package com.maconomy.coupling;

import com.maconomy.api.McCallException;
import com.maconomy.api.McClientContextManager;
import com.maconomy.api.McInterruptedException;
import com.maconomy.api.McLoginReconfigurationException;
import com.maconomy.api.MiClientContext;
import com.maconomy.api.environment.McEnvironment;
import com.maconomy.api.environment.McEnvironmentManager;
import com.maconomy.api.environment.MiEnvironment;
import com.maconomy.api.security.McInvalidPrincipalException;
import com.maconomy.coupling.common.api.McContextCallback;
import com.maconomy.coupling.protocol.McClientContext;
import com.maconomy.eclipse.core.file.McConfigurationFileUtil;
import com.maconomy.mpm.McProbe;
import com.maconomy.util.MiKey;
import com.maconomy.util.MiLazyReference;
import com.maconomy.util.MiOpt;
import com.maconomy.util.caching.McCacheInitializers;
import com.maconomy.util.caching.McCacheMap;
import com.maconomy.util.caching.MiCacheMap;
import com.maconomy.util.errorhandling.McError;
import com.maconomy.util.errorhandling.McErrorUtil;
import com.maconomy.util.net.McUrlUtil;
import com.maconomy.util.timeout.MiExpirable;
import com.maconomy.util.typesafe.McTypeSafe;
import com.maconomy.util.typesafe.MiList;
import com.maconomy.util.typesafe.MiSet;
import com.maconomy.util.typesafe.MiStack;
import java.net.URI;
import java.net.URL;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.EmptyStackException;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.eclipse.equinox.security.auth.ILoginContext;
import org.eclipse.equinox.security.auth.LoginContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/maconomy/coupling/McAuthenticationManager.class */
public final class McAuthenticationManager {
    private static final String MACONOMY_SECURITY_CONFIG = "maconomy.security.config";
    private static final Logger logger = LoggerFactory.getLogger(McAuthenticationManager.class);
    private static final McProbe loginRulesProbe = McProbe.create(McAuthenticationManager.class, new String[]{"LoginRulesProbe"});
    private static final MiCacheMap<Subject, MiEnvironment> ENVIRONMENT_CACHE = McCacheMap.create();
    private static final String ENVIRONMENT_CACHE_LIFETIME_PROP = "com.maconomy.cache.environment-lifetime";
    private static final int ENVIRONMENT_CACHE_LIFETIME_SEC = Integer.getInteger(ENVIRONMENT_CACHE_LIFETIME_PROP, 28800).intValue();
    private static final ThreadLocal<MiStack<ClientData>> CLIENT_DATA = new ThreadLocal<MiStack<ClientData>>() { // from class: com.maconomy.coupling.McAuthenticationManager.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public MiStack<ClientData> initialValue() {
            return McTypeSafe.createStack();
        }
    };
    private static URL configFileURL = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/maconomy/coupling/McAuthenticationManager$ClientData.class */
    public static class ClientData {
        private final MiEnvironment clientEnvironment;
        private boolean contextChanged = false;

        public ClientData(MiEnvironment miEnvironment) {
            this.clientEnvironment = miEnvironment;
        }

        public MiEnvironment getClientEnvironment() {
            return this.clientEnvironment;
        }

        public boolean isContextChanged() {
            return this.contextChanged;
        }

        public void setContextChanged() {
            this.contextChanged = true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/maconomy/coupling/McAuthenticationManager$UserEnvironmentInitializer.class */
    public static class UserEnvironmentInitializer implements MiLazyReference.MiInitializer<MiEnvironment> {
        private final MiClientContext context;

        UserEnvironmentInitializer(MiClientContext miClientContext) {
            this.context = miClientContext;
        }

        /* renamed from: initialize, reason: merged with bridge method [inline-methods] */
        public MiEnvironment m1initialize() {
            return (MiEnvironment) McClientContextManager.runInContext(this.context, new PrivilegedAction<MiEnvironment>() { // from class: com.maconomy.coupling.McAuthenticationManager.UserEnvironmentInitializer.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public MiEnvironment run() {
                    return McEnvironmentManager.createEnvironment(UserEnvironmentInitializer.this.context.getSubject());
                }
            });
        }
    }

