package org.ops4j.pax.web.service.internal;

import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import javax.servlet.annotation.ServletSecurity;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.apache.tomcat.util.descriptor.web.WebXml;
import org.apache.tomcat.util.descriptor.web.WebXmlParser;
import org.ops4j.pax.web.service.WebContainer;
import org.ops4j.pax.web.service.internal.views.ProcessingWebContainerView;
import org.ops4j.pax.web.service.spi.model.OsgiContextModel;
import org.ops4j.pax.web.service.spi.model.elements.LoginConfigModel;
import org.ops4j.pax.web.service.spi.model.elements.SecurityConstraintModel;
import org.ops4j.pax.web.service.spi.task.Batch;
import org.ops4j.pax.web.service.spi.task.ContextParamsChange;
import org.ops4j.pax.web.service.spi.task.ContextStartChange;
import org.ops4j.pax.web.service.spi.task.ContextStopChange;
import org.ops4j.pax.web.service.spi.task.OpCode;
import org.ops4j.pax.web.service.spi.task.SecurityConfigChange;
import org.ops4j.pax.web.service.spi.util.NamedThreadFactory;
import org.ops4j.pax.web.service.spi.util.Utils;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.framework.BundleEvent;
import org.osgi.framework.ServiceReference;
import org.osgi.framework.Version;
import org.osgi.service.cm.ManagedServiceFactory;
import org.osgi.util.tracker.BundleTracker;
import org.osgi.util.tracker.BundleTrackerCustomizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ops4j/pax/web/service/internal/HttpContextProcessing.class */
public class HttpContextProcessing implements ManagedServiceFactory {
    public static final Logger LOG = LoggerFactory.getLogger(HttpContextProcessing.class);
    public static final String PID = "org.ops4j.pax.web.context";
    private static final String KEY_CONTEXT_ID = "context.id";
    private static final String KEY_BUNDLE_SN = "bundle.symbolicName";
    private static final String KEY_WEB_FRAGMENT = "context.webFragment";
    private static final String KEY_WHITEBOARD = "whiteboard";
    private static final String PREFIX_CONTEXT_PARAM = "context.param.";
    private static final String PREFIX_LOGIN_CONFIG = "login.config.";
    private static final String PREFIX_SECURITY = "security.";
    private static final String PREFIX_SECURITY_ROLE = "security.roles";
    private final BundleContext serviceContext;
    private final ExecutorService configExecutor = new ThreadPoolExecutor(0, 1, 20L, TimeUnit.SECONDS, (BlockingQueue<Runnable>) new LinkedBlockingQueue(), (ThreadFactory) new NamedThreadFactory("paxweb-context"));
    private final ConcurrentMap<String, HttpContextTracker> httpContextTrackers = new ConcurrentHashMap();

    /* loaded from: input_file:org/ops4j/pax/web/service/internal/HttpContextProcessing$ConfigurationChangeTask.class */
    private class ConfigurationChangeTask implements Runnable {
        private final String pid;
        private final Dictionary<String, ?> properties;

        ConfigurationChangeTask(String str, Dictionary<String, ?> dictionary) {
            this.pid = str;
            this.properties = dictionary;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                HttpContextProcessing.LOG.debug("Processing {} PID {}", this.pid, this.properties == null ? "removal" : "change");
                ((HttpContextTracker) HttpContextProcessing.this.httpContextTrackers.computeIfAbsent(this.pid, str -> {
                    return new HttpContextTracker(str);
                })).reconfigure(this.properties);
            } catch (Exception e) {
                HttpContextProcessing.LOG.error(e.getMessage(), e);
            }
        }
    }

    /* loaded from: input_file:org/ops4j/pax/web/service/internal/HttpContextProcessing$HttpContextTracker.class */
    private class HttpContextTracker implements BundleTrackerCustomizer<Object> {
        private final String pid;
        private Map<String, String> properties;
        private String symbolicName;
        private BundleTracker<?> bundleTracker;
        private Bundle bundle;
        private Version version;
        private String contextId;
        private boolean whiteboard;
        private LoginConfigModel loginConfiguration;
        private final Map<String, String> contextParams = new LinkedHashMap();
        private final Set<String> securityRoles = new LinkedHashSet();
        private final List<SecurityConstraintModel> securityMappings = new LinkedList();

