package com.maconomy.api.security;

import com.maconomy.api.McCallException;
import com.maconomy.api.credentials.McOAuthCredentials;
import com.maconomy.api.data.collection.MiGenericDataValues;
import com.maconomy.api.events.MiContainerEventData;
import com.maconomy.api.security.McAbstractOAuthClient;
import com.maconomy.api.security.McAbstractOAuthPrincipal;
import com.maconomy.api.security.response.McOAuthLogin;
import com.maconomy.mpm.McProbe;
import com.maconomy.util.McKey;
import com.maconomy.util.McOpt;
import com.maconomy.util.MiKey;
import com.maconomy.util.MiOpt;
import com.maconomy.util.MiText;
import com.maconomy.util.typesafe.McTypeSafe;
import java.io.IOException;
import java.security.Principal;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.ConfirmationCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/maconomy/api/security/McAbstractOAuthLoginModule.class */
public abstract class McAbstractOAuthLoginModule<P extends McAbstractOAuthPrincipal, C extends McAbstractOAuthClient> extends McAbstractLoginModule {
    private static final Logger logger = LoggerFactory.getLogger(McAbstractOAuthLoginModule.class);
    private final McProbe oAuthLoginProbe = McProbe.create(getClass(), new String[]{"OAuthLoginProbe"});
    private boolean loginSucceded = false;
    private MiOpt<McAbstractOAuthPrincipal> oauthPrincipal = McOpt.none();
    private static final String CLIENT_ID = "clientID";
    private static final String CLIENT_SECRET = "clientSecret";

    protected abstract P createPrincipal(MiKey miKey, MiKey miKey2, MiKey miKey3, MiKey miKey4);

    protected abstract C getLoginClient(MiKey miKey, MiKey miKey2);

    protected abstract C getRefreshClient(MiKey miKey, MiKey miKey2, MiKey miKey3);

    protected abstract MiText insufficientCredentialsMessage();

    protected abstract MiText misconfiguredOAuthLoginModule();

    protected abstract MiText loginDialogTitle();

    protected abstract MiText couldNotLoginMessage(MiText miText);

    protected abstract MiOpt<P> getPrincipal();

    protected abstract boolean isLoggedIn();

    @Override // com.maconomy.api.security.McAbstractLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
    }

    @Override // com.maconomy.api.security.McAbstractLoginModule
    public boolean login() throws LoginException {
        MiKey key = McKey.key((String) getOption(CLIENT_ID).getElse(""));
        MiKey key2 = McKey.key((String) getOption(CLIENT_SECRET).getElse(""));
        if (key.isUndefined() || key2.isUndefined()) {
            if (logger.isDebugEnabled()) {
                logger.debug("Login denied because of the insufficient configuration of the OAuth login module");
            }
            reportLoginError(misconfiguredOAuthLoginModule());
        }
        if (isValidOrRefreshable(key, key2)) {
            this.loginSucceded = true;
            return true;
        }
        C loginClient = getLoginClient(key, key2);
        try {
            try {
                MiOpt<McOAuthCredentials> requestCredentials = requestCredentials();
                if (!requestCredentials.isDefined()) {
                    loginClient.destroy();
                    return false;
                }
                if (!((McOAuthCredentials) requestCredentials.get()).isComplete()) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Login denied because of insufficient credentials provided by the user: ({})", requestCredentials);
                    }
                    reportLoginError(insufficientCredentialsMessage());
                }
                McOAuthLogin login = loginClient.login((McOAuthCredentials) requestCredentials.get());
                if (login.getError().isDefined()) {
                    reportLoginError(couldNotLoginMessage(login.getError()));
                }
                if (isLoginSuccessful(login)) {
                    this.oauthPrincipal = McOpt.opt(createPrincipal(loginClient.getClientID(), login.getAccessToken(), login.getRefreshToken(), login.getExpiresIn()));
                    this.loginSucceded = true;
                }
                loginClient.destroy();
                return true;
            } catch (Exception e) {
                if (logger.isErrorEnabled()) {
                    logger.error("Error during OAuth 2.0 login:", e);
                }
                throw handleException(e);
            }
        } catch (Throwable th) {
            loginClient.destroy();
            throw th;
        }
    }

