package org.apache.jackrabbit.oak.security.authentication.token;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.security.Principal;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.credentials.CompositeCredentialsSupport;
import org.apache.jackrabbit.oak.spi.security.authentication.credentials.CredentialsSupport;
import org.apache.jackrabbit.oak.spi.security.authentication.credentials.SimpleCredentialsSupport;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;

@Designate(ocd = Configuration.class)
@Component(service = {TokenConfiguration.class, SecurityConfiguration.class}, property = {"oak.security.name=org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl"})
/* loaded from: input_file:WEB-INF/resources/install/15/oak-core-1.8.8.jar:org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.class */
public class TokenConfigurationImpl extends ConfigurationBase implements TokenConfiguration {
    private final Map<String, CredentialsSupport> credentialsSupport;

    @ObjectClassDefinition(name = "Apache Jackrabbit Oak TokenConfiguration")
    /* loaded from: input_file:WEB-INF/resources/install/15/oak-core-1.8.8.jar:org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl$Configuration.class */
    @interface Configuration {
        @AttributeDefinition(name = "Token Expiration", description = "Expiration time of login tokens in ms.")
        String tokenExpiration();

        @AttributeDefinition(name = "Token Length", description = "Length of the generated token.")
        String tokenLength();

        @AttributeDefinition(name = "Token Refresh", description = "Enable/disable refresh of login tokens (i.e. resetting the expiration time).")
        boolean tokenRefresh() default true;

        @AttributeDefinition(name = "Token Cleanup Threshold", description = "Setting this option to a value > 0 will trigger a cleanup upon token creation: if the number of existing token matches/exceeds the configured value an attempt is made to removed expired tokens.")
        long tokenCleanupThreshold() default 0;

        @AttributeDefinition(name = "Hash Algorithm", description = "Name of the algorithm to hash the token.")
        String passwordHashAlgorithm() default "SHA-256";

        @AttributeDefinition(name = "Hash Iterations", description = "Number of iterations used to hash the token.")
        int passwordHashIterations() default 1000;

        @AttributeDefinition(name = "Hash Salt Size", description = "Size of the salt used to generate the hash.")
        int passwordSaltSize() default 8;
    }

    public TokenConfigurationImpl() {
        this.credentialsSupport = new ConcurrentHashMap(ImmutableMap.of(SimpleCredentialsSupport.class.getName(), SimpleCredentialsSupport.getInstance()));
    }

    public TokenConfigurationImpl(@Nonnull SecurityProvider securityProvider) {
        super(securityProvider, securityProvider.getParameters(TokenConfiguration.NAME));
        this.credentialsSupport = new ConcurrentHashMap(ImmutableMap.of(SimpleCredentialsSupport.class.getName(), SimpleCredentialsSupport.getInstance()));
    }

    @Activate
    private void activate(Configuration configuration, Map<String, Object> map) {
        setParameters(ConfigurationParameters.of(map));
    }

    @Reference(name = "credentialsSupport", cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC)
    public void bindCredentialsSupport(CredentialsSupport credentialsSupport) {
        this.credentialsSupport.put(credentialsSupport.getClass().getName(), credentialsSupport);
    }

    public void unbindCredentialsSupport(CredentialsSupport credentialsSupport) {
        this.credentialsSupport.remove(credentialsSupport.getClass().getName());
    }

    @Override // org.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default, org.apache.jackrabbit.oak.spi.security.SecurityConfiguration
    @Nonnull
    public String getName() {
        return TokenConfiguration.NAME;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default, org.apache.jackrabbit.oak.spi.security.SecurityConfiguration
    @Nonnull
    public List<? extends ValidatorProvider> getValidators(@Nonnull String str, @Nonnull Set<Principal> set, @Nonnull MoveTracker moveTracker) {
        return ImmutableList.of(new TokenValidatorProvider(getSecurityProvider().getParameters(UserConfiguration.NAME), getTreeProvider()));
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration
    @Nonnull
    public TokenProvider getTokenProvider(Root root) {
        return new TokenProviderImpl(root, getParameters(), (UserConfiguration) getSecurityProvider().getConfiguration(UserConfiguration.class), newCredentialsSupport());
    }

    private CredentialsSupport newCredentialsSupport() {
        int size = this.credentialsSupport.size();
        return size == 0 ? SimpleCredentialsSupport.getInstance() : size == 1 ? this.credentialsSupport.values().iterator().next() : CompositeCredentialsSupport.newInstance(() -> {
            return ImmutableSet.copyOf((Collection) this.credentialsSupport.values());
        });
    }
}
