package org.zowe.commons.zos.security.service;

import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.annotation.Profile;
import org.springframework.stereotype.Service;
import org.zowe.commons.zos.CommonsNativeLibraries;
import org.zowe.commons.zos.security.jni.Secur;
import org.zowe.commons.zos.security.platform.PlatformErrno2;
import org.zowe.commons.zos.security.platform.PlatformThread;
import org.zowe.commons.zos.security.platform.PlatformTlsErrno;
import org.zowe.commons.zos.security.platform.SafPlatformAccessControl;
import org.zowe.commons.zos.security.platform.SafPlatformClassFactory;
import org.zowe.commons.zos.security.platform.SafPlatformThread;

@Profile({"zos"})
@Service("platformSecurityService")
/* loaded from: input_file:org/zowe/commons/zos/security/service/ZosJniPlatformSecurityService.class */
public class ZosJniPlatformSecurityService extends AccessControlService implements PlatformSecurityService, InitializingBean {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(ZosJniPlatformSecurityService.class);
    private static final int CREATE_THREAD_SECURITY_CONTEXT = 0;
    private static final int REMOVE_THREAD_SECURITY_CONTEXT = 1;
    private final Secur secur = new Secur();
    private final PlatformThread safPlatformThread = new SafPlatformThread();

    @Override // org.zowe.commons.zos.security.service.PlatformSecurityService
    public void createThreadSecurityContext(String str, String str2, String str3) {
        checkErrno("create thread-level security environment", this.secur.createSecurityEnvironment(str, str2, str3), CREATE_THREAD_SECURITY_CONTEXT);
    }

    private void checkErrno(String str, int i, int i2) {
        if (i != 0) {
            PlatformTlsErrno valueOfErrno = PlatformTlsErrno.valueOfErrno(i);
            int lastErrno2 = this.secur.getLastErrno2();
            PlatformErrno2 valueOfErrno2 = PlatformErrno2.valueOfErrno(lastErrno2);
            String str2 = valueOfErrno != null ? valueOfErrno.shortErrorName + " " + valueOfErrno.explanation : "unknown reason";
            if (valueOfErrno2 != null) {
                str2 = str2 + ". " + valueOfErrno2.format();
            }
            log.error("Platform security action to {} has failed: {}; errno={}; errno2={}", new Object[]{str, str2, Integer.valueOf(i), String.format("%08x", Integer.valueOf(lastErrno2))});
            if (PlatformErrno2.JRNoChangeIdentity.equals(valueOfErrno2)) {
                log.error("The server user ID does not have authority to change the thread-level security. UPDATE access to BPX.SERVER in the facility resource class is required, or READ access if the user ID is superuser");
            }
            throw new SecurityRequestFailed(CommonsNativeLibraries.SECUR_LIBRARY_NAME, i2, i);
        }
    }

    @Override // org.zowe.commons.zos.security.service.PlatformSecurityService
    public void createThreadSecurityContextByDaemon(String str, String str2) {
        checkErrno("create thread-level security environment without password", this.secur.createSecurityEnvironmentByDaemon(str, str2), CREATE_THREAD_SECURITY_CONTEXT);
    }

    @Override // org.zowe.commons.zos.security.service.PlatformSecurityService
    public String getCurrentThreadUserId() {
        return this.safPlatformThread.getUserName();
    }

    @Override // org.zowe.commons.zos.security.service.PlatformSecurityService
    public void removeThreadSecurityContext() {
        checkErrno("remove thread-level security environment", this.secur.removeSecurityEnvironment(), REMOVE_THREAD_SECURITY_CONTEXT);
    }

    public void afterPropertiesSet() throws Exception {
        this.platformAccessControl = new SafPlatformAccessControl(new SafPlatformClassFactory());
    }
}
