package com.worklight.core.auth.impl;

import com.worklight.common.log.WorklightLogger;
import com.worklight.common.log.WorklightServerLogger;
import com.worklight.common.status.Status;
import com.worklight.common.xml.StringReaderFactory;
import com.worklight.core.auth.api.ProtectedResource;
import com.worklight.core.auth.ext.WorklightProtocolAuthenticator;
import com.worklight.core.auth.schema.CustomSecurityTestType;
import com.worklight.core.auth.schema.LoginConfig;
import com.worklight.core.auth.schema.LoginModuleList;
import com.worklight.core.auth.schema.LoginModuleType;
import com.worklight.core.auth.schema.MobileSecurityTestType;
import com.worklight.core.auth.schema.ParameterType;
import com.worklight.core.auth.schema.ProvisioningType;
import com.worklight.core.auth.schema.RealmList;
import com.worklight.core.auth.schema.RealmType;
import com.worklight.core.auth.schema.ResourceList;
import com.worklight.core.auth.schema.ResourceType;
import com.worklight.core.auth.schema.SecurityTestType;
import com.worklight.core.auth.schema.SecurityTestsList;
import com.worklight.core.auth.schema.TestDeviceIdType;
import com.worklight.core.auth.schema.TestType;
import com.worklight.core.auth.schema.TestUserType;
import com.worklight.core.auth.schema.WebSecurityTestType;
import com.worklight.gadgets.GFWProps;
import com.worklight.gadgets.api.GadgetAPIRequestCoder;
import com.worklight.gadgets.resource.Resource;
import com.worklight.gadgets.utils.GadgetUtils;
import com.worklight.schema.authentication.AuthenticationConfigParser;
import com.worklight.server.auth.api.BadConfigurationOptionException;
import com.worklight.server.auth.api.MissingConfigurationOptionException;
import com.worklight.server.auth.api.UserIdentity;
import com.worklight.server.auth.api.WorkLightAuthenticator;
import com.worklight.server.auth.api.WorkLightLoginModuleBase;
import com.worklight.server.bundle.api.WorklightBundles;
import com.worklight.server.bundle.api.WorklightConfiguration;
import java.io.InputStream;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.InitializingBean;

/* loaded from: input_file:com/worklight/core/auth/impl/LoginConfigurationService.class */
public class LoginConfigurationService implements InitializingBean {
    public static final String DEFAULT_AUTHENTICITY_REALM = "wl_authenticityRealm";
    public static final String DEFAULT_NOPROV_DEVICE_REALM = "wl_deviceNoProvisioningRealm";
    public static final String DEFAULT_AUTOPROV_DEVICE_REALM = "wl_deviceAutoProvisioningRealm";
    public static final String DEFAULT_ANON_USER_REALM = "wl_anonymousUserRealm";
    public static final String REALM_NAME_KEY = "realmName";
    private Map<String, RealmType> realms;
    private Map<String, LoginModuleType> loginModules;
    private List<ProtectedResource> staticResources;
    private String authenticationConfigFile;
    private static final WorklightServerLogger logger = new WorklightServerLogger(LoginConfigurationService.class, WorklightLogger.MessagesBundles.CORE);
    public static String DEFAULT_NO_SECURITY_CONFIG_NAME = "wl_unprotected";
    private static String DEFAULT_MOBILE_CONFIG_NAME = "wl_defaultSecurityTestMobile";
    private static String DEFAULT_WEB_CONFIG_NAME = "wl_defaultSecurityTestWeb";
    public static String DEFAULT_MOBILE_CONFIG_4ANDR_IOS_NAME = "wl_defaultSecurityIOSAndroid";
    private Map<String, SecurityTestArray> securityTests = new HashMap();
    private Map<String, Class> classCache = new HashMap();

    public void setAuthenticationConfigurationFile(String str) {
        this.authenticationConfigFile = str;
    }

