package org.opendaylight.aaa.shiro.realm;

import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Iterator;
import java.util.LinkedHashSet;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Link;
import javax.ws.rs.core.MediaType;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.glassfish.jersey.client.ClientConfig;
import org.opendaylight.aaa.shiro.moon.MoonPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/aaa/shiro/realm/MoonRealm.class */
public class MoonRealm extends AuthorizingRealm {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) MoonRealm.class);
    private static final String MOON_DEFAULT_DOMAIN = "sdn";
    private URL moonServerURL;

    @Override // org.apache.shiro.realm.AuthorizingRealm
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }

    @Override // org.apache.shiro.realm.AuthenticatingRealm
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        try {
            String str = (String) authenticationToken.getPrincipal();
            try {
                String str2 = new String(((UsernamePasswordToken) authenticationToken).getPassword());
                MoonPrincipal moonAuthenticate = moonAuthenticate(str, str2, "sdn");
                if (moonAuthenticate != null) {
                    return new SimpleAuthenticationInfo(moonAuthenticate, str2.toCharArray(), getName());
                }
                return null;
            } catch (ClassCastException e) {
                LOG.debug("doGetAuthenticationInfo() failed because the token was not a UsernamePasswordToken", (Throwable) e);
                throw e;
            }
        } catch (ClassCastException e2) {
            LOG.debug("doGetAuthenticationInfo() failed because the principal couldn't be cast as a String", (Throwable) e2);
            throw e2;
        }
    }

    public MoonPrincipal moonAuthenticate(String str, String str2, String str3) {
        Client newClient = ClientBuilder.newClient(new ClientConfig());
        String host = this.moonServerURL != null ? this.moonServerURL.getHost() : null;
        if (host == null) {
            LOG.debug("moon server was not specified appropriately, cannot authenticate");
            return null;
        }
        int port = this.moonServerURL != null ? this.moonServerURL.getPort() : -1;
        if (port <= 0) {
            LOG.debug("moon server was not specified appropriately, cannot authetnicate");
            return null;
        }
        String num = Integer.toString(port);
        String format = String.format("http://%s:%s/moon/auth/tokens", host, num);
        LOG.debug("Moon server is at: {}:{} and will be accessed through {}", host, num, format);
        JsonElement parse = new JsonParser().parse((String) newClient.target(format).request(MediaType.APPLICATION_JSON).post(Entity.entity("{\"username\": \"" + str + "\",\"password\":\"" + str2 + "\",\"project\":\"" + str3 + "\"}", MediaType.APPLICATION_JSON), String.class));
        if (!parse.isJsonObject()) {
            throw new IllegalStateException("Authentication error: returned output is not a JSON object");
        }
        JsonObject asJsonObject = parse.getAsJsonObject();
        JsonObject asJsonObject2 = asJsonObject.get("error").getAsJsonObject();
        if (asJsonObject2 != null) {
            throw new IllegalStateException("Authentication Error : " + asJsonObject2.get(Link.TITLE).getAsString());
        }
        JsonElement jsonElement = asJsonObject.get("token");
        if (jsonElement == null) {
            return null;
        }
        String asString = jsonElement.getAsString();
        String str4 = str + "@" + str3;
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        JsonElement jsonElement2 = asJsonObject.get(IniRealm.ROLES_SECTION_NAME);
        if (jsonElement2 != null) {
            Iterator it = jsonElement2.getAsJsonArray().iterator();
            while (it.hasNext()) {
                JsonElement jsonElement3 = (JsonElement) it.next();
                try {
                    linkedHashSet.add(jsonElement3.getAsString());
                } catch (ClassCastException e) {
                    LOG.debug("Unable to cast role as String, skipping {}", jsonElement3, e);
                }
            }
        }
        return new MoonPrincipal(str, str3, str4, linkedHashSet, asString);
    }

    public void setMoonServerURL(String str) {
        try {
            this.moonServerURL = new URL(str);
        } catch (MalformedURLException e) {
            LOG.warn("The moon server URL could not be parsed", (Throwable) e);
        }
    }
}
