package oracle.kv.impl.security.login;

import java.rmi.NotBoundException;
import java.rmi.RemoteException;
import java.util.List;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import oracle.kv.impl.security.SessionAccessException;
import oracle.kv.impl.security.login.SessionId;
import oracle.kv.impl.security.login.TopologyResolver;
import oracle.kv.impl.topo.AdminId;
import oracle.kv.impl.topo.RepNodeId;
import oracle.kv.impl.topo.ResourceId;
import oracle.kv.impl.topo.StorageNodeId;
import oracle.kv.impl.util.registry.RegistryUtils;

/* loaded from: input_file:oracle/kv/impl/security/login/TokenResolverImpl.class */
public class TokenResolverImpl implements TokenResolver {
    private static final int MAX_RESOLVE_RNS = 10;
    private static final int RESOLVE_FAIL_LIMIT = 2;
    private final String hostname;
    private final int registryPort;
    private volatile String storeName;
    private final TopologyResolver topoResolver;
    private volatile TokenResolver persistentResolver = null;
    private final LoginManager loginMgr;
    private volatile Logger logger;
    static final /* synthetic */ boolean $assertionsDisabled;

    public TokenResolverImpl(String str, int i, String str2, TopologyResolver topologyResolver, LoginManager loginManager, Logger logger) {
        this.hostname = str;
        this.registryPort = i;
        this.storeName = str2;
        this.topoResolver = topologyResolver;
        this.loginMgr = loginManager;
        this.logger = logger;
    }

    public void setLogger(Logger logger) {
        this.logger = logger;
    }

    public void setStoreName(String str) {
        this.storeName = str;
    }

    public void setPersistentResolver(TokenResolver tokenResolver) {
        this.persistentResolver = tokenResolver;
    }

    @Override // oracle.kv.impl.security.login.TokenResolver
    public Subject resolve(LoginToken loginToken) throws SessionAccessException {
        this.logger.fine("TokenResolver: attempt to resolve " + loginToken);
        try {
            switch (loginToken.getSessionId().getIdValueScope()) {
                case PERSISTENT:
                    Subject resolvePersistentToken = resolvePersistentToken(loginToken);
                    if (resolvePersistentToken != null) {
                        this.logger.fine("TokenResolver: token is valid : " + loginToken.hashId());
                    } else {
                        this.logger.fine("TokenResolver: token is not valid: " + loginToken.hashId());
                    }
                    return resolvePersistentToken;
                case LOCAL:
                case STORE:
                    Subject resolveComponentToken = resolveComponentToken(loginToken);
                    if (resolveComponentToken != null) {
                        this.logger.fine("TokenResolver: token is valid: " + loginToken.hashId());
                    } else {
                        this.logger.fine("TokenResolver: token is not valid: " + loginToken.hashId());
                    }
                    return resolveComponentToken;
                default:
                    throw new UnsupportedOperationException("Unknown id scope");
            }
        } catch (NotBoundException e) {
            this.logger.info("Unable to resolve token due to NotBoundException: " + e);
            throw new SessionAccessException((Throwable) e, true);
        } catch (RemoteException e2) {
            this.logger.info("Unable to resolve token due to RemoteException: " + e2);
            throw new SessionAccessException((Throwable) e2, true);
        }
    }

    private Subject resolvePersistentToken(LoginToken loginToken) throws SessionAccessException {
        if (this.persistentResolver != null) {
            return this.persistentResolver.resolve(loginToken);
        }
        if (this.topoResolver != null) {
            return proxyResolveComponentToken(loginToken);
        }
        this.logger.info("TokenResolver: unable to resolve persistent token without a persistent resolver or a TopologyResolver");
        throw new SessionAccessException("Unable to resolve a persistent session without a persistent resolver");
    }