    public void afterPropertiesSet() {
        if (this.authenticationConfigFile == null) {
            throw new RuntimeException("authenticationConfig.xml file is missing.");
        }
        this.loginModules = new HashMap();
        this.realms = new HashMap();
        this.staticResources = new ArrayList();
        for (InputStream inputStream : WorklightBundles.getInstance().lookupInBundles(new String[]{this.authenticationConfigFile})) {
            try {
                try {
                    String iOUtils = IOUtils.toString(inputStream);
                    AuthenticationConfigParser authenticationConfigParser = new AuthenticationConfigParser();
                    Status parse = authenticationConfigParser.parse(new StringReaderFactory(iOUtils), true);
                    LoginConfig loginConfig = (LoginConfig) authenticationConfigParser.getModel();
                    if (loginConfig == null) {
                        throw new RuntimeException(parse.toJSON());
                    }
                    processLoginModules(loginConfig);
                    processRealms(loginConfig);
                    processSecurityTests(loginConfig);
                    processStaticResources(loginConfig);
                    IOUtils.closeQuietly(inputStream);
                } catch (Exception e) {
                    throw new RuntimeException("Error parsing file " + this.authenticationConfigFile, e);
                }
            } catch (Throwable th) {
                IOUtils.closeQuietly(inputStream);
                throw th;
            }
        }
    }

    private void processStaticResources(LoginConfig loginConfig) {
        ResourceList staticResources = loginConfig.getStaticResources();
        List<ResourceType> resource = staticResources == null ? null : staticResources.getResource();
        if (resource != null) {
            for (ResourceType resourceType : resource) {
                this.staticResources.add(ProtectedResource.createStaticProtectedResource(resourceType.getId(), resourceType.getSecurityTest(), resourceType.getUrlPatterns(), this));
            }
        }
    }

    private void processRealms(LoginConfig loginConfig) {
        RealmList realms = loginConfig.getRealms();
        if (realms != null) {
            for (RealmType realmType : realms.getRealm()) {
                getLoginModule(realmType);
                createInstance(realmType, null, true);
                String name = realmType.getName();
                RealmType put = this.realms.put(name, realmType);
                String alias = realmType.getAlias();
                if (alias != null) {
                    this.realms.put(alias, realmType);
                }
                if (put != null) {
                    throw new RuntimeException(this.authenticationConfigFile + " contains duplicated realm named: " + name);
                }
            }
        }
    }

    private void processLoginModules(LoginConfig loginConfig) {
        HashSet hashSet = new HashSet();
        LoginModuleList loginModules = loginConfig.getLoginModules();
        if (loginModules != null) {
            for (LoginModuleType loginModuleType : loginModules.getLoginModule()) {
                createInstance(loginModuleType, null, true);
                String name = loginModuleType.getName();
                this.loginModules.put(name, loginModuleType);
                if (!hashSet.add(name)) {
                    throw new RuntimeException(this.authenticationConfigFile + " contains duplicated login module named: " + name);
                }
            }
        }
    }

    private void processSecurityTests(LoginConfig loginConfig) {
        SecurityTestArray createCustomEntries;
        SecurityTestsList securityTests = loginConfig.getSecurityTests();
        if (securityTests != null) {
            for (SecurityTestType securityTestType : securityTests.getMobileSecurityTestOrWebSecurityTestOrCustomSecurityTest()) {
                String name = securityTestType.getName();
                if (securityTestType instanceof WebSecurityTestType) {
                    createCustomEntries = createWebEntries((WebSecurityTestType) securityTestType);
                } else if (securityTestType instanceof MobileSecurityTestType) {
                    createCustomEntries = createMobileEntries((MobileSecurityTestType) securityTestType);
                } else {
                    if (!(securityTestType instanceof CustomSecurityTestType)) {
                        throw new IllegalArgumentException("unexpected type:" + securityTestType.getClass().getName());
                    }
                    createCustomEntries = createCustomEntries((CustomSecurityTestType) securityTestType);
                }
                this.securityTests.put(name, createCustomEntries);
            }
        }
    }

    private SecurityTestArray createCustomEntries(CustomSecurityTestType customSecurityTestType) {
        HashSet hashSet = new HashSet();
        boolean z = false;
        SecurityTestArray securityTestArray = new SecurityTestArray(customSecurityTestType.getName());
        for (TestType testType : customSecurityTestType.getTest()) {
            String realm = testType.getRealm();
            getRealm(realm, null);
            securityTestArray.add(new SecurityEntry(testType));
            if (!hashSet.add(realm)) {
                throw new RuntimeException(this.authenticationConfigFile + " contains duplicated realm named: " + realm);
            }
            boolean z2 = testType.isIsInternalUserID() != null && testType.isIsInternalUserID() == Boolean.TRUE;
            if (!z) {
                z = z2;
            } else if (z && z2) {
                throw new RuntimeException(this.authenticationConfigFile + ":" + customSecurityTestType.getName() + " has duplicated entry with isInternalUserID=true");
            }
        }
        if (z || customSecurityTestType.getName().equals(DEFAULT_NO_SECURITY_CONFIG_NAME)) {
            return securityTestArray;
        }
        throw new RuntimeException(this.authenticationConfigFile + ":" + customSecurityTestType.getName() + " is missing an entry with isInternalUserID=true");
    }

