package cern.rbac.client.authorization;

import cern.rbac.client.ClientConfiguration;
import cern.rbac.client.impl.request.ServerRequestInvokerImpl;
import cern.rbac.client.request.ServerRequestException;
import cern.rbac.client.request.ServerRequestInvoker;
import cern.rbac.common.RbaToken;
import cern.rbac.common.RbacConfiguration;
import cern.rbac.common.authorization.AuthorizationException;
import cern.rbac.common.authorization.Operation;
import cern.rbac.common.impl.RbaConstants;
import cern.rbac.common.impl.request.AccessCheckerRequestBuilder;
import cern.rbac.common.impl.request.AccessMapCommand;
import cern.rbac.common.impl.request.AccessMapRequestBuilder;
import cern.rbac.common.impl.request.McsKeyRequest;
import cern.rbac.common.impl.request.McsKeyRequestBuilder;
import cern.rbac.common.impl.request.McsSignRequestBuilder;
import cern.rbac.common.impl.response.AccessMapResponse;
import cern.rbac.common.impl.response.AccessMapResponseBuilder;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/rbac-client-6.0.2.jar:cern/rbac/client/authorization/AuthorizationClientImpl.class */
class AuthorizationClientImpl implements AuthorizationClient {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AuthorizationClientImpl.class);
    private static final String RESP_AUTH_GRANTED = "true";
    private final ClientConfiguration configuration;
    private final ServerRequestInvoker serverRequestInvoker;
    private final KeyFactory keyFac;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizationClientImpl(ClientConfiguration clientConfiguration) {
        this(clientConfiguration, new ServerRequestInvokerImpl(clientConfiguration));
    }

    AuthorizationClientImpl(ClientConfiguration clientConfiguration, ServerRequestInvoker serverRequestInvoker) {
        this.configuration = clientConfiguration;
        this.serverRequestInvoker = serverRequestInvoker;
        LOGGER.debug("Authorization-Client: {} = '{}'", RbacConfiguration.SYSTEM_PROPERTY_RBAC_ENV, clientConfiguration.getRuntimeConfiguration().getEnvironment());
        try {
            this.keyFac = KeyFactory.getInstance(RbaConstants.KEY_ALGORITHM);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Can't initialize key generator: " + e.getMessage(), e);
        }
    }

    @Override // cern.rbac.client.authorization.AuthorizationClient
    @Deprecated
    public boolean isAuthorized(RbaToken rbaToken, String str, String str2, String str3) throws AuthorizationException {
        return isAuthorized(rbaToken, str, "", str2, str3);
    }

    @Override // cern.rbac.client.authorization.AuthorizationClient
    @Deprecated
    public boolean isMcsAuthorized(RbaToken rbaToken, String str, String str2, String str3) throws AuthorizationException {
        return isAuthorized(rbaToken, str, str2, str3, "set");
    }

    @Override // cern.rbac.client.authorization.AuthorizationClient
    @Deprecated
    public boolean isAuthorized(RbaToken rbaToken, String str, String str2, String str3, String str4) throws AuthorizationException {
        AccessCheckerRequestBuilder newInstance = AccessCheckerRequestBuilder.newInstance();
        newInstance.setToken(rbaToken);
        newInstance.setDeviceClass(str);
        newInstance.setDevice(str2);
        newInstance.setProperty(str3);
        newInstance.setOperation(Operation.fromString(str4));
        try {
            return "true".equals(new String(new ServerRequestInvokerImpl(this.configuration).invokeRequest(newInstance.buildRequest()), StandardCharsets.UTF_8));
        } catch (Exception e) {
            throw new AuthorizationException(e);
        }
    }

    @Override // cern.rbac.client.authorization.AuthorizationClient
    public boolean isAuthorized(AuthorizationRequest authorizationRequest) throws AuthorizationException {
        AccessCheckerRequestBuilder newInstance = AccessCheckerRequestBuilder.newInstance();
        newInstance.setToken(authorizationRequest.getRbaToken());
        newInstance.setDeviceClass(authorizationRequest.getClassName());
        newInstance.setDevice(authorizationRequest.getDeviceName());
        newInstance.setProperty(authorizationRequest.getPropertyName());
        newInstance.setOperation(authorizationRequest.getOperation());
        newInstance.setCheckingPolicy(authorizationRequest.getCheckingPolicy());
        try {
            return "true".equals(new String(new ServerRequestInvokerImpl(this.configuration).invokeRequest(newInstance.buildRequest()), StandardCharsets.UTF_8));
        } catch (Exception e) {
            throw new AuthorizationException(e);
        }
    }

