package org.eclipse.kura.internal.rest.provider;

import com.eclipsesource.jaxrs.provider.security.AuthenticationHandler;
import com.eclipsesource.jaxrs.provider.security.AuthorizationHandler;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.TreeSet;
import javax.annotation.Priority;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.PathSegment;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.eclipse.kura.audit.AuditConstants;
import org.eclipse.kura.audit.AuditContext;
import org.eclipse.kura.configuration.ConfigurableComponent;
import org.eclipse.kura.crypto.CryptoService;
import org.eclipse.kura.internal.rest.auth.BasicAuthenticationProvider;
import org.eclipse.kura.internal.rest.auth.CertificateAuthenticationProvider;
import org.eclipse.kura.internal.rest.auth.RestSessionHelper;
import org.eclipse.kura.internal.rest.auth.SessionAuthProvider;
import org.eclipse.kura.internal.rest.auth.SessionRestService;
import org.eclipse.kura.rest.auth.AuthenticationProvider;
import org.eclipse.kura.util.useradmin.UserAdminHelper;
import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.useradmin.UserAdmin;
import org.osgi.util.tracker.ServiceTracker;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
/* loaded from: input_file:org/eclipse/kura/internal/rest/provider/RestService.class */
public class RestService implements AuthenticationHandler, AuthorizationHandler, ConfigurableComponent, ContainerResponseFilter {
    private static final Logger logger = LoggerFactory.getLogger(RestService.class);
    private static final Logger auditLogger = LoggerFactory.getLogger("AuditLogger");
    private static final Response NOT_FOUND_RESPONSE = Response.status(Response.Status.NOT_FOUND).build();
    private CryptoService cryptoService;
    private UserAdmin userAdmin;
    private ConfigurationAdmin configurationAdmin;
    RestServiceOptions options;
    private final List<ServiceRegistration<?>> registeredServices = new ArrayList();
    private final Set<AuthenticationProviderHolder> authenticationProviders = new TreeSet();
    private AuthenticationProvider basicAuthProvider;
    private AuthenticationProvider certificateAuthProvider;
    private SessionAuthProvider sessionAuthenticationProvider;
    private SessionRestService authRestService;
    private UserAdminHelper userAdminHelper;
    private ServiceTracker<Object, Thread> tracker;

    @Context
    private HttpServletRequest request;

    @Context
    private HttpServletResponse response;

    @Provider
    @Priority(900)
    /* loaded from: input_file:org/eclipse/kura/internal/rest/provider/RestService$IncomingPortCheckFilter.class */
    private class IncomingPortCheckFilter implements ContainerRequestFilter {

        @Context
        private HttpServletRequest sr;

        private IncomingPortCheckFilter() {
        }

        public void filter(ContainerRequestContext containerRequestContext) throws IOException {
            RestService.this.initAuditContext(containerRequestContext);
            Set<Integer> allowedPorts = RestService.this.options.getAllowedPorts();
            if (allowedPorts.isEmpty() || allowedPorts.contains(Integer.valueOf(this.sr.getLocalPort()))) {
                return;
            }
            containerRequestContext.abortWith(RestService.NOT_FOUND_RESPONSE);
        }

        /* synthetic */ IncomingPortCheckFilter(RestService restService, IncomingPortCheckFilter incomingPortCheckFilter) {
            this();
        }
    }

    public void setUserAdmin(UserAdmin userAdmin) {
        this.userAdmin = userAdmin;
    }

    public void setCryptoService(CryptoService cryptoService) {
        this.cryptoService = cryptoService;
    }