    private SecurityTestArray createMobileEntries(MobileSecurityTestType mobileSecurityTestType) {
        SecurityTestArray securityTestArray = new SecurityTestArray(getDefaultMobileConfiguration(), mobileSecurityTestType.getName());
        boolean z = false;
        if (mobileSecurityTestType.getTestAppAuthenticity() != null) {
            securityTestArray.add(new SecurityEntry(mobileSecurityTestType.getTestAppAuthenticity(), DEFAULT_AUTHENTICITY_REALM));
            z = true;
        }
        TestDeviceIdType testDeviceId = mobileSecurityTestType.getTestDeviceId();
        SecurityEntry securityEntry = null;
        if (testDeviceId != null) {
            if (testDeviceId.getProvisioningType() == ProvisioningType.AUTO && !z) {
                logger.error("createMobileEntries", "logger.autoProvEnabled.noAuthenticity", new Object[]{mobileSecurityTestType.getName()});
                throw new RuntimeException();
            }
            deleteSecurityTest(securityTestArray, DEFAULT_NOPROV_DEVICE_REALM);
            securityEntry = new SecurityEntry(testDeviceId);
            securityTestArray.add(securityEntry);
        }
        TestUserType testUser = mobileSecurityTestType.getTestUser();
        if (testUser != null) {
            deleteSecurityTest(securityTestArray, "wl_anonymousUserRealm");
            boolean equals = Boolean.TRUE.equals(testUser.isSso());
            securityTestArray.add(new SecurityEntry(testUser, equals ? (short) 2 : (short) 1));
            String realm = testUser.getRealm();
            if (this.realms.get(realm) == null) {
                throw new RuntimeException(this.authenticationConfigFile + ":mobileSecurityTest " + mobileSecurityTestType.getName() + " can't find realm named: " + realm);
            }
            if (equals) {
                this.loginModules.get(this.realms.get(testUser.getRealm()).getLoginModule()).setSsoDeviceLoginModule(this.realms.get(securityEntry.getName()).getLoginModule());
            }
        }
        return securityTestArray;
    }

    private static void deleteSecurityTest(SecurityTestArray securityTestArray, String str) {
        Iterator<SecurityEntry> it = securityTestArray.iterator();
        while (it.hasNext()) {
            if (str.equals(it.next().getName())) {
                it.remove();
                return;
            }
        }
    }

    private SecurityTestArray createWebEntries(WebSecurityTestType webSecurityTestType) {
        SecurityTestArray securityTestArray = new SecurityTestArray(getDefaultWebConfiguration(), webSecurityTestType.getName());
        TestUserType testUser = webSecurityTestType.getTestUser();
        String realm = testUser.getRealm();
        if (this.realms.get(realm) == null) {
            throw new RuntimeException(this.authenticationConfigFile + ":webSecurityTest " + webSecurityTestType.getName() + " can't find realm named: " + realm);
        }
        deleteSecurityTest(securityTestArray, "wl_anonymousUserRealm");
        securityTestArray.add(new SecurityEntry(testUser, (short) 2));
        return securityTestArray;
    }

    public LoginContext createLoginContext(String str, Map<String, String> map) {
        RealmType realm = getRealm(str, null);
        WorkLightAuthenticator workLightAuthenticator = (WorkLightAuthenticator) createInstance(realm, map, false);
        LoginModuleType loginModule = getLoginModule(realm);
        WorkLightLoginModuleBase workLightLoginModuleBase = (WorkLightLoginModuleBase) createInstance(loginModule, null, false);
        String onLoginUrl = realm.getOnLoginUrl();
        if (onLoginUrl != null && !WorklightBundles.getInstance().isRunningFromEclipse() && !onLoginUrl.startsWith("http")) {
            GFWProps props = GadgetUtils.getProps();
            StringBuilder sb = new StringBuilder();
            sb.append(props.getPublicWorkLightProtocol());
            sb.append("://");
            sb.append(props.getPublicWorkLightHostname());
            sb.append(":");
            sb.append(props.getPublicWorkLightPort());
            if (!StringUtils.isEmpty(props.getPublicWorkLightContext())) {
                sb.append((Resource.FILE_SEPARATOR + props.getPublicWorkLightContext()).replaceAll("//", Resource.FILE_SEPARATOR));
            }
            sb.append((Resource.FILE_SEPARATOR + onLoginUrl).replaceAll("//", Resource.FILE_SEPARATOR));
            onLoginUrl = sb.toString();
        }
        return new LoginContext(str, loginModule.getName(), workLightAuthenticator, workLightLoginModuleBase, onLoginUrl);
    }

