package org.xtreemfs.sandbox;

import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import org.xtreemfs.common.auth.AuthenticationException;
import org.xtreemfs.common.auth.AuthenticationProvider;
import org.xtreemfs.common.auth.NullAuthProvider;
import org.xtreemfs.common.auth.UserCredentials;
import org.xtreemfs.foundation.logging.Logging;
import org.xtreemfs.foundation.pbrpc.channels.ChannelIO;
import org.xtreemfs.foundation.pbrpc.generatedinterfaces.RPC;

/* loaded from: input_file:org/xtreemfs/sandbox/LocalX509AuthProvider.class */
public class LocalX509AuthProvider implements AuthenticationProvider {
    private NullAuthProvider nullAuth;
    static final /* synthetic */ boolean $assertionsDisabled;

    static {
        $assertionsDisabled = !LocalX509AuthProvider.class.desiredAssertionStatus();
    }

    @Override // org.xtreemfs.common.auth.AuthenticationProvider
    public UserCredentials getEffectiveCredentials(RPC.UserCredentials userCredentials, ChannelIO channelIO) throws AuthenticationException {
        if (!$assertionsDisabled && this.nullAuth == null) {
            throw new AssertionError();
        }
        if (channelIO.getAttachment() != null) {
            if (Logging.isDebug()) {
                Logging.logMessage(7, Logging.Category.auth, this, "using attachment...", new Object[0]);
            }
            Object[] objArr = (Object[]) channelIO.getAttachment();
            if (((Boolean) objArr[0]).booleanValue()) {
                if (Logging.isDebug()) {
                    Logging.logMessage(7, Logging.Category.auth, this, "service cert...", new Object[0]);
                }
                return this.nullAuth.getEffectiveCredentials(userCredentials, channelIO);
            }
            if (Logging.isDebug()) {
                Logging.logMessage(7, Logging.Category.auth, this, "using cached creds: " + objArr[1], new Object[0]);
            }
            return (UserCredentials) objArr[1];
        }
        try {
            Certificate[] certs = channelIO.getCerts();
            if (certs.length <= 0) {
                throw new AuthenticationException("no X.509-certificates present");
            }
            X509Certificate x509Certificate = (X509Certificate) certs[0];
            x509Certificate.getSubjectX500Principal().getName();
            String nameElement = getNameElement(x509Certificate.getSubjectX500Principal().getName(), "CN");
            if (nameElement.startsWith("host/") || nameElement.startsWith("xtreemfs-service/")) {
                if (Logging.isDebug()) {
                    Logging.logMessage(7, Logging.Category.auth, this, "X.509-host cert present", new Object[0]);
                }
                channelIO.setAttachment(new Object[]{new Boolean(true)});
                return this.nullAuth.getEffectiveCredentials(userCredentials, null);
            }
            String nameElement2 = getNameElement(x509Certificate.getSubjectX500Principal().getName(), "OU");
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(nameElement2);
            if (Logging.isDebug()) {
                Logging.logMessage(7, Logging.Category.auth, this, "X.509-User cert present: %s, %s", nameElement, nameElement2);
            }
            UserCredentials userCredentials2 = new UserCredentials(nameElement, arrayList, nameElement2.contains("xtreemfs-admin"));
            channelIO.setAttachment(new Object[]{new Boolean(false), userCredentials2});
            return userCredentials2;
        } catch (Exception e) {
            Logging.logUserError(3, Logging.Category.auth, this, e);
            throw new AuthenticationException("invalid credentials " + e);
        }
    }

    private String getNameElement(String str, String str2) {
        for (String str3 : str.split(",")) {
            String[] split = str3.split("=");
            if (split.length == 2 && split[0].equals(str2)) {
                return split[1];
            }
        }
        return null;
    }

    @Override // org.xtreemfs.common.auth.AuthenticationProvider
    public void initialize(boolean z) throws RuntimeException {
        if (!z) {
            throw new RuntimeException(String.valueOf(getClass().getName()) + " can only be used if SSL is enabled!");
        }
        this.nullAuth = new NullAuthProvider();
        this.nullAuth.initialize(z);
    }
}
