package org.dcache.xrootd.plugins.authn.ztn;

import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.StringJoiner;
import java.util.stream.Stream;
import javax.security.auth.Subject;
import org.dcache.xrootd.core.XrootdException;
import org.dcache.xrootd.plugins.AuthenticationHandler;
import org.dcache.xrootd.protocol.messages.AuthenticationRequest;
import org.dcache.xrootd.protocol.messages.OkResponse;
import org.dcache.xrootd.protocol.messages.XrootdResponse;
import org.dcache.xrootd.security.BufferDecrypter;
import org.dcache.xrootd.security.RequiresTLS;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/dcache/xrootd/plugins/authn/ztn/AbstractZTNAuthenticationHandler.class */
public abstract class AbstractZTNAuthenticationHandler implements AuthenticationHandler, RequiresTLS {
    protected static final Logger LOGGER = LoggerFactory.getLogger(AbstractZTNAuthenticationHandler.class);
    protected Subject subject;
    protected ZTNCredential credential;
    protected Set<String> trustedIssuers;
    private Integer maxTokenSize;
    private List<String> alternateTokenLocations;
    private Long tokenUsageFlags;
    private boolean completed;

    public XrootdResponse<AuthenticationRequest> authenticate(AuthenticationRequest authenticationRequest) throws XrootdException {
        this.subject = new Subject();
        this.credential = ZTNCredentialUtils.deserialize(authenticationRequest.getCredentialBuffer());
        authenticationRequest.releaseBuffer();
        LOGGER.trace("ZTNCredential: {}.", this.credential);
        if (this.maxTokenSize != null && this.credential.getNullTerminatedTokenLength() > this.maxTokenSize.intValue()) {
            this.completed = true;
            throw new XrootdException(3002, "token exceeds max length");
        }
        validateToken();
        this.completed = true;
        return new OkResponse(authenticationRequest);
    }

    public String getProtocol() {
        StringBuilder sb = new StringBuilder("&P=");
        sb.append(ZTNCredential.PROTOCOL);
        if (hasParams()) {
            sb.append(",");
            if (this.tokenUsageFlags == null) {
                sb.append(0L);
            } else {
                sb.append(this.tokenUsageFlags);
            }
            sb.append(":");
            if (this.maxTokenSize == null) {
                sb.append(Integer.MAX_VALUE);
            } else {
                sb.append(this.maxTokenSize);
            }
            sb.append(":");
            if (this.alternateTokenLocations != null) {
                StringJoiner stringJoiner = new StringJoiner(",");
                Stream<R> map = this.alternateTokenLocations.stream().map(str -> {
                    return (CharSequence) CharSequence.class.cast(str);
                });
                Objects.requireNonNull(stringJoiner);
                map.forEach(stringJoiner::add);
                sb.append(stringJoiner.toString());
            }
        }
        LOGGER.debug("Protocol: {}.", sb.toString());
        return sb.toString();
    }

    public String getProtocolName() {
        return ZTNCredential.PROTOCOL;
    }

    public Subject getSubject() {
        return this.subject;
    }

    public boolean isCompleted() {
        return this.completed;
    }

    public BufferDecrypter getDecrypter() {
        return null;
    }

    public void setMaxTokenSize(Integer num) {
        this.maxTokenSize = num;
    }

    public void setAlternateTokenLocations(List<String> list) {
        this.alternateTokenLocations = list;
    }

    public void setTokenUsageFlags(Long l) {
        this.tokenUsageFlags = l;
    }

    public void setTrustedIssuers(Set<String> set) {
        this.trustedIssuers = set;
    }

    private boolean hasParams() {
        return (this.maxTokenSize == null && this.tokenUsageFlags == null && this.alternateTokenLocations == null) ? false : true;
    }

    protected abstract void validateToken() throws XrootdException;
}