    public void setConfigurationAdmin(ConfigurationAdmin configurationAdmin) {
        this.configurationAdmin = configurationAdmin;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.util.Set<org.eclipse.kura.internal.rest.provider.AuthenticationProviderHolder>] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8 */
    public void bindAuthenticationProvider(AuthenticationProvider authenticationProvider) {
        ?? r0 = this.authenticationProviders;
        synchronized (r0) {
            AuthenticationProviderHolder authenticationProviderHolder = new AuthenticationProviderHolder(authenticationProvider);
            this.authenticationProviders.add(authenticationProviderHolder);
            authenticationProviderHolder.onEnabled();
            r0 = r0;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.util.Set<org.eclipse.kura.internal.rest.provider.AuthenticationProviderHolder>] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    public void unbindAuthenticationProvider(AuthenticationProvider authenticationProvider) {
        ?? r0 = this.authenticationProviders;
        synchronized (r0) {
            AuthenticationProviderHolder authenticationProviderHolder = new AuthenticationProviderHolder(authenticationProvider);
            if (this.authenticationProviders.remove(authenticationProviderHolder)) {
                authenticationProviderHolder.onDisabled();
            }
            r0 = r0;
        }
    }

    public void activate(Map<String, Object> map) {
        logger.info("activating...");
        BundleContext bundleContext = FrameworkUtil.getBundle(RestService.class).getBundleContext();
        try {
            this.tracker = new ServiceTracker<>(bundleContext, FrameworkUtil.createFilter("(osgi.http.whiteboard.servlet.name=com.eclipsesource.jaxrs.publisher.internal.ServletContainerBridge)"), new ServletContainerBridgeFix(bundleContext));
            this.tracker.open();
        } catch (InvalidSyntaxException unused) {
        }
        this.userAdminHelper = new UserAdminHelper(this.userAdmin, this.cryptoService);
        RestSessionHelper restSessionHelper = new RestSessionHelper(this.userAdminHelper);
        this.registeredServices.add(bundleContext.registerService(ContainerRequestFilter.class, new IncomingPortCheckFilter(this, null), (Dictionary) null));
        this.basicAuthProvider = new BasicAuthenticationProvider(bundleContext, this.userAdminHelper);
        this.certificateAuthProvider = new CertificateAuthenticationProvider(this.userAdminHelper);
        this.sessionAuthenticationProvider = new SessionAuthProvider(restSessionHelper, new HashSet(Arrays.asList("/session/v1/changePassword", "/session/v1/xsrfToken")), Collections.singleton("/session/v1/xsrfToken"));
        this.authRestService = new SessionRestService(this.userAdminHelper, restSessionHelper, this.configurationAdmin);
        this.registeredServices.add(bundleContext.registerService(SessionRestService.class, this.authRestService, (Dictionary) null));
        update(map);
        logger.info("activating...done");
    }

    public void update(Map<String, Object> map) {
        logger.info("updating...");
        RestServiceOptions restServiceOptions = new RestServiceOptions(map);
        if (!Objects.equals(this.options, restServiceOptions)) {
            this.options = restServiceOptions;
            updateBuiltinAuthenticationProviders(restServiceOptions);
            this.authRestService.setOptions(restServiceOptions);
            this.sessionAuthenticationProvider.setOptions(restServiceOptions);
        }
        logger.info("updating...done");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v10, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v16 */
    /* JADX WARN: Type inference failed for: r0v9, types: [java.util.Set<org.eclipse.kura.internal.rest.provider.AuthenticationProviderHolder>] */
    public void deactivate() {
        logger.info("deactivating...");
        this.tracker.close();
        Iterator<ServiceRegistration<?>> it = this.registeredServices.iterator();
        while (it.hasNext()) {
            it.next().unregister();
        }
        ?? r0 = this.authenticationProviders;
        synchronized (r0) {
            Iterator<AuthenticationProviderHolder> it2 = this.authenticationProviders.iterator();
            while (it2.hasNext()) {
                it2.next().onDisabled();
                it2.remove();
            }
            r0 = r0;
            logger.info("deactivating...done");
        }
    }

    public boolean isUserInRole(Principal principal, String str) {
        try {
            this.userAdminHelper.requirePermissions(principal.getName(), new String[]{"rest." + str});
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Throwable, java.util.Set<org.eclipse.kura.internal.rest.provider.AuthenticationProviderHolder>] */
    public Principal authenticate(ContainerRequestContext containerRequestContext) {
        initAuditContext(containerRequestContext);
        synchronized (this.authenticationProviders) {
            Iterator<AuthenticationProviderHolder> it = this.authenticationProviders.iterator();
            while (it.hasNext()) {
                Optional<Principal> authenticate = it.next().authenticate(this.request, containerRequestContext);
                if (authenticate.isPresent()) {
                    return authenticate.get();
                }
            }
            return null;
        }
    }

