package org.dcache.xrootd.plugins.authn.ztn;

import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelId;
import org.dcache.xrootd.core.XrootdException;
import org.dcache.xrootd.security.BufferEncrypter;
import org.dcache.xrootd.security.SigningPolicy;
import org.dcache.xrootd.security.TLSSessionInfo;
import org.dcache.xrootd.security.TokenValidator;
import org.dcache.xrootd.tpc.AbstractClientAuthnHandler;
import org.dcache.xrootd.tpc.TpcSigverRequestEncoder;
import org.dcache.xrootd.tpc.XrootdTpcInfo;
import org.dcache.xrootd.tpc.protocol.messages.InboundAuthenticationResponse;
import org.dcache.xrootd.tpc.protocol.messages.OutboundAuthenticationRequest;

/* loaded from: input_file:org/dcache/xrootd/plugins/authn/ztn/ZTNClientAuthenticationHandler.class */
public class ZTNClientAuthenticationHandler extends AbstractClientAuthnHandler {
    private static final int VERSION = 0;
    private static final byte OPR = 84;

    public ZTNClientAuthenticationHandler() {
        super(ZTNCredential.PROTOCOL);
    }

    protected void doOnAuthenticationResponse(ChannelHandlerContext channelHandlerContext, InboundAuthenticationResponse inboundAuthenticationResponse) throws XrootdException {
        ChannelId id = channelHandlerContext.channel().id();
        int status = inboundAuthenticationResponse.getStatus();
        int streamId = this.client.getStreamId();
        XrootdTpcInfo info = this.client.getInfo();
        switch (status) {
            case VERSION /* 0 */:
                LOGGER.debug("Authentication to {}, channel {}, stream {}, sessionId {} succeeded; passing to next handler.", new Object[]{info.getSrc(), id, Integer.valueOf(streamId), this.client.getSessionId()});
                channelHandlerContext.fireChannelRead(inboundAuthenticationResponse);
                return;
            default:
                throw new XrootdException(4003, "failed with status " + status);
        }
    }

    protected void sendAuthenticationRequest(ChannelHandlerContext channelHandlerContext) throws XrootdException {
        LOGGER.warn("TPC with ztn and scitokens is not yet established; this is not guaranteed to work with version 0.");
        SigningPolicy signingPolicy = this.client.getSigningPolicy();
        TLSSessionInfo tlsSessionInfo = this.client.getTlsSessionInfo();
        if (signingPolicy.isSigningOn()) {
            channelHandlerContext.pipeline().addAfter("encoder", "sigverEncoder", new TpcSigverRequestEncoder((BufferEncrypter) null, signingPolicy));
            LOGGER.debug("optional signed hash verification encoder has been added; this is unusual for ZTN:signing is on? {}; tls ? {}.", Boolean.valueOf(signingPolicy.isSigningOn()), tlsSessionInfo.getClientTls());
        }
        String sourceToken = this.client.getInfo().getSourceToken();
        if (sourceToken == null) {
            throw new XrootdException(3010, "TPC was not provided a ztn token.");
        }
        String stripOffPrefix = TokenValidator.stripOffPrefix(sourceToken);
        LOGGER.debug("sendAuthenticationRequest, source token is {}.", stripOffPrefix);
        ZTNCredential zTNCredential = new ZTNCredential();
        zTNCredential.setVersion(VERSION);
        zTNCredential.setOpr((byte) 84);
        zTNCredential.setTokenLength(stripOffPrefix.length());
        zTNCredential.setToken(stripOffPrefix);
        OutboundAuthenticationRequest outboundAuthenticationRequest = new OutboundAuthenticationRequest(this.client.getStreamId(), ZTNCredential.PROTOCOL, zTNCredential.getLength(), byteBuf -> {
            ZTNCredentialUtils.writeBytes(byteBuf, zTNCredential);
        });
        this.client.setExpectedResponse(3000);
        this.client.setAuthResponse((InboundAuthenticationResponse) null);
        channelHandlerContext.writeAndFlush(outboundAuthenticationRequest, channelHandlerContext.newPromise()).addListener(ChannelFutureListener.FIRE_EXCEPTION_ON_FAILURE);
        this.client.startTimer(channelHandlerContext);
    }
}
