package com.yahoo.athenz.zms;

import com.yahoo.athenz.auth.Authorizer;
import com.yahoo.athenz.auth.Principal;
import com.yahoo.athenz.auth.impl.PrincipalAuthority;
import com.yahoo.athenz.auth.impl.RoleAuthority;
import com.yahoo.athenz.auth.impl.SimplePrincipal;
import com.yahoo.athenz.auth.token.PrincipalToken;
import com.yahoo.athenz.auth.token.RoleToken;
import java.io.Closeable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yahoo/athenz/zms/ZMSAuthorizer.class */
public class ZMSAuthorizer implements Authorizer, Closeable {
    String endpoint;
    String serviceDomain;
    protected ZMSClient client;
    private static final Logger LOGGER = LoggerFactory.getLogger(ZMSAuthorizer.class);
    private static final PrincipalAuthority PRINCIPAL_AUTHORITY = new PrincipalAuthority();
    private static final RoleAuthority ROLE_AUTHORITY = new RoleAuthority();

    public ZMSAuthorizer(String str) {
        this(null, str);
    }

    public ZMSAuthorizer(String str, String str2) {
        this.endpoint = null;
        this.serviceDomain = null;
        this.client = null;
        this.endpoint = str;
        this.serviceDomain = str2;
        this.client = new ZMSClient(this.endpoint);
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        if (this.client != null) {
            this.client.close();
            this.client = null;
        }
    }

    public void setZMSClient(ZMSClient zMSClient) {
        close();
        this.client = zMSClient;
    }

    public boolean access(String str, String str2, String str3, String str4) {
        Principal create;
        if (isRoleToken(str3)) {
            RoleToken roleToken = new RoleToken(str3);
            create = SimplePrincipal.create(roleToken.getDomain(), roleToken.getSignedToken(), roleToken.getRoles(), ROLE_AUTHORITY);
        } else {
            PrincipalToken principalToken = new PrincipalToken(str3);
            create = SimplePrincipal.create(principalToken.getDomain(), principalToken.getName(), principalToken.getSignedToken(), 0L, PRINCIPAL_AUTHORITY);
        }
        return access(str, str2, create, str4);
    }

    public boolean access(String str, String str2, Principal principal, String str3) {
        String str4 = str2.contains(":") ? str2 : this.serviceDomain + ":" + str2;
        if (LOGGER.isDebugEnabled()) {
            Logger logger = LOGGER;
            Object[] objArr = new Object[4];
            objArr[0] = str;
            objArr[1] = str4;
            objArr[2] = principal != null ? principal.getFullName() : "null";
            objArr[3] = str3;
            logger.debug("ZMSAuthorizer.access({}, {}, {}, {})", objArr);
        }
        try {
            this.client.addCredentials(principal);
            return this.client.getAccess(str, str4, str3).getGranted();
        } catch (ZMSClientException e) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("ZMSAuthorizer.access: " + e);
            }
            switch (e.getCode()) {
                case ResourceException.NOT_FOUND /* 404 */:
                    throw new ZMSClientException(ResourceException.FORBIDDEN, "Not found: " + str4);
                default:
                    throw e;
            }
        } catch (Throwable th) {
            throw new ZMSClientException(ResourceException.FORBIDDEN, "Cannot contact ZMS");
        }
    }

    boolean isRoleToken(String str) {
        boolean z = false;
        String[] split = str.split(";");
        int length = split.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if ("v=Z1".equalsIgnoreCase(split[i])) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }
}
