package com.adobe.granite.auth.oauth.impl.helper;

import com.adobe.granite.auth.oauth.CredentialsValidator;
import com.adobe.granite.auth.oauth.Provider;
import com.adobe.granite.auth.oauth.ProviderConfig;
import com.adobe.granite.auth.oauth.ProviderConfigProperties;
import com.adobe.granite.auth.oauth.ProviderType;
import com.adobe.granite.auth.oauth.impl.OAuthIdentityProvider;
import com.adobe.granite.auth.oauth.impl.oauth1a.Oauth1aHelper;
import com.adobe.granite.auth.oauth.impl.oauth2.Oauth2Helper;
import com.adobe.granite.crypto.CryptoSupport;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.apache.jackrabbit.oak.spi.security.authentication.credentials.CredentialsSupport;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.osgi.framework.BundleContext;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.cm.ConfigurationException;
import org.osgi.service.cm.ManagedServiceFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/granite/auth/oauth/impl/helper/ProviderConfigManagerBase.class */
public class ProviderConfigManagerBase implements ProviderConfigManagerInternal {
    private static final String DEFAULT_SYNC_HANDLER_PID = "org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler";
    private static final String DEFAULT_SYNC_HANDLER_NAME = "handler.name";
    private static final String DEFAULT_SYNC_HANDLER_USER_AUTO_MEMBERSHIP = "user.autoMembership";
    private static final String DEFAULT_SYNC_HANDLER_USER_PATH_PREFIX = "user.pathPrefix";
    private static final String DEFAULT_SYNC_HANDLER_USER_PROPERTY_MAPPING = "user.propertyMapping";
    private static final String DEFAULT_SYNC_HANDLER_USER_MEMBERSHIP_NESTING_DEPTH = "user.membershipNestingDepth";
    private static final String DEFAULT_SYNC_HANDLER_USER_DISABLE_MISSING = "user.disableMissing";
    private static final List<String> COMPONENTS_PROFILE = new ArrayList<String>() { // from class: com.adobe.granite.auth.oauth.impl.helper.ProviderConfigManagerBase.1
        {
            add("profile/sling:resourceType=\"cq/security/components/profile\"");
            add("profile/id=profile/id");
            add("profile/name=profile/name");
            add("profile/familyName=profile/familyName");
            add("profile/givenName=profile/givenName");
            add("profile/countryCode=profile/countryCode");
            add("profile/mrktPermEmail=profile/mrktPermEmail");
            add("profile/emailVerified=profile/emailVerified");
            add("profile/phoneNumber=profile/phoneNumber");
            add("profile/email=profile/email");
            add("profile/utcOffset=profile/utcOffset");
            add("profile/mrktPerm=profile/mrktPerm");
            add("profile/displayName=profile/displayName");
            add("profile/orgs=profile/orgs");
        }
    };
    private static final String EXTERNAL_LOGIN_MODULE_FACTORY_PID = "org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory";
    private static final String EXTERNAL_LOGIN_MODULE_FACTORY_IDP_NAME = "idp.name";
    private static final String EXTERNAL_LOGIN_MODULE_FACTORY_SYNC_HANDLER_NAME = "sync.handlerName";
    private ServiceRegistration providerConfigService;
    protected int cookieMaxAge;
    protected int loginTimeout;
    private CryptoSupport cryptoSupport;
    private ConfigurationAdmin configurationAdmin;
    private BundleContext context;
    private final Logger log = LoggerFactory.getLogger(getClass());
    private final Map<String, OAuthHelper> helperCache = new ConcurrentHashMap();
    private final Map<String, ProviderConfig> configurations = new ConcurrentHashMap();
    private final Map<String, Provider> providerCache = new ConcurrentHashMap();
    private final HashSet<CredentialsValidator> validators = new HashSet<>();
    private final ReadWriteLock lock = new ReentrantReadWriteLock();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.adobe.granite.auth.oauth.impl.helper.ProviderConfigManagerBase$2, reason: invalid class name */
    /* loaded from: input_file:com/adobe/granite/auth/oauth/impl/helper/ProviderConfigManagerBase$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$com$adobe$granite$auth$oauth$ProviderType = new int[ProviderType.values().length];

