package org.ops4j.pax.web.service.tomcat.internal;

import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.ServiceLoader;
import java.util.TreeMap;
import javax.servlet.SessionCookieConfig;
import org.apache.catalina.Authenticator;
import org.apache.catalina.ContainerListener;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleEvent;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.Valve;
import org.apache.catalina.authenticator.BasicAuthenticator;
import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.authenticator.DigestAuthenticator;
import org.apache.catalina.authenticator.FormAuthenticator;
import org.apache.catalina.authenticator.NonLoginAuthenticator;
import org.apache.catalina.authenticator.SSLAuthenticator;
import org.apache.catalina.authenticator.SpnegoAuthenticator;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.apache.tomcat.util.digester.Digester;
import org.ops4j.pax.web.service.AuthenticatorService;
import org.ops4j.pax.web.service.spi.config.Configuration;
import org.ops4j.pax.web.service.spi.model.OsgiContextModel;
import org.ops4j.pax.web.service.spi.model.elements.LoginConfigModel;
import org.ops4j.pax.web.service.spi.model.elements.SecurityConfigurationModel;
import org.ops4j.pax.web.service.spi.model.elements.SecurityConstraintModel;
import org.ops4j.pax.web.service.spi.model.elements.SessionConfigurationModel;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/ops4j/pax/web/service/tomcat/internal/OsgiContextConfiguration.class */
public class OsgiContextConfiguration implements LifecycleListener {
    public static final Logger LOG = LoggerFactory.getLogger(OsgiContextConfiguration.class);
    private final OsgiContextModel osgiContextModel;
    private final TomcatFactory tomcatFactory;
    private Valve authenticationValve;
    private final Configuration configuration;
    private final Map<String, TreeMap<OsgiContextModel, SecurityConfigurationModel>> contextSecurityConstraints;

    public OsgiContextConfiguration(OsgiContextModel osgiContextModel, Configuration configuration, TomcatFactory tomcatFactory, Map<String, TreeMap<OsgiContextModel, SecurityConfigurationModel>> map) {
        this.osgiContextModel = osgiContextModel;
        this.tomcatFactory = tomcatFactory;
        this.configuration = configuration;
        this.contextSecurityConstraints = map;
    }

    public Valve getAuthenticationValve() {
        return this.authenticationValve;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v416, types: [java.util.Map] */
    @Override // org.apache.catalina.LifecycleListener
    public void lifecycleEvent(LifecycleEvent lifecycleEvent) {
        LoginConfig loginConfig;
        if (lifecycleEvent.getType().equals(Lifecycle.CONFIGURE_START_EVENT)) {
            TreeMap<OsgiContextModel, SecurityConfigurationModel> treeMap = this.contextSecurityConstraints.get(this.osgiContextModel.getContextPath());
            SecurityConfigurationModel securityConfigurationModel = null;
            if (treeMap != null && treeMap.size() > 0) {
                securityConfigurationModel = treeMap.values().iterator().next();
            }
            if (securityConfigurationModel == null) {
                securityConfigurationModel = this.osgiContextModel.getSecurityConfiguration();
                treeMap = Collections.singletonMap(this.osgiContextModel, securityConfigurationModel);
            }
            LoginConfigModel loginConfig2 = securityConfigurationModel != null ? securityConfigurationModel.getLoginConfig() : null;
            PaxWebStandardContext paxWebStandardContext = (PaxWebStandardContext) lifecycleEvent.getSource();
            SessionConfigurationModel sessionConfiguration = this.osgiContextModel.getSessionConfiguration();
            if (sessionConfiguration != null) {
                if (sessionConfiguration.getSessionTimeout() != null) {
                    paxWebStandardContext.setSessionTimeout(sessionConfiguration.getSessionTimeout().intValue());
                }
                SessionCookieConfig sessionCookieConfig = sessionConfiguration.getSessionCookieConfig();
                if (sessionCookieConfig == null) {
                    sessionCookieConfig = this.configuration.session().getDefaultSessionCookieConfig();
                }
                SessionCookieConfig sessionCookieConfig2 = paxWebStandardContext.getServletContext().getSessionCookieConfig();
                if (sessionCookieConfig != null && sessionCookieConfig2 != null) {
                    if (sessionCookieConfig.getName() != null) {
                        paxWebStandardContext.setSessionCookieName(sessionCookieConfig.getName());
                        sessionCookieConfig2.setName(sessionCookieConfig.getName());
                    }
                    if (sessionCookieConfig.getDomain() != null) {
                        paxWebStandardContext.setSessionCookieDomain(sessionCookieConfig.getDomain());
                        sessionCookieConfig2.setDomain(sessionCookieConfig.getDomain());
                    }
                    if (sessionCookieConfig.getPath() != null) {
                        paxWebStandardContext.setSessionCookiePath(sessionCookieConfig.getPath());
                        sessionCookieConfig2.setPath(sessionCookieConfig.getPath());
                    }
                    paxWebStandardContext.setUseHttpOnly(sessionCookieConfig.isHttpOnly());
                    sessionCookieConfig2.setHttpOnly(sessionCookieConfig.isHttpOnly());
                    sessionCookieConfig2.setSecure(sessionCookieConfig.isSecure());
                    sessionCookieConfig2.setMaxAge(sessionCookieConfig.getMaxAge());
                    sessionCookieConfig2.setComment(sessionCookieConfig.getComment());
                    if (sessionConfiguration.getTrackingModes().size() > 0) {
                        paxWebStandardContext.getServletContext().setSessionTrackingModes(sessionConfiguration.getTrackingModes());