    public static void applyLoginRules(MiSet<MiKey> miSet) throws McCallException, McLoginReconfigurationException {
        MiClientContext clientContext = getClientContext();
        if (shouldResolveAnyLoginRule(miSet, clientContext)) {
            McProbe.Entry start = loginRulesProbe.start("applyLoginRules");
            removeEnvironment(clientContext);
            try {
                resolveLoginRules(miSet, clientContext);
            } finally {
                updateEnvironment(clientContext);
                start.log();
            }
        }
    }

    public static void logout() throws McCallException {
        MiClientContext clientContext = getClientContext();
        Subject subject = clientContext.getSubject();
        removeEnvironment(clientContext);
        for (MiKey miKey : clientContext.getLoginRules()) {
            if (miKey.isDefined()) {
                try {
                    new LoginContext(miKey.asString(), subject).logout();
                } catch (LoginException e) {
                    throw McCallException.createFrom(e);
                }
            }
        }
    }

    public static <T> MiContextResponse<T> runInCombinedContext(MiClientContext miClientContext, PrivilegedExceptionAction<T> privilegedExceptionAction) {
        setClientData(new ClientData(miClientContext.getEnvironment()));
        MiEnvironment createCombinedEnvironment = createCombinedEnvironment(miClientContext);
        McClientContext mcClientContext = new McClientContext(miClientContext);
        mcClientContext.setEnvironment(createCombinedEnvironment);
        return runWithClassLoader(McAuthenticationManager.class.getClassLoader(), mcClientContext, privilegedExceptionAction);
    }

    private static <T> MiContextResponse<T> runWithClassLoader(ClassLoader classLoader, MiClientContext miClientContext, PrivilegedExceptionAction<T> privilegedExceptionAction) {
        Thread currentThread = Thread.currentThread();
        ClassLoader contextClassLoader = currentThread.getContextClassLoader();
        try {
            currentThread.setContextClassLoader(classLoader);
            return tryRunInContext(miClientContext, privilegedExceptionAction);
        } finally {
            currentThread.setContextClassLoader(contextClassLoader);
        }
    }

    private static <T> MiContextResponse<T> tryRunInContext(MiClientContext miClientContext, PrivilegedExceptionAction<T> privilegedExceptionAction) {
        Exception exc = null;
        int i = 0;
        do {
            try {
                try {
                    return new McContextResponse(McClientContextManager.runInContext(miClientContext, privilegedExceptionAction), getResultingContext(miClientContext));
                } catch (McInvalidPrincipalException e) {
                    if (logger.isErrorEnabled()) {
                        logger.error("Exception was thrown when trying to initially execute the action", e);
                    }
                    if (exc == null) {
                        exc = e;
                    }
                    MiKey loginRuleForPrincipal = getLoginRuleForPrincipal(e.getPrincipal());
                    removeAllPrincipalsForLoginRule(loginRuleForPrincipal);
                    if (i < 1) {
                        if (logger.isErrorEnabled()) {
                            logger.error("Applying login rule {} - attempt number {}", loginRuleForPrincipal, Integer.valueOf(i + 1));
                        }
                        applyLoginRules(McTypeSafe.singletonSet(loginRuleForPrincipal));
                    }
                    i++;
                }
            } catch (Exception e2) {
                if (logger.isErrorEnabled() && McErrorUtil.showStrackTraceFor(e2)) {
                    if (logger.isErrorEnabled()) {
                        logger.error("Exception was thrown when trying to execute the action", e2);
                    }
                } else if (logger.isDebugEnabled()) {
                    logger.debug("Exception was thrown when trying to execute the action", e2);
                }
                if (exc == null) {
                    exc = e2;
                }
            }
        } while (i <= 1);
        return new McErrorResponse(McCallException.createFrom(exc), getResultingContext(miClientContext));
    }

    private static MiClientContext getClientContext() {
        MiOpt clientContext = McClientContextManager.getClientContext();
        if (clientContext.isDefined()) {
            return (MiClientContext) clientContext.get();
        }
        throw McError.createNullPointerException("Trying to read an undefined client context");
    }

    private static MiKey getLoginRuleForPrincipal(Principal principal) {
        MiOpt loginRuleFromPrincipal = getClientContext().getLoginRuleFromPrincipal(principal);
        if (loginRuleFromPrincipal.isNone()) {
            throw McError.create("Principal " + principal.getName() + " was not registered");
        }
        return (MiKey) loginRuleFromPrincipal.get();
    }

    private static void setClientData(ClientData clientData) {
        CLIENT_DATA.get().push(clientData);
    }