    public Map<String, String> getRealmParametersFor(String str, String str2) {
        return getMap(getRealm(str, str2).getParameter(), null);
    }

    public Map<String, String> getLoginModuleParametersFor(String str) {
        return getMap(getLoginModule(getRealm(str, null)).getParameter(), null);
    }

    public LoginContext createLoginContextWithIdentity(UserIdentity userIdentity) {
        String str = null;
        Iterator<Map.Entry<String, RealmType>> it = this.realms.entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Map.Entry<String, RealmType> next = it.next();
            if (next.getValue().getLoginModule().equals(userIdentity.loginModule)) {
                str = next.getKey();
                break;
            }
        }
        RealmType realm = getRealm(str, null);
        WorkLightAuthenticator workLightAuthenticator = (WorkLightAuthenticator) createInstance(realm, null, false);
        WorkLightLoginModuleBase workLightLoginModuleBase = (WorkLightLoginModuleBase) createInstance(getLoginModule(realm), null, false);
        String onLoginUrl = realm.getOnLoginUrl();
        if (onLoginUrl != null) {
            onLoginUrl = onLoginUrl.trim();
        }
        return new LoginContext(str, userIdentity, workLightAuthenticator, workLightLoginModuleBase, onLoginUrl);
    }

    public String getLoginModuleName(String str) {
        return getRealm(str, null).getLoginModule();
    }

    private Object createInstance(Object obj, Map<String, String> map, boolean z) {
        Object obj2;
        String trim;
        Map<String, String> map2;
        WorkLightLoginModuleBase workLightLoginModuleBase;
        try {
            if (obj instanceof LoginModuleType) {
                LoginModuleType loginModuleType = (LoginModuleType) obj;
                obj2 = "login module";
                trim = loginModuleType.getName().trim();
                String trim2 = loginModuleType.getClassName().trim();
                map2 = getMap(loginModuleType.getParameter(), map);
                WorkLightLoginModuleBase workLightLoginModuleBase2 = (WorkLightLoginModuleBase) getClassByName(trim2).newInstance();
                workLightLoginModuleBase2.init(map2);
                workLightLoginModuleBase = workLightLoginModuleBase2;
            } else {
                if (!(obj instanceof RealmType)) {
                    throw new IllegalArgumentException("Input parameter of illegal type " + obj.getClass());
                }
                RealmType realmType = (RealmType) obj;
                obj2 = GadgetAPIRequestCoder.REQ_PARAM_LOGIN_REALM;
                trim = realmType.getName().trim();
                String trim3 = realmType.getClassName().trim();
                map2 = getMap(realmType.getParameter(), map);
                WorkLightLoginModuleBase workLightLoginModuleBase3 = (WorkLightAuthenticator) getClassByName(trim3).newInstance();
                if (workLightLoginModuleBase3 instanceof WorklightProtocolAuthenticator) {
                    map2.put(REALM_NAME_KEY, trim);
                }
                workLightLoginModuleBase3.init(map2);
                workLightLoginModuleBase = workLightLoginModuleBase3;
            }
            if (z && !map2.isEmpty()) {
                StringBuffer stringBuffer = new StringBuffer();
                Iterator<String> it = map2.keySet().iterator();
                while (it.hasNext()) {
                    stringBuffer.append("'").append(it.next()).append("'");
                }
                logger.warn("createInstance", "logger.cannotRecognize", new Object[]{obj2, trim, stringBuffer.toString()});
            }
            return workLightLoginModuleBase;
        } catch (BadConfigurationOptionException e) {
            throw new RuntimeException("Property '" + e.optionName + "' in " + ((String) null) + " '" + ((String) null) + "'" + e.getReasoning());
        } catch (ClassNotFoundException e2) {
            throw new RuntimeException("Class '" + ((String) null) + "' defined in " + ((String) null) + " '" + ((String) null) + "' in the authentication configuration file doesn't exist.");
        } catch (IllegalAccessException e3) {
            throw new RuntimeException("Failed to create " + ((String) null) + "'" + ((String) null) + "' of class '" + ((String) null) + "' defined in the authentication configuration.", e3);
        } catch (InstantiationException e4) {
            throw new RuntimeException("Failed to create " + ((String) null) + "'" + ((String) null) + "' of class '" + ((String) null) + "' defined in the authentication configuration.", e4);
        } catch (MissingConfigurationOptionException e5) {
            throw new RuntimeException("The required property '" + e5.optionName + "' is missing in the authentication configuration for " + ((String) null) + " '" + ((String) null) + "'.");
        }
    }

