package org.opensciencegrid.authz.client;

import java.io.File;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import javax.xml.rpc.ServiceException;
import org.apache.log4j.Category;
import org.glite.security.voms.VOMSAttribute;
import org.glite.security.voms.VOMSValidator;
import org.globus.gsi.gssapi.GSSConstants;
import org.gridforum.jgss.ExtendedGSSContext;
import org.opensaml.SAMLSubject;
import org.opensciencegrid.authz.common.LocalId;
import org.opensciencegrid.authz.service.StorageAuthorizationServiceImpl;

/* loaded from: input_file:org/opensciencegrid/authz/client/PRIMAAuthzModule.class */
public class PRIMAAuthzModule extends SAMLAuthZClientBase {
    private URL serviceLocation;
    private String requestedServiceName = "";
    private String gssIdentity;
    private String fqanValue;
    static Category log;
    static Class class$org$opensciencegrid$authz$client$GRIDIdentityMappingServiceClient;

    public PRIMAAuthzModule(URL url) throws ServiceException {
        this.serviceLocation = url;
    }

    public void setRequestedServiceName(String str) {
        this.requestedServiceName = str;
    }

    public LocalId mapCredentials(String str, String str2, String str3, String str4) throws Exception {
        this.requestedServiceName = str3;
        this.gssIdentity = str;
        this.fqanValue = str2;
        SAMLSubject sAMLSubjectFromString = getSAMLSubjectFromString(this.gssIdentity);
        ArrayList arrayList = null;
        if (str4 == null && this.fqanValue != null && this.fqanValue.length() != 0) {
            arrayList = createFQANEvidenceFromString(sAMLSubjectFromString, this.gssIdentity, this.fqanValue);
        } else if (this.gssIdentity != null && this.gssIdentity.length() != 0 && str4 != null && str4.length() != 0) {
            arrayList = createFQANEvidenceFromString(sAMLSubjectFromString, this.gssIdentity, str4);
        }
        if (arrayList == null) {
            arrayList = new ArrayList();
        }
        return mapCredentials(sAMLSubjectFromString, arrayList);
    }

    public LocalId mapCredentials(ExtendedGSSContext extendedGSSContext, String str, String str2) throws Exception {
        VOMSValidator vOMSValidator = new VOMSValidator((X509Certificate[]) extendedGSSContext.inquireByOid(GSSConstants.X509_CERT_CHAIN));
        vOMSValidator.parse();
        Iterator it = vOMSValidator.getVOMSAttributes().iterator();
        if (it.hasNext()) {
            VOMSAttribute vOMSAttribute = (VOMSAttribute) it.next();
            log.debug(new StringBuffer().append("VOMS Server is '").append(vOMSAttribute.getAC().getIssuer().toString()).append("'").toString());
            Iterator it2 = vOMSAttribute.getFullyQualifiedAttributes().iterator();
            if (it2.hasNext()) {
                this.fqanValue = (String) it2.next();
                log.debug(new StringBuffer().append("FQAN is '").append(this.fqanValue).append("'").toString());
            } else {
                log.error("No FQAN found");
            }
        } else {
            log.error("No attribute found");
        }
        this.requestedServiceName = extendedGSSContext.getTargName().toString();
        this.gssIdentity = extendedGSSContext.getSrcName().toString();
        return mapCredentials(this.gssIdentity, this.fqanValue, str, str2);
    }

    public LocalId mapCredentials(File file, String str, String str2) throws Exception {
        return null;
    }

    public LocalId mapCredentials(String str, String str2, String str3) throws Exception {
        this.requestedServiceName = str2;
        SAMLSubject sAMLSubjectFromString = getSAMLSubjectFromString(str);
        return mapCredentials(sAMLSubjectFromString, (str == null || str.length() == 0 || str3 == null || str3.length() == 0) ? new ArrayList() : createFQANEvidenceFromString(sAMLSubjectFromString, str, str3));
    }