        static {
            try {
                $SwitchMap$com$adobe$granite$auth$oauth$ProviderType[ProviderType.OAUTH1A.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$adobe$granite$auth$oauth$ProviderType[ProviderType.OAUTH2.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* loaded from: input_file:com/adobe/granite/auth/oauth/impl/helper/ProviderConfigManagerBase$ProviderConfigService.class */
    class ProviderConfigService implements ManagedServiceFactory {
        ProviderConfigService() {
        }

        public String getName() {
            return ProviderConfigProperties.FACTORY_PID;
        }

        public void deleted(String str) {
            Iterator it = ProviderConfigManagerBase.this.configurations.entrySet().iterator();
            while (it.hasNext()) {
                ProviderConfig providerConfig = (ProviderConfig) ((Map.Entry) it.next()).getValue();
                if (providerConfig.getPid().equals(str)) {
                    String configId = providerConfig.getConfigId();
                    it.remove();
                    ProviderConfigManagerBase.this.deleteConfigurations(configId);
                    ProviderConfigManagerBase.this.removeHelper(configId);
                }
            }
        }

        public void updated(String str, Dictionary dictionary) throws ConfigurationException {
            ProviderConfigImpl providerConfigImpl = new ProviderConfigImpl(str, ProviderConfigManagerBase.this.loginTimeout, ProviderConfigManagerBase.this.cookieMaxAge, dictionary, ProviderConfigManagerBase.this.cryptoSupport);
            String configId = providerConfigImpl.getConfigId();
            ProviderConfig providerConfig = (ProviderConfig) ProviderConfigManagerBase.this.configurations.get(configId);
            if (providerConfig != null && !providerConfigImpl.getPid().equals(providerConfig.getPid())) {
                throw new ConfigurationException(ProviderConfigProperties.CONFIG_ID, "Config Id must be unique.");
            }
            ProviderConfig providerConfig2 = (ProviderConfig) ProviderConfigManagerBase.this.configurations.put(configId, providerConfigImpl);
            Provider provider = (Provider) ProviderConfigManagerBase.this.providerCache.get(providerConfigImpl.getProviderId());
            if (provider == null) {
                if (providerConfig2 != null) {
                    ProviderConfigManagerBase.this.removeHelper(configId);
                }
            } else {
                if (providerConfig2 != null) {
                    ProviderConfigManagerBase.this.removeHelper(configId);
                }
                OAuthHelper createHelper = ProviderConfigManagerBase.this.createHelper(provider.getType(), providerConfigImpl);
                ProviderConfigManagerBase.this.helperCache.put(configId, createHelper);
                ProviderConfigManagerBase.this.registerServices(configId, createHelper);
                ProviderConfigManagerBase.this.configure(createHelper, provider, providerConfigImpl, configId);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void activate(BundleContext bundleContext, Map<String, Object> map) {
        this.log.info("activating ProviderConfigManager");
        this.context = bundleContext;
        ProviderConfigService providerConfigService = new ProviderConfigService();
        Hashtable hashtable = new Hashtable();
        hashtable.put("service.pid", ProviderConfigProperties.FACTORY_PID);
        hashtable.put("service.vendor", map.get("service.vendor"));
        hashtable.put("service.description", "OAuth Provider Configurator");
        this.providerConfigService = bundleContext.registerService(ManagedServiceFactory.class.getName(), providerConfigService, hashtable);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void deactivate() {
        this.log.debug("deactivating ProviderConfigManager");
        this.configurations.clear();
        this.providerCache.clear();
        Iterator<String> it = this.helperCache.keySet().iterator();
        while (it.hasNext()) {
            removeHelper(it.next());
        }
        this.helperCache.clear();
        if (this.providerConfigService != null) {
            this.providerConfigService.unregister();
            this.providerConfigService = null;
        }
    }

