package be.atbash.ee.security.octopus.realm;

import be.atbash.ee.security.octopus.authc.AuthenticationException;
import be.atbash.ee.security.octopus.authc.AuthenticationInfo;
import be.atbash.ee.security.octopus.authc.AuthenticationInfoProviderHandler;
import be.atbash.ee.security.octopus.authc.IncorrectDataToken;
import be.atbash.ee.security.octopus.authc.SimpleAuthenticationInfo;
import be.atbash.ee.security.octopus.authc.UnknownAccountException;
import be.atbash.ee.security.octopus.authz.AuthorizationInfo;
import be.atbash.ee.security.octopus.authz.AuthorizationInfoProviderHandler;
import be.atbash.ee.security.octopus.authz.TokenBasedAuthorizationInfoProvider;
import be.atbash.ee.security.octopus.mgt.authz.LookupProviderLoader;
import be.atbash.ee.security.octopus.subject.PrincipalCollection;
import be.atbash.ee.security.octopus.systemaccount.SystemAccountAuthenticationToken;
import be.atbash.ee.security.octopus.token.AuthenticationToken;
import be.atbash.ee.security.octopus.token.AuthorizationToken;
import be.atbash.ee.security.octopus.util.onlyduring.TemporaryAuthorizationContextManager;
import be.atbash.util.reflection.ClassUtils;

/* loaded from: input_file:be/atbash/ee/security/octopus/realm/OctopusOfflineRealm.class */
public class OctopusOfflineRealm extends AuthorizingRealm {
    private boolean listenerConfigured = false;
    private boolean authorizationInfoRequired = false;
    private AuthenticationInfoProviderHandler authenticationInfoProviderHandler;
    private AuthorizationInfoProviderHandler authorizationInfoProviderHandler;

    /* renamed from: be.atbash.ee.security.octopus.realm.OctopusOfflineRealm$1Guard, reason: invalid class name */
    /* loaded from: input_file:be/atbash/ee/security/octopus/realm/OctopusOfflineRealm$1Guard.class */
    class C1Guard {
        C1Guard() {
        }
    }

    /* renamed from: be.atbash.ee.security.octopus.realm.OctopusOfflineRealm$2Guard, reason: invalid class name */
    /* loaded from: input_file:be/atbash/ee/security/octopus/realm/OctopusOfflineRealm$2Guard.class */
    class C2Guard {
        C2Guard() {
        }
    }

    /* renamed from: be.atbash.ee.security.octopus.realm.OctopusOfflineRealm$3Guard, reason: invalid class name */
    /* loaded from: input_file:be/atbash/ee/security/octopus/realm/OctopusOfflineRealm$3Guard.class */
    class C3Guard {
        C3Guard() {
        }
    }

    public void initDependencies() {
        initDependencies(new LookupProviderLoader().loadLookupProvider());
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        prepareAuthorizationInfoProviderHandler();
        TemporaryAuthorizationContextManager.startInAuthorization(C1Guard.class);
        try {
            AuthorizationInfo retrieveAuthorizationInfo = this.authorizationInfoProviderHandler.retrieveAuthorizationInfo(principalCollection);
            TemporaryAuthorizationContextManager.stopInAuthorization();
            return retrieveAuthorizationInfo;
        } catch (Throwable th) {
            TemporaryAuthorizationContextManager.stopInAuthorization();
            throw th;
        }
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        prepareAuthenticationInfoProviderHandler();
        AuthenticationInfo authenticationInfo = null;
        if (authenticationToken instanceof SystemAccountAuthenticationToken) {
            authenticationInfo = new SimpleAuthenticationInfo(authenticationToken.getPrincipal(), "");
        } else if (!(authenticationToken instanceof IncorrectDataToken)) {
            TemporaryAuthorizationContextManager.startInAuthentication(C2Guard.class);
            try {
                authenticationInfo = this.authenticationInfoProviderHandler.retrieveAuthenticationInfo(authenticationToken);
                if (authenticationInfo == null) {
                    throw new UnknownAccountException(String.format("Realm was unable to find account data for the submitted AuthenticationToken [%s].", authenticationToken));
                }
                verifyHashEncoding(authenticationInfo);
                TemporaryAuthorizationContextManager.stopInAuthentication();
            } catch (Throwable th) {
                TemporaryAuthorizationContextManager.stopInAuthentication();
                throw th;
            }
        }
        if (authenticationInfo != null && (authenticationToken instanceof AuthorizationToken)) {
            AuthorizationToken authorizationToken = (AuthorizationToken) authenticationToken;
            cacheAuthorizationInfo(authenticationInfo.getPrincipals(), ((TokenBasedAuthorizationInfoProvider) ClassUtils.newInstance(authorizationToken.authorizationProviderClass())).getAuthorizationInfo(authorizationToken));
        }
        return authenticationInfo;
    }

    private void prepareAuthenticationInfoProviderHandler() {
        if (this.authenticationInfoProviderHandler == null) {
            this.authenticationInfoProviderHandler = new AuthenticationInfoProviderHandler();
        }
    }

    private void prepareAuthorizationInfoProviderHandler() {
        if (this.authorizationInfoProviderHandler == null) {
            this.authorizationInfoProviderHandler = new AuthorizationInfoProviderHandler();
        }
    }

    protected Object getAuthorizationCacheKey(PrincipalCollection principalCollection) {
        return principalCollection.getPrimaryPrincipal();
    }

    protected boolean isAuthenticationCachingEnabled(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
        boolean z = false;
        if (!(authenticationToken instanceof SystemAccountAuthenticationToken)) {
            z = isAuthenticationCachingEnabled();
        }
        return z;
    }

    protected void assertCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) throws AuthenticationException {
        TemporaryAuthorizationContextManager.startInSystemAccount(C3Guard.class);
        try {
            super.assertCredentialsMatch(authenticationToken, authenticationInfo);
        } finally {
            TemporaryAuthorizationContextManager.stopInSystemAccount();
        }
    }

    protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {
        if (!this.listenerConfigured) {
            configureListeners();
            checkAuthorizationInfoMarkers();
        }
        return getAuthenticationInfo(authenticationToken);
    }

    private void checkAuthorizationInfoMarkers() {
    }

    private void configureListeners() {
        this.listenerConfigured = true;
    }
}
