package brooklyn.web.console.security;

import brooklyn.util.internal.BrooklynSystemProperties;
import java.util.LinkedHashSet;
import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.http.HttpSession;
import org.codehaus.groovy.grails.web.context.ServletContextHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:brooklyn.war:WEB-INF/classes/brooklyn/web/console/security/ExplicitUsersSecurityProvider.class */
public class ExplicitUsersSecurityProvider implements SecurityProvider {
    public static final Logger LOG = LoggerFactory.getLogger(ExplicitUsersSecurityProvider.class);
    public static final String AUTHENTICATION_KEY = ExplicitUsersSecurityProvider.class.getCanonicalName() + ".AUTHENTICATED";
    private boolean allowAnyUserWithValidPass = false;
    private boolean allowDefaultUsers = false;
    private boolean allowAnyUser = false;
    private Set<String> allowedUsers = null;

    @Override // brooklyn.web.console.security.SecurityProvider
    public boolean isAuthenticated(HttpSession httpSession) {
        if (httpSession == null) {
            return false;
        }
        return this.allowAnyUser || httpSession.getAttribute(AUTHENTICATION_KEY) != null;
    }

    private synchronized void initialize() {
        if (this.allowedUsers != null) {
            return;
        }
        this.allowedUsers = new LinkedHashSet();
        Object config = ConfigLoader.getConfig(BrooklynSystemProperties.SECURITY_PROVIDER_EXPLICIT__USERS.getPropertyName());
        if (config == null) {
            LOG.info("Web console allowing default user (admin)");
            this.allowDefaultUsers = true;
        } else if ("*".equals(config)) {
            LOG.info("Web console allowing any users");
            this.allowAnyUserWithValidPass = true;
        } else {
            LOG.info("Web console allowing users " + config);
            StringTokenizer stringTokenizer = new StringTokenizer("" + config, ",");
            while (stringTokenizer.hasMoreElements()) {
                this.allowedUsers.add(("" + stringTokenizer.nextElement()).trim());
            }
        }
        if (ServletContextHolder.getServletContext().getAttribute("brooklyn.autologin.username") != null) {
            LOG.warn("Use of legacy AUTOLOGIN; replace with setting BrooklynSystemProperties.SECURITY_PROVIDER to " + AnyoneSecurityProvider.class.getCanonicalName());
            this.allowAnyUser = true;
        }
    }

    @Override // brooklyn.web.console.security.SecurityProvider
    public boolean authenticate(HttpSession httpSession, String str, String str2) {
        if (httpSession == null) {
            return false;
        }
        if (this.allowAnyUser) {
            return true;
        }
        initialize();
        if (!this.allowAnyUserWithValidPass) {
            if (this.allowDefaultUsers && str.equals("admin") && str2.equals("password")) {
                return allow(httpSession, str);
            }
            if (!this.allowedUsers.contains(str)) {
                LOG.info("Web console rejecting unknown user " + str);
                return false;
            }
        }
        Object config = ConfigLoader.getConfig(BrooklynSystemProperties.SECURITY_PROVIDER_EXPLICIT__PASSWORD(str).getPropertyName());
        if (config == null) {
            LOG.info("Web console rejecting passwordless user " + str);
            return false;
        }
        if (config.equals(str2)) {
            return allow(httpSession, str);
        }
        LOG.info("Web console rejecting bad password for user " + str);
        return false;
    }

    private boolean allow(HttpSession httpSession, String str) {
        LOG.info("Web console " + getClass().getSimpleName() + " authenticated user " + str);
        httpSession.setAttribute(AUTHENTICATION_KEY, str);
        return true;
    }

    @Override // brooklyn.web.console.security.SecurityProvider
    public boolean logout(HttpSession httpSession) {
        if (httpSession == null) {
            return false;
        }
        httpSession.removeAttribute(AUTHENTICATION_KEY);
        return true;
    }
}
