package cern.rbac.client;

import cern.accsoft.commons.util.Assert;
import cern.cmw.util.config.ConfigurationBuilder;
import cern.rbac.client.impl.ClientConstants;
import cern.rbac.client.impl.LoginConfiguration;
import cern.rbac.client.impl.SslRbaKeyStore;
import cern.rbac.common.RbacConfiguration;
import cern.rbac.common.authentication.LoginPolicy;
import com.sun.security.auth.login.ConfigFile;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.function.Function;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/rbac-client-6.0.2.jar:cern/rbac/client/ClientConfiguration.class */
public final class ClientConfiguration {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) ClientConfiguration.class);
    public static final String APPLICATION_NAME_PROPERTY = "rbac.application.name";
    public static final String APPLICATION_NAME_DEFAULT = "DEFAULT";
    public static final String TOKEN_LIFETIME_MINS_PROPERTY = "rbac.token.lifetime.mins";
    public static final int TOKEN_LIFETIME_MINS_DEFAULT = 480;
    private static final String UNKNOWN_USERNAME = "unknown";
    private static final String CONTEXT_NAME_SEPARATOR = "-";
    private static final String DIALOG_LOGIN_POLICY = "DIALOG";
    private static ClientConfiguration singleton;
    private Configuration loginConfig;
    private RbacConfiguration runtimeConfiguration;
    private String username;
    private List<String> serversList;
    private Properties kerberosLoginProperties;
    private String servicePrincipalName;
    private String kerberosRealm;
    private String kdc;
    private String kerberosDebug;
    private SSLSocketFactory sslSocketFactory;
    private final int readTimeoutMillis;
    private final String applicationName;
    private final int tokenLifetimeMins;

    private ClientConfiguration(cern.cmw.util.config.Configuration configuration) {
        initialize(configuration);
        this.readTimeoutMillis = 60000;
        this.applicationName = getProperty(configuration, APPLICATION_NAME_PROPERTY, "DEFAULT");
        this.tokenLifetimeMins = ((Integer) getProperty(configuration, TOKEN_LIFETIME_MINS_PROPERTY, 480, Integer::valueOf)).intValue();
    }

    private static String getProperty(cern.cmw.util.config.Configuration configuration, String str, String str2) {
        return (String) getProperty(configuration, str, str2, Function.identity());
    }

    private static <T> T getProperty(cern.cmw.util.config.Configuration configuration, String str, T t, Function<String, T> function) {
        String property = configuration.getProperty(str);
        if (property == null) {
            return t;
        }
        try {
            T apply = function.apply(property);
            LOGGER.debug("{}={}", str, property);
            return apply;
        } catch (Exception e) {
            LOGGER.warn("Could not parse property {}={}: {}", str, property, e.getMessage(), e);
            return t;
        }
    }

    public static ClientConfiguration create(cern.cmw.util.config.Configuration configuration) {
        return new ClientConfiguration(configuration);
    }

    public static ClientConfiguration getCurrent() {
        if (singleton != null) {
            return singleton;
        }
        synchronized (ClientConfiguration.class) {
            if (singleton == null) {
                singleton = new ClientConfiguration(ConfigurationBuilder.newInstance().build());
            }
        }
        return singleton;
    }

    private static void warnUseOfObsoleteContext(String str) {
        boolean z = false;
        LoginPolicy[] values = LoginPolicy.values();
        int length = values.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (values[i].name().equalsIgnoreCase(str)) {
                z = true;
                break;
            }
            i++;
        }
        if (z || str.equalsIgnoreCase(DIALOG_LOGIN_POLICY)) {
            return;
        }
        LOGGER.warn("RBAC login context name '{}' is deprecated --> use instead LoginPolicy enum.", str);
    }

    private static String retrieveUsername() {
        return System.getProperty("os.name").contains("Windows") ? retrieveUsernameFromModule("com.sun.security.auth.module.NTSystem", "getName") : retrieveUsernameFromModule("com.sun.security.auth.module.UnixSystem", "getUsername");
    }

    private static String retrieveUsernameFromModule(String str, String str2) {
        try {
            Class<?> cls = Class.forName(str);
            String str3 = (String) cls.getMethod(str2, (Class[]) null).invoke(cls.newInstance(), (Object[]) null);
            return (str3 == null || str3.isEmpty()) ? "unknown" : str3.toLowerCase();
        } catch (Exception e) {
            LOGGER.error("Failed to retrieve the currently logged in username: {}", e.getMessage(), e);
            throw new RuntimeException("Failed to retrieve the currently logged in username: " + e.getMessage(), e);
        }
    }

    public String getUsername() {
        return this.username;
    }

    public RbacConfiguration getRuntimeConfiguration() {
        return this.runtimeConfiguration;
    }

    public List<String> getRemoteServers() {
        return this.serversList;
    }

    public String getServicePrincipalName() {
        return this.servicePrincipalName;
    }

    public Properties getKerberosLoginProperties() {
        return this.kerberosLoginProperties;
    }

