package org.opensciencegrid.authz.xacml.client;

import eu.emi.security.authn.x509.impl.PEMCredential;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.LinkedHashSet;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.italiangrid.voms.VOMSAttribute;
import org.opensciencegrid.authz.xacml.common.LocalId;
import org.opensciencegrid.authz.xacml.common.X509CertUtil;
import org.opensciencegrid.authz.xacml.common.XACMLConstants;

/* loaded from: input_file:org/opensciencegrid/authz/xacml/client/XACMLX509Test.class */
public class XACMLX509Test {
    private static Log logger = LogFactory.getLog(XACMLX509Test.class.getName());

    public static void main(String[] strArr) {
        PEMCredential pEMCredential = null;
        try {
            pEMCredential = new PEMCredential(getProxyFile(), (char[]) null);
            System.setProperty("X509_PROXY_FILE", getProxyFile());
        } catch (Exception e) {
            logger.error("Caught exception in context creation. " + e.getMessage());
        }
        X509Certificate[] x509CertificateArr = null;
        try {
            x509CertificateArr = pEMCredential.getCertificateChain();
        } catch (Exception e2) {
            logger.error("Could not extract certificate chain from context " + e2.getMessage() + "\n" + e2.getCause());
        }
        String str = null;
        try {
            str = X509CertUtil.getSubjectFromX509Chain(x509CertificateArr, false);
        } catch (Exception e3) {
            logger.error("Could not get subjectname from proxy. " + e3.getMessage());
        }
        logger.info("The subject name is " + str);
        LinkedHashSet<String> linkedHashSet = new LinkedHashSet();
        linkedHashSet.add(null);
        try {
            linkedHashSet.addAll(X509CertUtil.getFQANsFromX509Chain(x509CertificateArr, false));
        } catch (Exception e4) {
        }
        for (String str2 : linkedHashSet) {
            String str3 = null;
            try {
                str3 = authorize(str, str2, x509CertificateArr).getUserName();
            } catch (Exception e5) {
                logger.error("Caught exception in authorization." + e5.getMessage());
            }
            if (str2 == null) {
                str2 = "null";
            }
            if (str3 != null) {
                logger.info("xacml-vo-mapping service returned Username: " + str3 + " for " + str2);
            } else {
                logger.info("xacml-vo-mapping service did not return a username");
            }
        }
    }