                    }
                }
            }
            ArrayList arrayList = new ArrayList();
            ArrayList<String> arrayList2 = new ArrayList(this.osgiContextModel.getVirtualHosts());
            if (arrayList2.isEmpty()) {
                arrayList2.addAll(Arrays.asList(this.configuration.server().getVirtualHosts()));
            }
            ArrayList<String> arrayList3 = new ArrayList(this.osgiContextModel.getConnectors());
            if (arrayList3.isEmpty()) {
                arrayList3.addAll(Arrays.asList(this.configuration.server().getConnectors()));
            }
            for (String str : arrayList2) {
                if (str != null && !"".equals(str.trim())) {
                    if (str.startsWith("@")) {
                        arrayList.add(str);
                    } else {
                        arrayList.add(str);
                    }
                }
            }
            for (String str2 : arrayList3) {
                if (str2 != null && !"".equals(str2.trim())) {
                    if (str2.startsWith("@")) {
                        arrayList.add(str2);
                    } else {
                        arrayList.add("@" + str2);
                    }
                }
            }
            paxWebStandardContext.setVirtualHosts((String[]) arrayList.toArray(new String[0]));
            Valve[] valves = paxWebStandardContext.getPipeline().getValves();
            ArrayList arrayList4 = new ArrayList(valves.length);
            for (Valve valve : valves) {
                if (valve != null) {
                    String name = valve.getClass().getPackage().getName();
                    if (!name.startsWith("org.apache.tomcat") && !name.startsWith("org.apache.catalina") && !name.startsWith("org.ops4j.pax.web")) {
                        arrayList4.add(valve);
                    }
                }
            }
            arrayList4.forEach(valve2 -> {
                paxWebStandardContext.getPipeline().removeValve(valve2);
            });
            ContainerListener[] findContainerListeners = paxWebStandardContext.findContainerListeners();
            ArrayList arrayList5 = new ArrayList(findContainerListeners.length);
            for (ContainerListener containerListener : findContainerListeners) {
                if (containerListener != null) {
                    String name2 = containerListener.getClass().getPackage().getName();
                    if (!name2.startsWith("org.apache.tomcat") && !name2.startsWith("org.apache.catalina") && !name2.startsWith("org.ops4j.pax.web")) {
                        arrayList5.add(containerListener);
                    }
                }
            }
            paxWebStandardContext.getClass();
            arrayList5.forEach(paxWebStandardContext::removeContainerListener);
            LifecycleListener[] findLifecycleListeners = paxWebStandardContext.findLifecycleListeners();
            ArrayList arrayList6 = new ArrayList(findContainerListeners.length);
            for (LifecycleListener lifecycleListener : findLifecycleListeners) {
                if (lifecycleListener != null) {
                    String name3 = lifecycleListener.getClass().getPackage().getName();
                    if (!name3.startsWith("org.apache.tomcat") && !name3.startsWith("org.apache.catalina") && !name3.startsWith("org.ops4j.pax.web")) {
                        arrayList6.add(lifecycleListener);
                    }
                }
            }
            paxWebStandardContext.getClass();
            arrayList6.forEach(paxWebStandardContext::removeLifecycleListener);
            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
            Thread.currentThread().setContextClassLoader(this.osgiContextModel.getClassLoader());
            try {
                try {
                    ArrayList<URL> arrayList7 = new ArrayList();
                    if (this.configuration.server().getContextConfigurationFile() != null) {
                        LOG.info("Found global Tomcat context configuration file: {}", this.configuration.server().getContextConfigurationFile());
                        arrayList7.add(this.configuration.server().getContextConfigurationFile().toURI().toURL());
                    }
                    for (URL url : this.osgiContextModel.getServerSpecificDescriptors()) {
                        if (url.getPath().endsWith("/META-INF/context.xml")) {
                            arrayList7.add(url);
                        }
                    }
                    for (URL url2 : arrayList7) {
                        url2.getPath();
                        LOG.info("Processing context specific {} for {}", url2, this.osgiContextModel.getContextPath());
                        Digester createContextDigester = this.tomcatFactory.createContextDigester();
                        if (this.osgiContextModel.getClassLoader() != null) {
                            createContextDigester.setClassLoader(this.osgiContextModel.getClassLoader());
                        } else {
                            createContextDigester.setClassLoader(contextClassLoader);
                        }
                        createContextDigester.push(paxWebStandardContext.getParent());
                        createContextDigester.push(paxWebStandardContext);
                        try {
                            InputStream openStream = url2.openStream();
                            Throwable th = null;
                            try {
                                try {
                                    createContextDigester.parse(openStream);
                                    if (openStream != null) {
                                        if (0 != 0) {
                                            try {
                                                openStream.close();
                                            } catch (Throwable th2) {
