package org.alfresco.filesys.server.auth;

import java.util.HashMap;
import org.alfresco.config.ConfigElement;
import org.alfresco.filesys.server.SrvSession;
import org.alfresco.filesys.server.config.InvalidConfigurationException;
import org.alfresco.filesys.server.config.ServerConfiguration;
import org.alfresco.filesys.server.oncrpc.AuthType;
import org.alfresco.filesys.server.oncrpc.RpcAuthenticationException;
import org.alfresco.filesys.server.oncrpc.RpcAuthenticator;
import org.alfresco.filesys.server.oncrpc.RpcPacket;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.service.transaction.TransactionService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:org/alfresco/filesys/server/auth/AlfrescoRpcAuthenticator.class */
public class AlfrescoRpcAuthenticator implements RpcAuthenticator {
    private static final Log logger = LogFactory.getLog("org.alfresco.nfs.protocol.auth");
    private int[] _authTypes = {1};
    private HashMap<Integer, String> m_idMap;
    private AuthenticationComponent m_authComponent;
    private TransactionService m_transService;

    @Override // org.alfresco.filesys.server.oncrpc.RpcAuthenticator
    public Object authenticateRpcClient(int i, RpcPacket rpcPacket) throws RpcAuthenticationException {
        Object obj = null;
        if (i == 1) {
            rpcPacket.positionAtCredentialsData();
            rpcPacket.skipBytes(4);
            rpcPacket.skipBytes(rpcPacket.unpackInt());
            int unpackInt = rpcPacket.unpackInt();
            int unpackInt2 = rpcPacket.unpackInt();
            if (logger.isDebugEnabled()) {
                logger.debug("RpcAuth: Type=Unix uid=" + unpackInt2 + ", gid=" + unpackInt);
            }
            if (this.m_idMap.get(new Integer((unpackInt << 16) + unpackInt2)) == null) {
                throw new RpcAuthenticationException(13);
            }
            obj = new Long((rpcPacket.getClientAddress().hashCode() << 32) + (unpackInt << 16) + unpackInt2);
        } else if (i == 0) {
            obj = new Integer(rpcPacket.getClientAddress().hashCode());
            if (logger.isDebugEnabled()) {
                logger.debug("RpcAuth: Type=Null client=" + rpcPacket.getClientAddress());
            }
        }
        if (obj == null) {
            throw new RpcAuthenticationException(1, "Unsupported auth type, " + i);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("RpcAuth: RPC from " + rpcPacket.getClientDetails() + ", authType=" + AuthType.getTypeAsString(i) + ", sessKey=" + obj);
        }
        return obj;
    }

    @Override // org.alfresco.filesys.server.oncrpc.RpcAuthenticator
    public int[] getRpcAuthenticationTypes() {
        return this._authTypes;
    }

    @Override // org.alfresco.filesys.server.oncrpc.RpcAuthenticator
    public ClientInfo getRpcClientInformation(Object obj, RpcPacket rpcPacket) {
        ClientInfo clientInfo = null;
        int credentialsType = rpcPacket.getCredentialsType();
        if (credentialsType == 1) {
            rpcPacket.positionAtCredentialsData();
            rpcPacket.skipBytes(4);
            String unpackString = rpcPacket.unpackString();
            int unpackInt = rpcPacket.unpackInt();
            int unpackInt2 = rpcPacket.unpackInt();
            int unpackInt3 = rpcPacket.unpackInt();
            int[] iArr = null;
            if (unpackInt3 > 0) {
                iArr = new int[unpackInt3];
                rpcPacket.unpackIntArray(iArr);
            }
            String str = this.m_idMap.get(new Integer((unpackInt2 << 16) + unpackInt));
            if (logger.isDebugEnabled()) {
                logger.debug("RpcClientInfo: username=" + str + ", uid=" + unpackInt + ", gid=" + unpackInt2);
            }
            if (str != null) {
                clientInfo = new ClientInfo(str, null);
                clientInfo.setNFSAuthenticationType(credentialsType);
                clientInfo.setClientAddress(unpackString);
                clientInfo.setUid(unpackInt);
                clientInfo.setGid(unpackInt2);
                clientInfo.setGroupsList(iArr);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("RpcAuth: Client info, type=" + AuthType.getTypeAsString(credentialsType) + ", name=" + unpackString + ", uid=" + unpackInt + ", gid=" + unpackInt2 + ", groups=" + unpackInt3);
            }
        } else if (credentialsType == 0) {
            clientInfo = new ClientInfo("", null);
            clientInfo.setClientAddress(rpcPacket.getClientAddress().getHostAddress());
            if (logger.isDebugEnabled()) {
                logger.debug("RpcAuth: Client info, type=" + AuthType.getTypeAsString(credentialsType) + ", addr=" + rpcPacket.getClientAddress().getHostAddress());
            }
        }
        return clientInfo;
    }

