package org.irods.jargon.core.connection;

import javax.net.ssl.SSLSocket;
import org.irods.jargon.core.connection.AbstractConnection;
import org.irods.jargon.core.connection.auth.AuthResponse;
import org.irods.jargon.core.exception.AuthenticationException;
import org.irods.jargon.core.exception.JargonException;
import org.irods.jargon.core.packinstr.AuthReqPluginRequestInp;
import org.irods.jargon.core.packinstr.PamAuthRequestInp;
import org.irods.jargon.core.packinstr.Tag;
import org.irods.jargon.core.utils.MiscIRODSUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/jargon-core-4.3.2.5-RELEASE.jar:org/irods/jargon/core/connection/PAMAuth.class */
public class PAMAuth extends AuthMechanism {
    private boolean needToWrapWithSsl = false;
    public static final Logger log = LoggerFactory.getLogger((Class<?>) PAMAuth.class);

    @Override // org.irods.jargon.core.connection.AuthMechanism
    protected IRODSMidLevelProtocol processAuthenticationAfterStartup(IRODSAccount iRODSAccount, IRODSMidLevelProtocol iRODSMidLevelProtocol, StartupResponseData startupResponseData) throws AuthenticationException, JargonException {
        IRODSMidLevelProtocol iRODSMidLevelProtocol2;
        Tag irodsFunction;
        log.debug("processAuthenticationAfterStartup()");
        this.needToWrapWithSsl = iRODSMidLevelProtocol.getIrodsConnection().getEncryptionType() == AbstractConnection.EncryptionType.NONE;
        if (this.needToWrapWithSsl) {
            log.debug("will wrap commands with ssl");
            iRODSMidLevelProtocol2 = establishSecureConnectionForPamAuth(iRODSAccount, iRODSMidLevelProtocol);
        } else {
            log.debug("no need to SSL tunnel for PAM");
            iRODSMidLevelProtocol2 = iRODSMidLevelProtocol;
        }
        int pAMTimeToLive = iRODSMidLevelProtocol2.getIrodsSession().getJargonProperties().getPAMTimeToLive();
        if (startupResponseData.checkIs410OrLater()) {
            log.info("using pluggable pam auth request");
            irodsFunction = iRODSMidLevelProtocol2.irodsFunction(AuthReqPluginRequestInp.instancePam(iRODSAccount.getUserName(), MiscIRODSUtils.escapePasswordChars(iRODSAccount.getPassword()), pAMTimeToLive, startupResponseData));
        } else {
            log.info("using normal irods pam auth request");
            irodsFunction = iRODSMidLevelProtocol2.irodsFunction(PamAuthRequestInp.instance(iRODSAccount.getUserName(), iRODSAccount.getPassword(), pAMTimeToLive));
        }
        if (irodsFunction == null) {
            throw new JargonException("null response from pamAuthRequest");
        }
        String stringValue = startupResponseData.checkIs410OrLater() ? irodsFunction.getTag("result_").getStringValue() : irodsFunction.getTag("irodsPamPassword").getStringValue();
        if (stringValue == null || stringValue.isEmpty()) {
            throw new AuthenticationException("unable to retrieve the temp password resulting from the pam auth response");
        }
        log.info("have the temporary password to use to log in via pam\nsending sslEnd...");
        shutdownSslAndCloseConnection(iRODSMidLevelProtocol2);
        AuthResponse authResponse = new AuthResponse();
        IRODSAccount iRODSAccount2 = new IRODSAccount(iRODSAccount.getHost(), iRODSAccount.getPort(), iRODSAccount.getUserName(), stringValue, iRODSAccount.getHomeDirectory(), iRODSAccount.getZone(), iRODSAccount.getDefaultStorageResource());
        iRODSAccount2.setAuthenticationScheme(AuthScheme.STANDARD);
        log.info("derived and logging in with temporary password from a new agent:{}", iRODSAccount2);
        authResponse.setAuthenticatingIRODSAccount(iRODSAccount);
        authResponse.setAuthenticatedIRODSAccount(iRODSAccount2);
        authResponse.setStartupResponse(startupResponseData);
        authResponse.setSuccessful(true);
        iRODSMidLevelProtocol2.setAuthResponse(authResponse);
        return iRODSMidLevelProtocol2;
    }

    private void shutdownSslAndCloseConnection(IRODSMidLevelProtocol iRODSMidLevelProtocol) throws JargonException {
        iRODSMidLevelProtocol.shutdown();
    }

    private IRODSMidLevelProtocol establishSecureConnectionForPamAuth(IRODSAccount iRODSAccount, IRODSMidLevelProtocol iRODSMidLevelProtocol) throws JargonException, AssertionError {
        if (iRODSMidLevelProtocol.getIrodsConnection().getEncryptionType() == AbstractConnection.EncryptionType.SSL_WRAPPED) {
            log.info("already ssl enabled");
            return iRODSMidLevelProtocol;
        }
        log.info("not ssl wrapped, use an SSL connection for the pam auth");
        SSLSocket createSslSocketForProtocol = iRODSMidLevelProtocol.getIrodsSession().instanceSslConnectionUtilities().createSslSocketForProtocol(iRODSAccount, iRODSMidLevelProtocol, true);
        log.info("creating secure protcol connection layer");
        IRODSMidLevelProtocol iRODSMidLevelProtocol2 = new IRODSMidLevelProtocol(new IRODSBasicTCPConnection(iRODSAccount, iRODSMidLevelProtocol.getPipelineConfiguration(), iRODSMidLevelProtocol.getIrodsProtocolManager(), createSslSocketForProtocol, iRODSMidLevelProtocol.getIrodsSession()), iRODSMidLevelProtocol.getIrodsProtocolManager());
        iRODSMidLevelProtocol2.setIrodsConnectionNonEncryptedRef(iRODSMidLevelProtocol.getIrodsConnection());
        log.info("carrying over startup pack with server info");
        iRODSMidLevelProtocol2.setStartupResponseData(iRODSMidLevelProtocol.getStartupResponseData());
        log.debug("created secureIRODSCommands wrapped around an SSL socket\nSending PamAuthRequest...");
        return iRODSMidLevelProtocol2;
    }

    @Override // org.irods.jargon.core.connection.AuthMechanism
    protected IRODSMidLevelProtocol processAfterAuthentication(IRODSMidLevelProtocol iRODSMidLevelProtocol, StartupResponseData startupResponseData) throws AuthenticationException, JargonException {
        AuthResponse authResponse = iRODSMidLevelProtocol.getAuthResponse();
        IRODSMidLevelProtocol instance = iRODSMidLevelProtocol.getIrodsProtocolManager().getIrodsMidLevelProtocolFactory().instance(iRODSMidLevelProtocol.getIrodsSession(), iRODSMidLevelProtocol.getAuthResponse().getAuthenticatedIRODSAccount(), iRODSMidLevelProtocol.getIrodsProtocolManager());
        instance.setAuthResponse(authResponse);
        return instance;
    }
}