    @Override // com.adobe.granite.auth.oauth.impl.helper.ProviderConfigManagerInternal
    public OAuthHelper getHelper(String str) {
        return this.helperCache.get(str);
    }

    @Override // com.adobe.granite.auth.oauth.impl.helper.ProviderConfigManagerInternal
    public Provider getProvider(String str) {
        ProviderConfig providerConfig = str == null ? null : this.configurations.get(str);
        if (providerConfig == null) {
            return null;
        }
        return this.providerCache.get(providerConfig.getProviderId());
    }

    @Override // com.adobe.granite.auth.oauth.ProviderConfigManager
    public Iterable<ProviderConfig> getProviderConfigs() {
        return this.configurations.values();
    }

    @Override // com.adobe.granite.auth.oauth.ProviderConfigManager
    public ProviderConfig getProviderConfig(String str) {
        return this.configurations.get(str);
    }

    protected void bindOauthProvider(Provider provider, Map<String, Object> map) {
        Provider provider2 = this.providerCache.get(provider.getId());
        if (provider2 != null) {
            this.log.error("provider id was not unique:{}, matched id of existing provider {}", provider.getId(), provider2.toString());
            return;
        }
        this.providerCache.put(provider.getId(), provider);
        for (Map.Entry<String, ProviderConfig> entry : this.configurations.entrySet()) {
            if (entry.getValue().getProviderId().equals(provider.getId())) {
                OAuthHelper createHelper = createHelper(provider.getType(), entry.getValue());
                this.helperCache.put(entry.getKey(), createHelper);
                registerServices(entry.getKey(), createHelper);
                configure(createHelper, provider, entry.getValue(), entry.getKey());
            }
        }
    }

    protected void unbindOauthProvider(Provider provider, Map<String, Object> map) {
        this.providerCache.remove(provider.getId());
        for (Map.Entry<String, ProviderConfig> entry : this.configurations.entrySet()) {
            if (entry.getValue().getProviderId().equals(provider.getId())) {
                removeHelper(entry.getKey());
            }
        }
    }

    protected void bindCredentialsValidator(CredentialsValidator credentialsValidator) {
        this.lock.writeLock().lock();
        try {
            this.validators.add(credentialsValidator);
            HashMap hashMap = new HashMap();
            for (Map.Entry<String, OAuthHelper> entry : this.helperCache.entrySet()) {
                OAuthHelper value = entry.getValue();
                if (value.getProviderConfig().getProviderId().equals(credentialsValidator.getId())) {
                    removeHelper(entry.getKey());
                    hashMap.put(entry.getKey(), value);
                }
            }
            for (Map.Entry entry2 : hashMap.entrySet()) {
                this.helperCache.put((String) entry2.getKey(), (OAuthHelper) entry2.getValue());
                registerServices((String) entry2.getKey(), (OAuthHelper) entry2.getValue());
            }
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    protected void unbindCredentialsValidator(CredentialsValidator credentialsValidator) {
        this.lock.writeLock().lock();
        try {
            this.validators.remove(credentialsValidator);
            HashMap hashMap = new HashMap();
            for (Map.Entry<String, OAuthHelper> entry : this.helperCache.entrySet()) {
                OAuthHelper value = entry.getValue();
                if (value.getProviderConfig().getProviderId().equals(credentialsValidator.getId())) {
                    removeHelper(entry.getKey());
                    hashMap.put(entry.getKey(), value);
                }
            }
            for (Map.Entry entry2 : hashMap.entrySet()) {
                this.helperCache.put((String) entry2.getKey(), (OAuthHelper) entry2.getValue());
                registerServices((String) entry2.getKey(), (OAuthHelper) entry2.getValue());
            }
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setCryptoSupport(CryptoSupport cryptoSupport) {
        this.cryptoSupport = cryptoSupport;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setConfigurationAdmin(ConfigurationAdmin configurationAdmin) {
        this.configurationAdmin = configurationAdmin;
    }

