package org.opendaylight.aaa.idm;

import com.google.common.base.Preconditions;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.opendaylight.aaa.ClaimBuilder;
import org.opendaylight.aaa.api.AuthenticationException;
import org.opendaylight.aaa.api.Claim;
import org.opendaylight.aaa.api.CredentialAuth;
import org.opendaylight.aaa.api.IDMStoreException;
import org.opendaylight.aaa.api.IdMService;
import org.opendaylight.aaa.api.PasswordCredentials;
import org.opendaylight.aaa.api.SHA256Calculator;
import org.opendaylight.aaa.api.model.Domain;
import org.opendaylight.aaa.api.model.Grant;
import org.opendaylight.aaa.api.model.Role;
import org.opendaylight.aaa.api.model.User;
import org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AAAIDMLightModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/aaa/idm/IdmLightProxy.class */
public class IdmLightProxy implements CredentialAuth<PasswordCredentials>, IdMService {
    private static final Logger LOG = LoggerFactory.getLogger(IdmLightProxy.class);
    private static Map<String, Map<PasswordCredentials, Claim>> claimCache = new ConcurrentHashMap();

    public Claim authenticate(PasswordCredentials passwordCredentials) {
        Preconditions.checkNotNull(passwordCredentials);
        Preconditions.checkNotNull(passwordCredentials.username());
        Preconditions.checkNotNull(passwordCredentials.password());
        String domain = passwordCredentials.domain() == null ? "sdn" : passwordCredentials.domain();
        Map<PasswordCredentials, Claim> map = claimCache.get(domain);
        if (map == null) {
            map = new ConcurrentHashMap();
            claimCache.put(domain, map);
        }
        Claim claim = map.get(passwordCredentials);
        if (claim == null) {
            synchronized (claimCache) {
                claim = map.get(passwordCredentials);
                if (claim == null) {
                    claim = dbAuthenticate(passwordCredentials);
                    if (claim != null) {
                        map.put(passwordCredentials, claim);
                    }
                }
            }
        }
        return claim;
    }

    public static synchronized void clearClaimCache() {
        LOG.info("Clearing the claim cache");
        Iterator<Map<PasswordCredentials, Claim>> it = claimCache.values().iterator();
        while (it.hasNext()) {
            it.next().clear();
        }
    }

    private static Claim dbAuthenticate(PasswordCredentials passwordCredentials) {
        String domain = passwordCredentials.domain() == null ? "sdn" : passwordCredentials.domain();
        LOG.debug("get domain");
        try {
            Domain readDomain = AAAIDMLightModule.getStore().readDomain(domain);
            if (readDomain == null) {
                throw new AuthenticationException("Domain :" + domain + " does not exist");
            }
            try {
                LOG.debug("check user / pwd");
                List users = AAAIDMLightModule.getStore().getUsers(passwordCredentials.username(), domain).getUsers();
                if (users.size() == 0) {
                    throw new AuthenticationException("User :" + passwordCredentials.username() + " does not exist in domain " + domain);
                }
                User user = (User) users.get(0);
                if (!SHA256Calculator.getSHA256(passwordCredentials.password(), user.getSalt()).equals(user.getPassword())) {
                    throw new AuthenticationException("UserName / Password not found");
                }
                LOG.debug("get grants");
                ArrayList arrayList = new ArrayList();
                List grants = AAAIDMLightModule.getStore().getGrants(readDomain.getDomainid(), user.getUserid()).getGrants();
                for (int i = 0; i < grants.size(); i++) {
                    Role readRole = AAAIDMLightModule.getStore().readRole(((Grant) grants.get(i)).getRoleid());
                    if (readRole != null) {
                        arrayList.add(readRole.getName());
                    }
                }
                LOG.debug("build a claim");
                ClaimBuilder claimBuilder = new ClaimBuilder();
                claimBuilder.setUserId(user.getUserid().toString());
                claimBuilder.setUser(passwordCredentials.username());
                claimBuilder.setDomain(domain);
                for (int i2 = 0; i2 < arrayList.size(); i2++) {
                    claimBuilder.addRole((String) arrayList.get(i2));
                }
                return claimBuilder.build();
            } catch (IDMStoreException e) {
                throw new AuthenticationException("idm data store exception :" + e.toString() + e);
            }
        } catch (IDMStoreException e2) {
            throw new AuthenticationException("Error while fetching domain", e2);
        }
    }

    public List<String> listDomains(String str) {
        LOG.debug("list Domains for userId: {}", str);
        ArrayList arrayList = new ArrayList();
        try {
            List grants = AAAIDMLightModule.getStore().getGrants(str).getGrants();
            for (int i = 0; i < grants.size(); i++) {
                arrayList.add(AAAIDMLightModule.getStore().readDomain(((Grant) grants.get(i)).getDomainid()).getName());
            }
            return arrayList;
        } catch (IDMStoreException e) {
            LOG.warn("error getting domains ", e.toString(), e);
            return arrayList;
        }
    }

    public List<String> listRoles(String str, String str2) {
        LOG.debug("listRoles");
        ArrayList arrayList = new ArrayList();
        try {
            try {
                Domain readDomain = AAAIDMLightModule.getStore().readDomain(str2);
                if (readDomain == null) {
                    LOG.debug("DomainName: {}", str2 + " Not found!");
                    return arrayList;
                }
                List grants = AAAIDMLightModule.getStore().getGrants(readDomain.getDomainid(), str).getGrants();
                for (int i = 0; i < grants.size(); i++) {
                    arrayList.add(AAAIDMLightModule.getStore().readRole(((Grant) grants.get(i)).getRoleid()).getName());
                }
                return arrayList;
            } catch (IDMStoreException e) {
                return arrayList;
            }
        } catch (IDMStoreException e2) {
            LOG.warn("error getting roles ", e2.toString(), e2);
            return arrayList;
        }
    }

    static {
        claimCache.put("sdn", new ConcurrentHashMap());
    }
}