    private LocalId mapCredentials(String str) throws Exception {
        log.debug(new StringBuffer().append("dir ").append(System.getProperty("voms.cert.dir")).toString());
        String str2 = null;
        String str3 = null;
        log.debug(new StringBuffer().append("gssIdentity --------->").append(this.gssIdentity).toString());
        SAMLSubject sAMLSubjectFromString = getSAMLSubjectFromString(this.gssIdentity);
        ArrayList arrayList = null;
        if (str == null && 0 != 0 && str2.length() != 0 && 0 != 0 && str3.length() != 0) {
            arrayList = createFQANEvidenceFromString(sAMLSubjectFromString, null, null);
        } else if (this.gssIdentity != null && this.gssIdentity.length() != 0 && str != null && str.length() != 0) {
            arrayList = createFQANEvidenceFromString(sAMLSubjectFromString, this.gssIdentity, str);
        }
        if (arrayList == null) {
            arrayList = new ArrayList();
        }
        return mapCredentials(sAMLSubjectFromString, arrayList);
    }

    private LocalId mapCredentials(SAMLSubject sAMLSubject, ArrayList arrayList) throws Exception {
        return new StorageAuthorizationServiceImpl().authorize_local_id(sAMLSubject, this.requestedServiceName, createMappingActions().iterator(), arrayList.iterator(), this.serviceLocation);
    }

    public static void main(String[] strArr) {
        try {
            if (strArr.length < 3) {
                System.out.println(" Usage java org.opensciencegrid.authz.client.PRIMAAuthzModule <serviceLocation> <proxyFile> <requestedServiceName> [desiredIdentity]");
                System.exit(0);
            }
            PRIMAAuthzModule pRIMAAuthzModule = new PRIMAAuthzModule(new URL(strArr[0]));
            pRIMAAuthzModule.setRequestedServiceName(strArr[2]);
            LocalId mapCredentials = strArr.length == 4 ? pRIMAAuthzModule.mapCredentials(strArr[1], "", strArr[3]) : pRIMAAuthzModule.mapCredentials(strArr[1], "", (String) null);
            if (mapCredentials != null) {
                System.out.println("Access may be granted with the following local identity qualifications:");
                System.out.println(new StringBuffer().append("user name:                ").append(mapCredentials.getUserName()).toString());
                System.out.println(new StringBuffer().append("primary group name:       ").append(mapCredentials.getGroupName()).toString());
                System.out.println(new StringBuffer().append("supplemental group names: ").append(mapCredentials.getSupplementalGroupNames()).toString());
                System.out.println(new StringBuffer().append("root directory:           ").append(mapCredentials.getRootPath()).toString());
                System.out.println(new StringBuffer().append("relative home directory:  ").append(mapCredentials.getRelativeHomePath()).toString());
                System.out.println(new StringBuffer().append("FS root directory:        ").append(mapCredentials.getFSRootPath()).toString());
                System.out.println(new StringBuffer().append("UID:  ").append(mapCredentials.getUID()).toString());
                System.out.println(new StringBuffer().append("GID:  ").append(mapCredentials.getGID()).toString());
                System.out.println(new StringBuffer().append("Priority:  ").append(mapCredentials.getPriority()).toString());
                System.out.println(new StringBuffer().append("ReadOnly:  ").append(mapCredentials.getReadOnlyFlag()).toString());
            } else {
                System.out.println("Not authorized - no mapping could be retrieved");
            }
        } catch (Exception e) {
            System.out.println(e);
            e.printStackTrace();
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$opensciencegrid$authz$client$GRIDIdentityMappingServiceClient == null) {
            cls = class$("org.opensciencegrid.authz.client.GRIDIdentityMappingServiceClient");
            class$org$opensciencegrid$authz$client$GRIDIdentityMappingServiceClient = cls;
        } else {
            cls = class$org$opensciencegrid$authz$client$GRIDIdentityMappingServiceClient;
        }
        log = Category.getInstance(cls.getName());
    }
}