    public String getAuthenticationScheme() {
        return null;
    }

    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
        int status = containerResponseContext.getStatus();
        AuditContext initAuditContext = initAuditContext(containerRequestContext);
        try {
            if (containerResponseContext.getStatus() == 404) {
                auditLogger.warn("{} Rest - Failure - Service not found", initAuditContext);
                return;
            }
            if (containerResponseContext.getStatus() == 403) {
                if (containerRequestContext.getSecurityContext() != null && containerRequestContext.getSecurityContext().getUserPrincipal() != null) {
                    auditLogger.warn("{} Rest - Failure - User not authorized to perform the requested operation", initAuditContext);
                    return;
                }
                containerResponseContext.setStatus(401);
            }
            if (containerResponseContext.getStatus() == 401) {
                auditLogger.warn("{} Rest - Failure - User not authenticated", initAuditContext);
                return;
            }
            if (status < 200 || status >= 400) {
                auditLogger.warn("{} Rest - Failure - Request failed", initAuditContext);
            } else {
                auditLogger.info("{} Rest - Success - Rest request succeeded", initAuditContext);
            }
        } finally {
            closeAuditContext(containerRequestContext);
        }
    }

    private String getRequestPath(ContainerRequestContext containerRequestContext) {
        Iterator it = containerRequestContext.getUriInfo().getPathSegments().iterator();
        StringBuilder sb = new StringBuilder();
        while (it.hasNext()) {
            sb.append(((PathSegment) it.next()).getPath());
            if (it.hasNext()) {
                sb.append("/");
            }
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AuditContext initAuditContext(ContainerRequestContext containerRequestContext) {
        Object property = containerRequestContext.getProperty("org.eclipse.kura.rest.audit.context");
        if (property != null) {
            return (AuditContext) property;
        }
        HashMap hashMap = new HashMap();
        String headerString = containerRequestContext.getHeaderString("X-FORWARDED-FOR");
        if (headerString == null) {
            headerString = this.request.getRemoteAddr();
        }
        hashMap.put(AuditConstants.KEY_ENTRY_POINT.getValue(), "RestService");
        hashMap.put(AuditConstants.KEY_IP.getValue(), headerString);
        hashMap.put("rest.method", containerRequestContext.getMethod());
        hashMap.put("rest.path", getRequestPath(containerRequestContext));
        AuditContext auditContext = new AuditContext(hashMap);
        AuditContext.Scope openScope = AuditContext.openScope(auditContext);
        containerRequestContext.setProperty("org.eclipse.kura.rest.audit.context", auditContext);
        containerRequestContext.setProperty("org.eclipse.kura.rest.audit.scope", openScope);
        return auditContext;
    }

    private void closeAuditContext(ContainerRequestContext containerRequestContext) {
        Object property = containerRequestContext.getProperty("org.eclipse.kura.rest.audit.scope");
        if (property instanceof AuditContext.Scope) {
            ((AuditContext.Scope) property).close();
        }
    }

    private void updateBuiltinAuthenticationProviders(RestServiceOptions restServiceOptions) {
        if (restServiceOptions.isPasswordAuthEnabled() && restServiceOptions.isBasicAuthEnabled()) {
            bindAuthenticationProvider(this.basicAuthProvider);
        } else {
            unbindAuthenticationProvider(this.basicAuthProvider);
        }
        if (restServiceOptions.isCertificateAuthEnabled() && restServiceOptions.isStatelessCertificateAuthEnabled()) {
            bindAuthenticationProvider(this.certificateAuthProvider);
        } else {
            unbindAuthenticationProvider(this.certificateAuthProvider);
        }
        if (restServiceOptions.isSessionManagementEnabled()) {
            bindAuthenticationProvider(this.sessionAuthenticationProvider);
        }
    }
}
