package com.atlassian.seraph.config;

import com.atlassian.seraph.Initable;
import com.atlassian.seraph.SecurityService;
import com.atlassian.seraph.auth.AuthenticationContext;
import com.atlassian.seraph.auth.AuthenticationContextImpl;
import com.atlassian.seraph.auth.Authenticator;
import com.atlassian.seraph.auth.RoleMapper;
import com.atlassian.seraph.controller.SecurityController;
import com.atlassian.seraph.elevatedsecurity.ElevatedSecurityGuard;
import com.atlassian.seraph.elevatedsecurity.NoopElevatedSecurityGuard;
import com.atlassian.seraph.interceptor.Interceptor;
import com.atlassian.seraph.ioc.ApplicationServicesRegistry;
import com.atlassian.seraph.service.rememberme.RememberMeService;
import com.atlassian.seraph.util.ClassLoaderUtil;
import com.atlassian.seraph.util.XMLUtils;
import java.io.IOException;
import java.io.Serializable;
import java.net.URL;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CopyOnWriteArrayList;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:com/atlassian/seraph/config/SecurityConfigImpl.class */
public class SecurityConfigImpl implements Serializable, SecurityConfig {
    public static final String DEFAULT_CONFIG_LOCATION = "seraph-config.xml";
    private final Authenticator authenticator;
    private final ElevatedSecurityGuard elevatedSecurityGuard;
    private final RoleMapper roleMapper;
    private final SecurityController controller;
    private final List<SecurityService> services;
    private final List<Interceptor> interceptors = new CopyOnWriteArrayList();
    private final String loginURL;
    private final String loginForwardPath;
    private final String logoutURL;
    private final String originalURLKey;
    private final List<String> loginSubmitURL;
    private final String loginCookieKey;
    private final String linkLoginURL;
    private final String authType;
    private final String websudoRequestKey;
    private RedirectPolicy redirectPolicy;
    private boolean insecureCookie;
    private final boolean invalidateSessionOnLogin;
    private final boolean invalidateSessionOnWebsudo;
    private final List<String> invalidateSessionExcludeList;
    private final List<String> invalidateWebsudoSessionExcludeList;
    private final int autoLoginCookieAge;
    private final LoginUrlStrategy loginUrlStrategy;
    private final String loginCookiePath;
    private static final Logger log = LoggerFactory.getLogger(SecurityConfigImpl.class);
    private static final int TWO_WEEKS_IN_SECONDS = Math.toIntExact(Duration.ofDays(14).getSeconds());

