package com.terracotta.management.security.shiro.configuration;

import com.terracotta.management.security.shiro.realm.ActiveDirectoryRealm;
import com.terracotta.management.security.shiro.realm.LdapRealm;
import com.terracotta.management.security.shiro.realm.TMCJndiLdapContextFactory;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import net.sf.ehcache.config.TimeoutBehaviorConfiguration;
import org.apache.shiro.config.Ini;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.terracotta.management.resource.services.Utils;

/* loaded from: input_file:WEB-INF/classes/com/terracotta/management/security/shiro/configuration/ShiroConfigurationGenerator.class */
public class ShiroConfigurationGenerator {
    private static final String ACTIVE_DIRECTORY_REALM = "ACTIVE_DIRECTORY_REALM";
    private static final String LDAP_REALM = "LDAP_REALM";
    private static final String TC_INI_REALM = "TC_INI_REALM";
    public static final String GLOBAL_SESSION_TIMEOUT = "600000";
    public static final String TMC_CONFIGURATION_DIRECTORY_PROPERTY = "com.tc.management.config.directory";
    private static final String FILE_SEPARATOR = System.getProperty("file.separator");
    private static final Logger LOG = LoggerFactory.getLogger(ShiroConfigurationGenerator.class);
    private static final String TMC_CONFIGURATION_DEFAULT_DIRECTORY = System.getProperty("user.home") + FILE_SEPARATOR + ".tc" + FILE_SEPARATOR + "mgmt" + FILE_SEPARATOR;
    private static final String CONFIG_LOCATION = System.getProperty("com.tc.management.config.directory", TMC_CONFIGURATION_DEFAULT_DIRECTORY) + "shiro.ini";

    public static void writeShiroConfigurationActiveDirectory(Set<String> set, Set<String> set2, String str, String str2, String str3) throws IOException {
        writeShiroConfiguration(ACTIVE_DIRECTORY_REALM, set, set2, null, null, str, str2, str3, false, null);
    }

    public static void writeShiroConfigurationLdap(Set<String> set, Set<String> set2, String str, String str2, String str3, String str4, String str5, boolean z, String str6) throws IOException {
        writeShiroConfiguration(LDAP_REALM, set, set2, str, str2, str3, str4, str5, z, str6);
    }

    public static void writeShiroConfigurationIniFile() throws IOException {
        writeShiroConfiguration(TC_INI_REALM, null, null, null, null, null, null, null, false, null);
    }

    private static void writeShiroConfiguration(String str, Set<String> set, Set<String> set2, String str2, String str3, String str4, String str5, String str6, boolean z, String str7) throws IOException {
        InputStream resourceAsStream = ShiroConfigurationGenerator.class.getClassLoader().getResourceAsStream("shiroTemplate.ini");
        Ini ini = new Ini();
        if (resourceAsStream == null) {
            LOG.error("Impossible to find shiroTemplate.ini; shiro Ldap configuration won't be written");
            return;
        }
        ini.load(resourceAsStream);
        Ini.Section section = ini.getSection(IniSecurityManagerFactory.MAIN_SECTION_NAME);
        Map<String, String> map = null;
        if (TC_INI_REALM.equals(str)) {
            map = getTCIniRealmConfigurationProperties();
        } else if (ACTIVE_DIRECTORY_REALM.equals(str)) {
            map = getActiveDirectoryRealmConfigurationProperties(set, set2, str4, str5, str6);
        } else if (LDAP_REALM.equals(str)) {
            map = getLdapRealmConfigurationProperties(set, set2, str2, str3, str4, str5, str6, str7, z);
        }
        section.putAll(map);
        PrintWriter printWriter = new PrintWriter(new FileWriter(CONFIG_LOCATION));
        try {
            for (Ini.Section section2 : ini.getSections()) {
                printWriter.println(Ini.SECTION_PREFIX + section2.getName() + Ini.SECTION_SUFFIX);
                for (Map.Entry<String, String> entry : section2.entrySet()) {
                    printWriter.println(entry.getKey() + " = " + entry.getValue());
                }
            }
            LOG.info("Shiro configuration just got written to : " + CONFIG_LOCATION + " : " + map);
        } finally {
            printWriter.close();
        }
    }

