package brooklyn.rest.security.provider;

import brooklyn.config.StringConfigMap;
import brooklyn.management.ManagementContext;
import brooklyn.rest.BrooklynWebConfig;
import java.util.LinkedHashSet;
import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:brooklyn/rest/security/provider/ExplicitUsersSecurityProvider.class */
public class ExplicitUsersSecurityProvider implements SecurityProvider {
    public static final Logger LOG = LoggerFactory.getLogger(ExplicitUsersSecurityProvider.class);
    public static final String AUTHENTICATION_KEY = String.valueOf(ExplicitUsersSecurityProvider.class.getCanonicalName()) + ".AUTHENTICATED";
    protected final ManagementContext mgmt;
    private boolean allowAnyUserWithValidPass = false;
    private boolean allowDefaultUsers = false;
    private boolean allowAnyUser = false;
    private Set<String> allowedUsers = null;

    public ExplicitUsersSecurityProvider(ManagementContext managementContext) {
        this.mgmt = managementContext;
    }

    @Override // brooklyn.rest.security.provider.SecurityProvider
    public boolean isAuthenticated(HttpSession httpSession) {
        if (httpSession == null) {
            return false;
        }
        return this.allowAnyUser || httpSession.getAttribute(AUTHENTICATION_KEY) != null;
    }

    private synchronized void initialize() {
        if (this.allowedUsers != null) {
            return;
        }
        StringConfigMap config = this.mgmt.getConfig();
        this.allowedUsers = new LinkedHashSet();
        String str = (String) config.getConfig(BrooklynWebConfig.SECURITY_PROVIDER_EXPLICIT__USERS);
        if (str == null) {
            LOG.info("Web console allowing default user (admin)");
            this.allowDefaultUsers = true;
        } else if ("*".equals(str)) {
            LOG.info("Web console allowing any users");
            this.allowAnyUserWithValidPass = true;
        } else {
            LOG.info("Web console allowing users " + str);
            StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
            while (stringTokenizer.hasMoreElements()) {
                this.allowedUsers.add(new StringBuilder().append(stringTokenizer.nextElement()).toString().trim());
            }
        }
        if (config.getFirst(new String[]{"brooklyn.autologin.username"}) != null) {
            LOG.warn("Use of legacy AUTOLOGIN; replace with setting BrooklynSystemProperties.SECURITY_PROVIDER to " + AnyoneSecurityProvider.class.getCanonicalName());
            this.allowAnyUser = true;
        }
    }

    @Override // brooklyn.rest.security.provider.SecurityProvider
    public boolean authenticate(HttpSession httpSession, String str, String str2) {
        if (this.allowAnyUser) {
            return true;
        }
        if (httpSession == null || str == null) {
            return false;
        }
        initialize();
        if (!this.allowAnyUserWithValidPass) {
            if (this.allowDefaultUsers && str.equals("admin") && str2.equals("password")) {
                return allow(httpSession, str);
            }
            if (!this.allowedUsers.contains(str)) {
                LOG.info("Web console rejecting unknown user " + str);
                return false;
            }
        }
        String str3 = (String) this.mgmt.getConfig().getConfig(BrooklynWebConfig.SECURITY_PROVIDER_EXPLICIT__PASSWORD(str));
        if (str3 == null) {
            LOG.info("Web console rejecting passwordless user " + str);
            return false;
        }
        if (str3.equals(str2)) {
            return allow(httpSession, str);
        }
        LOG.info("Web console rejecting bad password for user " + str);
        return false;
    }

    private boolean allow(HttpSession httpSession, String str) {
        LOG.debug("Web console " + getClass().getSimpleName() + " authenticated user " + str);
        httpSession.setAttribute(AUTHENTICATION_KEY, str);
        return true;
    }

    @Override // brooklyn.rest.security.provider.SecurityProvider
    public boolean logout(HttpSession httpSession) {
        if (httpSession == null) {
            return false;
        }
        httpSession.removeAttribute(AUTHENTICATION_KEY);
        return true;
    }
}