    public SecurityConfigImpl(String str) throws ConfigurationException {
        if (str == null) {
            str = DEFAULT_CONFIG_LOCATION;
            if (log.isDebugEnabled()) {
                log.debug("Initialising securityConfig using default configFile: " + str);
            }
        } else if (log.isDebugEnabled()) {
            log.debug("Config file location passed.  Location: " + str);
        }
        try {
            Element loadConfigXml = loadConfigXml(str);
            Map<String, String> initParameters = getInitParameters((Element) loadConfigXml.getElementsByTagName("parameters").item(0));
            this.loginURL = initParameters.get("login.url");
            this.loginForwardPath = initParameters.get("login.forward.path");
            this.linkLoginURL = initParameters.get("link.login.url");
            this.logoutURL = initParameters.get("logout.url");
            this.loginCookiePath = initParameters.get("login.cookie.path");
            this.authType = initParameters.get("authentication.type");
            this.insecureCookie = "true".equals(initParameters.get("insecure.cookie"));
            if (initParameters.get("original.url.key") != null) {
                this.originalURLKey = initParameters.get("original.url.key");
            } else {
                this.originalURLKey = "seraph_originalurl";
            }
            if (initParameters.get("login.submit.url") != null) {
                this.loginSubmitURL = Arrays.asList(initParameters.get("login.submit.url").split(","));
            } else {
                this.loginSubmitURL = new ArrayList();
            }
            if (initParameters.get("login.cookie.key") != null) {
                this.loginCookieKey = initParameters.get("login.cookie.key");
            } else {
                this.loginCookieKey = "seraph.os.cookie";
            }
            if (initParameters.get("websudo.request.key") != null) {
                this.websudoRequestKey = initParameters.get("websudo.request.key");
            } else {
                this.websudoRequestKey = "seraph.websudo.key";
            }
            if (initParameters.get("autologin.cookie.age") != null) {
                this.autoLoginCookieAge = Integer.parseInt(initParameters.get("autologin.cookie.age"));
            } else {
                this.autoLoginCookieAge = TWO_WEEKS_IN_SECONDS;
            }
            if (initParameters.get("invalidate.session.on.websudo") != null) {
                this.invalidateSessionOnWebsudo = "true".equalsIgnoreCase(initParameters.get("invalidate.session.on.websudo"));
                if (initParameters.get("invalidate.websudo.session.exclude.list") != null) {
                    this.invalidateWebsudoSessionExcludeList = Arrays.asList(initParameters.get("invalidate.websudo.session.exclude.list").split(","));
                } else {
                    this.invalidateWebsudoSessionExcludeList = Collections.emptyList();
                }
            } else {
                this.invalidateSessionOnWebsudo = false;
                this.invalidateWebsudoSessionExcludeList = Collections.emptyList();
            }
            if (initParameters.get("invalidate.session.on.login") != null) {
                this.invalidateSessionOnLogin = "true".equalsIgnoreCase(initParameters.get("invalidate.session.on.login"));
                if (initParameters.get("invalidate.session.exclude.list") != null) {
                    this.invalidateSessionExcludeList = Arrays.asList(initParameters.get("invalidate.session.exclude.list").split(","));
                } else {
                    this.invalidateSessionExcludeList = Collections.emptyList();
                }
            } else {
                this.invalidateSessionOnLogin = false;
                this.invalidateSessionExcludeList = Collections.emptyList();
            }
            this.authenticator = configureAuthenticator(loadConfigXml);
            this.controller = configureController(loadConfigXml);
            this.roleMapper = configureRoleMapper(loadConfigXml);
            this.services = Collections.unmodifiableList(configureServices(loadConfigXml));
            configureInterceptors(loadConfigXml);
            this.loginUrlStrategy = configureLoginUrlStrategy(loadConfigXml);
            configureRedirectPolicy(loadConfigXml);
            this.elevatedSecurityGuard = configureElevatedSecurityGuard(loadConfigXml);
        } catch (IOException e) {
            throw new ConfigurationException("Exception configuring from '" + str + "'.", e);
        } catch (ParserConfigurationException e2) {
            throw new ConfigurationException("Exception configuring from '" + str + "'.", e2);
        } catch (SAXException e3) {
            throw new ConfigurationException("Exception configuring from '" + str + "'.", e3);
        }
    }

    private Element loadConfigXml(String str) throws SAXException, IOException, ParserConfigurationException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        URL resource = ClassLoaderUtil.getResource(str, getClass());
        if (resource == null) {
            throw new IllegalArgumentException("No such XML file: " + str);
        }
        return newInstance.newDocumentBuilder().parse(resource.toString()).getDocumentElement();
    }

    protected void configureRedirectPolicy(Element element) throws ConfigurationException {
        this.redirectPolicy = (RedirectPolicy) configureClass(element, "redirect-policy", this);
        if (this.redirectPolicy == null) {
            this.redirectPolicy = new DefaultRedirectPolicy();
        }
    }

    private LoginUrlStrategy configureLoginUrlStrategy(Element element) throws ConfigurationException {
        LoginUrlStrategy loginUrlStrategy = (LoginUrlStrategy) configureClass(element, "login-url-strategy", this);
        if (loginUrlStrategy == null) {
            loginUrlStrategy = new DefaultLoginUrlStrategy();
        }
        return loginUrlStrategy;
    }

    private Authenticator configureAuthenticator(Element element) throws ConfigurationException {
        Authenticator authenticator = (Authenticator) configureClass(element, "authenticator", this);
        if (authenticator == null) {
            throw new ConfigurationException("No authenticator implementation was configured in SecurityConfig.");
        }
        return authenticator;
    }

