguration tokenConfiguration = new CompositeTokenConfiguration();
    private final List<AuthorizableNodeName> authorizableNodeNames = Lists.newCopyOnWriteArrayList();
    private final List<AuthorizableActionProvider> authorizableActionProviders = Lists.newCopyOnWriteArrayList();
    private final List<RestrictionProvider> restrictionProviders = Lists.newCopyOnWriteArrayList();
    private final List<UserAuthenticationFactory> userAuthenticationFactories = Lists.newCopyOnWriteArrayList();

    @Activate
    public void activate(BundleContext bundleContext, Map<String, Object> map) {
        String[] requiredServicePids = getRequiredServicePids(map);
        synchronized (this) {
            for (String str : requiredServicePids) {
                this.preconditions.addPrecondition(str);
            }
            this.context = bundleContext;
        }
        maybeRegister();
    }

    @Modified
    public void modified(Map<String, Object> map) {
        String[] requiredServicePids = getRequiredServicePids(map);
        synchronized (this) {
            this.preconditions.clearPreconditions();
            for (String str : requiredServicePids) {
                this.preconditions.addPrecondition(str);
            }
        }
        maybeUnregister();
        maybeRegister();
    }

    @Deactivate
    public void deactivate() {
        ServiceRegistration serviceRegistration;
        synchronized (this) {
            serviceRegistration = this.registration;
            this.registration = null;
            this.registering = false;
            this.context = null;
            this.preconditions.clearPreconditions();
        }
        if (serviceRegistration != null) {
            serviceRegistration.unregister();
        }
    }

    public void bindAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
        this.authenticationConfiguration = authenticationConfiguration;
    }

    public void unbindAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
        this.authenticationConfiguration = null;
    }

    public void bindPrivilegeConfiguration(PrivilegeConfiguration privilegeConfiguration) {
        this.privilegeConfiguration = privilegeConfiguration;
    }

    public void unbindPrivilegeConfiguration(PrivilegeConfiguration privilegeConfiguration) {
        this.privilegeConfiguration = null;
    }

    public void bindUserConfiguration(UserConfiguration userConfiguration) {
        this.userConfiguration = userConfiguration;
    }

    public void unbindUserConfiguration(UserConfiguration userConfiguration) {
        this.userConfiguration = null;
    }

    public void bindAuthorizationConfiguration(AuthorizationConfiguration authorizationConfiguration, Map<String, Object> map) {
        bindConfiguration(this.authorizationConfiguration, authorizationConfiguration, map);
    }

    public void unbindAuthorizationConfiguration(AuthorizationConfiguration authorizationConfiguration, Map<String, Object> map) {
        unbindConfiguration(this.authorizationConfiguration, authorizationConfiguration, map);
    }

    public void bindPrincipalConfiguration(PrincipalConfiguration principalConfiguration, Map<String, Object> map) {
        bindConfiguration(this.principalConfiguration, principalConfiguration, map);
    }

    public void unbindPrincipalConfiguration(PrincipalConfiguration principalConfiguration, Map<String, Object> map) {
        unbindConfiguration(this.principalConfiguration, principalConfiguration, map);
    }

    public void bindTokenConfiguration(TokenConfiguration tokenConfiguration, Map<String, Object> map) {
        bindConfiguration(this.tokenConfiguration, tokenConfiguration, map);
    }

    public void unbindTokenConfiguration(TokenConfiguration tokenConfiguration, Map<String, Object> map) {
        unbindConfiguration(this.tokenConfiguration, tokenConfiguration, map);
    }

    private void bindConfiguration(@Nonnull CompositeConfiguration compositeConfiguration, @Nonnull SecurityConfiguration securityConfiguration, Map<String, Object> map) {
        synchronized (this) {
            compositeConfiguration.addConfiguration(securityConfiguration, ConfigurationParameters.of(map));
            addCandidate(map);
        }
        maybeRegister();
    }

    private void unbindConfiguration(@Nonnull CompositeConfiguration compositeConfiguration, @Nonnull SecurityConfiguration securityConfiguration, Map<String, Object> map) {
        synchronized (this) {
            compositeConfiguration.removeConfiguration(securityConfiguration);
            removeCandidate(map);
        }
        maybeUnregister();
    }