    @Override // org.alfresco.filesys.server.oncrpc.RpcAuthenticator
    public void setCurrentUser(SrvSession srvSession, ClientInfo clientInfo) {
        srvSession.beginReadTransaction(this.m_transService);
        if (clientInfo == null || clientInfo.isNullSession()) {
            this.m_authComponent.clearCurrentSecurityContext();
            return;
        }
        if (clientInfo.isGuest()) {
            this.m_authComponent.setGuestUserAsCurrentUser();
        } else if (clientInfo.hasAuthenticationToken()) {
            this.m_authComponent.setCurrentAuthentication(clientInfo.getAuthenticationToken());
        } else {
            this.m_authComponent.setCurrentUser(clientInfo.getUserName());
            clientInfo.setAuthenticationToken(this.m_authComponent.getCurrentAuthentication());
        }
    }

    @Override // org.alfresco.filesys.server.oncrpc.RpcAuthenticator
    public void initialize(ServerConfiguration serverConfiguration, ConfigElement configElement) throws InvalidConfigurationException {
        this.m_authComponent = serverConfiguration.getAuthenticationComponent();
        this.m_transService = serverConfiguration.getTransactionService();
        ConfigElement child = configElement.getChild("userMappings");
        if (child != null) {
            this.m_idMap = new HashMap<>();
            for (ConfigElement configElement2 : child.getChildren()) {
                if (!configElement2.getName().equalsIgnoreCase("user")) {
                    throw new InvalidConfigurationException("Invalid user mapping, " + configElement2.getName());
                }
                String attribute = configElement2.getAttribute("name");
                String attribute2 = configElement2.getAttribute("uid");
                String attribute3 = configElement2.getAttribute("gid");
                if (attribute == null || attribute.length() == 0) {
                    throw new InvalidConfigurationException("Empty user name, or name not specified");
                }
                if (attribute2 == null || attribute2.length() == 0) {
                    throw new InvalidConfigurationException("Invalid uid, or uid not specified, for user " + attribute);
                }
                if (attribute3 == null || attribute3.length() == 0) {
                    throw new InvalidConfigurationException("Invalid gid, or gid not specified, for user " + attribute);
                }
                try {
                    int parseInt = Integer.parseInt(attribute2);
                    try {
                        int parseInt2 = Integer.parseInt(attribute3);
                        Integer num = new Integer((parseInt2 << 16) + parseInt);
                        if (!this.m_idMap.containsKey(num)) {
                            this.m_idMap.put(num, attribute);
                            if (logger.isDebugEnabled()) {
                                logger.debug("Added RPC user mapping for user " + attribute + " uid=" + parseInt + ", gid=" + parseInt2);
                            }
                        } else if (logger.isDebugEnabled()) {
                            logger.debug("Ignored duplicate mapping for uid=" + parseInt + ", gid=" + parseInt2);
                        }
                    } catch (NumberFormatException e) {
                        throw new InvalidConfigurationException("Invalid gid value, " + attribute3 + " for user " + attribute);
                    }
                } catch (NumberFormatException e2) {
                    throw new InvalidConfigurationException("Invalid uid value, " + attribute2 + " for user " + attribute);
                }
            }
        }
        if (this.m_idMap == null || this.m_idMap.size() == 0) {
            throw new InvalidConfigurationException("No user mappings for RPC authenticator");
        }
    }
}