    private Subject proxyResolveComponentToken(LoginToken loginToken) throws SessionAccessException {
        List<RepNodeId> listRepNodeIds = this.topoResolver.listRepNodeIds(10);
        if (listRepNodeIds == null || listRepNodeIds.isEmpty()) {
            this.logger.info("TokenResolver: topology resolver is unable to provide any RepNodeIds for token resolution.");
            throw new SessionAccessException("no RepNodeIds found");
        }
        RemoteException remoteException = null;
        int i = 0;
        for (RepNodeId repNodeId : listRepNodeIds) {
            TopologyResolver.SNInfo storageNode = this.topoResolver.getStorageNode(repNodeId);
            if (storageNode == null) {
                this.logger.info("TokenResolver: unable to resolve RepNodeId " + repNodeId + " to a SN");
            } else {
                try {
                    Subject proxyResolvePersistentToken = proxyResolvePersistentToken(loginToken, repNodeId, storageNode);
                    if (proxyResolvePersistentToken != null) {
                        return proxyResolvePersistentToken;
                    }
                    remoteException = null;
                    i++;
                    if (i >= 2) {
                        break;
                    }
                } catch (RemoteException e) {
                    this.logger.info("TokenResolver: Error on remote RN " + repNodeId + " during token resolve.");
                    remoteException = e;
                } catch (SessionAccessException e2) {
                    this.logger.info("TokenResolver: remote error occurred while  resolving token: " + e2);
                    remoteException = e2;
                } catch (NotBoundException e3) {
                    this.logger.info("TokenResolver: unable to contact remote RN " + repNodeId + " for token resolve.");
                    remoteException = e3;
                }
            }
        }
        if (i > 0) {
            return null;
        }
        throw new SessionAccessException((Throwable) remoteException, true);
    }

    private Subject proxyResolvePersistentToken(LoginToken loginToken, RepNodeId repNodeId, TopologyResolver.SNInfo sNInfo) throws NotBoundException, RemoteException, SessionAccessException {
        return RegistryUtils.getRepNodeLogin(this.storeName, sNInfo.getHostname(), sNInfo.getRegistryPort(), repNodeId, this.loginMgr).validateLoginToken(loginToken);
    }

    private Subject resolveComponentToken(LoginToken loginToken) throws NotBoundException, RemoteException, SessionAccessException {
        if (!$assertionsDisabled && loginToken.getSessionId().getIdValueScope() != SessionId.IdScope.LOCAL && loginToken.getSessionId().getIdValueScope() != SessionId.IdScope.STORE) {
            throw new AssertionError();
        }
        ResourceId allocator = loginToken.getSessionId().getAllocator();
        if (allocator == null) {
            this.logger.info("resolveComponentToken - allocator is null");
            return null;
        }
        switch (allocator.getType()) {
            case ADMIN:
                return resolveAdminToken(loginToken);
            case REP_NODE:
                return resolveRepNodeToken(loginToken);
            case STORAGE_NODE:
                return resolveSNAToken(loginToken);
            default:
                this.logger.info("unsupported resource component: " + allocator.getType());
                return null;
        }
    }

    private Subject resolveAdminToken(LoginToken loginToken) throws NotBoundException, RemoteException, SessionAccessException {
        String hostname;
        int registryPort;
        ResourceId allocator = loginToken.getSessionId().getAllocator();
        if (!$assertionsDisabled && allocator.getType() != ResourceId.ResourceType.ADMIN) {
            throw new AssertionError();
        }
        AdminId adminId = (AdminId) allocator;
        if (loginToken.getSessionId().getIdValueScope() == SessionId.IdScope.LOCAL) {
            hostname = this.hostname;
            registryPort = this.registryPort;
        } else {
            if (loginToken.getSessionId().getIdValueScope() != SessionId.IdScope.STORE) {
                this.logger.info("Invalid session scope for admin token: " + loginToken.getSessionId().getIdValueScope());
                return null;
            }
            if (this.topoResolver == null) {
                this.logger.info("Unable to resolve non-local admin token because parameters are not available.");
                throw new SessionAccessException("parameters not available");
            }
            TopologyResolver.SNInfo storageNode = this.topoResolver.getStorageNode(adminId);
            if (storageNode == null) {
                this.logger.info("Unable to resolve non-local admin token because admin id " + adminId);
                throw new SessionAccessException("unknown allocator id");
            }
            hostname = storageNode.getHostname();
            registryPort = storageNode.getRegistryPort();
        }
        Subject validateLoginToken = RegistryUtils.getAdminLogin(hostname, registryPort, this.loginMgr).validateLoginToken(loginToken);
        if (validateLoginToken == null) {
            this.logger.fine("resolveAdminToken: token not valid");
        } else {
            this.logger.fine("resolveAdminToken: token is valid");
        }
        return validateLoginToken;
    }

