package io.hawt.web.auth;

import io.hawt.system.ConfigManager;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.login.Configuration;
import javax.servlet.ServletContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hawtio-system-2.0.0.fuse-731003-redhat-00004.jar:io/hawt/web/auth/AuthenticationConfiguration.class */
public class AuthenticationConfiguration {
    private static final transient Logger LOG = LoggerFactory.getLogger((Class<?>) AuthenticationConfiguration.class);
    public static final String LOGIN_URL = "/auth/login";
    public static final String[] UNSECURED_PATHS = {LOGIN_URL, "/auth/logout", "/css", "/fonts", "/img", "/js", "/hawtconfig.json", "/jolokia", "/keycloak", "/oauth", "/user", "/login.html"};
    public static final String AUTHENTICATION_ENABLED = "authenticationEnabled";
    public static final String NO_CREDENTIALS_401 = "noCredentials401";
    public static final String REALM = "realm";
    public static final String ROLE = "role";
    public static final String ROLES = "roles";
    public static final String ROLE_PRINCIPAL_CLASSES = "rolePrincipalClasses";
    public static final String AUTHENTICATION_CONTAINER_DISCOVERY_CLASSES = "authenticationContainerDiscoveryClasses";
    public static final String KEYCLOAK_ENABLED = "keycloakEnabled";
    public static final String HAWTIO_AUTHENTICATION_ENABLED = "hawtio.authenticationEnabled";
    public static final String HAWTIO_NO_CREDENTIALS_401 = "hawtio.noCredentials401";
    public static final String HAWTIO_REALM = "hawtio.realm";
    public static final String HAWTIO_ROLE = "hawtio.role";
    public static final String HAWTIO_ROLES = "hawtio.roles";
    public static final String HAWTIO_ROLE_PRINCIPAL_CLASSES = "hawtio.rolePrincipalClasses";
    public static final String HAWTIO_AUTH_CONTAINER_DISCOVERY_CLASSES = "hawtio.authenticationContainerDiscoveryClasses";
    public static final String HAWTIO_KEYCLOAK_ENABLED = "hawtio.keycloakEnabled";
    public static final String AUTHENTICATION_CONFIGURATION = "authenticationConfig";
    public static final String DEFAULT_REALM = "karaf";
    private static final String DEFAULT_KARAF_ROLES = "admin,manager,viewer";
    public static final String DEFAULT_KARAF_ROLE_PRINCIPAL_CLASSES = "org.apache.karaf.jaas.boot.principal.RolePrincipal,org.apache.karaf.jaas.modules.RolePrincipal,org.apache.karaf.jaas.boot.principal.GroupPrincipal";
    public static final String TOMCAT_AUTH_CONTAINER_DISCOVERY = "io.hawt.web.tomcat.TomcatAuthenticationContainerDiscovery";
    private boolean enabled;
    private boolean noCredentials401;
    private String realm;
    private String role;
    private String rolePrincipalClasses;
    private Configuration configuration;
    private boolean keycloakEnabled;

