package cern.accsoft.security.rba.spi.login;

import cern.accsoft.commons.util.Assert;
import cern.accsoft.security.rba.RBASubject;
import cern.accsoft.security.rba.RBAToken;
import cern.accsoft.security.rba.spi.RBASubjectImpl;
import java.io.IOException;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.spi.LoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cern/accsoft/security/rba/spi/login/AbstractRBALoginModule.class */
public abstract class AbstractRBALoginModule implements LoginModule {
    private static final Logger LOGGER;
    protected static final String SHARED_STATE_TOKEN_CACHE = "token-cache";
    protected static final String SHARED_STATE_APPLICATION_TOKEN = "application-token";
    protected static final String SHARED_STATE_MASTER_TOKEN = "master-token";
    protected static final String SHARED_STATE_ROLE_PICKER_CANCELLED = "role-picker-cancelled";
    private RBASubject rbaSubject;
    private CallbackHandler handler;
    private Map<String, Object> sharedState;
    protected RBAToken token;
    static final /* synthetic */ boolean $assertionsDisabled;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        Assert.notNull(subject);
        Assert.notNull(callbackHandler);
        Assert.notNull(map);
        Assert.notNull(map2);
        this.rbaSubject = new RBASubjectImpl(subject);
        this.handler = callbackHandler;
        this.sharedState = map;
    }

    public boolean commit() {
        LOGGER.debug("commit() START ...");
        resetCallback();
        if (this.token == null) {
            LOGGER.debug("commit() token null, END");
            return false;
        }
        LOGGER.info("Obtained {} token for username '{}': #0x{}", new Object[]{this.token.getType().name(), this.token.getUser().getName(), Integer.toHexString(this.token.getSerialId())});
        if (this.token.getType().isMaster()) {
            this.rbaSubject.setMasterToken(this.token);
        } else {
            this.rbaSubject.setAppToken(this.token);
        }
        this.rbaSubject.clearExpiredTokens();
        this.token = null;
        saveMasterToken();
        LOGGER.debug("commit() END");
        return true;
    }

    public boolean abort() {
        LOGGER.debug("Login aborted");
        resetCallback();
        this.sharedState.clear();
        this.token = null;
        return true;
    }

    public boolean logout() {
        LOGGER.debug("Explicit logout");
        this.sharedState.clear();
        this.token = null;
        this.rbaSubject.clear();
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeToken(RBAToken rBAToken) {
        if (!$assertionsDisabled && rBAToken == null) {
            throw new AssertionError();
        }
        this.token = rBAToken;
        if (this.token.getType().isMaster()) {
            this.sharedState.put(SHARED_STATE_MASTER_TOKEN, this.token);
        } else {
            this.sharedState.put(SHARED_STATE_APPLICATION_TOKEN, this.token);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RBAToken getAppToken() {
        RBAToken rBAToken = (RBAToken) this.sharedState.get(SHARED_STATE_APPLICATION_TOKEN);
        if (rBAToken == null) {
            rBAToken = this.rbaSubject.getAppToken();
        }
        return rBAToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RBAToken getMasterToken() {
        RBAToken rBAToken = (RBAToken) this.sharedState.get(SHARED_STATE_MASTER_TOKEN);
        if (rBAToken == null) {
            rBAToken = this.rbaSubject.getMasterToken();
        }
        return rBAToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RBASubject getRbaSubject() {
        return this.rbaSubject;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, Object> getSharedState() {
        return this.sharedState;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CallbackHandler getCallbackHandler() {
        return this.handler;
    }

    private void resetCallback() {
        LOGGER.debug("resetCallback() START ...");
        this.sharedState.remove(SHARED_STATE_APPLICATION_TOKEN);
        try {
            this.handler.handle(new Callback[]{new ResetCallback()});
        } catch (Exception e) {
        }
        LOGGER.debug("resetCallback() END");
    }

    private void saveMasterToken() {
        TokenCache tokenCache = (TokenCache) this.sharedState.get(SHARED_STATE_TOKEN_CACHE);
        if (tokenCache != null) {
            try {
                tokenCache.save();
            } catch (IOException e) {
                LOGGER.error("Can't save cached MASTER token: " + e.getMessage() + "\nMasterToken: " + this.rbaSubject.getMasterToken(), e);
            }
        }
    }

    static {
        $assertionsDisabled = !AbstractRBALoginModule.class.desiredAssertionStatus();
        LOGGER = LoggerFactory.getLogger(AbstractRBALoginModule.class);
    }
}
