package io.hawt.web.auth;

import io.hawt.system.ConfigManager;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletContext;
import org.apache.aries.blueprint.ext.impl.ExtNamespaceHandler;
import org.apache.commons.httpclient.HttpState;
import org.codehaus.plexus.PlexusConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:hawtio.war:WEB-INF/lib/hawtio-system-2.0-beta-1.jar:io/hawt/web/auth/ConfigurationManager.class */
public class ConfigurationManager {
    private static final transient Logger LOG = LoggerFactory.getLogger((Class<?>) ConfigurationManager.class);
    public static final String HAWTIO_NO_CREDENTIALS_401 = "hawtio.noCredentials401";
    public static final String HAWTIO_AUTHENTICATION_ENABLED = "hawtio.authenticationEnabled";
    public static final String HAWTIO_REALM = "hawtio.realm";
    public static final String HAWTIO_ROLE = "hawtio.role";
    public static final String HAWTIO_ROLES = "hawtio.roles";
    public static final String HAWTIO_ROLE_PRINCIPAL_CLASSES = "hawtio.rolePrincipalClasses";
    public static final String HAWTIO_AUTH_CONTAINER_DISCOVERY_CLASSES = "hawtio.authenticationContainerDiscoveryClasses";
    private static final String AUTHENTICATION_CONFIGURATION = "authenticationConfig";

    private ConfigurationManager() {
    }

    public static AuthenticationConfiguration getConfiguration(ServletContext servletContext) {
        AuthenticationConfiguration authenticationConfiguration = (AuthenticationConfiguration) servletContext.getAttribute(AUTHENTICATION_CONFIGURATION);
        if (authenticationConfiguration == null) {
            authenticationConfiguration = createConfiguration(servletContext);
            servletContext.setAttribute("authenticationEnabled", Boolean.valueOf(authenticationConfiguration.isEnabled()));
            servletContext.setAttribute(AUTHENTICATION_CONFIGURATION, authenticationConfiguration);
        }
        return authenticationConfiguration;
    }

    private static AuthenticationConfiguration createConfiguration(ServletContext servletContext) {
        AuthenticationConfiguration authenticationConfiguration = new AuthenticationConfiguration();
        ConfigManager configManager = (ConfigManager) servletContext.getAttribute("ConfigManager");
        String str = System.getProperty("karaf.name") != null ? "org.apache.karaf.jaas.boot.principal.RolePrincipal,org.apache.karaf.jaas.modules.RolePrincipal,org.apache.karaf.jaas.boot.principal.GroupPrincipal" : "";
        String str2 = "io.hawt.web.tomcat.TomcatAuthenticationContainerDiscovery";
        if (configManager != null) {
            authenticationConfiguration.setRealm(configManager.get(PlexusConstants.REALM_VISIBILITY, "karaf"));
            String str3 = configManager.get(ExtNamespaceHandler.ROLE_ATTRIBUTE, null);
            if (str3 == null) {
                str3 = configManager.get("roles", null);
            }
            if (str3 == null) {
                str3 = "admin,viewer";
            }
            authenticationConfiguration.setRole(str3);
            authenticationConfiguration.setRolePrincipalClasses(configManager.get("rolePrincipalClasses", str));
            authenticationConfiguration.setEnabled(Boolean.parseBoolean(configManager.get("authenticationEnabled", "true")));
            authenticationConfiguration.setNoCredentials401(Boolean.parseBoolean(configManager.get("noCredentials401", HttpState.PREEMPTIVE_DEFAULT)));
            str2 = configManager.get("authenticationContainerDiscoveryClasses", str2);
        }
        if (System.getProperty(HAWTIO_AUTHENTICATION_ENABLED) != null) {
            authenticationConfiguration.setEnabled(Boolean.getBoolean(HAWTIO_AUTHENTICATION_ENABLED));
        }
        if (System.getProperty(HAWTIO_NO_CREDENTIALS_401) != null) {
            authenticationConfiguration.setNoCredentials401(Boolean.getBoolean(HAWTIO_NO_CREDENTIALS_401));
        }
        if (System.getProperty(HAWTIO_REALM) != null) {
            authenticationConfiguration.setRealm(System.getProperty(HAWTIO_REALM));
        }
        if (System.getProperty(HAWTIO_ROLE) != null) {
            authenticationConfiguration.setRole(System.getProperty(HAWTIO_ROLE));
        }
        if (System.getProperty(HAWTIO_ROLES) != null) {
            authenticationConfiguration.setRole(System.getProperty(HAWTIO_ROLES));
        }
        if (System.getProperty(HAWTIO_ROLE_PRINCIPAL_CLASSES) != null) {
            authenticationConfiguration.setRolePrincipalClasses(System.getProperty(HAWTIO_ROLE_PRINCIPAL_CLASSES));
        }
        if (System.getProperty(HAWTIO_AUTH_CONTAINER_DISCOVERY_CLASSES) != null) {
            str2 = System.getProperty(HAWTIO_AUTH_CONTAINER_DISCOVERY_CLASSES);
        }
        if (authenticationConfiguration.isEnabled()) {
            Iterator<AuthenticationContainerDiscovery> it = getDiscoveries(str2).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                AuthenticationContainerDiscovery next = it.next();
                if (next.canAuthenticate(authenticationConfiguration)) {
                    LOG.info("Discovered container {} to use with hawtio authentication filter", next.getContainerName());
                    break;
                }
            }
        }
        if (authenticationConfiguration.isEnabled()) {
            LOG.info("Starting hawtio authentication filter, JAAS realm: \"{}\" authorized role(s): \"{}\" role principal classes: \"{}\"", authenticationConfiguration.getRealm(), authenticationConfiguration.getRole(), authenticationConfiguration.getRolePrincipalClasses());
        } else {
            LOG.info("Starting hawtio authentication filter, JAAS authentication disabled");
        }
        return authenticationConfiguration;
    }

    private static List<AuthenticationContainerDiscovery> getDiscoveries(String str) {
        ArrayList arrayList = new ArrayList();
        if (str == null || str.trim().isEmpty()) {
            return arrayList;
        }
        for (String str2 : str.split(",")) {
            try {
                arrayList.add((AuthenticationContainerDiscovery) ConfigurationManager.class.getClassLoader().loadClass(str2.trim()).newInstance());
            } catch (Exception e) {
                LOG.warn("Couldn't instantiate discovery " + str2, (Throwable) e);
            }
        }
        return arrayList;
    }
}