        HttpContextTracker(String str) {
            this.pid = str;
        }

        public void reconfigure(Dictionary<String, ?> dictionary) {
            if (dictionary == null) {
                if (this.bundleTracker != null) {
                    this.bundleTracker.close();
                }
                HttpContextTracker httpContextTracker = (HttpContextTracker) HttpContextProcessing.this.httpContextTrackers.remove(this.pid);
                if (httpContextTracker != null && this.symbolicName != null) {
                    ExecutorService executorService = HttpContextProcessing.this.configExecutor;
                    httpContextTracker.getClass();
                    executorService.execute(httpContextTracker::cleanupContext);
                }
                this.properties = null;
                return;
            }
            if (this.bundleTracker != null) {
                this.bundleTracker.close();
                HttpContextProcessing.this.configExecutor.execute(this::cleanupContext);
            }
            if (dictionary.get(HttpContextProcessing.KEY_BUNDLE_SN) == null) {
                HttpContextProcessing.LOG.warn("Incorrect {} configuration - missing {} selector", this.pid, HttpContextProcessing.KEY_BUNDLE_SN);
                return;
            }
            this.properties = Utils.toMap(dictionary);
            this.symbolicName = this.properties.get(HttpContextProcessing.KEY_BUNDLE_SN).trim();
            this.contextId = this.properties.get(HttpContextProcessing.KEY_CONTEXT_ID);
            if (this.contextId == null) {
                this.contextId = "default";
            }
            this.whiteboard = "true".equalsIgnoreCase(this.properties.get(HttpContextProcessing.KEY_WHITEBOARD));
            if (this.bundleTracker == null) {
                this.bundleTracker = new BundleTracker<>(HttpContextProcessing.this.serviceContext, 32, this);
            }
            this.bundleTracker.open();
        }