    public AuthenticationConfiguration(ServletContext servletContext) {
        ConfigManager configManager = (ConfigManager) servletContext.getAttribute(ConfigManager.CONFIG_MANAGER);
        String str = System.getProperty("karaf.name") != null ? DEFAULT_KARAF_ROLE_PRINCIPAL_CLASSES : "";
        String str2 = TOMCAT_AUTH_CONTAINER_DISCOVERY;
        if (configManager != null) {
            this.realm = configManager.get(REALM, DEFAULT_REALM);
            String str3 = configManager.get("role", null);
            str3 = str3 == null ? configManager.get(ROLES, null) : str3;
            this.role = str3 == null ? DEFAULT_KARAF_ROLES : str3;
            this.rolePrincipalClasses = configManager.get(ROLE_PRINCIPAL_CLASSES, str);
            this.enabled = configManager.getBoolean(AUTHENTICATION_ENABLED, true);
            this.noCredentials401 = configManager.getBoolean(NO_CREDENTIALS_401, false);
            this.keycloakEnabled = this.enabled && configManager.getBoolean(KEYCLOAK_ENABLED, false);
            str2 = configManager.get(AUTHENTICATION_CONTAINER_DISCOVERY_CLASSES, str2);
        }
        if (System.getProperty(HAWTIO_AUTHENTICATION_ENABLED) != null) {
            this.enabled = Boolean.getBoolean(HAWTIO_AUTHENTICATION_ENABLED);
        }
        if (System.getProperty(HAWTIO_NO_CREDENTIALS_401) != null) {
            this.noCredentials401 = Boolean.getBoolean(HAWTIO_NO_CREDENTIALS_401);
        }
        if (System.getProperty(HAWTIO_REALM) != null) {
            this.realm = System.getProperty(HAWTIO_REALM);
        }
        if (System.getProperty(HAWTIO_ROLE) != null) {
            this.role = System.getProperty(HAWTIO_ROLE);
        }
        if (System.getProperty(HAWTIO_ROLES) != null) {
            this.role = System.getProperty(HAWTIO_ROLES);
        }
        if (System.getProperty(HAWTIO_ROLE_PRINCIPAL_CLASSES) != null) {
            this.rolePrincipalClasses = System.getProperty(HAWTIO_ROLE_PRINCIPAL_CLASSES);
        }
        if (System.getProperty(HAWTIO_KEYCLOAK_ENABLED) != null) {
            this.keycloakEnabled = this.enabled && Boolean.getBoolean(HAWTIO_KEYCLOAK_ENABLED);
        }
        str2 = System.getProperty(HAWTIO_AUTH_CONTAINER_DISCOVERY_CLASSES) != null ? System.getProperty(HAWTIO_AUTH_CONTAINER_DISCOVERY_CLASSES) : str2;
        if (this.enabled) {
            Iterator<AuthenticationContainerDiscovery> it = getDiscoveries(str2).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                AuthenticationContainerDiscovery next = it.next();
                if (next.canAuthenticate(this)) {
                    LOG.info("Discovered container {} to use with hawtio authentication filter", next.getContainerName());
                    break;
                }
            }
        }
        if (this.enabled) {
            LOG.info("Starting hawtio authentication filter, JAAS realm: \"{}\" authorized role(s): \"{}\" role principal classes: \"{}\"", this.realm, this.role, this.rolePrincipalClasses);
        } else {
            LOG.info("Starting hawtio authentication filter, JAAS authentication disabled");
        }
    }

    public static AuthenticationConfiguration getConfiguration(ServletContext servletContext) {
        AuthenticationConfiguration authenticationConfiguration = (AuthenticationConfiguration) servletContext.getAttribute(AUTHENTICATION_CONFIGURATION);
        if (authenticationConfiguration == null) {
            authenticationConfiguration = new AuthenticationConfiguration(servletContext);
            servletContext.setAttribute(AUTHENTICATION_ENABLED, Boolean.valueOf(authenticationConfiguration.isEnabled()));
            servletContext.setAttribute(AUTHENTICATION_CONFIGURATION, authenticationConfiguration);
        }
        return authenticationConfiguration;
    }

    private static List<AuthenticationContainerDiscovery> getDiscoveries(String str) {
        ArrayList arrayList = new ArrayList();
        if (str == null || str.trim().isEmpty()) {
            return arrayList;
        }
        for (String str2 : str.split(",")) {
            try {
                arrayList.add((AuthenticationContainerDiscovery) AuthenticationConfiguration.class.getClassLoader().loadClass(str2.trim()).newInstance());
            } catch (Exception e) {
                LOG.warn("Couldn't instantiate discovery " + str2, (Throwable) e);
            }
        }
        return arrayList;
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public boolean isNoCredentials401() {
        return this.noCredentials401;
    }

    public String getRealm() {
        return this.realm;
    }

    public String getRole() {
        return this.role;
    }

    public String getRolePrincipalClasses() {
        return this.rolePrincipalClasses;
    }

    public void setRolePrincipalClasses(String str) {
        this.rolePrincipalClasses = str;
    }

    public Configuration getConfiguration() {
        return this.configuration;
    }

    public void setConfiguration(Configuration configuration) {
        this.configuration = configuration;
    }

    public boolean isKeycloakEnabled() {
        return this.keycloakEnabled;
    }

    public String toString() {
        return "AuthenticationConfiguration[enabled=" + this.enabled + ", noCredentials401=" + this.noCredentials401 + ", realm='" + this.realm + "', role(s)='" + this.role + "', rolePrincipalClasses='" + this.rolePrincipalClasses + "', configuration=" + this.configuration + ", keycloakEnabled=" + this.keycloakEnabled + ']';
    }
}