    public String getKerberosRealm() {
        return this.kerberosRealm;
    }

    public String getKdc() {
        return this.kdc;
    }

    public String getKerberosDebug() {
        return this.kerberosDebug;
    }

    public Configuration getLoginConfiguration() {
        return this.loginConfig;
    }

    public int getReadTimeoutMillis() {
        return this.readTimeoutMillis;
    }

    public synchronized SSLSocketFactory getSslSocketFactory() {
        if (this.sslSocketFactory == null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(SslRbaKeyStore.getPublicKeyStore(this.runtimeConfiguration.getEnvironment()));
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                SSLContext sSLContext = SSLContext.getInstance("SSL");
                sSLContext.init(new KeyManager[0], trustManagers, null);
                this.sslSocketFactory = sSLContext.getSocketFactory();
            } catch (GeneralSecurityException e) {
                throw new RuntimeException(e);
            }
        }
        return this.sslSocketFactory;
    }

    public String getApplicationName() {
        return this.applicationName;
    }

    public int getTokenLifetimeMins() {
        return this.tokenLifetimeMins;
    }

    public String prepareContextName(String str) {
        Assert.hasText(str, "Login context name is null/empty");
        String lowerCase = str.trim().toLowerCase();
        warnUseOfObsoleteContext(lowerCase);
        return prepareContextNameImpl(lowerCase);
    }

    private String prepareContextNameImpl(String str) {
        return (this.runtimeConfiguration.getEnvironment() == RbacConfiguration.Environment.PRO || str.indexOf("-") > 0) ? str : this.runtimeConfiguration.getEnvironment().name().toLowerCase() + "-" + str.toLowerCase();
    }

    private void initialize(cern.cmw.util.config.Configuration configuration) {
        initLoginConfiguration();
        initKerberosLoginProperties();
        initRuntimeSetup(configuration);
        initCurrentUsername();
        initLoginServersConfig();
        initServicePrincipalName();
    }

    private void initLoginConfiguration() {
        URL resource = Thread.currentThread().getContextClassLoader().getResource(ClientConstants.LOGIN_CONFIG_FILE_NAME);
        if (resource == null) {
            throw new RuntimeException("RBA login config file not found: login/rba-login.properties");
        }
        try {
            this.loginConfig = new ConfigFile(resource.toURI());
            this.loginConfig = new LoginConfiguration(this.loginConfig, this);
        } catch (Exception e) {
            throw new RuntimeException("Failed to load RBA login config file: " + resource, e);
        }
    }

    private void initKerberosLoginProperties() {
        URL resource = Thread.currentThread().getContextClassLoader().getResource(ClientConstants.KRB5_CONFIG_FILE_NAME);
        if (resource == null) {
            throw new RuntimeException("RBA Kerberos login config file not found: login/rba-krb.properties");
        }
        this.kerberosLoginProperties = new Properties();
        try {
            this.kerberosLoginProperties.load(resource.openStream());
            this.kerberosRealm = System.getProperty("kerberos.realm") != null ? System.getProperty("kerberos.realm") : this.kerberosLoginProperties.getProperty("realm");
            this.kdc = System.getProperty("kerberos.kdc") != null ? System.getProperty("kerberos.kdc") : this.kerberosLoginProperties.getProperty("kdc");
            this.kerberosDebug = System.getProperty("kerberos.debug") != null ? System.getProperty("kerberos.debug") : this.kerberosLoginProperties.getProperty("debug");
        } catch (Exception e) {
            throw new RuntimeException("Failed to load RBA Kerberos login config file: " + resource, e);
        }
    }

    private void initRuntimeSetup(cern.cmw.util.config.Configuration configuration) {
        this.runtimeConfiguration = RbacConfiguration.create(configuration);
    }

    private void initCurrentUsername() {
        this.username = retrieveUsername();
    }

    private void initLoginServersConfig() {
        String prepareContextNameImpl = prepareContextNameImpl(LoginPolicy.DEFAULT.name().toLowerCase());
        AppConfigurationEntry[] appConfigurationEntry = this.loginConfig.getAppConfigurationEntry(prepareContextNameImpl);
        Assert.notEmpty(appConfigurationEntry, "Login configuration not found for login context: " + prepareContextNameImpl);
        String str = null;
        for (AppConfigurationEntry appConfigurationEntry2 : appConfigurationEntry) {
            Map options = appConfigurationEntry2.getOptions();
            if (options != null) {
                String str2 = (String) options.get("server");
                str = str2;
                if (str2 != null) {
                    break;
                }
            }
        }
        Assert.hasText(str, "Remote servers list not found for login context: " + prepareContextNameImpl);
        this.serversList = Collections.unmodifiableList(Arrays.asList(str.split(",")));
    }

    private void initServicePrincipalName() {
        Iterator<String> it = this.serversList.iterator();
        while (it.hasNext()) {
            Matcher matcher = Pattern.compile("https://(.*?):").matcher(it.next());
            if (matcher.find()) {
                this.servicePrincipalName = String.format("%s/%s", this.kerberosLoginProperties.getProperty("service"), this.kerberosLoginProperties.getProperty(matcher.group(1)));
                return;
            }
        }
    }
}
