package com.att.cadi.aaf.v2_0;

import com.att.aft.dme2.api.DME2Exception;
import com.att.cadi.AbsUserCache;
import com.att.cadi.CachedPrincipal;
import com.att.cadi.CadiException;
import com.att.cadi.GetCred;
import com.att.cadi.Hash;
import com.att.cadi.User;
import com.att.cadi.aaf.AAFPermission;
import com.att.cadi.client.Future;
import com.att.cadi.config.Config;
import com.att.cadi.lur.ConfigPrincipal;
import com.att.inno.env.APIException;
import java.io.IOException;
import java.security.Principal;

/* loaded from: input_file:com/att/cadi/aaf/v2_0/AAFAuthn.class */
public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> {
    private AAFCon<CLIENT> con;
    private String realm;

    /* renamed from: com.att.cadi.aaf.v2_0.AAFAuthn$1, reason: invalid class name */
    /* loaded from: input_file:com/att/cadi/aaf/v2_0/AAFAuthn$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$att$cadi$CachedPrincipal$Resp = new int[CachedPrincipal.Resp.values().length];

        static {
            try {
                $SwitchMap$com$att$cadi$CachedPrincipal$Resp[CachedPrincipal.Resp.REVALIDATED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$att$cadi$CachedPrincipal$Resp[CachedPrincipal.Resp.INACCESSIBLE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$att$cadi$CachedPrincipal$Resp[CachedPrincipal.Resp.UNVALIDATED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$att$cadi$CachedPrincipal$Resp[CachedPrincipal.Resp.DENIED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    /* loaded from: input_file:com/att/cadi/aaf/v2_0/AAFAuthn$AAFCachedPrincipal.class */
    private class AAFCachedPrincipal extends ConfigPrincipal implements CachedPrincipal {
        private long expires;
        private long timeToLive;

        public AAFCachedPrincipal(AAFAuthn<?> aAFAuthn, String str, String str2, byte[] bArr, int i) {
            super(str2, bArr);
            this.timeToLive = i;
            this.expires = i + System.currentTimeMillis();
        }

        /* JADX WARN: Multi-variable type inference failed */
        public CachedPrincipal.Resp revalidate() {
            if (AAFAuthn.this.con.isDisabled()) {
                return CachedPrincipal.Resp.DENIED;
            }
            try {
                AbsUserCache.Miss missed = AAFAuthn.this.missed(getName());
                if (missed != null && !missed.mayContinue(getCred())) {
                    return CachedPrincipal.Resp.UNVALIDATED;
                }
                if (!AAFAuthn.this.con.client(AAFCon.AAF_LATEST_VERSION).forUser(AAFAuthn.this.con.basicAuth(getName(), new String(getCred()))).read("/authn/basicAuth", "text/plain", new String[0]).get(AAFAuthn.this.con.timeout)) {
                    AAFAuthn.this.addMiss(getName(), getCred());
                    return CachedPrincipal.Resp.UNVALIDATED;
                }
                this.expires = System.currentTimeMillis() + this.timeToLive;
                AAFAuthn.this.addUser(new User(this, this.expires));
                return CachedPrincipal.Resp.REVALIDATED;
            } catch (Exception e) {
                AAFAuthn.this.con.access.log(e, new Object[0]);
                return CachedPrincipal.Resp.INACCESSIBLE;
            }
        }

        public long expires() {
            return this.expires;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AAFAuthn(AAFCon<CLIENT> aAFCon) throws Exception {
        super(aAFCon.access, aAFCon.cleanInterval, aAFCon.highCount, aAFCon.usageRefreshTriggerCount);
        this.con = aAFCon;
        try {
            setRealm();
        } catch (APIException e) {
            if (e.getCause() instanceof DME2Exception) {
                this.realm = aAFCon.access.getProperty("aaf_default_realm", Config.getDefaultRealm());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AAFAuthn(AAFCon<CLIENT> aAFCon, AbsUserCache<AAFPermission> absUserCache) throws Exception {
        super(absUserCache);
        this.con = aAFCon;
        try {
            setRealm();
        } catch (Exception e) {
            if (e.getCause() instanceof DME2Exception) {
                this.access.log(e, new Object[0]);
                this.realm = aAFCon.access.getProperty("aaf_default_realm", Config.getDefaultRealm());
            }
        }
    }

    private void setRealm() throws Exception {
        Future read = this.con.client(AAFCon.AAF_LATEST_VERSION).read("/authn/basicAuth", "text/plain", new String[0]);
        if (read.get(this.con.timeout)) {
            throw new Exception("Do not preset Basic Auth Information for AAFAuthn");
        }
        if (read.code() == 401) {
            this.realm = read.header("WWW-Authenticate");
            if (this.realm == null || !this.realm.startsWith("Basic realm=\"")) {
                this.realm = "unknown.com";
            } else {
                this.realm = this.realm.substring(13, this.realm.length() - 1);
            }
        }
    }

    public String getRealm() {
        return this.realm;
    }

    /* JADX WARN: Type inference failed for: r0v7, types: [com.att.cadi.aaf.v2_0.AAFAuthn$AAFCachedPrincipal, java.security.Principal] */
    public String validate(String str, String str2) throws IOException, CadiException {
        User user = getUser(str);
        if (str2.startsWith("enc:???")) {
            str2 = this.access.decrypt(str2, true);
        }
        byte[] bytes = str2.getBytes();
        if (user != null && user.principal != null && user.principal.getName().equals(str) && (user.principal instanceof GetCred)) {
            if (Hash.isEqual(user.principal.getCred(), bytes)) {
                return null;
            }
            remove(user);
            user = null;
        }
        ?? aAFCachedPrincipal = new AAFCachedPrincipal(this, this.con.app, str, bytes, this.con.cleanInterval);
        switch (AnonymousClass1.$SwitchMap$com$att$cadi$CachedPrincipal$Resp[aAFCachedPrincipal.revalidate().ordinal()]) {
            case 1:
                if (user != null) {
                    user.principal = aAFCachedPrincipal;
                    return null;
                }
                addUser(new User((Principal) aAFCachedPrincipal, this.con.timeout));
                return null;
            case 2:
                return "AAF Inaccessible";
            case 3:
                return "User/Pass combo invalid for " + str;
            case 4:
                return "AAF denies API for " + str;
            default:
                return "AAFAuthn doesn't handle Principal " + str;
        }
    }
}