    private Class getClassByName(String str) throws ClassNotFoundException {
        Class cls = this.classCache.get(str);
        if (this.classCache.get(str) == null) {
            cls = WorklightBundles.getInstance().lookupClassInBundles(str);
            this.classCache.put(str, cls);
        }
        return cls;
    }

    private Map<String, String> getMap(List<ParameterType> list, Map<String, String> map) {
        HashMap hashMap = new HashMap();
        for (ParameterType parameterType : list) {
            String value = parameterType.getValue();
            if (value == null) {
                value = parameterType.getContent();
            }
            hashMap.put(parameterType.getName(), resolveValue(value));
        }
        if (map != null && !map.isEmpty()) {
            hashMap.putAll(map);
        }
        return hashMap;
    }

    private String resolveValue(String str) {
        String trim = str.trim();
        return trim.equals("") ? trim : WorklightConfiguration.getInstance().parseStringValue(trim);
    }

    private RealmType getRealm(String str, String str2) {
        RealmType realmType = this.realms.get(str);
        if (realmType == null) {
            throw new RuntimeException(MessageFormat.format("The realm ''{0}''{1} is not defined in {2}.", str, str2 == null ? "" : " referenced by the resource '" + str2 + "'", "authenticationConfig.xml"));
        }
        return realmType;
    }

    private LoginModuleType getLoginModule(RealmType realmType) {
        String loginModule = realmType.getLoginModule();
        LoginModuleType loginModuleType = this.loginModules.get(loginModule);
        if (loginModuleType == null) {
            throw new RuntimeException(MessageFormat.format("The login module ''{0}'' referenced by realm ''{1}'' is not defined in {2}.", loginModule, realmType.getName(), "authenticationConfig.xml"));
        }
        return loginModuleType;
    }

    public List<ProtectedResource> getStaticResources() {
        return this.staticResources;
    }

    public boolean isAuditingRequired(String str) {
        LoginModuleType loginModuleType = this.loginModules.get(str);
        if (loginModuleType == null) {
            throw new RuntimeException("Login Module " + str + " is not recognized");
        }
        return loginModuleType.isAudit();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<String> getRealmKeys() {
        return this.realms.keySet();
    }

    public boolean isExistingRealm(String str) {
        return this.realms.containsKey(str);
    }

    public SecurityTestArray getSecurityTest(String str) {
        if (str == null) {
            throw new IllegalArgumentException("required security test name cannot be null");
        }
        return this.securityTests.get(str);
    }

    public SecurityTestArray getDefaultWebConfiguration() {
        return this.securityTests.get(DEFAULT_WEB_CONFIG_NAME);
    }

    public SecurityTestArray getDefaultMobileConfiguration() {
        return this.securityTests.get(DEFAULT_MOBILE_CONFIG_NAME);
    }

    public SecurityTestArray getDefaultMobileConfiguration4Android_IOS() {
        return this.securityTests.get(DEFAULT_MOBILE_CONFIG_4ANDR_IOS_NAME);
    }

    public boolean includesAuthenticityTest(String str) {
        SecurityTestArray securityTest = getSecurityTest(str);
        if (securityTest == null) {
            return false;
        }
        Iterator<SecurityEntry> it = securityTest.iterator();
        while (it.hasNext()) {
            if (it.next().getName().equals(DEFAULT_AUTHENTICITY_REALM)) {
                return true;
            }
        }
        return false;
    }

    public String getDeviceLoginModuleForSso(String str) {
        LoginModuleType loginModuleType = this.loginModules.get(str);
        if (loginModuleType == null) {
            return null;
        }
        return loginModuleType.getSsoDeviceLoginModule();
    }

    public boolean isUserRealm(String str) {
        for (SecurityTestArray securityTestArray : this.securityTests.values()) {
            if (securityTestArray.getUserRealm() != null && securityTestArray.getUserRealm().equals(str)) {
                return true;
            }
        }
        return false;
    }
}