    protected void registerServices(String str, OAuthHelper oAuthHelper) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        ProviderConfigImpl providerConfig = oAuthHelper.getProviderConfig();
        String providerId = providerConfig.getProviderId();
        boolean allowSiblingConfigs = providerConfig.getAllowSiblingConfigs();
        Iterator<CredentialsValidator> it = this.validators.iterator();
        while (it.hasNext()) {
            CredentialsValidator next = it.next();
            if (CredentialsValidator.ALL_ID.equals(next.getId()) || providerId.equals(next.getId())) {
                this.log.debug("Add CredentialsValidator [{}] for provider {}", next.getClass(), providerId);
                linkedHashSet.add(next);
            }
        }
        this.log.debug("Registering  OAuthIdentityProvider for provider {}, config {} with allowSiblingConfig to {}", new Object[]{providerId, str, Boolean.valueOf(allowSiblingConfigs)});
        oAuthHelper.setServiceRegistration(this.context.registerService(new String[]{ExternalIdentityProvider.class.getName(), CredentialsSupport.class.getName()}, new OAuthIdentityProvider(providerId, str, linkedHashSet, allowSiblingConfigs), (Dictionary) null));
    }

    protected void configure(OAuthHelper oAuthHelper, Provider provider, ProviderConfig providerConfig, String str) {
        ArrayList arrayList = new ArrayList();
        Configuration configuration = getConfiguration(str, DEFAULT_SYNC_HANDLER_NAME, DEFAULT_SYNC_HANDLER_PID);
        if (configuration == null) {
            Hashtable hashtable = new Hashtable();
            hashtable.put(DEFAULT_SYNC_HANDLER_NAME, str);
            setConfigurations(provider, oAuthHelper.getProviderConfig(), hashtable);
            try {
                configuration = this.configurationAdmin.createFactoryConfiguration(DEFAULT_SYNC_HANDLER_PID, (String) null);
                configuration.update(hashtable);
                arrayList.add(configuration);
            } catch (IOException e) {
                if (configuration != null) {
                    deleteConfiguration(configuration);
                }
                this.log.error("issued while creating configuration", e);
            }
        } else {
            arrayList.add(configuration);
        }
        Configuration configuration2 = getConfiguration(str, EXTERNAL_LOGIN_MODULE_FACTORY_SYNC_HANDLER_NAME, EXTERNAL_LOGIN_MODULE_FACTORY_PID);
        if (configuration2 == null) {
            try {
                configuration2 = this.configurationAdmin.createFactoryConfiguration(EXTERNAL_LOGIN_MODULE_FACTORY_PID, (String) null);
                Hashtable hashtable2 = new Hashtable();
                hashtable2.put(EXTERNAL_LOGIN_MODULE_FACTORY_IDP_NAME, str);
                hashtable2.put(EXTERNAL_LOGIN_MODULE_FACTORY_SYNC_HANDLER_NAME, str);
                configuration2.update(hashtable2);
                arrayList.add(configuration2);
            } catch (IOException e2) {
                if (configuration2 != null) {
                    deleteConfiguration(configuration2);
                }
                this.log.error("issued while creating configuration", e2);
            }
        } else {
            arrayList.add(configuration2);
        }
        if (arrayList.size() > 0) {
            oAuthHelper.setConfigurations((Configuration[]) arrayList.toArray(new Configuration[0]));
        }
    }