    static Map<String, String> getTCIniRealmConfigurationProperties() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("realm", "com.terracotta.management.security.shiro.realm.TCIniRealm");
        linkedHashMap.put("realm.credentialsMatcher", "$passwordMatcher");
        linkedHashMap.put("realm.cachingEnabled", "false");
        linkedHashMap.put("realm.authorizationCachingEnabled", "false");
        linkedHashMap.put("securityManager.realm", "$realm");
        linkedHashMap.put("securityManager.sessionManager.globalSessionTimeout", GLOBAL_SESSION_TIMEOUT);
        return linkedHashMap;
    }

    static Map<String, String> getActiveDirectoryRealmConfigurationProperties(Set<String> set, Set<String> set2, String str, String str2, String str3) {
        Map<String, String> commonLdapAndADProperties = getCommonLdapAndADProperties(set, set2, str, str2, str3);
        commonLdapAndADProperties.put("ldapRealm", ActiveDirectoryRealm.class.getName());
        return commonLdapAndADProperties;
    }

    static Map<String, String> getLdapRealmConfigurationProperties(Set<String> set, Set<String> set2, String str, String str2, String str3, String str4, String str5, String str6, boolean z) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("ldapRealm", LdapRealm.class.getName());
        linkedHashMap.put("ldapRealm.groupAttributeMatching", str6);
        linkedHashMap.put("ldapRealm.userDnTemplate", str);
        linkedHashMap.put("ldapRealm.groupDnTemplate", str2);
        linkedHashMap.put("ldapRealm.dynamicGroupConfiguration", Boolean.toString(z));
        linkedHashMap.putAll(getCommonLdapAndADProperties(set, set2, str3, str4, str5));
        return linkedHashMap;
    }

    private static Map<String, String> getCommonLdapAndADProperties(Set<String> set, Set<String> set2, String str, String str2, String str3) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("contextFactory", TMCJndiLdapContextFactory.class.getName());
        linkedHashMap.put("ldapRealm.contextFactory", "$contextFactory");
        linkedHashMap.put("securityManager.realm", "$ldapRealm");
        linkedHashMap.put("cacheManager", "org.apache.shiro.cache.ehcache.EhCacheManager");
        linkedHashMap.put("cacheManager.cacheManagerConfigFile", "classpath:shiro-ehcache.xml");
        linkedHashMap.put("securityManager.cacheManager", "$cacheManager");
        linkedHashMap.put("securityManager.sessionManager.globalSessionTimeout", GLOBAL_SESSION_TIMEOUT);
        generateGroupRolesMap(linkedHashMap, set2, set);
        linkedHashMap.put("ldapRealm.searchBase", str);
        if (Utils.trimToNull(str3) != null) {
            linkedHashMap.put("ldapRealm.systemUsername", str3);
        }
        boolean z = false;
        if (str2.startsWith("ldaps")) {
            z = true;
        }
        linkedHashMap.put("ldapRealm.contextFactory.environment", (z ? "\"java.naming.ldap.factory.socket\":\"com.terracotta.management.security.impl.CustomTrustStoreSSLSocketFactory\"," : "") + "\"java.naming.provider.url\":\"" + str2 + "\",\"java.naming.factory.initial\":\"com.sun.jndi.ldap.LdapCtxFactory\",\"java.naming.referral\":\"follow\"");
        return linkedHashMap;
    }

    static void generateGroupRolesMap(Map<String, String> map, Set<String> set, Set<String> set2) {
        HashMap hashMap = new HashMap();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            hashMap.put(it.next(), "admin");
        }
        for (String str : set2) {
            if (hashMap.containsKey(str)) {
                hashMap.put(str, "admin,operator");
            } else {
                hashMap.put(str, "operator");
            }
        }
        StringBuilder sb = new StringBuilder();
        for (Map.Entry entry : hashMap.entrySet()) {
            sb.append("\"" + ((String) entry.getKey()) + "\":\"" + ((String) entry.getValue()) + "\",");
        }
        if (sb.lastIndexOf(TimeoutBehaviorConfiguration.DEFAULT_PROPERTY_SEPARATOR) == sb.length() - 1) {
            sb.deleteCharAt(sb.length() - 1);
        }
        map.put("ldapRealm.groupRolesMapAsString", sb.toString());
    }
}
