package org.openstack4j.openstack.internal;

import org.openstack4j.api.OSClient;
import org.openstack4j.api.client.CloudProvider;
import org.openstack4j.api.types.Facing;
import org.openstack4j.core.transport.ClientConstants;
import org.openstack4j.core.transport.Config;
import org.openstack4j.core.transport.HttpEntityHandler;
import org.openstack4j.core.transport.HttpExceptionHandler;
import org.openstack4j.core.transport.HttpMethod;
import org.openstack4j.core.transport.HttpRequest;
import org.openstack4j.core.transport.HttpResponse;
import org.openstack4j.core.transport.internal.HttpExecutor;
import org.openstack4j.model.identity.AuthStore;
import org.openstack4j.model.identity.AuthVersion;
import org.openstack4j.openstack.common.Auth;
import org.openstack4j.openstack.identity.domain.Auth;
import org.openstack4j.openstack.identity.domain.Credentials;
import org.openstack4j.openstack.identity.domain.KeystoneAccess;
import org.openstack4j.openstack.identity.domain.RaxApiKeyCredentials;
import org.openstack4j.openstack.identity.domain.TokenAuth;
import org.openstack4j.openstack.identity.domain.v3.AccessWrapper;
import org.openstack4j.openstack.identity.domain.v3.KeystoneAuth;
import org.openstack4j.openstack.identity.domain.v3.KeystoneToken;
import org.openstack4j.openstack.logging.Logger;
import org.openstack4j.openstack.logging.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/openstack4j-core-2.0.9.jar:org/openstack4j/openstack/internal/OSAuthenticator.class */
public class OSAuthenticator {
    private static final String TOKEN_INDICATOR = "Tokens";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) OSAuthenticator.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/openstack4j-core-2.0.9.jar:org/openstack4j/openstack/internal/OSAuthenticator$SessionInfo.class */
    public static class SessionInfo {
        String endpoint;
        Facing perspective;
        boolean reLinkToExistingSession;
        CloudProvider provider;

        SessionInfo(String str, Facing facing, boolean z, CloudProvider cloudProvider) {
            this.endpoint = str;
            this.perspective = facing;
            this.reLinkToExistingSession = z;
            this.provider = cloudProvider;
        }
    }

    public static OSClient invoke(AuthStore authStore, String str, Facing facing, Config config, CloudProvider cloudProvider) {
        SessionInfo sessionInfo = new SessionInfo(str, facing, false, cloudProvider);
        return authStore.getVersion() == AuthVersion.V2 ? authenticateV2((Auth) authStore.unwrap(), sessionInfo, config) : authenticateV3((KeystoneAuth) authStore.unwrap(), sessionInfo, config);
    }

    public static OSClient invoke(TokenAuth tokenAuth, String str, Facing facing, Config config, CloudProvider cloudProvider) {
        return authenticateV2(tokenAuth, new SessionInfo(str, facing, false, cloudProvider), config);
    }

    public static OSClient invoke(KeystoneAuth keystoneAuth, String str, Facing facing, Config config, CloudProvider cloudProvider) {
        return authenticateV3(keystoneAuth, new SessionInfo(str, facing, false, cloudProvider), config);
    }

    public static void reAuthenticate() {
        LOG.debug("Re-Authenticating session due to expired Token or invalid response", new Object[0]);
        OSClientSession current = OSClientSession.getCurrent();
        switch (current.getAccess().getVersion()) {
            case V3:
                KeystoneToken keystoneToken = (KeystoneToken) current.getAccess().unwrap();
                authenticateV3((KeystoneAuth) keystoneToken.getCredentials().unwrap(), new SessionInfo(keystoneToken.getEndpoint(), current.getPerspective(), true, current.getProvider()), current.getConfig());
                return;
            case V2:
            default:
                KeystoneAccess keystoneAccess = (KeystoneAccess) current.getAccess().unwrap();
                authenticateV2((Auth) ((org.openstack4j.openstack.common.Auth) (keystoneAccess.isCredentialType() ? keystoneAccess.getCredentials().unwrap() : keystoneAccess.getTokenAuth())), new SessionInfo(keystoneAccess.getEndpoint(), current.getPerspective(), true, current.getProvider()), current.getConfig());
                return;
        }
    }

