package org.openanzo.security.ldap;

import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import javax.xml.datatype.XMLGregorianCalendar;
import org.openanzo.cache.ICacheProvider;
import org.openanzo.client.registry.IRegistryProvider;
import org.openanzo.client.registry.LiteRegistryDataset;
import org.openanzo.datasource.services.AuthenticationCache;
import org.openanzo.exceptions.AnzoException;
import org.openanzo.exceptions.AnzoRuntimeException;
import org.openanzo.exceptions.EncryptionUtil;
import org.openanzo.exceptions.LogUtils;
import org.openanzo.execution.v2.IBundledSemanticService;
import org.openanzo.osgi.ConfiguredServiceActivator;
import org.openanzo.osgi.GenericObjectClassDef;
import org.openanzo.osgi.IServiceTrackerListener;
import org.openanzo.osgi.OsgiServiceTracker;
import org.openanzo.osgi.ServiceDependencies;
import org.openanzo.osgi.ServiceLifecycleState;
import org.openanzo.rdf.Constants;
import org.openanzo.rdf.LinkedDataConstants;
import org.openanzo.rdf.MemURI;
import org.openanzo.rdf.URI;
import org.openanzo.services.ActivityMessageBuilder;
import org.openanzo.services.IAuthenticationCache;
import org.openanzo.services.IAuthenticationService;
import org.openanzo.services.IClientEntitlementService;
import org.openanzo.services.IStatisticsProvider;
import org.openanzo.services.ISystemTable;
import org.openanzo.services.ITokenAuthenticator;
import org.openanzo.services.IUserRolesExtender;
import org.openanzo.services.LDAPDictionary;
import org.openanzo.services.ServicesDictionary;
import org.openanzo.services.SystemIssue;
import org.osgi.framework.ServiceReference;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.cm.ConfigurationException;
import org.osgi.service.event.EventHandler;
import org.osgi.service.metatype.ObjectClassDefinition;
import org.osgi.util.tracker.ServiceTracker;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ServiceDependencies(servicePid = LdapAuthenticatorActivator.SERVICE_PID, required = {ICacheProvider.class, ITokenAuthenticator.class, IClientEntitlementService.class}, optional = {}, filtered = {}, tracked = {IUserRolesExtender.class, ILdapAuthenticationStrategy.class, IRegistryProvider.class, IBundledSemanticService.class}, registeredServices = {IAuthenticationService.class, EventHandler.class, IStatisticsProvider.class}, serviceClassNames = {})
/* loaded from: input_file:org/openanzo/security/ldap/LdapAuthenticatorActivator.class */
public class LdapAuthenticatorActivator extends ConfiguredServiceActivator {
    private OsgiServiceTracker<IUserRolesExtender> extenderTracker;
    private OsgiServiceTracker<ILdapAuthenticationStrategy> authStrategyTracker;
    private OsgiServiceTracker<IRegistryProvider> registryProviderTracker;
    public static final String SERVICE_PID = "org.openanzo.security.ldap.LdapAuthentication";
    static final Logger log = LoggerFactory.getLogger((Class<?>) LdapAuthenticatorActivator.class);
    public static final GenericObjectClassDef classDef = new LdapAuthClassDef();
    private LdapAuthenticationProvider authProvider = null;
    private Set<ServiceRegistration> serviceRegistrations = new HashSet();
    private boolean useEmbedded = true;
    private boolean embeddedServerOk = false;
    private ServiceTracker tracker = null;
    private long timeout = 300000;

    public boolean isInitialized() {
        if (super.isInitialized()) {
            return !this.useEmbedded || this.embeddedServerOk;
        }
        return false;
    }

    protected boolean isDelayedConfigUpdates() {
        return this.authProvider != null;
    }

    public String getExtraStatus(boolean z) {
        StringBuilder sb = new StringBuilder(super.getExtraStatus(z));
        if (z) {
            sb.append("<br/>EmbeddedLdapServerOk:" + this.embeddedServerOk);
        } else {
            sb.append("\n EmbeddedLdapServerOk=" + this.embeddedServerOk);
        }
        return sb.toString();
    }

