package org.jboss.resteasy.keystone.as7;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.connector.Request;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.jboss.resteasy.keystone.client.SkeletonKeyAdminClient;
import org.jboss.resteasy.keystone.client.SkeletonKeyClientBuilder;
import org.jboss.resteasy.keystone.core.UserPrincipal;
import org.jboss.resteasy.keystone.model.Access;
import org.jboss.resteasy.keystone.model.Role;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.plugins.providers.RegisterBuiltin;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;

/* loaded from: input_file:org/jboss/resteasy/keystone/as7/SkeletonKeyStoneLoginModule.class */
public class SkeletonKeyStoneLoginModule extends JBossWebAuthLoginModule {
    static ResteasyClient client;
    static volatile SkeletonKeyAdminClient admin;
    private static final Logger log = Logger.getLogger(SkeletonKeyStoneLoginModule.class);
    protected String projectId;
    protected Access access;

    static void initAdmin(Map<String, ?> map) {
        if (admin == null) {
            synchronized (client) {
                if (admin == null) {
                    String str = (String) map.get("skeleton.key.url");
                    String str2 = (String) map.get("admin.username");
                    String str3 = (String) map.get("admin.password");
                    admin = new SkeletonKeyClientBuilder().username(str2).password(str3).idp(client.target(str)).admin();
                }
            }
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
        initAdmin(map2);
        this.projectId = (String) map2.get("projectId");
    }

    @Override // org.jboss.resteasy.keystone.as7.JBossWebAuthLoginModule
    protected boolean login(Request request, HttpServletResponse httpServletResponse) throws LoginException {
        String header = request.getHeader("X-Auth-Token");
        if (header == null) {
            return false;
        }
        this.access = admin.tokens().get(header);
        if (this.access.getToken().expired()) {
            throw new LoginException("Token expired");
        }
        if (!this.projectId.equals(this.access.getToken().getProject().getId())) {
            throw new LoginException("Token project id doesn't match");
        }
        this.loginOk = true;
        return true;
    }

    protected Principal getIdentity() {
        return new UserPrincipal(this.access.getUser());
    }

    protected Group[] getRoleSets() throws LoginException {
        Group simpleGroup = new SimpleGroup("Roles");
        Group[] groupArr = {simpleGroup};
        Iterator it = this.access.getUser().getRoles().iterator();
        while (it.hasNext()) {
            simpleGroup.addMember(new SimplePrincipal(((Role) it.next()).getName()));
        }
        return groupArr;
    }

    static {
        ResteasyProviderFactory resteasyProviderFactory = new ResteasyProviderFactory();
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        Thread.currentThread().setContextClassLoader(SkeletonKeyStoneLoginModule.class.getClassLoader());
        try {
            RegisterBuiltin.register(resteasyProviderFactory);
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            client = new ResteasyClientBuilder().providerFactory(resteasyProviderFactory).connectionPoolSize(100).maxPooledPerRoute(100).build();
        } catch (Throwable th) {
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            throw th;
        }
    }
}