    private ElevatedSecurityGuard configureElevatedSecurityGuard(Element element) throws ConfigurationException {
        ElevatedSecurityGuard elevatedSecurityGuard = (ElevatedSecurityGuard) configureClass(element, "elevatedsecurityguard", this);
        if (elevatedSecurityGuard == null) {
            elevatedSecurityGuard = NoopElevatedSecurityGuard.INSTANCE;
        }
        return elevatedSecurityGuard;
    }

    private SecurityController configureController(Element element) throws ConfigurationException {
        SecurityController securityController = (SecurityController) configureClass(element, "controller", this);
        if (securityController == null) {
            try {
                securityController = (SecurityController) ClassLoaderUtil.loadClass(SecurityController.NULL_CONTROLLER, getClass()).newInstance();
            } catch (Exception e) {
                throw new ConfigurationException("Could not lookup class: " + SecurityController.NULL_CONTROLLER, e);
            }
        }
        return securityController;
    }

    private RoleMapper configureRoleMapper(Element element) throws ConfigurationException {
        return (RoleMapper) configureClass(element, "rolemapper", this);
    }

    private static Initable configureClass(Element element, String str, SecurityConfig securityConfig) throws ConfigurationException {
        Element element2;
        String attribute;
        NodeList elementsByTagName = element.getElementsByTagName(str);
        if (elementsByTagName.getLength() == 0 || (attribute = (element2 = (Element) elementsByTagName.item(0)).getAttribute("class")) == null || attribute.trim().length() == 0) {
            return null;
        }
        try {
            Initable initable = (Initable) ClassLoaderUtil.loadClass(attribute, securityConfig.getClass()).newInstance();
            try {
                initable.init(getInitParameters(element2), securityConfig);
                return initable;
            } catch (Exception e) {
                String str2 = "Error caught in initialisation of " + str + " class '" + attribute + "': " + e.getMessage();
                log.error(str2, e);
                throw new ConfigurationException(str2, e);
            }
        } catch (InstantiationException e2) {
            throw new ConfigurationException("Unable to instantiate class '" + attribute + "'", e2);
        } catch (Exception e3) {
            String str3 = "Unable to load " + str + " class '" + attribute + "': " + e3.getMessage();
            log.error(str3, e3);
            throw new ConfigurationException(str3, e3);
        }
    }

    private List<SecurityService> configureServices(Element element) throws ConfigurationException {
        NodeList elementsByTagName = element.getElementsByTagName("services");
        ArrayList arrayList = new ArrayList();
        if (elementsByTagName != null && elementsByTagName.getLength() > 0) {
            NodeList elementsByTagName2 = ((Element) elementsByTagName.item(0)).getElementsByTagName("service");
            for (int i = 0; i < elementsByTagName2.getLength(); i++) {
                Element element2 = (Element) elementsByTagName2.item(i);
                String attribute = element2.getAttribute("class");
                if (attribute == null || "".equals(attribute)) {
                    throw new ConfigurationException("Service element with bad class attribute");
                }
                try {
                    log.debug("Adding seraph service of class: " + attribute);
                    SecurityService securityService = (SecurityService) ClassLoaderUtil.loadClass(attribute, getClass()).newInstance();
                    securityService.init(getInitParameters(element2), this);
                    arrayList.add(securityService);
                } catch (Exception e) {
                    throw new ConfigurationException("Could not getRequest service: " + attribute, e);
                }
            }
        }
        return arrayList;
    }

    private void configureInterceptors(Element element) throws ConfigurationException {
        NodeList elementsByTagName = element.getElementsByTagName("interceptors");
        if (elementsByTagName == null || elementsByTagName.getLength() <= 0) {
            return;
        }
        NodeList elementsByTagName2 = ((Element) elementsByTagName.item(0)).getElementsByTagName("interceptor");
        for (int i = 0; i < elementsByTagName2.getLength(); i++) {
            Element element2 = (Element) elementsByTagName2.item(i);
            String attribute = element2.getAttribute("class");
            if (attribute == null || "".equals(attribute)) {
                throw new ConfigurationException("Interceptor element with bad class attribute");
            }
            try {
                log.debug("Adding interceptor of class: " + attribute);
                Interceptor interceptor = (Interceptor) ClassLoaderUtil.loadClass(attribute, getClass()).newInstance();
                interceptor.init(getInitParameters(element2), this);
                this.interceptors.add(interceptor);
            } catch (Exception e) {
                throw new ConfigurationException("Could not getRequest service: " + attribute, e);
            }
        }
    }

