package ca.nrc.cadc.accesscontrol;

import ca.nrc.cadc.auth.AuthMethod;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.net.HttpPost;
import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.RegistryClient;
import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.net.URI;
import java.net.URL;
import java.security.AccessControlException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;

/* loaded from: input_file:ca/nrc/cadc/accesscontrol/AccessControlClient.class */
public class AccessControlClient {
    private static final String CADC_TOKEN_HEADER_KEY = "X-CADC-DelegationToken";
    private static final String CADC_PASSWORD_FIELD = "password";
    private final RegistryClient registryClient;
    private final URI groupManagementServiceURI;

    public AccessControlClient(URI uri) throws IllegalArgumentException {
        this(uri, new RegistryClient());
    }

    AccessControlClient(URI uri, RegistryClient registryClient) {
        this.registryClient = registryClient;
        this.groupManagementServiceURI = uri;
    }

    private URL lookupLoginURL() {
        return this.registryClient.getServiceURL(this.groupManagementServiceURI, Standards.UMS_LOGIN_01, AuthMethod.ANON);
    }

    public String login(String str, char[] cArr) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Map<String, Object> hashMap = new HashMap<>();
        hashMap.put("username", str);
        hashMap.put(CADC_PASSWORD_FIELD, new String(cArr));
        int post = post(lookupLoginURL(), hashMap, byteArrayOutputStream);
        switch (post) {
            case 200:
                return byteArrayOutputStream.toString();
            case 401:
                throw new AccessControlException("Login denied");
            default:
                throw new IllegalArgumentException(String.format("Unable to login '%s'.\nServer error code: %d.", str, Integer.valueOf(post)));
        }
    }

    private URL lookupPasswordResetURL() {
        return this.registryClient.getServiceURL(this.groupManagementServiceURI, Standards.UMS_RESETPASS_01, AuthMethod.TOKEN);
    }

    public void resetPassword(char[] cArr, char[] cArr2) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        HashMap hashMap = new HashMap();
        hashMap.put(CADC_PASSWORD_FIELD, new String(cArr));
        HashMap hashMap2 = new HashMap();
        hashMap2.put(CADC_TOKEN_HEADER_KEY, new String(cArr2));
        int post = post(lookupPasswordResetURL(), hashMap, hashMap2, byteArrayOutputStream);
        switch (post) {
            case 200:
                return;
            case 401:
            case 403:
                throw new AccessControlException("Login denied");
            default:
                throw new IllegalArgumentException(String.format("Unable to reset password.\nServer error code: %d.", Integer.valueOf(post)));
        }
    }

    int post(URL url, Map<String, Object> map, OutputStream outputStream) {
        return post(url, map, Collections.emptyMap(), outputStream);
    }

    int post(URL url, Map<String, Object> map, Map<String, String> map2, OutputStream outputStream) {
        HttpPost httpPost = new HttpPost(url, map, outputStream);
        for (Map.Entry<String, String> entry : map2.entrySet()) {
            httpPost.setRequestProperty(entry.getKey(), entry.getValue());
        }
        httpPost.run();
        return httpPost.getResponseCode();
    }

    public String getCurrentHttpPrincipalUsername(Subject subject) {
        String str;
        AuthMethod authMethod = AuthenticationUtil.getAuthMethod(subject);
        if (authMethod == null || authMethod == AuthMethod.ANON) {
            str = null;
        } else {
            Set principals = subject.getPrincipals(HttpPrincipal.class);
            str = ((HttpPrincipal[]) principals.toArray(new HttpPrincipal[principals.size()]))[0].getName();
        }
        return str;
    }
}