                                                th.addSuppressed(th2);
                                            }
                                        } else {
                                            openStream.close();
                                        }
                                    }
                                } catch (Throwable th3) {
                                    th = th3;
                                    throw th3;
                                    break;
                                }
                            } catch (Throwable th4) {
                                if (openStream != null) {
                                    if (th != null) {
                                        try {
                                            openStream.close();
                                        } catch (Throwable th5) {
                                            th.addSuppressed(th5);
                                        }
                                    } else {
                                        openStream.close();
                                    }
                                }
                                throw th4;
                                break;
                            }
                        } catch (IOException | SAXException e) {
                            LOG.warn("Problem parsing {}: {}", new Object[]{url2, e.getMessage(), e});
                        }
                    }
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                } catch (MalformedURLException e2) {
                    LOG.warn("Can't process context configuration file: {}", e2.getMessage(), e2);
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                }
                boolean z = false;
                if (loginConfig2 == null) {
                    this.authenticationValve = null;
                    loginConfig = new LoginConfig("NONE", (String) null, (String) null, (String) null);
                    z = true;
                } else {
                    loginConfig = new LoginConfig(loginConfig2.getAuthMethod(), loginConfig2.getRealmName(), loginConfig2.getFormLoginPage(), loginConfig2.getFormErrorPage());
                    this.authenticationValve = (Valve) paxWebStandardContext.getAuthenticator();
                    if (this.authenticationValve == null) {
                        Authenticator authenticator = null;
                        String upperCase = loginConfig2.getAuthMethod().toUpperCase();
                        boolean z2 = -1;
                        switch (upperCase.hashCode()) {
                            case -1842473796:
                                if (upperCase.equals(Constants.SPNEGO_METHOD)) {
                                    z2 = 5;
                                    break;
                                }
                                break;
                            case 2163908:
                                if (upperCase.equals("FORM")) {
                                    z2 = 4;
                                    break;
                                }
                                break;
                            case 2402104:
                                if (upperCase.equals("NONE")) {
                                    z2 = 6;
                                    break;
                                }
                                break;
                            case 62970894:
                                if (upperCase.equals("BASIC")) {
                                    z2 = false;
                                    break;
                                }
                                break;
                            case 1962140390:
                                if (upperCase.equals("CLIENT-CERT")) {
                                    z2 = 2;
                                    break;
                                }
                                break;
                            case 2008316440:
                                if (upperCase.equals("CLIENT_CERT")) {
                                    z2 = 3;
                                    break;
                                }
                                break;
                            case 2016383428:
                                if (upperCase.equals("DIGEST")) {
                                    z2 = true;
                                    break;
                                }
                                break;
                        }
                        switch (z2) {
                            case false:
                                authenticator = new BasicAuthenticator();
                                if (loginConfig.getRealmName() == null) {
                                    loginConfig.setRealmName("default");
                                    break;
                                }
                                break;
                            case true:
                                DigestAuthenticator digestAuthenticator = new DigestAuthenticator();
                                digestAuthenticator.setNonceValidity(this.configuration.security().getDigestAuthMaxNonceAge().longValue());
                                authenticator = digestAuthenticator;
                                if (loginConfig.getRealmName() == null) {
                                    loginConfig.setRealmName("default");
                                    break;
                                }
                                break;
                            case true:
                            case true:
                                authenticator = new SSLAuthenticator();
                                break;
                            case true:
                                authenticator = new FormAuthenticator();
                                break;
