package org.dcache.webadmin.controller.impl;

import diskCacheV111.util.CacheException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.security.auth.Subject;
import org.apache.wicket.authroles.authorization.strategies.role.Roles;
import org.dcache.auth.LoginReply;
import org.dcache.auth.LoginStrategy;
import org.dcache.auth.PasswordCredential;
import org.dcache.auth.Subjects;
import org.dcache.util.CertificateFactories;
import org.dcache.webadmin.controller.LogInService;
import org.dcache.webadmin.controller.exceptions.LogInServiceException;
import org.dcache.webadmin.view.beans.UserBean;
import org.dcache.webadmin.view.util.Role;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/org/dcache/webadmin/controller/impl/LoginStrategyLogInService.class */
public class LoginStrategyLogInService implements LogInService {
    private static final Logger _log = LoggerFactory.getLogger(LogInService.class);
    private LoginStrategy _loginStrategy;
    private int _adminGid;
    private final CertificateFactory _cf = CertificateFactories.newX509CertificateFactory();

    @Override // org.dcache.webadmin.controller.LogInService
    public UserBean authenticate(String str, char[] cArr) throws LogInServiceException {
        Subject subject = new Subject();
        subject.getPrivateCredentials().add(new PasswordCredential(str, String.valueOf(cArr)));
        return authenticate(subject);
    }

    @Override // org.dcache.webadmin.controller.LogInService
    public UserBean authenticate(X509Certificate[] x509CertificateArr) throws LogInServiceException {
        try {
            Subject subject = new Subject();
            subject.getPublicCredentials().add(this._cf.generateCertPath(Arrays.asList(x509CertificateArr)));
            return authenticate(subject);
        } catch (CertificateException e) {
            throw new LogInServiceException("Failed to generate X.509 certificate path: " + e.getMessage(), e);
        }
    }

    public UserBean authenticate(Subject subject) throws LogInServiceException {
        try {
            LoginReply login = this._loginStrategy.login(subject);
            if (login == null) {
                throw new NullPointerException();
            }
            return mapLoginToUser(login);
        } catch (CacheException e) {
            throw new LogInServiceException(e.getMessage(), e);
        }
    }

    private UserBean mapLoginToUser(LoginReply loginReply) {
        UserBean userBean = new UserBean();
        Subject subject = loginReply.getSubject();
        userBean.setUsername(Subjects.getUserName(subject));
        userBean.setRoles(mapGidsToRoles(Subjects.getGids(subject)));
        return userBean;
    }

    private Roles mapGidsToRoles(long[] jArr) {
        Roles roles = new Roles();
        boolean z = false;
        for (long j : jArr) {
            _log.debug("GID : {}", Long.valueOf(j));
            if (j == this._adminGid) {
                roles.add(Role.ADMIN);
                z = true;
            }
        }
        if (!z) {
            roles.add(Role.USER);
        }
        return roles;
    }

    public void setLoginStrategy(LoginStrategy loginStrategy) {
        if (loginStrategy == null) {
            throw new IllegalArgumentException();
        }
        this._loginStrategy = loginStrategy;
    }

    public void setAdminGid(int i) {
        _log.debug("admin GID set to {}", Integer.valueOf(i));
        this._adminGid = i;
    }
}