    private static OSClient authenticateV2(Auth auth, SessionInfo sessionInfo, Config config) {
        HttpResponse execute = HttpExecutor.create().execute(HttpRequest.builder(KeystoneAccess.class).header(ClientConstants.HEADER_OS4J_AUTH, TOKEN_INDICATOR).endpoint(sessionInfo.endpoint).method(HttpMethod.POST).path("/tokens").config(config).entity(auth).build());
        if (execute.getStatus() >= 400) {
            try {
                throw HttpExceptionHandler.mapException(execute.getStatusMessage(), execute.getStatus());
            } catch (Throwable th) {
                HttpEntityHandler.closeQuietly(execute);
                throw th;
            }
        }
        KeystoneAccess keystoneAccess = (KeystoneAccess) execute.getEntity(KeystoneAccess.class);
        KeystoneAccess applyContext = auth.getType() == Auth.Type.CREDENTIALS ? keystoneAccess.applyContext(sessionInfo.endpoint, (Credentials) auth) : auth.getType() == Auth.Type.RAX_APIKEY ? keystoneAccess.applyContext(sessionInfo.endpoint, (RaxApiKeyCredentials) auth) : keystoneAccess.applyContext(sessionInfo.endpoint, (TokenAuth) auth);
        if (!sessionInfo.reLinkToExistingSession) {
            return OSClientSession.createSession(applyContext, sessionInfo.perspective, sessionInfo.provider, config);
        }
        OSClientSession current = OSClientSession.getCurrent();
        current.access = applyContext;
        return current;
    }

    private static OSClient authenticateV3(KeystoneAuth keystoneAuth, SessionInfo sessionInfo, Config config) {
        HttpResponse execute = HttpExecutor.create().execute(HttpRequest.builder(KeystoneToken.class).header(ClientConstants.HEADER_OS4J_AUTH, TOKEN_INDICATOR).endpoint(sessionInfo.endpoint).method(HttpMethod.POST).path("/auth/tokens").config(config).entity(keystoneAuth).build());
        if (execute.getStatus() >= 400) {
            try {
                throw HttpExceptionHandler.mapException(execute.getStatusMessage(), execute.getStatus());
            } catch (Throwable th) {
                HttpEntityHandler.closeQuietly(execute);
                throw th;
            }
        }
        KeystoneToken keystoneToken = (KeystoneToken) execute.getEntity(KeystoneToken.class);
        AccessWrapper wrap = AccessWrapper.wrap(keystoneToken);
        wrap.setId(execute.header(ClientConstants.HEADER_X_SUBJECT_TOKEN));
        if (keystoneAuth.getType() == Auth.Type.CREDENTIALS) {
            keystoneToken.applyContext(sessionInfo.endpoint, new org.openstack4j.openstack.identity.domain.v3.Credentials(keystoneAuth.getUsername(), keystoneAuth.getPassword()));
        } else if (keystoneToken.getProject() != null) {
            keystoneToken.applyContext(sessionInfo.endpoint, new TokenAuth(wrap.getToken().getId(), keystoneAuth.getScope().getProject().getName(), keystoneAuth.getScope().getProject().getId()));
        } else {
            if (keystoneToken.getDomain() == null) {
                throw new UnsupportedOperationException("Unscoped authentication not yet supported");
            }
            keystoneToken.applyContext(sessionInfo.endpoint, new TokenAuth(wrap.getToken().getId(), keystoneAuth.getScope().getDomain().getName(), keystoneAuth.getScope().getDomain().getId()));
        }
        if (!sessionInfo.reLinkToExistingSession) {
            return OSClientSession.createSession(wrap, sessionInfo.perspective, sessionInfo.provider, config);
        }
        OSClientSession current = OSClientSession.getCurrent();
        current.access = wrap;
        return current;
    }
}
