package org.apache.sling.auth.saml2;

import java.io.IOException;
import java.security.Provider;
import java.security.Security;
import java.util.Hashtable;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.config.InitializationService;
import org.opensaml.xmlsec.config.impl.JavaCryptoValidationInitializer;
import org.osgi.framework.BundleActivator;
import org.osgi.framework.BundleContext;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.framework.wiring.BundleWiring;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sling/auth/saml2/Activator.class */
public class Activator implements BundleActivator {
    private static final Logger logger = LoggerFactory.getLogger(Activator.class);
    private ConfigurationAdmin configAdmin;

    public void start(BundleContext bundleContext) throws IOException, InvalidSyntaxException {
        ClassLoader classLoader = ((BundleWiring) bundleContext.getBundle().adapt(BundleWiring.class)).getClassLoader();
        Thread currentThread = Thread.currentThread();
        currentThread.setContextClassLoader(InitializationService.class.getClassLoader());
        try {
            try {
                initializeOpenSaml();
                currentThread.setContextClassLoader(classLoader);
                setConfigAdmin(bundleContext);
                if (needsSamlJaas()) {
                    configureSamlJaas();
                }
            } catch (InitializationException e) {
                throw new SAML2RuntimeException("Java Cryptographic Extension could not initialize. This happens when JCE implementation is incomplete, and not meeting OpenSAML standards.", e);
            }
        } catch (Throwable th) {
            currentThread.setContextClassLoader(classLoader);
            throw th;
        }
    }

    public void stop(BundleContext bundleContext) throws IOException, InvalidSyntaxException {
        if (this.configAdmin != null) {
            removeSamlJaas();
        }
    }

    public static void initializeOpenSaml() throws InitializationException {
        new JavaCryptoValidationInitializer().init();
        InitializationService.initialize();
        logger.info("Activating Apache Sling SAML2 SP Bundle. And Initializing JCE, Java Cryptographic Extension");
        for (Provider provider : Security.getProviders()) {
            logger.info(provider.getInfo());
        }
    }

    protected void configureSamlJaas() throws IOException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("jaas.classname", "org.apache.sling.auth.saml2.sp.Saml2LoginModule");
        hashtable.put("jaas.controlFlag", "Sufficient");
        hashtable.put("jaas.realmName", "jackrabbit.oak");
        hashtable.put("jaas.ranking", 110);
        this.configAdmin.createFactoryConfiguration("org.apache.felix.jaas.Configuration.factory", (String) null).update(hashtable);
    }

    protected boolean needsSamlJaas() throws IOException, InvalidSyntaxException {
        return this.configAdmin.listConfigurations("(jaas.classname=org.apache.sling.auth.saml2.sp.Saml2LoginModule)") == null;
    }

    protected void removeSamlJaas() throws IOException, InvalidSyntaxException {
        Configuration[] listConfigurations = this.configAdmin.listConfigurations("(jaas.classname=org.apache.sling.auth.saml2.sp.Saml2LoginModule)");
        if (listConfigurations == null) {
            return;
        }
        for (Configuration configuration : listConfigurations) {
            configuration.delete();
        }
    }

    public void setConfigAdmin(BundleContext bundleContext) {
        this.configAdmin = (ConfigurationAdmin) bundleContext.getService(bundleContext.getServiceReference(ConfigurationAdmin.class.getName()));
    }
}
