package org.killbill.billing.server.modules;

import com.google.inject.Inject;
import com.google.inject.Key;
import com.google.inject.Provider;
import com.google.inject.TypeLiteral;
import com.google.inject.binder.AnnotatedBindingBuilder;
import com.google.inject.matcher.AbstractMatcher;
import com.google.inject.matcher.Matchers;
import com.google.inject.spi.InjectionListener;
import com.google.inject.spi.TypeEncounter;
import com.google.inject.spi.TypeListener;
import java.util.Iterator;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.authc.pam.ModularRealmAuthenticatorWith540;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.guice.web.ShiroWebModuleWith435;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.util.WebUtils;
import org.killbill.billing.server.security.FirstSuccessfulStrategyWith540;
import org.killbill.billing.server.security.KillbillJdbcTenantRealm;
import org.killbill.billing.util.config.RbacConfig;
import org.killbill.billing.util.glue.EhCacheManagerProvider;
import org.killbill.billing.util.glue.IniRealmProvider;
import org.killbill.billing.util.glue.JDBCSessionDaoProvider;
import org.killbill.billing.util.glue.KillBillShiroModule;
import org.killbill.billing.util.glue.ShiroEhCacheInstrumentor;
import org.killbill.billing.util.security.shiro.dao.JDBCSessionDao;
import org.killbill.billing.util.security.shiro.realm.KillBillJdbcRealm;
import org.killbill.billing.util.security.shiro.realm.KillBillJndiLdapRealm;
import org.skife.config.ConfigSource;
import org.skife.config.ConfigurationObjectFactory;

/* loaded from: input_file:org/killbill/billing/server/modules/KillBillShiroWebModule.class */
public class KillBillShiroWebModule extends ShiroWebModuleWith435 {
    private final ConfigSource configSource;

    /* loaded from: input_file:org/killbill/billing/server/modules/KillBillShiroWebModule$CorsBasicHttpAuthenticationFilter.class */
    public static final class CorsBasicHttpAuthenticationFilter extends BasicHttpAuthenticationFilter {
        protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
            return "OPTIONS".equalsIgnoreCase(WebUtils.toHttp(servletRequest).getMethod()) || super.isAccessAllowed(servletRequest, servletResponse, obj);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/killbill/billing/server/modules/KillBillShiroWebModule$DefaultWebSecurityManagerTypeListener.class */
    public static final class DefaultWebSecurityManagerTypeListener implements TypeListener {
        private final Provider<ShiroEhCacheInstrumentor> instrumentorProvider;

        @Inject
        public DefaultWebSecurityManagerTypeListener(Provider<ShiroEhCacheInstrumentor> provider) {
            this.instrumentorProvider = provider;
        }

        public <I> void hear(TypeLiteral<I> typeLiteral, TypeEncounter<I> typeEncounter) {
            typeEncounter.register(new InjectionListener<I>() { // from class: org.killbill.billing.server.modules.KillBillShiroWebModule.DefaultWebSecurityManagerTypeListener.1
                public void afterInjection(Object obj) {
                    ShiroEhCacheInstrumentor shiroEhCacheInstrumentor = (ShiroEhCacheInstrumentor) DefaultWebSecurityManagerTypeListener.this.instrumentorProvider.get();
                    shiroEhCacheInstrumentor.instrument("shiro-activeSessionCache");
                    DefaultWebSecurityManager defaultWebSecurityManager = (DefaultWebSecurityManager) obj;
                    if (defaultWebSecurityManager.getAuthenticator() instanceof ModularRealmAuthenticator) {
                        ModularRealmAuthenticator authenticator = defaultWebSecurityManager.getAuthenticator();
                        authenticator.setAuthenticationStrategy(new FirstSuccessfulStrategyWith540());
                        defaultWebSecurityManager.setAuthenticator(new ModularRealmAuthenticatorWith540(authenticator));
                        Iterator it = defaultWebSecurityManager.getRealms().iterator();
                        while (it.hasNext()) {
                            shiroEhCacheInstrumentor.instrument((Realm) it.next());
                        }
                    }
                }
            });
        }
    }

    public KillBillShiroWebModule(ServletContext servletContext, ConfigSource configSource) {
        super(servletContext);
        this.configSource = configSource;
    }

    public void configure() {
        super.configure();
        bind(ShiroEhCacheInstrumentor.class).asEagerSingleton();
    }

    @Override // org.apache.shiro.guice.web.ShiroWebModuleWith435
    protected void configureShiroWeb() {
        bind(CacheManager.class).toProvider(EhCacheManagerProvider.class).asEagerSingleton();
        configureShiroForRBAC();
        configureShiroForTenants();
    }

    private void configureShiroForRBAC() {
        bind(RbacConfig.class).toInstance((RbacConfig) new ConfigurationObjectFactory(this.configSource).build(RbacConfig.class));
        bindRealm().toProvider(IniRealmProvider.class).asEagerSingleton();
        bindRealm().to(KillBillJdbcRealm.class).asEagerSingleton();
        if (KillBillShiroModule.isLDAPEnabled()) {
            bindRealm().to(KillBillJndiLdapRealm.class).asEagerSingleton();
        }
        bindListener(new AbstractMatcher<TypeLiteral<?>>() { // from class: org.killbill.billing.server.modules.KillBillShiroWebModule.1
            public boolean matches(TypeLiteral<?> typeLiteral) {
                return Matchers.subclassesOf(WebSecurityManager.class).matches(typeLiteral.getRawType());
            }
        }, new DefaultWebSecurityManagerTypeListener(getProvider(ShiroEhCacheInstrumentor.class)));
        if (KillBillShiroModule.isRBACEnabled()) {
            addFilterChain("/1.0/kb/**", Key.get(CorsBasicHttpAuthenticationFilter.class));
        }
    }

    private void configureShiroForTenants() {
        bind(KillbillJdbcTenantRealm.class).toProvider(KillbillJdbcTenantRealmProvider.class).asEagerSingleton();
        expose(KillbillJdbcTenantRealm.class);
    }

    @Override // org.apache.shiro.guice.web.ShiroWebModuleWith435
    protected void bindSessionManager(AnnotatedBindingBuilder<SessionManager> annotatedBindingBuilder) {
        annotatedBindingBuilder.to(DefaultWebSessionManager.class).asEagerSingleton();
        bind(JDBCSessionDao.class).toProvider(JDBCSessionDaoProvider.class).asEagerSingleton();
    }
}
