package io.fabric8.jaas;

import io.fabric8.zookeeper.curator.CuratorFrameworkLocator;
import io.fabric8.zookeeper.utils.ZooKeeperUtils;
import java.security.Principal;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.curator.framework.CuratorFramework;
import org.apache.karaf.jaas.boot.principal.RolePolicy;
import org.apache.karaf.jaas.modules.Encryption;
import org.apache.karaf.jaas.modules.encryption.EncryptionSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/fabric8/jaas/ZookeeperLoginModule.class */
public class ZookeeperLoginModule implements LoginModule {
    private CallbackHandler callbackHandler;
    private String roleDiscriminator;
    private String rolePolicy;
    private Subject subject;
    private EncryptionSupport encryptionSupport;
    private String path;
    private static final Logger LOG = LoggerFactory.getLogger(ZookeeperLoginModule.class);
    private static Properties users = new Properties();
    private static long usersTs = -1;
    private static Properties containers = new Properties();
    private static long containersTs = -1;
    private Set<Principal> principals = new HashSet();
    private boolean debug = false;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.callbackHandler = callbackHandler;
        this.subject = subject;
        this.roleDiscriminator = (String) map2.get("role.discriminator");
        this.rolePolicy = (String) map2.get("role.policy");
        this.encryptionSupport = new BasicEncryptionSupport(map2);
        this.debug = Boolean.parseBoolean((String) map2.get("debug"));
        this.path = (String) map2.get("path");
        if (this.path == null) {
            this.path = ZookeeperBackingEngine.USERS_NODE;
        }
        try {
            CuratorFramework curatorFramework = CuratorFrameworkLocator.getCuratorFramework();
            if (curatorFramework != null) {
                try {
                    users = getCachedUsers(curatorFramework, this.path, false);
                    containers = getCachedContainerTokens(curatorFramework, false);
                } catch (IllegalStateException e) {
                    if ("Client is not started".equals(e.getMessage())) {
                        LOG.warn("Zookeeper connection not available. ZK authentication module is not enabled.");
                    }
                }
            }
            if (this.debug) {
                LOG.debug("Initialize [" + this + "] - curator=" + curatorFramework + ",users=" + users);
            }
        } catch (Exception e2) {
            LOG.warn("Failed fetching authentication data.", e2);
        }
    }

    private Properties getCachedUsers(CuratorFramework curatorFramework, String str, boolean z) throws Exception {
        Properties properties;
        if (!z && usersTs + 60000 > System.currentTimeMillis()) {
            return users;
        }
        synchronized (this) {
            users = ZooKeeperUtils.getProperties(curatorFramework, str);
            usersTs = System.currentTimeMillis();
            properties = users;
        }
        return properties;
    }

    private Properties getCachedContainerTokens(CuratorFramework curatorFramework, boolean z) throws Exception {
        Properties properties;
        if (!z && containersTs + 60000 > System.currentTimeMillis()) {
            return containers;
        }
        synchronized (this) {
            containers = ZooKeeperUtils.getContainerTokens(curatorFramework);
            containersTs = System.currentTimeMillis();
            properties = containers;
        }
        return properties;
    }

    /* JADX WARN: Removed duplicated region for block: B:53:0x03b3  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean login() throws javax.security.auth.login.LoginException {
        /*
            Method dump skipped, instructions count: 960
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.fabric8.jaas.ZookeeperLoginModule.login():boolean");
    }

    public boolean commit() throws LoginException {
        if (this.principals.isEmpty()) {
            return false;
        }
        RolePolicy policy = RolePolicy.getPolicy(this.rolePolicy);
        if (policy == null || this.roleDiscriminator == null) {
            this.subject.getPrincipals().addAll(this.principals);
            return true;
        }
        policy.handleRoles(this.subject, this.principals, this.roleDiscriminator);
        return true;
    }

    public boolean abort() throws LoginException {
        if (!this.debug) {
            return true;
        }
        LOG.debug("abort");
        return true;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().removeAll(this.principals);
        this.principals.clear();
        if (!this.debug) {
            return true;
        }
        LOG.debug("logout");
        return true;
    }

    public String getEncryptedPassword(String str) {
        Encryption encryption = this.encryptionSupport.getEncryption();
        String encryptionPrefix = this.encryptionSupport.getEncryptionPrefix();
        String encryptionSuffix = this.encryptionSupport.getEncryptionSuffix();
        if (encryption == null) {
            return str;
        }
        boolean z = encryptionPrefix == null || str.startsWith(encryptionPrefix);
        boolean z2 = encryptionSuffix == null || str.endsWith(encryptionSuffix);
        if (z && z2) {
            return str;
        }
        String encryptPassword = encryption.encryptPassword(str);
        if (encryptionPrefix != null) {
            encryptPassword = encryptionPrefix + encryptPassword;
        }
        if (encryptionSuffix != null) {
            encryptPassword = encryptPassword + encryptionSuffix;
        }
        return encryptPassword;
    }

    public boolean checkPassword(String str, String str2) {
        Encryption encryption = this.encryptionSupport.getEncryption();
        String encryptionPrefix = this.encryptionSupport.getEncryptionPrefix();
        String encryptionSuffix = this.encryptionSupport.getEncryptionSuffix();
        if (encryption == null) {
            return str.equals(str2);
        }
        boolean z = encryptionPrefix == null || str2.startsWith(encryptionPrefix);
        boolean z2 = encryptionSuffix == null || str2.endsWith(encryptionSuffix);
        if (z && z2) {
            return encryption.checkPassword(str, str2.substring(encryptionPrefix != null ? encryptionPrefix.length() : 0, str2.length() - (encryptionSuffix != null ? encryptionSuffix.length() : 0)));
        }
        return str.equals(str2);
    }
}