                            case true:
                                authenticator = new SpnegoAuthenticator();
                                break;
                            case true:
                                authenticator = new NonLoginAuthenticator();
                                break;
                            default:
                                Authenticator authenticator2 = getAuthenticator(loginConfig2.getAuthMethod().toUpperCase());
                                if (authenticator2 == null) {
                                    LOG.warn("Can't find Tomcat Authenticator for auth method {}", loginConfig2.getAuthMethod().toUpperCase());
                                    break;
                                } else {
                                    LOG.debug("Setting custom Tomcat authenticator {}", authenticator2);
                                    authenticator = authenticator2;
                                    break;
                                }
                        }
                        this.authenticationValve = (Valve) authenticator;
                        if (this.authenticationValve != null) {
                            paxWebStandardContext.getPipeline().addValve(this.authenticationValve);
                        }
                    }
                }
                if (this.authenticationValve == null) {
                    z = true;
                }
                paxWebStandardContext.setLoginConfig(loginConfig);
                for (SecurityConstraint securityConstraint : paxWebStandardContext.findConstraints()) {
                    paxWebStandardContext.removeConstraint(securityConstraint);
                }
                for (String str3 : paxWebStandardContext.findSecurityRoles()) {
                    paxWebStandardContext.removeSecurityRole(str3);
                }
                if (!z) {
                    ArrayList<SecurityConstraintModel> arrayList8 = new ArrayList();
                    LinkedHashSet linkedHashSet = new LinkedHashSet();
                    treeMap.values().forEach(securityConfigurationModel2 -> {
                        arrayList8.addAll(securityConfigurationModel2.getSecurityConstraints());
                        linkedHashSet.addAll(securityConfigurationModel2.getSecurityRoles());
                    });
                    boolean contains = linkedHashSet.contains("**");
                    for (SecurityConstraintModel securityConstraintModel : arrayList8) {
                        SecurityConstraint securityConstraint2 = new SecurityConstraint();
                        securityConstraint2.setDisplayName(securityConstraintModel.getName());
                        securityConstraint2.setUserConstraint(securityConstraintModel.getTransportGuarantee().name());
                        securityConstraint2.setAuthConstraint(securityConstraintModel.isAuthRolesSet());
                        Iterator it = securityConstraintModel.getAuthRoles().iterator();
                        while (it.hasNext()) {
                            securityConstraint2.addAuthRole((String) it.next());
                        }
                        for (SecurityConstraintModel.WebResourceCollection webResourceCollection : securityConstraintModel.getWebResourceCollections()) {
                            SecurityCollection securityCollection = new SecurityCollection();
                            securityCollection.setName(webResourceCollection.getName());
                            boolean z3 = false;
                            Iterator it2 = webResourceCollection.getMethods().iterator();
                            while (it2.hasNext()) {
                                securityCollection.addMethod((String) it2.next());
                                z3 = true;
                            }
                            if (!z3) {
                                Iterator it3 = webResourceCollection.getOmittedMethods().iterator();
                                while (it3.hasNext()) {
                                    securityCollection.addOmittedMethod((String) it3.next());
                                }
                            }
                            Iterator it4 = webResourceCollection.getPatterns().iterator();
                            while (it4.hasNext()) {
                                securityCollection.addPattern((String) it4.next());
                            }
                            securityConstraint2.addCollection(securityCollection);
                        }
                        if (contains) {
                            securityConstraint2.treatAllAuthenticatedUsersAsApplicationRole();
                        }
                        paxWebStandardContext.addConstraint(securityConstraint2);
                    }
                    Iterator it5 = linkedHashSet.iterator();
                    while (it5.hasNext()) {
                        paxWebStandardContext.addSecurityRole((String) it5.next());
                    }
                }
                paxWebStandardContext.setConfigured(true);
            } catch (Throwable th6) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
                throw th6;
            }
        }
    }

    private Authenticator getAuthenticator(String str) {
        Iterator it = ServiceLoader.load(AuthenticatorService.class, getClass().getClassLoader()).iterator();
        while (it.hasNext()) {
            try {
                Valve valve = (Valve) ((AuthenticatorService) it.next()).getAuthenticatorService(str, Valve.class);
                if (valve != null && Authenticator.class.isAssignableFrom(valve.getClass())) {
                    return (Authenticator) valve;
                }
            } catch (Throwable th) {
                LOG.debug("Unable to load AuthenticatorService for: " + str, th);
            }
        }
        return null;
    }
}