    void setConfigurations(Provider provider, ProviderConfigImpl providerConfigImpl, Dictionary<String, Object> dictionary) {
        if (providerConfigImpl == null || dictionary == null) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        String clientId = providerConfigImpl.getClientId();
        String[] autoCreateUsersGroups = providerConfigImpl.getAutoCreateUsersGroups();
        dictionary.put(DEFAULT_SYNC_HANDLER_USER_MEMBERSHIP_NESTING_DEPTH, 1);
        dictionary.put(DEFAULT_SYNC_HANDLER_USER_DISABLE_MISSING, true);
        if (autoCreateUsersGroups != null && autoCreateUsersGroups.length > 0) {
            dictionary.put(DEFAULT_SYNC_HANDLER_USER_AUTO_MEMBERSHIP, autoCreateUsersGroups);
        }
        if (provider != null) {
            dictionary.put(DEFAULT_SYNC_HANDLER_USER_PATH_PREFIX, provider.getUserFolderPath(null, null, null));
            arrayList.add(getOAuthId(provider, clientId));
            arrayList.add(getAccessTokenEntry(provider, clientId));
        }
        arrayList.addAll(COMPONENTS_PROFILE);
        dictionary.put(DEFAULT_SYNC_HANDLER_USER_PROPERTY_MAPPING, arrayList);
    }

    void removeHelper(String str) {
        ServiceRegistration serviceRegistration;
        OAuthHelper remove = this.helperCache.remove(str);
        if (remove == null || (serviceRegistration = remove.getServiceRegistration()) == null) {
            return;
        }
        serviceRegistration.unregister();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void deleteConfigurations(String str) {
        Configuration[] configurations;
        OAuthHelper oAuthHelper = this.helperCache.get(str);
        if (oAuthHelper == null || (configurations = oAuthHelper.getConfigurations()) == null) {
            return;
        }
        for (Configuration configuration : configurations) {
            deleteConfiguration(configuration);
        }
    }

    private void deleteConfiguration(Configuration configuration) {
        if (configuration != null) {
            try {
                if (configurationExists(configuration.getPid())) {
                    configuration.delete();
                }
            } catch (IOException e) {
                this.log.error("Unexpected problem deleting configuration", e);
            } catch (IllegalStateException e2) {
                this.log.info("The configuration is alredy deleted");
            }
        }
    }

    private boolean configurationExists(String str) {
        if (str != null) {
            try {
                if (this.configurationAdmin.getConfiguration(str) != null) {
                    return true;
                }
            } catch (IOException | IllegalStateException e) {
                this.log.debug("issue while listing configuration", e);
                return false;
            }
        }
        return false;
    }

    private Configuration getConfiguration(String str, String str2, String str3) {
        try {
            Configuration[] listConfigurations = this.configurationAdmin.listConfigurations("(&(" + str2 + "=" + str + ")(service.factoryPid=" + str3 + "))");
            if (listConfigurations == null || listConfigurations.length < 1) {
                return null;
            }
            return listConfigurations[0];
        } catch (IOException | InvalidSyntaxException e) {
            this.log.debug("issue while listing configuration", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public OAuthHelper createHelper(ProviderType providerType, ProviderConfig providerConfig) {
        if (!(providerConfig instanceof ProviderConfigImpl)) {
            throw new InternalError();
        }
        checkProviderConfig(providerConfig);
        switch (AnonymousClass2.$SwitchMap$com$adobe$granite$auth$oauth$ProviderType[providerType.ordinal()]) {
            case 1:
                return new Oauth1aHelper((ProviderConfigImpl) providerConfig);
            case OAuthToken.AUTHORIZED /* 2 */:
                return new Oauth2Helper((ProviderConfigImpl) providerConfig);
            default:
                this.log.error("unsupported ProviderType:" + providerType);
                return null;
        }
    }

    void checkProviderConfig(ProviderConfig providerConfig) {
        if (CredentialsValidator.ALL_ID.equals(providerConfig.getConfigId())) {
            throw new IllegalArgumentException("* is *not* a valid provider configuration id");
        }
    }

    private String getOAuthId(Provider provider, String str) {
        StringBuilder sb = new StringBuilder(provider.getOAuthIdPropertyPath(str));
        sb.append("=").append("profile/id");
        return sb.toString();
    }

    private String getAccessTokenEntry(Provider provider, String str) {
        StringBuilder sb = new StringBuilder(provider.getAccessTokenPropertyPath(str));
        sb.append("=").append("access_token");
        return sb.toString();
    }
}
