package cern.rbac.client.impl.authentication;

import cern.rbac.client.impl.request.ServerRequestInvokerImpl;
import cern.rbac.common.RbaToken;
import cern.rbac.common.Role;
import cern.rbac.common.RoleUtils;
import cern.rbac.common.impl.request.AuthenticationRequestBuilder;
import java.io.IOException;
import java.util.Date;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/rbac-client-6.0.2.jar:cern/rbac/client/impl/authentication/MasterTokenLoginModule.class */
public class MasterTokenLoginModule extends AbstractRbaLoginModule {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) MasterTokenLoginModule.class);

    public boolean login() throws LoginException {
        LOGGER.info("RBAC: Attempting SSO login ...");
        if (getSharedState().get("application-token") != null) {
            return true;
        }
        if (getRbaSubject().hasValidAppToken()) {
            this.token = getRbaSubject().getAppToken();
            LOGGER.info("Valid application token already exists");
            return true;
        }
        ApplicationCallback applicationCallback = new ApplicationCallback();
        try {
            handleCallbacks(applicationCallback);
            RbaToken findRenewableToken = findRenewableToken();
            if (null == findRenewableToken) {
                LOGGER.info("No master or renewable token found");
                return false;
            }
            Role[] roles = getRoles(applicationCallback, findRenewableToken);
            if (!applicationCallback.isSet()) {
                throw new LoginException("Missing application name");
            }
            AuthenticationRequestBuilder newInstance = AuthenticationRequestBuilder.newInstance();
            newInstance.setApplication(applicationCallback.getName());
            newInstance.setLifetime(applicationCallback.getLifetime());
            newInstance.setOrigin(findRenewableToken);
            newInstance.setAccountName(getConfiguration().getUsername());
            setRoles(roles, newInstance);
            invokeRequestAndStoreToken(new ServerRequestInvokerImpl(getConfiguration()), newInstance);
            LOGGER.info("RBAC: SSO login succeeded");
            return true;
        } catch (Exception e) {
            throw createLoginException(e);
        }
    }

    private RbaToken findRenewableToken() {
        Date renewTill;
        RbaToken masterToken = getMasterToken();
        RbaToken rbaToken = null;
        RbaToken expiredAppToken = getRbaSubject().getExpiredAppToken();
        if (expiredAppToken != null && expiredAppToken.getExtra() != null && (renewTill = expiredAppToken.getExtra().getRenewTill()) != null && renewTill.getTime() > System.currentTimeMillis()) {
            rbaToken = expiredAppToken;
        }
        RbaToken rbaToken2 = null;
        if (masterToken != null) {
            LOGGER.debug("Master token found");
            rbaToken2 = masterToken;
        } else if (rbaToken != null) {
            LOGGER.debug("Renewable token found");
            rbaToken2 = rbaToken;
        }
        return rbaToken2;
    }

    private Role[] getRoles(ApplicationCallback applicationCallback, RbaToken rbaToken) throws IOException, UnsupportedCallbackException {
        Role[] roleArr = null;
        if (applicationCallback.isRolePickerEnabled() && rbaToken.getType().isMaster()) {
            RolesCallback rolesCallback = new RolesCallback();
            Role[] rolesHint = rbaToken.getExtra().getRolesHint();
            rolesCallback.setAvailableRoles(rolesHint == null ? new Role[0] : rolesHint);
            rolesCallback.setSessionStart(rbaToken.getAuthTime());
            handleCallbacks(rolesCallback);
            if (rolesCallback.isSet()) {
                roleArr = rolesCallback.getSelectedRoles();
            }
        }
        return roleArr;
    }

    private void setRoles(Role[] roleArr, AuthenticationRequestBuilder authenticationRequestBuilder) {
        if (roleArr != null) {
            if (roleArr.length == 0) {
                authenticationRequestBuilder.setRoles(new String[]{"+"});
            } else {
                authenticationRequestBuilder.setRoles(RoleUtils.getRoleNames(roleArr));
            }
        }
    }

    @Override // cern.rbac.client.impl.authentication.AbstractRbaLoginModule
    public /* bridge */ /* synthetic */ boolean logout() {
        return super.logout();
    }

    @Override // cern.rbac.client.impl.authentication.AbstractRbaLoginModule
    public /* bridge */ /* synthetic */ boolean abort() {
        return super.abort();
    }

    @Override // cern.rbac.client.impl.authentication.AbstractRbaLoginModule
    public /* bridge */ /* synthetic */ boolean commit() {
        return super.commit();
    }

    @Override // cern.rbac.client.impl.authentication.AbstractRbaLoginModule
    public /* bridge */ /* synthetic */ void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
    }
}