    private static void removeAllPrincipalsForLoginRule(MiKey miKey) {
        MiClientContext clientContext = getClientContext();
        Iterator it = clientContext.getPrincipalsFromLoginRule(miKey).iterator();
        while (it.hasNext()) {
            clientContext.removePrincipal((Principal) it.next());
        }
    }

    private static void removeLocalThreadData() {
        CLIENT_DATA.get().pop();
    }

    private static MiClientContext getResultingContext(MiClientContext miClientContext) {
        if (getClientData().isContextChanged()) {
            miClientContext.setEnvironment(getUserServerEnvironment(miClientContext));
        } else {
            miClientContext.setEnvironment(McEnvironment.UNDEFINED);
        }
        removeLocalThreadData();
        return miClientContext;
    }

    private static ClientData getClientData() {
        try {
            return (ClientData) CLIENT_DATA.get().peek();
        } catch (EmptyStackException unused) {
            throw McError.create("Trying to read an undefined client local data");
        }
    }

    private static MiEnvironment createCombinedEnvironment(MiClientContext miClientContext) {
        return McEnvironment.combine(getUserServerEnvironment(miClientContext), getClientData().getClientEnvironment());
    }

    private static MiEnvironment getUserServerEnvironment(MiClientContext miClientContext) {
        return (MiEnvironment) ENVIRONMENT_CACHE.get(miClientContext.getSubject(), McCacheInitializers.semiPermanentCache(ENVIRONMENT_CACHE_LIFETIME_SEC, new UserEnvironmentInitializer(miClientContext)));
    }

    private static void updateEnvironment(MiClientContext miClientContext) {
        setCombinedEnvironment(createCombinedEnvironment(miClientContext));
    }

    private static void setCombinedEnvironment(MiEnvironment miEnvironment) {
        McEnvironmentManager.setEnvironment(miEnvironment);
        ((MiClientContext) McClientContextManager.getClientContext().get()).setEnvironment(miEnvironment);
        getClientData().setContextChanged();
    }

    private static void removeEnvironment(MiClientContext miClientContext) {
        removeUserServerEnvironment(miClientContext.getSubject());
    }

    private static void removeUserServerEnvironment(Subject subject) {
        ENVIRONMENT_CACHE.remove(subject);
    }

    private static void resolveLoginRules(MiSet<MiKey> miSet, MiClientContext miClientContext) throws McCallException, McLoginReconfigurationException {
        McMaconomyLoginCallbackHandler mcMaconomyLoginCallbackHandler = new McMaconomyLoginCallbackHandler(McContextCallback.create(miClientContext.getCallbackHandler()));
        MiList createArrayList = McTypeSafe.createArrayList();
        boolean z = false;
        for (MiKey miKey : miSet) {
            if (!shouldResolveLoginRule(miKey, miClientContext)) {
            }
            do {
                try {
                    updatePrincipalToLoginRuleUsed(resolveLoginRule(miKey, mcMaconomyLoginCallbackHandler, createArrayList), miKey, miClientContext);
                    z = false;
                } catch (LoginException e) {
                    logout(createArrayList, miClientContext);
                    if (isLoginReconfigured(e)) {
                        throw new McLoginReconfigurationException("Reconfigure server setting");
                    }
                    if (isLoginCancelled(e)) {
                        throw new McInterruptedException("Login was cancelled", false);
                    }
                    if (!isNoLoginModulesConfiguredFor(e) || z) {
                        throw McCallException.createFrom(e);
                    }
                    z = true;
                    Configuration.getConfiguration().refresh();
                }
            } while (z);
        }
    }

    private static boolean shouldResolveAnyLoginRule(MiSet<MiKey> miSet, MiClientContext miClientContext) {
        Iterator it = miSet.iterator();
        while (it.hasNext()) {
            if (shouldResolveLoginRule((MiKey) it.next(), miClientContext)) {
                return true;
            }
        }
        return false;
    }

    private static boolean shouldResolveLoginRule(MiKey miKey, MiClientContext miClientContext) {
        if (miKey.isUndefined()) {
            return false;
        }
        MiSet principalsFromLoginRule = miClientContext.getPrincipalsFromLoginRule(miKey);
        return !(!principalsFromLoginRule.isEmpty()) || anyPrincipalExpired(principalsFromLoginRule);
    }