    public static LocalId authorize(String str, String str2, X509Certificate[] x509CertificateArr) throws Exception {
        String str3 = null;
        String str4 = null;
        String str5 = null;
        try {
            str3 = X509CertUtil.getSubjectX509Issuer(x509CertificateArr);
        } catch (Exception e) {
            logger.warn("Could not determine subject-x509-issuer : " + e.getMessage());
        }
        VOMSAttribute vOMSAttribute = null;
        if (x509CertificateArr != null && str2 != null) {
            vOMSAttribute = X509CertUtil.getVOMSAttribute(x509CertificateArr, str2);
        }
        if (vOMSAttribute != null) {
            str4 = vOMSAttribute.getVO();
            str5 = X509CertUtil.toGlobusDN(vOMSAttribute.getIssuer().toString());
        }
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ");
        String format = simpleDateFormat.format(X509CertUtil.getLatestNotBefore(x509CertificateArr));
        String format2 = simpleDateFormat.format(X509CertUtil.getEarliestNotAfter(x509CertificateArr));
        try {
            String resourceX509ID = getResourceX509ID();
            try {
                String resourceType = getResourceType();
                try {
                    String resourceHostName = getResourceHostName();
                    try {
                        String targetServiceIssuer = getTargetServiceIssuer();
                        logger.info("Requesting mapping for User with DN: " + str + " and Role " + str2);
                        logger.debug("Mapping Service URL configuration: " + getMappingServiceURL());
                        try {
                            MapCredentialsClient mapCredentialsClient = new MapCredentialsClient();
                            mapCredentialsClient.setX509Subject(str);
                            mapCredentialsClient.setCondorCanonicalNameID(null);
                            mapCredentialsClient.setX509SubjectIssuer(str3);
                            mapCredentialsClient.setVO(str4);
                            mapCredentialsClient.setVOMSSigningSubject(str5);
                            mapCredentialsClient.setVOMSSigningIssuer(null);
                            mapCredentialsClient.setFqan(str2);
                            mapCredentialsClient.setCertificateSerialNumber(null);
                            mapCredentialsClient.setCertificateChainNotBefore(format);
                            mapCredentialsClient.setCertificateChainNotAfter(format2);
                            mapCredentialsClient.setCASerialNumber(null);
                            mapCredentialsClient.setVOMS_DNS_Port(null);
                            mapCredentialsClient.setCertificatePoliciesOIDs(null);
                            mapCredentialsClient.setCertificateChain(null);
                            mapCredentialsClient.setResourceType(resourceType);
                            mapCredentialsClient.setResourceDNSHostName(resourceHostName);
                            mapCredentialsClient.setResourceX509ID(resourceX509ID);
                            mapCredentialsClient.setResourceX509Issuer(targetServiceIssuer);
                            mapCredentialsClient.setRequestedaction(XACMLConstants.ACTION_ACCESS);
                            mapCredentialsClient.setRSL_string(null);
                            try {
                                LocalId mapCredentials = mapCredentialsClient.mapCredentials(getMappingServiceURL());
                                if (mapCredentials != null) {
                                    return mapCredentials;
                                }
                                String str6 = "Authorization denied: No XACML mapping retrieved service for DN " + str + " and role " + str2;
                                logger.warn(str6);
                                throw new Exception(str6);
                            } catch (Exception e2) {
                                logger.error(" Exception occurred in mapCredentials: " + e2);
                                throw new Exception(e2.toString());
                            }
                        } catch (Exception e3) {
                            logger.error("Exception in XACML mapping client instantiation: " + e3);
                            throw new Exception(e3.toString());
                        }
                    } catch (Exception e4) {
                        logger.error("Exception in finding targetServiceIssuer : " + e4);
                        throw new Exception(e4.toString());
                    }
                } catch (Exception e5) {
                    logger.error("Exception in finding targetServiceName : " + e5);
                    throw new Exception(e5.toString());
                }
            } catch (Exception e6) {
                logger.error("Exception in finding resource type : " + e6);
                throw new Exception(e6.toString());
            }
        } catch (Exception e7) {
            logger.error("Exception in finding targetServiceName : " + e7);
            throw new Exception(e7.toString());
        }
    }

    public static String getProxyFile() throws Exception {
        String str = System.getenv("X509_PROXY_FILE");
        if (str == null) {
            throw new Exception();
        }
        return str;
    }

    public static String getMappingServiceURL() throws Exception {
        String str = System.getenv("AUTHZ_SERVICE_URL");
        if (str == null) {
            throw new Exception();
        }
        return str;
    }

    public static String getResourceX509ID() throws Exception {
        String str = System.getenv("RESOURCE_X509");
        if (str == null) {
            throw new Exception();
        }
        return str;
    }

    public static String getResourceType() throws Exception {
        String str = System.getenv("RESOURCE");
        if ("CE".equals(str)) {
            return System.getenv(XACMLConstants.RESOURCE_CE);
        }
        if ("WN".equals(str)) {
            return System.getenv(XACMLConstants.RESOURCE_WN);
        }
        if ("SE".equals(str)) {
            return System.getenv(XACMLConstants.RESOURCE_SE);
        }
        throw new Exception();
    }

    public static String getResourceHostName() throws Exception {
        String str = System.getenv("RESOURCE_DNS_HOST_NAME");
        if (str == null) {
            throw new Exception();
        }
        return str;
    }

    public static String getTargetServiceIssuer() throws Exception {
        String str = System.getenv("RESOURCE_X509_ISSUER");
        if (str == null) {
            throw new Exception();
        }
        return str;
    }
}