    private static Map<String, String> getInitParameters(Element element) {
        HashMap hashMap = new HashMap();
        NodeList elementsByTagName = element.getElementsByTagName("init-param");
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            Node item = elementsByTagName.item(i);
            hashMap.put(XMLUtils.getContainedText(item, "param-name"), XMLUtils.getContainedText(item, "param-value"));
        }
        return Collections.unmodifiableMap(hashMap);
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public void destroy() {
        Iterator<SecurityService> it = this.services.iterator();
        while (it.hasNext()) {
            it.next().destroy();
        }
        Iterator<Interceptor> it2 = this.interceptors.iterator();
        while (it2.hasNext()) {
            it2.next().destroy();
        }
    }

    public void addInterceptor(Interceptor interceptor) {
        this.interceptors.add(interceptor);
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public List<SecurityService> getServices() {
        return this.services;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public String getLoginURL() {
        return getLoginURL(false, false);
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public String getLoginURL(boolean z, boolean z2) {
        String loginURL = this.loginUrlStrategy.getLoginURL(this, this.loginURL);
        if (!z) {
            loginURL = loginURL.replaceAll("\\$\\{userRole\\}", "");
        }
        if (!z2) {
            loginURL = loginURL.replaceAll("\\$\\{pageCaps\\}", "");
        }
        return loginURL;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public String getLoginForwardPath() {
        return this.loginForwardPath;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public String getLinkLoginURL() {
        return this.loginUrlStrategy.getLinkLoginURL(this, this.linkLoginURL);
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public String getLogoutURL() {
        return this.loginUrlStrategy.getLogoutURL(this, this.logoutURL);
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public String getOriginalURLKey() {
        return this.originalURLKey;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public List<String> getLoginSubmitURL() {
        return this.loginSubmitURL;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public Authenticator getAuthenticator() {
        return this.authenticator;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public AuthenticationContext getAuthenticationContext() {
        return new AuthenticationContextImpl();
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public SecurityController getController() {
        return this.controller;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public RoleMapper getRoleMapper() {
        return this.roleMapper;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public RedirectPolicy getRedirectPolicy() {
        return this.redirectPolicy;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public <T extends Interceptor> List<T> getInterceptors(Class<T> cls) {
        ArrayList arrayList = new ArrayList();
        for (Interceptor interceptor : this.interceptors) {
            if (cls.isAssignableFrom(interceptor.getClass())) {
                arrayList.add(cls.cast(interceptor));
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public String getLoginCookiePath() {
        return this.loginCookiePath;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public String getLoginCookieKey() {
        return this.loginCookieKey;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public String getWebsudoRequestKey() {
        return this.websudoRequestKey;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public String getAuthType() {
        return this.authType;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public boolean isInsecureCookie() {
        return this.insecureCookie;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public int getAutoLoginCookieAge() {
        return this.autoLoginCookieAge;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public ElevatedSecurityGuard getElevatedSecurityGuard() {
        return this.elevatedSecurityGuard;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public RememberMeService getRememberMeService() {
        return ApplicationServicesRegistry.getRememberMeService();
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public boolean isInvalidateSessionOnLogin() {
        return this.invalidateSessionOnLogin;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public boolean isInvalidateSessionOnWebsudo() {
        return this.invalidateSessionOnWebsudo;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public List<String> getInvalidateSessionExcludeList() {
        return this.invalidateSessionExcludeList;
    }

    @Override // com.atlassian.seraph.config.SecurityConfig
    public List<String> getInvalidateWebsudoSessionExcludeList() {
        return this.invalidateWebsudoSessionExcludeList;
    }
}
