package com.mapr.baseutils.sso;

import com.google.protobuf.InvalidProtocolBufferException;
import com.mapr.baseutils.Installation;
import com.mapr.baseutils.audit.AuditConstants;
import com.mapr.baseutils.cldbutils.CLDBRpcCommonUtils;
import com.mapr.baseutils.sso.providers.keycloak.KeyCloakJwtValidator;
import com.mapr.baseutils.sso.providers.okta.OktaJwtValidator;
import com.mapr.fs.cldb.proto.CLDBProto;
import com.mapr.fs.proto.Common;
import com.mapr.fs.proto.Security;
import com.mapr.security.UnixUserGroupHelper;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.util.Properties;
import mapr.fs.tablemetrics.Tablemetrics;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mapr/baseutils/sso/SsoManager.class */
public class SsoManager {
    private static SsoManager s_instance;
    private String clientID = AuditConstants.EMPTY_STRING;
    private String clientSecret = AuditConstants.EMPTY_STRING;
    private String issuer = AuditConstants.EMPTY_STRING;
    private String ssoProvider = AuditConstants.EMPTY_STRING;
    private long lastModifiedSSOTime = 0;
    private long lastRpcTime = 0;
    private final int newRpcTime = Tablemetrics.HistoBucketBoundary.bucket11_VALUE;
    private static Logger LOG = LoggerFactory.getLogger(SsoManager.class);

    Security.CredentialsMsg buildCredentials() {
        try {
            UnixUserGroupHelper unixUserGroupHelper = new UnixUserGroupHelper();
            String loggedinUsername = unixUserGroupHelper.getLoggedinUsername();
            int userId = unixUserGroupHelper.getUserId(loggedinUsername);
            int[] groups = unixUserGroupHelper.getGroups(loggedinUsername);
            if (groups == null || groups.length == 0) {
                groups = new int[]{userId};
            }
            Security.CredentialsMsg.Builder uid = Security.CredentialsMsg.newBuilder().setUserName(loggedinUsername).setUid(userId);
            int length = groups.length;
            for (int i = 0; i < length; i++) {
                uid.addGids(r0[i]);
            }
            return uid.m92142build();
        } catch (Exception e) {
            LOG.error("Error setting cluster credentials: " + e.toString() + " " + e.getMessage());
            throw e;
        }
    }

    public void readSsoParams() {
        if (this.issuer.isEmpty() || this.lastRpcTime + 5000 <= System.currentTimeMillis()) {
            this.lastRpcTime = System.currentTimeMillis();
            CLDBProto.SsoGetConfigRequest.Builder newBuilder = CLDBProto.SsoGetConfigRequest.newBuilder();
            newBuilder.setCreds(buildCredentials());
            try {
                byte[] sendRequest = CLDBRpcCommonUtils.getInstance().sendRequest(Common.MapRProgramId.CldbProgramId.getNumber(), CLDBProto.CLDBProg.SsoGetConfigProc.getNumber(), newBuilder.m30265build(), CLDBProto.SsoGetConfigResponse.class);
                if (sendRequest != null) {
                    try {
                        CLDBProto.SsoConfigParams ssoParams = CLDBProto.SsoGetConfigResponse.parseFrom(sendRequest).getSsoParams();
                        if (ssoParams == null || !ssoParams.hasIssuer()) {
                            return;
                        }
                        this.clientID = ssoParams.hasClientId() ? ssoParams.getClientId() : AuditConstants.EMPTY_STRING;
                        this.clientSecret = ssoParams.hasClientSecret() ? ssoParams.getClientSecret() : AuditConstants.EMPTY_STRING;
                        this.issuer = ssoParams.hasIssuer() ? ssoParams.getIssuer() : AuditConstants.EMPTY_STRING;
                        this.ssoProvider = ssoParams.hasType() ? ssoParams.getType() : AuditConstants.EMPTY_STRING;
                    } catch (InvalidProtocolBufferException e) {
                    }
                }
            } catch (Exception e2) {
                LOG.error("readSsoParams: Error getting cluster credentials from cldb");
            }
        }
    }

    public int updateSsoConfFiles(String str, String str2, String str3, String str4) {
        Properties properties = new Properties();
        Properties properties2 = new Properties();
        try {
            String str5 = Installation.getMapRHome() + File.separator + "conf" + File.separator + "sso.conf";
            properties.load(new FileInputStream(str5));
            String str6 = Installation.getMapRHome() + File.separator + "conf" + File.separator + "sso.creds";
            properties2.load(new FileInputStream(str6));
            try {
                File file = new File(str6);
                FileOutputStream fileOutputStream = new FileOutputStream(new File(str5));
                FileOutputStream fileOutputStream2 = new FileOutputStream(file);
                boolean z = false;
                if (str2 != null) {
                    properties.setProperty("sso.provider", str2);
                }
                if (str != null) {
                    properties.setProperty("sso.issuers.list", str);
                }
                if (str2 != null || str != null) {
                    properties.store(fileOutputStream, (String) null);
                    z = true;
                }
                if (str3 != null) {
                    properties2.setProperty("sso.client.id", str3);
                }
                if (str4 != null) {
                    properties2.setProperty("sso.client.secret", str4);
                }
                if (str3 != null || str4 != null) {
                    properties2.store(fileOutputStream2, (String) null);
                    z = true;
                }
                if (!z) {
                    return 0;
                }
                readSsoParams();
                return 0;
            } catch (Exception e) {
                LOG.error("Exception creating SSO Conf File out stream: ", e);
                return 5;
            }
        } catch (Exception e2) {
            LOG.error("Exception Loading SSO Conf File: ", e2);
            return 5;
        }
    }

    public static synchronized SsoManager getInstance() {
        if (s_instance == null) {
            s_instance = new SsoManager();
        }
        return s_instance;
    }

    public String getClientID() {
        readSsoParams();
        return this.clientID;
    }

    public String getClientSecret() {
        readSsoParams();
        return this.clientSecret;
    }

    public String getIssuer() {
        readSsoParams();
        return this.issuer;
    }

    public String getSsoProvider() {
        readSsoParams();
        return this.ssoProvider;
    }

    public JwtValidator getValidator() {
        JwtValidator oktaJwtValidator;
        String issuer = getIssuer();
        String ssoProvider = getSsoProvider();
        if (ssoProvider.toLowerCase().equals("keycloak")) {
            oktaJwtValidator = new KeyCloakJwtValidator(issuer);
        } else {
            if (!ssoProvider.toLowerCase().equals("okta")) {
                LOG.error("SSO scheme of type " + ssoProvider + " is not suppoted");
                return null;
            }
            oktaJwtValidator = new OktaJwtValidator(issuer);
        }
        return oktaJwtValidator;
    }

    public CLDBProto.SsoConfigParams getSsoConfigParams() {
        readSsoParams();
        return CLDBProto.SsoConfigParams.newBuilder().setIssuer(this.issuer).setClientId(this.clientID).setClientSecret(this.clientSecret).m30218build();
    }
}
