package org.xtreemfs.common.auth;

import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import org.xtreemfs.foundation.logging.Logging;
import org.xtreemfs.foundation.pbrpc.channels.ChannelIO;
import org.xtreemfs.foundation.pbrpc.generatedinterfaces.RPC;

/* loaded from: input_file:org/xtreemfs/common/auth/FederationIdX509AuthProvider.class */
public class FederationIdX509AuthProvider implements AuthenticationProvider {
    private static final String USER_ID = "CN";
    private static final String GROUP_ID = "O";

    @Override // org.xtreemfs.common.auth.AuthenticationProvider
    public UserCredentials getEffectiveCredentials(RPC.UserCredentials userCredentials, ChannelIO channelIO) throws AuthenticationException {
        if (channelIO.getAttachment() != null) {
            if (Logging.isDebug()) {
                Logging.logMessage(7, Logging.Category.auth, this, "using attachment...", new Object[0]);
            }
            UserCredentials userCredentials2 = (UserCredentials) channelIO.getAttachment();
            if (Logging.isDebug()) {
                Logging.logMessage(7, Logging.Category.auth, this, "using cached creds: " + userCredentials2, new Object[0]);
            }
            return userCredentials2;
        }
        try {
            Certificate[] certs = channelIO.getCerts();
            if (certs.length <= 0) {
                throw new AuthenticationException("no X.509-certificates present");
            }
            X509Certificate x509Certificate = (X509Certificate) certs[0];
            String name = x509Certificate.getSubjectX500Principal().getName();
            List<String> namedElements = getNamedElements(x509Certificate.getSubjectX500Principal().getName(), USER_ID);
            String next = !namedElements.isEmpty() ? namedElements.iterator().next() : name;
            List<String> namedElements2 = getNamedElements(x509Certificate.getSubjectX500Principal().getName(), GROUP_ID);
            if (namedElements2.isEmpty()) {
                namedElements2.add(name);
            }
            if (Logging.isDebug()) {
                Logging.logMessage(7, Logging.Category.auth, this, "X.509-User cert present: %s, %s", next, namedElements2);
            }
            UserCredentials userCredentials3 = new UserCredentials(next, namedElements2, false);
            channelIO.setAttachment(userCredentials3);
            return userCredentials3;
        } catch (Exception e) {
            Logging.logUserError(3, Logging.Category.auth, this, e);
            throw new AuthenticationException("invalid credentials " + e);
        }
    }

    private List<String> getNamedElements(String str, String str2) {
        String[] split = str.split(",");
        ArrayList arrayList = new ArrayList();
        for (String str3 : split) {
            String[] split2 = str3.split("=");
            if (split2.length == 2 && split2[0].equals(str2)) {
                arrayList.add(split2[1]);
            }
        }
        return arrayList;
    }

    @Override // org.xtreemfs.common.auth.AuthenticationProvider
    public void initialize(boolean z) throws RuntimeException {
        if (!z) {
            throw new RuntimeException(getClass().getName() + " can only be used if SSL is enabled!");
        }
    }

    public static HashSet<String> readHosts(InputStream inputStream) {
        HashSet<String> hashSet = new HashSet<>();
        if (inputStream == null) {
            Logging.logMessage(4, Logging.Category.auth, FederationIdX509AuthProvider.class, "The list of privileged-certificates does not exist.", new Object[0]);
            return hashSet;
        }
        BufferedReader bufferedReader = null;
        try {
            try {
                bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    readLine.trim();
                    if (readLine != null && !readLine.equals("")) {
                        hashSet.add(readLine);
                        Logging.logMessage(6, Logging.Category.auth, FederationIdX509AuthProvider.class, "Adding service-certificate: " + readLine, new Object[0]);
                    }
                }
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e) {
                    }
                }
            } catch (FileNotFoundException e2) {
                Logging.logMessage(4, Logging.Category.auth, FederationIdX509AuthProvider.class, "The list of privileged-certificates does not exist.", new Object[0]);
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e3) {
                    }
                }
            } catch (IOException e4) {
                Logging.logMessage(4, Logging.Category.auth, FederationIdX509AuthProvider.class, "Could not parse the list of privileged-certificates.", new Object[0]);
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e5) {
                    }
                }
            }
            return hashSet;
        } catch (Throwable th) {
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException e6) {
                    throw th;
                }
            }
            throw th;
        }
    }
}