        private void processContext() {
            OsgiContextModel processedOsgiContextModel = getProcessedOsgiContextModel();
            if (processedOsgiContextModel == null) {
                return;
            }
            HttpContextProcessing.LOG.info("Customizing {}", processedOsgiContextModel);
            ProcessingWebContainerView processingView = getProcessingView();
            if (processingView == null) {
                return;
            }
            Batch batch = new Batch("Processing context \"" + this.contextId + "\" for bundle " + this.bundle.getSymbolicName());
            batch.getOperations().add(new ContextStopChange(OpCode.MODIFY, processedOsgiContextModel));
            String str = this.properties.get(HttpContextProcessing.KEY_WEB_FRAGMENT);
            if (str != null && !"".equals(str.trim())) {
                File file = new File(str);
                if (file.isFile()) {
                    HttpContextProcessing.LOG.info("Processing Web Fragment {}", str);
                    WebXml webXml = new WebXml();
                    webXml.setDistributable(true);
                    webXml.setOverridable(true);
                    webXml.setAlwaysAddWelcomeFiles(false);
                    webXml.setReplaceWelcomeFiles(true);
                    try {
                        webXml.setURL(file.toURI().toURL());
                        WebXmlParser webXmlParser = new WebXmlParser(false, false, true);
                        webXmlParser.setClassLoader(WebXmlParser.class.getClassLoader());
                        webXmlParser.parseWebXml(webXml.getURL(), webXml, true);
                        this.contextParams.putAll(webXml.getContextParams());
                        this.securityRoles.addAll(webXml.getSecurityRoles());
                        LoginConfig loginConfig = webXml.getLoginConfig();
                        if (loginConfig != null) {
                            this.loginConfiguration = new LoginConfigModel();
                            HttpContextProcessing.LOG.info("Registering login configuration in WebContainer for bundle \"" + this.symbolicName + "\": method={}, realm={}", loginConfig.getAuthMethod(), loginConfig.getRealmName());
                            this.loginConfiguration.setAuthMethod(loginConfig.getAuthMethod());
                            this.loginConfiguration.setRealmName(loginConfig.getRealmName());
                            this.loginConfiguration.setFormLoginPage(loginConfig.getLoginPage());
                            this.loginConfiguration.setFormErrorPage(loginConfig.getErrorPage());
                        }
                        for (SecurityConstraint securityConstraint : webXml.getSecurityConstraints()) {
                            SecurityConstraintModel securityConstraintModel = new SecurityConstraintModel();
                            securityConstraintModel.setName(securityConstraint.getDisplayName());
                            for (SecurityCollection securityCollection : securityConstraint.findCollections()) {
                                SecurityConstraintModel.WebResourceCollection webResourceCollection = new SecurityConstraintModel.WebResourceCollection();
                                webResourceCollection.setName(securityCollection.getName());
                                webResourceCollection.getMethods().addAll(Arrays.asList(securityCollection.findMethods()));
                                webResourceCollection.getOmittedMethods().addAll(Arrays.asList(securityCollection.findOmittedMethods()));
                                webResourceCollection.getPatterns().addAll(Arrays.asList(securityCollection.findPatterns()));
                                securityConstraintModel.getWebResourceCollections().add(webResourceCollection);
                            }
                            securityConstraintModel.setAuthRolesSet(securityConstraint.getAuthConstraint());
                            securityConstraintModel.getAuthRoles().addAll(Arrays.asList(securityConstraint.findAuthRoles()));
                            this.securityRoles.addAll(securityConstraintModel.getAuthRoles());
                            if (securityConstraint.getUserConstraint() != null && !"".equals(securityConstraint.getUserConstraint().trim())) {
                                if (ServletSecurity.TransportGuarantee.NONE.toString().equals(securityConstraint.getUserConstraint())) {
                                    securityConstraintModel.setTransportGuarantee(ServletSecurity.TransportGuarantee.NONE);
                                } else {
                                    securityConstraintModel.setTransportGuarantee(ServletSecurity.TransportGuarantee.CONFIDENTIAL);
                                }
                            }
                            this.securityMappings.add(securityConstraintModel);
                        }
                    } catch (IOException e) {
                        HttpContextProcessing.LOG.warn("Failure parsing default {}: {}", new Object[]{str, e.getMessage(), e});
                    }
                } else {
                    HttpContextProcessing.LOG.warn("Web Fragment location {} is not accessible. Skipping.", str);
                }
            }
            this.contextParams.putAll(collectContextParams(this.properties));
            if (!this.contextParams.isEmpty()) {
                HttpContextProcessing.LOG.info("Setting context parameters in {}", processedOsgiContextModel);
                batch.getOperations().add(new ContextParamsChange(OpCode.ADD, processedOsgiContextModel, this.contextParams));
            }
            LoginConfigModel collectLoginConfiguration = collectLoginConfiguration(this.properties);
            if (collectLoginConfiguration != null) {
                if (this.loginConfiguration == null) {
                    this.loginConfiguration = new LoginConfigModel();
                    HttpContextProcessing.LOG.info("Registering login configuration in {}: method={}, realm={}", new Object[]{processedOsgiContextModel, collectLoginConfiguration.getAuthMethod(), collectLoginConfiguration.getRealmName()});
                } else {
                    HttpContextProcessing.LOG.info("Overriding login configuration in {}: method={}, realm={}", new Object[]{processedOsgiContextModel, collectLoginConfiguration.getAuthMethod(), collectLoginConfiguration.getRealmName()});
                }
                this.loginConfiguration.setAuthMethod(collectLoginConfiguration.getAuthMethod());
                this.loginConfiguration.setRealmName(collectLoginConfiguration.getRealmName());
                this.loginConfiguration.setFormLoginPage(collectLoginConfiguration.getFormLoginPage());
                this.loginConfiguration.setFormErrorPage(collectLoginConfiguration.getFormErrorPage());
            }
            List<SecurityConstraintModel> collectSecurityMappings = collectSecurityMappings(this.properties);
            collectSecurityMappings.addAll(this.securityMappings);
            this.securityMappings.clear();
            this.securityMappings.addAll(collectSecurityMappings);
            if (!this.securityMappings.isEmpty()) {
                HttpContextProcessing.LOG.info("Registering security mappings in {}", processedOsgiContextModel);
            }
            batch.getOperations().add(new SecurityConfigChange(OpCode.ADD, processedOsgiContextModel, this.loginConfiguration, this.securityMappings, new ArrayList(this.securityRoles)));
            batch.getOperations().add(new ContextStartChange(OpCode.MODIFY, processedOsgiContextModel));
            processingView.sendBatch(batch);
        }