    private boolean isValidOrRefreshable(MiKey miKey, MiKey miKey2) {
        MiOpt<P> principal = getPrincipal();
        if (!principal.isDefined()) {
            return false;
        }
        McProbe.Entry start = this.oAuthLoginProbe.start("isLoginStillValid");
        try {
            if (isLoggedIn()) {
                return true;
            }
            C refreshClient = getRefreshClient(miKey, miKey2, ((McAbstractOAuthPrincipal) principal.get()).getRefreshToken());
            try {
                McOAuthLogin refresh = refreshClient.refresh();
                if (!isLoginSuccessful(refresh)) {
                    return false;
                }
                this.oauthPrincipal = McOpt.opt(createPrincipal(miKey, refresh.getAccessToken(), refresh.getRefreshToken(), refresh.getExpiresIn()));
                refreshClient.destroy();
                return true;
            } finally {
                refreshClient.destroy();
            }
        } finally {
            start.log();
        }
    }

    private boolean isLoginSuccessful(McOAuthLogin mcOAuthLogin) {
        return mcOAuthLogin.getAccessToken().isDefined() && mcOAuthLogin.getRefreshToken().isDefined() && mcOAuthLogin.getExpiresIn().isDefined();
    }

    public boolean commit() throws LoginException {
        if (!this.loginSucceded) {
            return false;
        }
        if (!this.oauthPrincipal.isDefined()) {
            return true;
        }
        getSubject().getPrincipals().add((Principal) this.oauthPrincipal.get());
        this.oauthPrincipal = McOpt.none();
        return true;
    }

    public boolean abort() throws LoginException {
        this.oauthPrincipal = McOpt.none();
        return this.loginSucceded;
    }

    public boolean logout() throws LoginException {
        if (!this.oauthPrincipal.isDefined()) {
            return false;
        }
        MiOpt<P> principal = getPrincipal();
        if (principal.isNone()) {
            return false;
        }
        getSubject().getPrincipals().remove(principal.get());
        return true;
    }

    private void reportLoginError(MiText miText) throws FailedLoginException {
        if (logger.isErrorEnabled()) {
            logger.error("Error during OAuth 2.0 login: {}", miText.asString());
        }
        throw new FailedLoginException().initCause(new McCallException(miText));
    }

    /* JADX WARN: Multi-variable type inference failed */
    private MiOpt<McOAuthCredentials> requestCredentials() throws IOException, UnsupportedCallbackException {
        McTextOutputCallback mcTextOutputCallback = new McTextOutputCallback(0, loginDialogTitle());
        McNameCallback createNameCallback = McLoginModuleUtil.createNameCallback(McLoginModuleUtil.getUsernamePrompt(), null);
        McPasswordCallback mcPasswordCallback = new McPasswordCallback(McLoginModuleUtil.getPasswordPrompt(), false);
        ConfirmationCallback confirmationCallback = new ConfirmationCallback(" ", 0, 2, 3);
        getCallbackHandler().handle((Callback[]) McTypeSafe.createArrayList(new Callback[]{mcTextOutputCallback, confirmationCallback, createNameCallback, mcPasswordCallback}).toArray(new Callback[0]));
        switch (confirmationCallback.getSelectedIndex()) {
            case MiContainerEventData.CARD_ROW_NUMBER /* 0 */:
            case 3:
                return McOpt.opt(new McOAuthCredentials(createNameCallback.getName(), (mcPasswordCallback == null || mcPasswordCallback.getPassword() == null) ? "" : String.valueOf(mcPasswordCallback.getPassword())));
            case MiGenericDataValues.removeSuppressWarnings /* 1 */:
            case 2:
            default:
                return McOpt.none();
        }
    }
}