    private static boolean anyPrincipalExpired(MiSet<Principal> miSet) {
        Iterator it = miSet.iterator();
        while (it.hasNext()) {
            MiExpirable miExpirable = (Principal) it.next();
            if ((miExpirable instanceof MiExpirable) && miExpirable.isExpired()) {
                if (!logger.isDebugEnabled()) {
                    return true;
                }
                logger.debug("Principal " + miExpirable + " has expired and needs to be renewed.");
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0, types: [java.lang.Class<com.maconomy.coupling.McAuthenticationManager>] */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v6 */
    private static MiSet<Principal> resolveLoginRule(MiKey miKey, McMaconomyLoginCallbackHandler mcMaconomyLoginCallbackHandler, MiList<ILoginContext> miList) throws LoginException {
        ?? r0 = McAuthenticationManager.class;
        synchronized (r0) {
            ILoginContext createContext = LoginContextFactory.createContext(miKey.asString(), getSecurityConfigurationFileURLFirstTime(), mcMaconomyLoginCallbackHandler);
            r0 = r0;
            createContext.login();
            miList.add(createContext);
            return McTypeSafe.convertSet(createContext.getSubject().getPrincipals());
        }
    }

    private static void updatePrincipalToLoginRuleUsed(MiSet<Principal> miSet, MiKey miKey, MiClientContext miClientContext) {
        MiSet principalsFromLoginRule = miClientContext.getPrincipalsFromLoginRule(miKey);
        for (Principal principal : miSet) {
            boolean z = false;
            boolean z2 = false;
            Iterator it = principalsFromLoginRule.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Principal principal2 = (Principal) it.next();
                if (principal.getClass().equals(principal2.getClass())) {
                    z = true;
                    if (!principal.equals(principal2)) {
                        z2 = miClientContext.removePrincipal(principal2);
                    }
                }
            }
            if (!z || z2) {
                miClientContext.addPrincipal(principal, miKey);
            }
        }
    }

    private static void logout(MiList<ILoginContext> miList, MiClientContext miClientContext) {
        for (ILoginContext iLoginContext : miList) {
            try {
                removeFromPrincipalToLoginRuleUsed(McTypeSafe.convertSet(iLoginContext.getSubject().getPrincipals()), miClientContext);
                iLoginContext.logout();
            } catch (LoginException e) {
                if (logger.isErrorEnabled()) {
                    logger.error("Errors in logouts during login" + e.getMessage());
                }
            }
        }
    }

    private static void removeFromPrincipalToLoginRuleUsed(MiSet<Principal> miSet, MiClientContext miClientContext) {
        Iterator it = miSet.iterator();
        while (it.hasNext()) {
            miClientContext.removePrincipal((Principal) it.next());
        }
    }

    private static URL getSecurityConfigurationFileURLFirstTime() {
        if (configFileURL != null) {
            return null;
        }
        McConfigurationFileUtil mcConfigurationFileUtil = McConfigurationFileUtil.get();
        MiOpt uriToConfigurationFile = mcConfigurationFileUtil.getUriToConfigurationFile(MACONOMY_SECURITY_CONFIG);
        if (uriToConfigurationFile.isNone()) {
            throw McError.create("Could not find the \"maconomy.security.config\" configuration file at the following locations: \n\n" + mcConfigurationFileUtil.getConfigurationLocations());
        }
        configFileURL = McUrlUtil.fromUri((URI) uriToConfigurationFile.get());
        return configFileURL;
    }

    private static boolean isLoginCancelled(LoginException loginException) {
        Throwable th = loginException;
        while (true) {
            Throwable th2 = th;
            if (th2 == null) {
                return false;
            }
            if (th2.getClass() == LoginException.class && th2.getMessage().contains("all modules ignored")) {
                return true;
            }
            th = th2.getCause();
        }
    }

    private static boolean isNoLoginModulesConfiguredFor(LoginException loginException) {
        Throwable th = loginException;
        while (true) {
            Throwable th2 = th;
            if (th2 == null) {
                return false;
            }
            if (th2.getClass() == LoginException.class && th2.getMessage().contains("No LoginModules configured for")) {
                return true;
            }
            th = th2.getCause();
        }
    }

    private static boolean isLoginReconfigured(LoginException loginException) {
        Throwable th = loginException;
        while (true) {
            Throwable th2 = th;
            if (th2 == null) {
                return false;
            }
            if (th2 instanceof McLoginReconfigurationException) {
                return true;
            }
            th = th2.getCause();
        }
    }
}