    public void populateIssues(ISystemTable iSystemTable, XMLGregorianCalendar xMLGregorianCalendar) {
        if (this.useEmbedded && !this.embeddedServerOk) {
            try {
                iSystemTable.updateRow(new SystemIssue().setCal(xMLGregorianCalendar).setIssueUri(MemURI.create(SystemIssue.SYSTEM_ISSUES_PREFIX, "embeddedLdapIssue")).setIssueCategory("LDAP Configuration").setComponentUri(MemURI.create("osgi://" + EncryptionUtil.getServerId())).setComponentTitle("Ldap Authentication Provider").setSeverity(SystemIssue.Severity.ERROR).setMessage("Embedded ldap server not started").setSuggestedSolution("Verify ldap server configuration").setComponentType(LdapAuthenticationProvider.LDAP_DS).setDetailMessage("**${linkTitle}** not started.<br><br>**${link}**").setLinkAction(ActivityMessageBuilder.EDIT_ACTION).setLinkResource(Constants.OSGI.LDAP_DATASOURCE_URI).setLinkType(LdapAuthenticationProvider.LDAP_DS).setLinkActionTitle(ActivityMessageBuilder.EDIT).setLinkTitle("Embedded Ldap Server"), true);
            } catch (AnzoException e) {
                log.error(LogUtils.INTERNAL_MARKER, "Error adding server issue", (Throwable) e);
            }
        }
        if (this.authProvider != null) {
            this.authProvider.populateIssues(iSystemTable, xMLGregorianCalendar);
        }
    }

    public void configurationPropertiesSet(Set<String> set) throws ConfigurationException {
        if (this.configProperties != null) {
            String property = this.context.getProperty("org.openanzo.ldap.host");
            String property2 = this.context.getProperty("org.openanzo.ldap.port");
            this.timeout = LDAPDictionary.getCacheInvalidationTimeout(this.configProperties, 300000).intValue();
            if (property != null) {
                LDAPDictionary.setHost(this.configProperties, property);
            }
            if (property2 != null) {
                LDAPDictionary.setPort(this.configProperties, Integer.valueOf(property2));
            }
            Boolean useEmbeddedServer = LDAPAuthDictionary.getUseEmbeddedServer(this.configProperties);
            if (useEmbeddedServer != null) {
                this.useEmbedded = useEmbeddedServer.booleanValue();
            }
            if (this.useEmbedded && this.tracker == null) {
                this.tracker = new ServiceTracker(this.context, "org.openanzo.ldap.internal.LdapServer", null) { // from class: org.openanzo.security.ldap.LdapAuthenticatorActivator.1
                    public Object addingService(ServiceReference serviceReference) {
                        Object service = this.context.getService(serviceReference);
                        LdapAuthenticatorActivator.this.embeddedServerOk = true;
                        if (LdapAuthenticatorActivator.this.isInitialized()) {
                            LdapAuthenticatorActivator.this.startLocked();
                        }
                        return service;
                    }

                    public void removedService(ServiceReference serviceReference, Object obj) {
                        this.context.ungetService(serviceReference);
                        LdapAuthenticatorActivator.this.embeddedServerOk = false;
                        LdapAuthenticatorActivator.this.stopLocked(false);
                    }
                };
                this.tracker.open();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static LiteRegistryDataset getRegistryDataset(IRegistryProvider iRegistryProvider, URI uri, String str) {
        if (iRegistryProvider == null) {
            return null;
        }
        try {
            return iRegistryProvider.openLiteRegistry(uri, str);
        } catch (AnzoException e) {
            throw new AnzoRuntimeException(e);
        }
    }

    public ServiceLifecycleState start() throws AnzoException {
        if (!ServicesDictionary.getEnabled(this.configProperties).booleanValue()) {
            return ServiceLifecycleState.NOT_ENABLED;
        }
        this.timeout = LDAPDictionary.getCacheInvalidationTimeout(this.configProperties, 600000).intValue();
        AuthenticationCache authenticationCache = new AuthenticationCache(this.timeout, (ICacheProvider) getDependency(ICacheProvider.class));
        this.authProvider = new LdapAuthenticationProvider((ITokenAuthenticator) getDependency(ITokenAuthenticator.class), (IClientEntitlementService) getDependency(IClientEntitlementService.class), this.configProperties, authenticationCache);
        this.authProvider.start();
        String[] strArr = {Constants.TOPICS.USER_CREDENTIALS_CHANGED_TOPIC, Constants.TOPICS.USER_ROLES_CHANGED_TOPIC, Constants.TOPICS.USER_CACHE_CLEAR, Constants.OSGI.RESET_TOPIC};
        Hashtable hashtable = new Hashtable();
        hashtable.put("event.topics", strArr);
        this.serviceRegistrations.add(this.context.registerService(IAuthenticationCache.class, authenticationCache, hashtable));
        this.extenderTracker = new OsgiServiceTracker<>(new IServiceTrackerListener<IUserRolesExtender>() { // from class: org.openanzo.security.ldap.LdapAuthenticatorActivator.2
            public void unregisterService(IUserRolesExtender iUserRolesExtender) {
                if (LdapAuthenticatorActivator.this.authProvider != null) {
                    LdapAuthenticatorActivator.this.authProvider.unregisterRoleExtender(iUserRolesExtender);
                }
            }