    public void bindAuthorizableNodeName(AuthorizableNodeName authorizableNodeName, Map<String, Object> map) {
        synchronized (this) {
            this.authorizableNodeNames.add(authorizableNodeName);
            addCandidate(map);
        }
        maybeRegister();
    }

    public void unbindAuthorizableNodeName(AuthorizableNodeName authorizableNodeName, Map<String, Object> map) {
        synchronized (this) {
            this.authorizableNodeNames.remove(authorizableNodeName);
            removeCandidate(map);
        }
        maybeUnregister();
    }

    public void bindAuthorizableActionProvider(AuthorizableActionProvider authorizableActionProvider, Map<String, Object> map) {
        synchronized (this) {
            this.authorizableActionProviders.add(authorizableActionProvider);
            addCandidate(map);
        }
        maybeRegister();
    }

    public void unbindAuthorizableActionProvider(AuthorizableActionProvider authorizableActionProvider, Map<String, Object> map) {
        synchronized (this) {
            this.authorizableActionProviders.remove(authorizableActionProvider);
            removeCandidate(map);
        }
        maybeUnregister();
    }

    public void bindRestrictionProvider(RestrictionProvider restrictionProvider, Map<String, Object> map) {
        synchronized (this) {
            this.restrictionProviders.add(restrictionProvider);
            addCandidate(map);
        }
        maybeRegister();
    }

    public void unbindRestrictionProvider(RestrictionProvider restrictionProvider, Map<String, Object> map) {
        synchronized (this) {
            this.restrictionProviders.remove(restrictionProvider);
            removeCandidate(map);
        }
        maybeUnregister();
    }

    public void bindUserAuthenticationFactory(UserAuthenticationFactory userAuthenticationFactory, Map<String, Object> map) {
        synchronized (this) {
            this.userAuthenticationFactories.add(userAuthenticationFactory);
            addCandidate(map);
        }
        maybeRegister();
    }

    public void unbindUserAuthenticationFactory(UserAuthenticationFactory userAuthenticationFactory, Map<String, Object> map) {
        synchronized (this) {
            this.userAuthenticationFactories.remove(userAuthenticationFactory);
            removeCandidate(map);
        }
        maybeUnregister();
    }

    private void maybeRegister() {
        log.info("Trying to register a SecurityProvider...");
        synchronized (this) {
            if (this.context == null) {
                log.info("Aborting: no BundleContext is available");
                return;
            }
            if (!this.preconditions.areSatisfied()) {
                log.info("Aborting: preconditions are not satisfied: {}", this.preconditions);
                return;
            }
            if (this.registration != null) {
                log.info("Aborting: a SecurityProvider is already registered");
                return;
            }
            if (this.registering) {
                log.info("Aborting: a SecurityProvider is already being registered");
                return;
            }
            this.registering = true;
            BundleContext bundleContext = this.context;
            Hashtable hashtable = new Hashtable();
            hashtable.put("type", "default");
            ServiceRegistration<?> registerService = bundleContext.registerService(SecurityProvider.class.getName(), createSecurityProvider(bundleContext), hashtable);
            synchronized (this) {
                this.registration = registerService;
                this.registering = false;
            }
            log.info("SecurityProvider instance registered");
        }
    }

    private void maybeUnregister() {
        log.info("Trying to unregister the SecurityProvider...");
        synchronized (this) {
            if (this.registration == null) {
                log.info("Aborting: no SecurityProvider is registered");
                return;
            }
            if (this.preconditions.areSatisfied()) {
                log.info("Aborting: preconditions are satisfied");
                return;
            }
            ServiceRegistration serviceRegistration = this.registration;
            this.registration = null;
            serviceRegistration.unregister();
            log.info("SecurityProvider instance unregistered");
        }
    }

