package org.dcache.auth;

import com.google.common.base.Strings;
import diskCacheV111.namespace.NameSpaceProvider;
import diskCacheV111.util.CacheException;
import diskCacheV111.util.FsPath;
import diskCacheV111.util.PermissionDeniedCacheException;
import dmg.cells.nucleus.CellCommandListener;
import dmg.cells.nucleus.EnvironmentAware;
import dmg.util.Formats;
import dmg.util.Replaceable;
import java.io.File;
import java.security.Principal;
import java.util.Collections;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.security.auth.Subject;
import org.dcache.auth.attributes.LoginAttribute;
import org.dcache.auth.attributes.PrefixRestriction;
import org.dcache.auth.attributes.RootDirectory;
import org.dcache.gplazma.AuthenticationException;
import org.dcache.gplazma.GPlazma;
import org.dcache.gplazma.LoginReply;
import org.dcache.gplazma.NoSuchPrincipalException;
import org.dcache.gplazma.configuration.FromFileConfigurationLoadingStrategy;
import org.dcache.gplazma.loader.DcacheAwarePluginFactory;
import org.dcache.gplazma.loader.PluginFactory;
import org.dcache.gplazma.monitor.LoginResultPrinter;
import org.dcache.gplazma.monitor.RecordingLoginMonitor;
import org.dcache.util.Args;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:org/dcache/auth/Gplazma2LoginStrategy.class */
public class Gplazma2LoginStrategy implements LoginStrategy, EnvironmentAware, CellCommandListener {
    private String _configurationFile;
    private GPlazma _gplazma;
    private Map<String, Object> _environment = Collections.emptyMap();
    private PluginFactory _factory;
    private Function<FsPath, PrefixRestriction> _createPrefixRestriction;
    public static final String fh_explain_login = "This command runs a test login with the supplied principals\nThe result is tracked and an explanation is provided of how \nthe result was obtained.\n";
    public static final String hh_explain_login = "<principal> [<principal> ...] # explain the result of login";

    @Required
    public void setConfigurationFile(String str) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("configuration file argument wasn't specified correctly");
        }
        if (!new File(str).exists()) {
            throw new IllegalArgumentException("configuration file does not exists at " + str);
        }
        this._configurationFile = str;
    }

    @Required
    public void setNameSpace(NameSpaceProvider nameSpaceProvider) {
        this._factory = new DcacheAwarePluginFactory(nameSpaceProvider);
    }

    public String getConfigurationFile() {
        return this._configurationFile;
    }

    public void setEnvironment(Map<String, Object> map) {
        this._environment = map;
    }

    public Map<String, Object> getEnvironment() {
        return this._environment;
    }

    public Properties getEnvironmentAsProperties() {
        Replaceable replaceable = str -> {
            return Objects.toString(this._environment.get(str), null);
        };
        Properties properties = new Properties();
        for (Map.Entry<String, Object> entry : this._environment.entrySet()) {
            properties.put(entry.getKey(), Formats.replaceKeywords(String.valueOf(entry.getValue()), replaceable));
        }
        return properties;
    }

    public void init() {
        this._gplazma = new GPlazma(new FromFileConfigurationLoadingStrategy(this._configurationFile), getEnvironmentAsProperties(), this._factory);
    }

    public void shutdown() {
        if (this._gplazma != null) {
            this._gplazma.shutdown();
        }
    }

    private LoginReply convertLoginReply(LoginReply loginReply) {
        Set sessionAttributes = loginReply.getSessionAttributes();
        Stream stream = sessionAttributes.stream();
        Class<LoginAttribute> cls = LoginAttribute.class;
        LoginAttribute.class.getClass();
        Stream filter = stream.filter(cls::isInstance);
        Class<LoginAttribute> cls2 = LoginAttribute.class;
        LoginAttribute.class.getClass();
        Set set = (Set) filter.map(cls2::cast).collect(Collectors.toSet());
        Stream stream2 = sessionAttributes.stream();
        Class<RootDirectory> cls3 = RootDirectory.class;
        RootDirectory.class.getClass();
        Stream filter2 = stream2.filter(cls3::isInstance);
        Class<RootDirectory> cls4 = RootDirectory.class;
        RootDirectory.class.getClass();
        Stream map = filter2.map(cls4::cast).filter(rootDirectory -> {
            return !rootDirectory.getRoot().equals("/");
        }).map(rootDirectory2 -> {
            return FsPath.create(rootDirectory2.getRoot());
        }).map(this._createPrefixRestriction);
        set.getClass();
        map.forEach((v1) -> {
            r1.add(v1);
        });
        return new LoginReply(loginReply.getSubject(), set);
    }

    public LoginReply login(Subject subject) throws CacheException {
        try {
            return convertLoginReply(this._gplazma.login(subject));
        } catch (AuthenticationException e) {
            throw new PermissionDeniedCacheException("login failed");
        }
    }

    public Principal map(Principal principal) throws CacheException {
        try {
            return this._gplazma.map(principal);
        } catch (NoSuchPrincipalException e) {
            return null;
        }
    }

    public Set<Principal> reverseMap(Principal principal) throws CacheException {
        try {
            return this._gplazma.reverseMap(principal);
        } catch (NoSuchPrincipalException e) {
            return Collections.emptySet();
        }
    }

    public String ac_explain_login_$_1_99(Args args) {
        Subject subjectFromArgs = Subjects.subjectFromArgs(args.getArguments());
        RecordingLoginMonitor recordingLoginMonitor = new RecordingLoginMonitor();
        try {
            this._gplazma.login(subjectFromArgs, recordingLoginMonitor);
        } catch (AuthenticationException e) {
        }
        return new LoginResultPrinter(recordingLoginMonitor.getResult()).print();
    }

    public void setUploadPath(String str) {
        if (Strings.isNullOrEmpty(str) || !str.startsWith("/")) {
            this._createPrefixRestriction = fsPath -> {
                return new PrefixRestriction(new FsPath[]{fsPath});
            };
        } else {
            FsPath create = FsPath.create(str);
            this._createPrefixRestriction = fsPath2 -> {
                return new PrefixRestriction(new FsPath[]{fsPath2, create});
            };
        }
    }
}