            public void registerService(IUserRolesExtender iUserRolesExtender) {
                if (LdapAuthenticatorActivator.this.authProvider != null) {
                    LdapAuthenticatorActivator.this.authProvider.registerRoleExtender(iUserRolesExtender);
                }
            }

            public Class<IUserRolesExtender> getComponentType() {
                return IUserRolesExtender.class;
            }
        }, this.context);
        this.extenderTracker.open();
        this.registryProviderTracker = new OsgiServiceTracker<>(new IServiceTrackerListener<IRegistryProvider>() { // from class: org.openanzo.security.ldap.LdapAuthenticatorActivator.3
            public void unregisterService(IRegistryProvider iRegistryProvider) {
                try {
                    LdapAuthenticatorActivator.this.authProvider.getPermissionRegistryDataset().close();
                    LdapAuthenticatorActivator.this.authProvider.setPermissionRegistryDataset(null);
                } catch (AnzoException e) {
                    throw new AnzoRuntimeException(e);
                }
            }

            public void registerService(IRegistryProvider iRegistryProvider) {
                if (iRegistryProvider != null) {
                    LdapAuthenticatorActivator.this.authProvider.setPermissionRegistryDataset(LdapAuthenticatorActivator.getRegistryDataset(iRegistryProvider, LinkedDataConstants.PERMISSIONS_REGISTRY, "PermissionsRegistry"));
                }
            }

            public Class<IRegistryProvider> getComponentType() {
                return IRegistryProvider.class;
            }
        }, this.context);
        this.registryProviderTracker.open();
        this.authStrategyTracker = new OsgiServiceTracker<>(new IServiceTrackerListener<ILdapAuthenticationStrategy>() { // from class: org.openanzo.security.ldap.LdapAuthenticatorActivator.4
            public void unregisterService(ILdapAuthenticationStrategy iLdapAuthenticationStrategy) {
            }

            public void registerService(ILdapAuthenticationStrategy iLdapAuthenticationStrategy) {
                if (LdapAuthenticatorActivator.this.authProvider != null) {
                    LdapAuthenticatorActivator.this.authProvider.setLdapAuthenticationStrategy(iLdapAuthenticationStrategy);
                }
            }

            public Class<ILdapAuthenticationStrategy> getComponentType() {
                return ILdapAuthenticationStrategy.class;
            }
        }, this.context);
        this.authStrategyTracker.open();
        this.serviceRegistrations.add(this.context.registerService(new String[]{IStatisticsProvider.class.getName(), IAuthenticationService.class.getName(), EventHandler.class.getName()}, this.authProvider, hashtable));
        return ServiceLifecycleState.STARTED;
    }

    public void restarted(Set<String> set) {
        if (this.authProvider != null) {
            this.authProvider.updateProperties(this.configProperties);
        }
    }

    public void stop(boolean z) {
        if (!z && this.extenderTracker != null) {
            this.extenderTracker.close();
            this.extenderTracker = null;
        }
        if (!z && this.authStrategyTracker != null) {
            this.authStrategyTracker.close();
            this.authStrategyTracker = null;
        }
        if (!z && this.registryProviderTracker != null) {
            this.registryProviderTracker.close();
            this.registryProviderTracker = null;
        }
        if (this.authProvider != null) {
            try {
                this.authProvider.stop();
            } catch (AnzoException e) {
                log.error(LogUtils.LIFECYCLE_MARKER, "Error stopping ldap authentication provider", (Throwable) e);
            }
        }
        if (!z) {
            Iterator it = new HashSet(this.serviceRegistrations).iterator();
            while (it.hasNext()) {
                ServiceRegistration serviceRegistration = (ServiceRegistration) it.next();
                try {
                    serviceRegistration.unregister();
                } catch (Exception e2) {
                    log.trace(LogUtils.LIFECYCLE_MARKER, "Error stopping ldap authentication provider, unregister service", (Throwable) e2);
                }
                this.serviceRegistrations.remove(serviceRegistration);
            }
        }
        if (z || this.tracker == null) {
            return;
        }
        this.tracker.close();
    }

    public ObjectClassDefinition getObjectClassDefinition(String str, String str2) {
        return classDef;
    }
}