    @Override // cern.rbac.client.authorization.AuthorizationClient
    public AccessMapResponse makeMapsForServer(RbaToken rbaToken, String... strArr) throws AuthorizationException {
        return makeMaps(rbaToken, AccessMapCommand.MAPS_FOR_SERVER, strArr);
    }

    @Override // cern.rbac.client.authorization.AuthorizationClient
    public AccessMapResponse makeMapsForClass(RbaToken rbaToken, String... strArr) throws AuthorizationException {
        return makeMaps(rbaToken, AccessMapCommand.MAPS_FOR_CLASS, strArr);
    }

    @Override // cern.rbac.client.authorization.AuthorizationClient
    public AccessMapResponse makeMapsForFrontEnd(RbaToken rbaToken, String... strArr) throws AuthorizationException {
        return makeMaps(rbaToken, AccessMapCommand.MAPS_FOR_FRONT_END, strArr);
    }

    @Override // cern.rbac.client.authorization.AuthorizationClient
    public AccessMapResponse makeTestMapsForClass(RbaToken rbaToken, String... strArr) throws AuthorizationException {
        return makeMaps(rbaToken, AccessMapCommand.MAPS_FOR_CLASS_TEST, strArr);
    }

    @Override // cern.rbac.client.authorization.AuthorizationClient
    public byte[] sign(RbaToken rbaToken, byte[] bArr) throws AuthorizationException {
        McsSignRequestBuilder newInstance = McsSignRequestBuilder.newInstance();
        newInstance.setToken(rbaToken);
        newInstance.setSignBuffer(Base64.encodeBase64(bArr));
        try {
            return Base64.decodeBase64(this.serverRequestInvoker.invokeRequest(newInstance.buildRequest()));
        } catch (Exception e) {
            LOGGER.info("MCS sign request failed: {}", e.getMessage(), e);
            throw new AuthorizationException(e);
        }
    }

    @Override // cern.rbac.client.authorization.AuthorizationClient
    public boolean verify(byte[] bArr, byte[] bArr2, PublicKey publicKey) throws AuthorizationException {
        try {
            Signature signature = Signature.getInstance(RbaConstants.SIGNATURE_ALGORITHM);
            signature.initVerify(publicKey);
            signature.update(bArr, 0, bArr.length);
            return signature.verify(bArr2);
        } catch (Exception e) {
            throw new AuthorizationException(e);
        }
    }

    @Override // cern.rbac.client.authorization.AuthorizationClient
    public PublicKey getMcsPublicKey(String str, String str2, String str3) throws AuthorizationException {
        McsKeyRequestBuilder newInstance = McsKeyRequestBuilder.newInstance();
        newInstance.setDeviceClass(str);
        newInstance.setDevice(str2);
        newInstance.setProperty(str3);
        return getMcsPublicKeyImpl(newInstance.buildRequest());
    }

    @Override // cern.rbac.client.authorization.AuthorizationClient
    public PublicKey getMcsPublicKey(String str) throws AuthorizationException {
        McsKeyRequestBuilder newInstance = McsKeyRequestBuilder.newInstance();
        newInstance.setMCSRole(str);
        return getMcsPublicKeyImpl(newInstance.buildRequest());
    }

    private PublicKey getMcsPublicKeyImpl(McsKeyRequest mcsKeyRequest) throws AuthorizationException {
        try {
            return this.keyFac.generatePublic(new X509EncodedKeySpec(Base64.decodeBase64(this.serverRequestInvoker.invokeRequest(mcsKeyRequest))));
        } catch (Exception e) {
            LOGGER.info("MCS generatePublic key failed: {}", e.getMessage(), e);
            throw new AuthorizationException(e);
        }
    }

    private AccessMapResponse makeMaps(RbaToken rbaToken, AccessMapCommand accessMapCommand, String... strArr) throws AuthorizationException {
        AccessMapRequestBuilder newInstance = AccessMapRequestBuilder.newInstance();
        newInstance.setToken(rbaToken);
        newInstance.setCommand(accessMapCommand);
        newInstance.setParameter(String.join(",", strArr));
        try {
            return (AccessMapResponse) new ServerRequestInvokerImpl(this.configuration).invokeRequest(newInstance.buildRequest(), AccessMapResponseBuilder.newInstance());
        } catch (ServerRequestException e) {
            throw new AuthorizationException(e);
        }
    }
}
