package org.dcache.xrootd.plugins.authn.unix;

import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelId;
import java.util.Collections;
import java.util.EnumMap;
import org.dcache.xrootd.core.XrootdException;
import org.dcache.xrootd.security.BufferEncrypter;
import org.dcache.xrootd.security.NestedBucketBuffer;
import org.dcache.xrootd.security.SigningPolicy;
import org.dcache.xrootd.security.StringBucket;
import org.dcache.xrootd.security.XrootdSecurityProtocol;
import org.dcache.xrootd.tpc.AbstractClientAuthnHandler;
import org.dcache.xrootd.tpc.TpcSigverRequestEncoder;
import org.dcache.xrootd.tpc.XrootdTpcInfo;
import org.dcache.xrootd.tpc.protocol.messages.InboundAuthenticationResponse;
import org.dcache.xrootd.tpc.protocol.messages.OutboundAuthenticationRequest;

/* loaded from: input_file:org/dcache/xrootd/plugins/authn/unix/UnixClientAuthenticationHandler.class */
public class UnixClientAuthenticationHandler extends AbstractClientAuthnHandler {
    public static final String PROTOCOL = "unix";

    public UnixClientAuthenticationHandler() {
        super(PROTOCOL);
    }

    protected void doOnAuthenticationResponse(ChannelHandlerContext channelHandlerContext, InboundAuthenticationResponse inboundAuthenticationResponse) throws XrootdException {
        ChannelId id = channelHandlerContext.channel().id();
        int status = inboundAuthenticationResponse.getStatus();
        int streamId = this.client.getStreamId();
        XrootdTpcInfo info = this.client.getInfo();
        switch (status) {
            case 0:
                LOGGER.debug("Authentication to {}, channel {}, stream {}, sessionId {} succeeded; passing to next handler.", new Object[]{info.getSrc(), id, Integer.valueOf(streamId), this.client.getSessionId()});
                channelHandlerContext.fireChannelRead(inboundAuthenticationResponse);
                return;
            default:
                throw new XrootdException(4003, "failed with status " + status);
        }
    }

    protected void sendAuthenticationRequest(ChannelHandlerContext channelHandlerContext) {
        SigningPolicy signingPolicy = this.client.getSigningPolicy();
        LOGGER.debug("Getting (optional) signed hash verification encoder, signing is on? {}; tls ? {}.", Boolean.valueOf(signingPolicy.isSigningOn()), this.client.getTlsSessionInfo().getClientTls());
        if (signingPolicy.isSigningOn()) {
            channelHandlerContext.pipeline().addAfter("encoder", "sigverEncoder", new TpcSigverRequestEncoder((BufferEncrypter) null, signingPolicy));
        }
        EnumMap enumMap = new EnumMap(XrootdSecurityProtocol.BucketType.class);
        StringBucket stringBucket = new StringBucket(XrootdSecurityProtocol.BucketType.kXRS_creds, this.client.getUname());
        enumMap.put((EnumMap) stringBucket.getType(), (XrootdSecurityProtocol.BucketType) stringBucket);
        NestedBucketBuffer nestedBucketBuffer = new NestedBucketBuffer(XrootdSecurityProtocol.BucketType.kXRS_main, PROTOCOL, 1001, enumMap);
        OutboundAuthenticationRequest outboundAuthenticationRequest = new OutboundAuthenticationRequest(this.client.getStreamId(), nestedBucketBuffer.getSize(), PROTOCOL, 1001, Collections.singletonList(nestedBucketBuffer));
        this.client.setExpectedResponse(3000);
        this.client.setAuthResponse((InboundAuthenticationResponse) null);
        channelHandlerContext.writeAndFlush(outboundAuthenticationRequest, channelHandlerContext.newPromise()).addListener(ChannelFutureListener.FIRE_EXCEPTION_ON_FAILURE);
        this.client.startTimer(channelHandlerContext);
    }
}