        public void cleanupContext() {
            ProcessingWebContainerView processingView;
            HttpContextProcessing.LOG.info("{}: Restoring WebContainer for bundle {}/{}", new Object[]{this, this.symbolicName, this.version});
            OsgiContextModel processedOsgiContextModel = getProcessedOsgiContextModel();
            if (processedOsgiContextModel == null || (processingView = getProcessingView()) == null) {
                return;
            }
            Batch batch = new Batch("Processing context \"" + this.contextId + "\" for bundle " + this.bundle.getSymbolicName());
            batch.getOperations().add(new ContextStopChange(OpCode.MODIFY, processedOsgiContextModel));
            batch.getOperations().add(new ContextParamsChange(OpCode.DELETE, processedOsgiContextModel, this.contextParams));
            batch.getOperations().add(new SecurityConfigChange(OpCode.DELETE, processedOsgiContextModel, this.loginConfiguration, this.securityMappings, new ArrayList(this.securityRoles)));
            batch.getOperations().add(new ContextStartChange(OpCode.MODIFY, processedOsgiContextModel));
            processingView.sendBatch(batch);
        }

        private LoginConfigModel collectLoginConfiguration(Map<String, String> map) {
            if (map == null || map.get("login.config.authMethod") == null) {
                return null;
            }
            LoginConfigModel loginConfigModel = new LoginConfigModel();
            loginConfigModel.setAuthMethod(map.get("login.config.authMethod"));
            loginConfigModel.setRealmName(map.get("login.config.realmName"));
            if (loginConfigModel.getRealmName() == null) {
                loginConfigModel.setRealmName("default");
            }
            loginConfigModel.setFormLoginPage(map.get("login.config.formLoginPage"));
            loginConfigModel.setFormErrorPage(map.get("login.config.formErrorPage"));
            return loginConfigModel;
        }

        private Map<String, String> collectContextParams(Map<String, String> map) {
            HashMap hashMap = new HashMap();
            if (map != null) {
                for (String str : map.keySet()) {
                    if (str != null && str.startsWith(HttpContextProcessing.PREFIX_CONTEXT_PARAM)) {
                        hashMap.put(str.substring(HttpContextProcessing.PREFIX_CONTEXT_PARAM.length()), map.get(str));
                    }
                }
            }
            return hashMap;
        }

        private List<SecurityConstraintModel> collectSecurityMappings(Map<String, String> map) {
            LinkedList linkedList = new LinkedList();
            if (map != null) {
                LinkedHashMap linkedHashMap = new LinkedHashMap();
                for (String str : map.keySet()) {
                    if (str != null && str.startsWith(HttpContextProcessing.PREFIX_SECURITY)) {
                        String substring = str.substring(HttpContextProcessing.PREFIX_SECURITY.length());
                        if (substring.contains(".")) {
                            String substring2 = substring.substring(0, substring.lastIndexOf(46));
                            SecurityConstraintModel securityConstraintModel = (SecurityConstraintModel) linkedHashMap.computeIfAbsent(substring2, str2 -> {
                                SecurityConstraintModel securityConstraintModel2 = new SecurityConstraintModel();
                                securityConstraintModel2.setName(substring2);
                                SecurityConstraintModel.WebResourceCollection webResourceCollection = new SecurityConstraintModel.WebResourceCollection();
                                webResourceCollection.setName(substring2);
                                securityConstraintModel2.getWebResourceCollections().add(webResourceCollection);
                                securityConstraintModel2.setAuthRolesSet(true);
                                return securityConstraintModel2;
                            });
                            SecurityConstraintModel.WebResourceCollection webResourceCollection = (SecurityConstraintModel.WebResourceCollection) securityConstraintModel.getWebResourceCollections().get(0);
                            String str3 = map.get(str);
                            if (substring.endsWith(".url")) {
                                webResourceCollection.getPatterns().add(str3.trim());
                            } else if (substring.endsWith(".urls")) {
                                webResourceCollection.getPatterns().addAll(Arrays.asList(str3.split("\\s*,\\s*")));
                            } else if (substring.endsWith(".method")) {
                                webResourceCollection.getMethods().add(str3.trim());
                            } else if (substring.endsWith(".methods")) {
                                webResourceCollection.getMethods().addAll(Arrays.asList(str3.split("\\s*,\\s*")));
                            } else if (substring.endsWith(".methodOmissions")) {
                                webResourceCollection.getOmittedMethods().addAll(Arrays.asList(str3.split("\\s*,\\s*")));
                            } else if (substring.endsWith(".roles")) {
                                securityConstraintModel.getAuthRoles().addAll(Arrays.asList(str3.split("\\s*,\\s*")));
                            } else if (substring.endsWith(".transportGuarantee")) {
                                if (ServletSecurity.TransportGuarantee.CONFIDENTIAL.toString().equalsIgnoreCase(str3.trim()) || "INTEGRAL".equalsIgnoreCase(str3.trim())) {
                                    securityConstraintModel.setTransportGuarantee(ServletSecurity.TransportGuarantee.CONFIDENTIAL);
                                } else {
                                    securityConstraintModel.setTransportGuarantee(ServletSecurity.TransportGuarantee.NONE);
                                }
                            }
                        }
                    }
                }
                linkedList.addAll(linkedHashMap.values());
            }
            return linkedList;
        }

