package org.dcache.gplazma.validation;

import java.security.Principal;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import org.dcache.auth.GidPrincipal;
import org.dcache.auth.UidPrincipal;
import org.dcache.auth.UserNamePrincipal;
import org.dcache.auth.attributes.HomeDirectory;
import org.dcache.auth.attributes.ReadOnly;
import org.dcache.auth.attributes.RootDirectory;
import org.dcache.gplazma.AuthenticationException;
import org.dcache.gplazma.LoginReply;
import org.dcache.gplazma.util.Preconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/dcache/gplazma/validation/DoorValidationStrategy.class */
public class DoorValidationStrategy implements ValidationStrategy {
    private static final Logger LOGGER = LoggerFactory.getLogger(DoorValidationStrategy.class);

    @Override // org.dcache.gplazma.validation.ValidationStrategy
    public void validate(LoginReply loginReply) throws AuthenticationException {
        LOGGER.debug("Validating loginReply {}", loginReply);
        if (loginReply == null) {
            throw new NullPointerException("loginReply is null");
        }
        validatePrincipals(getPrincipalsFromLoginReply(loginReply));
        validateAttributes(getSessionAttributesFromLoginReply(loginReply));
    }

    private static void validatePrincipals(Set<Principal> set) throws AuthenticationException {
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        Iterator<Principal> it = set.iterator();
        while (it.hasNext()) {
            GidPrincipal gidPrincipal = (Principal) it.next();
            if (gidPrincipal instanceof UserNamePrincipal) {
                Preconditions.checkAuthentication(!z, "multiple usernames");
                z = true;
            } else if (gidPrincipal instanceof UidPrincipal) {
                Preconditions.checkAuthentication(!z2, "multiple UIDs");
                z2 = true;
            } else if ((gidPrincipal instanceof GidPrincipal) && gidPrincipal.isPrimaryGroup()) {
                Preconditions.checkAuthentication(!z3, "multiple GIDs");
                z3 = true;
            }
        }
        Preconditions.checkAuthentication(z && z2 && z3, principalsErrorMessage(z, z2, z3));
    }

    private static String principalsErrorMessage(boolean z, boolean z2, boolean z3) {
        StringBuilder sb = new StringBuilder();
        if (!z) {
            sb.append("no username");
        }
        if (!z2) {
            appendWithComma(sb, "no UID");
        }
        if (!z3) {
            appendWithComma(sb, "no primary GID");
        }
        return sb.toString();
    }

    private static void validateAttributes(Set<Object> set) throws AuthenticationException {
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        for (Object obj : set) {
            if (obj instanceof HomeDirectory) {
                Preconditions.checkAuthentication(!z, "multiple home-directories");
                z = true;
            }
            if (obj instanceof RootDirectory) {
                Preconditions.checkAuthentication(!z2, "multiple root-directories");
                z2 = true;
            }
            if (obj instanceof ReadOnly) {
                Preconditions.checkAuthentication(!z3, "multiple read-only declarations");
                z3 = true;
            }
        }
        Preconditions.checkAuthentication(z && z2 && z3, attributesErrorMessage(z, z2, z3));
    }

    private static String attributesErrorMessage(boolean z, boolean z2, boolean z3) {
        StringBuilder sb = new StringBuilder();
        if (!z) {
            sb.append("no home-directory");
        }
        if (!z2) {
            appendWithComma(sb, "no root-directory");
        }
        if (!z3) {
            appendWithComma(sb, "no read-only declaration");
        }
        return sb.toString();
    }

    private static StringBuilder appendWithComma(StringBuilder sb, String str) {
        if (sb.length() > 0) {
            sb.append(", ");
        }
        return sb.append(str);
    }

    private static Set<Object> getSessionAttributesFromLoginReply(LoginReply loginReply) throws AuthenticationException {
        Set<Object> sessionAttributes = loginReply.getSessionAttributes();
        Preconditions.checkAuthentication(sessionAttributes != null, "attributes is null");
        return sessionAttributes;
    }

    private static Set<Principal> getPrincipalsFromLoginReply(LoginReply loginReply) throws AuthenticationException {
        Subject subject = loginReply.getSubject();
        Preconditions.checkAuthentication(subject != null, "subject is null");
        Set<Principal> principals = subject.getPrincipals();
        Preconditions.checkAuthentication(principals != null, "subject principals is null");
        return principals;
    }
}
