package cern.rbac.client.impl.authentication;

import cern.accsoft.commons.util.Assert;
import cern.rbac.client.ClientConfiguration;
import cern.rbac.client.RbaSubject;
import cern.rbac.client.impl.RbaSubjectImpl;
import cern.rbac.client.request.ServerRequestException;
import cern.rbac.client.request.ServerRequestInvoker;
import cern.rbac.common.RbaToken;
import cern.rbac.common.TokenFormatException;
import cern.rbac.common.TokenType;
import cern.rbac.common.impl.request.AuthenticationRequestBuilder;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/rbac-client-6.0.2.jar:cern/rbac/client/impl/authentication/AbstractRbaLoginModule.class */
abstract class AbstractRbaLoginModule implements LoginModule {
    static final String SHARED_STATE_TOKEN_CACHE = "token-cache";
    static final String SHARED_STATE_APPLICATION_TOKEN = "application-token";
    static final String SHARED_STATE_MASTER_TOKEN = "master-token";
    protected static final String SHARED_STATE_ROLE_PICKER_CANCELLED = "role-picker-cancelled";
    private static final Logger LOGGER;
    RbaToken token;
    private RbaSubject rbaSubject;
    private CallbackHandler handler;
    private Map<String, Object> sharedState;
    private ClientConfiguration configuration;
    static final /* synthetic */ boolean $assertionsDisabled;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        Assert.notNull(subject);
        Assert.notNull(callbackHandler);
        Assert.notNull(map);
        Assert.notNull(map2);
        this.rbaSubject = new RbaSubjectImpl(subject);
        this.handler = callbackHandler;
        this.sharedState = map;
        this.configuration = (ClientConfiguration) map2.get(ClientConfiguration.class.getName());
    }

    public boolean commit() {
        LOGGER.debug("commit() START ...");
        resetCallback();
        if (this.token == null) {
            LOGGER.debug("commit() token null, END");
            return false;
        }
        LOGGER.info("Obtained {} token for username '{}': #0x{}", this.token.getType().name(), this.token.getUser().getName(), Integer.toHexString(this.token.getSerialId()));
        if (this.token.getType().isMaster()) {
            this.rbaSubject.setMasterToken(this.token);
        } else {
            this.rbaSubject.setAppToken(this.token);
        }
        this.rbaSubject.clearExpiredTokens();
        this.token = null;
        LOGGER.debug("commit() END");
        return true;
    }

    public boolean abort() {
        LOGGER.debug("Login aborted");
        resetCallback();
        this.sharedState.clear();
        this.token = null;
        return true;
    }

    public boolean logout() {
        LOGGER.debug("Explicit logout");
        this.sharedState.clear();
        this.token = null;
        this.rbaSubject.clear();
        return true;
    }

    private void storeToken(RbaToken rbaToken) {
        if (!$assertionsDisabled && rbaToken == null) {
            throw new AssertionError();
        }
        this.token = rbaToken;
        if (this.token.getType().isMaster()) {
            this.sharedState.put(SHARED_STATE_MASTER_TOKEN, this.token);
        } else {
            this.sharedState.put(SHARED_STATE_APPLICATION_TOKEN, this.token);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RbaToken getAppToken() {
        RbaToken rbaToken = (RbaToken) this.sharedState.get(SHARED_STATE_APPLICATION_TOKEN);
        if (rbaToken == null) {
            rbaToken = this.rbaSubject.getAppToken();
        }
        return rbaToken;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RbaToken getMasterToken() {
        RbaToken rbaToken = (RbaToken) this.sharedState.get(SHARED_STATE_MASTER_TOKEN);
        if (rbaToken == null) {
            rbaToken = this.rbaSubject.getMasterToken();
        }
        return rbaToken;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RbaSubject getRbaSubject() {
        return this.rbaSubject;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, Object> getSharedState() {
        return this.sharedState;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ClientConfiguration getConfiguration() {
        return this.configuration;
    }

    private CallbackHandler getCallbackHandler() {
        return this.handler;
    }

    private void resetCallback() {
        LOGGER.debug("resetCallback() START ...");
        this.sharedState.remove(SHARED_STATE_APPLICATION_TOKEN);
        try {
            this.handler.handle(new Callback[]{new ResetCallback()});
        } catch (IOException | UnsupportedCallbackException e) {
        }
        LOGGER.debug("resetCallback() END");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void handleCallbacks(Callback... callbackArr) throws IOException, UnsupportedCallbackException {
        getCallbackHandler().handle(callbackArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setApplicationAndTokenType(ApplicationCallback applicationCallback, AuthenticationRequestBuilder authenticationRequestBuilder) throws LoginException {
        if (!applicationCallback.isSet()) {
            throw new LoginException("Missing application name");
        }
        authenticationRequestBuilder.setApplication(applicationCallback.getName());
        if (applicationCallback.isRolePickerEnabled() || applicationCallback.isUseLocalSSO()) {
            authenticationRequestBuilder.setTokenType(TokenType.LOCAL_MASTER);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setLifetime(ApplicationCallback applicationCallback, MasterTokenCallback masterTokenCallback, AuthenticationRequestBuilder authenticationRequestBuilder) {
        if (applicationCallback.isUseLocalSSO()) {
            authenticationRequestBuilder.setLifetime(masterTokenCallback.getLifetime());
        } else {
            authenticationRequestBuilder.setLifetime(applicationCallback.getLifetime());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setLifetime(ApplicationCallback applicationCallback, MasterTokenCallback masterTokenCallback, int i, AuthenticationRequestBuilder authenticationRequestBuilder) {
        if (applicationCallback.isUseLocalSSO()) {
            int lifetime = masterTokenCallback.getLifetime();
            authenticationRequestBuilder.setLifetime(lifetime < i ? lifetime : i);
        } else {
            int lifetime2 = applicationCallback.getLifetime();
            authenticationRequestBuilder.setLifetime(lifetime2 < i ? lifetime2 : i);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void invokeRequestAndStoreToken(ServerRequestInvoker serverRequestInvoker, AuthenticationRequestBuilder authenticationRequestBuilder) throws ServerRequestException, TokenFormatException {
        storeToken(RbaToken.parseAndValidate(ByteBuffer.wrap(Base64.decodeBase64(serverRequestInvoker.invokeRequest(authenticationRequestBuilder.buildRequest()))), getConfiguration().getRuntimeConfiguration()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static LoginException createLoginException(Exception exc) {
        LOGGER.info("Login failed: {}", exc.getMessage(), exc);
        if (exc instanceof LoginException) {
            return (LoginException) exc;
        }
        LoginException loginException = new LoginException("Login failed: " + exc.getMessage());
        loginException.initCause(exc);
        return loginException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static LoginException createLoginException(String str) {
        LOGGER.info("Login failed: {}", str);
        return new LoginException("Login failed: " + str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setUserNameAndPassword(UserCallback userCallback, AuthenticationRequestBuilder authenticationRequestBuilder) {
        if (userCallback.isSet()) {
            authenticationRequestBuilder.setUserName(userCallback.getName());
            authenticationRequestBuilder.setPassword(new String(userCallback.getPassword()));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isWindowsOS() {
        return System.getProperty("os.name").toLowerCase().contains("win");
    }

    static {
        $assertionsDisabled = !AbstractRbaLoginModule.class.desiredAssertionStatus();
        LOGGER = LoggerFactory.getLogger((Class<?>) AbstractRbaLoginModule.class);
    }
}