        private OsgiContextModel getProcessedOsgiContextModel() {
            ProcessingWebContainerView processingView = getProcessingView();
            if (processingView == null) {
                return null;
            }
            OsgiContextModel contextModel = this.whiteboard ? processingView.getContextModel(null, this.contextId) : processingView.getContextModel(this.bundle, this.contextId);
            if (contextModel != null) {
                return contextModel;
            }
            if (this.whiteboard) {
                HttpContextProcessing.LOG.warn("Can't find whiteboard OsgiContextModel with name \"{}\"", this.contextId);
                return null;
            }
            HttpContextProcessing.LOG.warn("Can't find OsgiContextModel with name \"{}\" for bundle {}", this.contextId, this.bundle);
            return null;
        }

        private ProcessingWebContainerView getProcessingView() {
            WebContainer webContainer = getWebContainer();
            if (webContainer == null) {
                return null;
            }
            return (ProcessingWebContainerView) webContainer.adapt(ProcessingWebContainerView.class);
        }

        public Object addingBundle(Bundle bundle, BundleEvent bundleEvent) {
            if (!this.symbolicName.equals(bundle.getSymbolicName())) {
                return null;
            }
            this.bundle = bundle;
            this.version = bundle.getVersion();
            HttpContextProcessing.LOG.info("Found bundle \"" + this.symbolicName + "\", scheduling customization of its WebContainer");
            HttpContextProcessing.this.configExecutor.execute(this::processContext);
            return null;
        }

        public void modifiedBundle(Bundle bundle, BundleEvent bundleEvent, Object obj) {
        }

        public void removedBundle(Bundle bundle, BundleEvent bundleEvent, Object obj) {
            this.bundle = null;
            this.version = null;
        }

        private WebContainer getWebContainer() {
            Bundle bundle = this.bundle;
            if (bundle == null) {
                HttpContextProcessing.LOG.debug("Bundle context for {} bundle is no longer valid", this.symbolicName);
                return null;
            }
            BundleContext bundleContext = bundle.getBundleContext();
            if (bundleContext == null) {
                HttpContextProcessing.LOG.debug("Bundle context for {} bundle is no longer valid", this.symbolicName);
                return null;
            }
            try {
                ServiceReference serviceReference = bundleContext.getServiceReference(WebContainer.class);
                if (serviceReference == null) {
                    HttpContextProcessing.LOG.warn("Can't obtain service reference for WebContainer for bundle {}", this.symbolicName);
                    return null;
                }
                WebContainer webContainer = (WebContainer) bundleContext.getService(serviceReference);
                if (webContainer != null) {
                    return webContainer;
                }
                HttpContextProcessing.LOG.warn("Can't obtain WebContainer service for bundle {}", this.symbolicName);
                return null;
            } catch (IllegalStateException e) {
                HttpContextProcessing.LOG.debug("Bundle context for {} bundle is no longer valid", this.symbolicName);
                return null;
            }
        }

        public String toString() {
            return "HTTP Context Processor {bundle=" + this.bundle + '}';
        }
    }

    public HttpContextProcessing(BundleContext bundleContext) {
        this.serviceContext = bundleContext;
    }

    public String getName() {
        return PID;
    }

    public void updated(String str, Dictionary<String, ?> dictionary) {
        LOG.info("Updated configuration for pid={}", str);
        this.configExecutor.submit(new ConfigurationChangeTask(str, dictionary));
    }

    public void deleted(String str) {
        LOG.info("Deleted configuration for pid={}", str);
        this.configExecutor.submit(new ConfigurationChangeTask(str, null));
    }

    public void destroy() {
        this.configExecutor.shutdown();
    }
}