    private Subject resolveRepNodeToken(LoginToken loginToken) throws NotBoundException, RemoteException, SessionAccessException {
        ResourceId allocator = loginToken.getSessionId().getAllocator();
        if (!$assertionsDisabled && allocator.getType() != ResourceId.ResourceType.REP_NODE) {
            throw new AssertionError();
        }
        RepNodeId repNodeId = (RepNodeId) allocator;
        if (this.topoResolver == null) {
            this.logger.info("Unable to resolve RepNode-allocated token - no topology resolver available.");
            return null;
        }
        if (loginToken.getSessionId().getIdValueScope() != SessionId.IdScope.STORE) {
            this.logger.info("Unsupported session id scope for RepNode: " + loginToken.getSessionId().getIdValueScope());
            return null;
        }
        TopologyResolver.SNInfo storageNode = this.topoResolver.getStorageNode(repNodeId);
        if (storageNode == null) {
            this.logger.info("Unable to resolve RepNode-allocated token - RepNode with id " + repNodeId);
            return null;
        }
        Subject validateLoginToken = RegistryUtils.getRepNodeLogin(this.storeName, storageNode.getHostname(), storageNode.getRegistryPort(), repNodeId, this.loginMgr).validateLoginToken(loginToken);
        if (validateLoginToken == null) {
            this.logger.fine("resolveRNToken: token not valid");
        } else {
            this.logger.fine("resolveRNToken: token is valid");
        }
        return validateLoginToken;
    }

    private Subject resolveSNAToken(LoginToken loginToken) throws NotBoundException, RemoteException, SessionAccessException {
        String str = this.hostname;
        int i = this.registryPort;
        ResourceId allocator = loginToken.getSessionId().getAllocator();
        if (!$assertionsDisabled && allocator.getType() != ResourceId.ResourceType.STORAGE_NODE) {
            throw new AssertionError();
        }
        StorageNodeId storageNodeId = (StorageNodeId) allocator;
        if (this.topoResolver != null && loginToken.getSessionId().getIdValueScope() == SessionId.IdScope.STORE) {
            TopologyResolver.SNInfo storageNode = this.topoResolver.getStorageNode(storageNodeId);
            if (storageNode == null) {
                this.logger.info("resolveSNAToken: unable to resolve snid " + storageNodeId + ". Will try as local.");
            } else {
                String hostname = storageNode.getHostname();
                int registryPort = storageNode.getRegistryPort();
                if (!this.hostname.equals(hostname) || this.registryPort != registryPort) {
                    str = hostname;
                    i = registryPort;
                    this.logger.fine("resolveSNAToken: using allocatorHost = " + hostname + ", allocatorPort = " + registryPort);
                }
            }
        }
        Subject validateLoginToken = RegistryUtils.getStorageNodeAgentLogin(str, i).validateLoginToken(loginToken);
        if (validateLoginToken == null) {
            this.logger.fine("resolveSNAToken: token not valid");
        } else {
            this.logger.fine("resolveSNAToken: token is valid");
        }
        return validateLoginToken;
    }

    static {
        $assertionsDisabled = !TokenResolverImpl.class.desiredAssertionStatus();
    }
}