    private SecurityProvider createSecurityProvider(@Nonnull BundleContext bundleContext) {
        InternalSecurityProvider internalSecurityProvider = new InternalSecurityProvider();
        internalSecurityProvider.setAuthenticationConfiguration((AuthenticationConfiguration) ConfigurationInitializer.initializeConfiguration(internalSecurityProvider, this.authenticationConfiguration));
        internalSecurityProvider.setPrivilegeConfiguration((PrivilegeConfiguration) ConfigurationInitializer.initializeConfiguration(internalSecurityProvider, this.privilegeConfiguration));
        internalSecurityProvider.setUserConfiguration((UserConfiguration) ConfigurationInitializer.initializeConfiguration(internalSecurityProvider, this.userConfiguration, ConfigurationParameters.of(ConfigurationParameters.of(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, (Object) createWhiteboardAuthorizableActionProvider()), ConfigurationParameters.of(UserConstants.PARAM_AUTHORIZABLE_NODE_NAME, (Object) createWhiteboardAuthorizableNodeName()), ConfigurationParameters.of(UserConstants.PARAM_USER_AUTHENTICATION_FACTORY, (Object) createWhiteboardUserAuthenticationFactory()))));
        ConfigurationInitializer.initializeConfigurations(internalSecurityProvider, this.authorizationConfiguration, ConfigurationParameters.of(AccessControlConstants.PARAM_RESTRICTION_PROVIDER, (Object) createWhiteboardRestrictionProvider()));
        internalSecurityProvider.setAuthorizationConfiguration(this.authorizationConfiguration);
        ConfigurationInitializer.initializeConfigurations(internalSecurityProvider, this.principalConfiguration, ConfigurationParameters.EMPTY);
        internalSecurityProvider.setPrincipalConfiguration(this.principalConfiguration);
        ConfigurationInitializer.initializeConfigurations(internalSecurityProvider, this.tokenConfiguration, ConfigurationParameters.EMPTY);
        internalSecurityProvider.setTokenConfiguration(this.tokenConfiguration);
        internalSecurityProvider.setWhiteboard(new OsgiWhiteboard(bundleContext));
        return internalSecurityProvider;
    }

    private RestrictionProvider createWhiteboardRestrictionProvider() {
        return new WhiteboardRestrictionProvider() { // from class: org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.jackrabbit.oak.spi.whiteboard.AbstractServiceTracker
            public List<RestrictionProvider> getServices() {
                return Lists.newArrayList(SecurityProviderRegistration.this.restrictionProviders);
            }
        };
    }

    private AuthorizableActionProvider createWhiteboardAuthorizableActionProvider() {
        return new WhiteboardAuthorizableActionProvider() { // from class: org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration.2
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.jackrabbit.oak.spi.whiteboard.AbstractServiceTracker
            public List<AuthorizableActionProvider> getServices() {
                return Lists.newArrayList(SecurityProviderRegistration.this.authorizableActionProviders);
            }
        };
    }

    private AuthorizableNodeName createWhiteboardAuthorizableNodeName() {
        return new WhiteboardAuthorizableNodeName() { // from class: org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration.3
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.jackrabbit.oak.spi.whiteboard.AbstractServiceTracker
            public List<AuthorizableNodeName> getServices() {
                return Lists.newArrayList(SecurityProviderRegistration.this.authorizableNodeNames);
            }
        };
    }

    private UserAuthenticationFactory createWhiteboardUserAuthenticationFactory() {
        return new WhiteboardUserAuthenticationFactory(UserConfigurationImpl.getDefaultAuthenticationFactory()) { // from class: org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration.4
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.jackrabbit.oak.spi.whiteboard.AbstractServiceTracker
            public List<UserAuthenticationFactory> getServices() {
                return Lists.newArrayList(SecurityProviderRegistration.this.userAuthenticationFactories);
            }
        };
    }

    private void addCandidate(Map<String, Object> map) {
        String servicePid = getServicePid(map);
        if (servicePid == null) {
            return;
        }
        this.preconditions.addCandidate(servicePid);
    }

    private void removeCandidate(Map<String, Object> map) {
        String servicePid = getServicePid(map);
        if (servicePid == null) {
            return;
        }
        this.preconditions.removeCandidate(servicePid);
    }

    private String getServicePid(Map<String, Object> map) {
        return PropertiesUtil.toString(map.get("service.pid"), null);
    }

    private String[] getRequiredServicePids(Map<String, Object> map) {
        return PropertiesUtil.toStringArray(map.get("requiredServicePids"), new String[0]);
    }
}
