package org.dcache.auth;

import com.google.common.base.Preconditions;
import com.google.common.net.InetAddresses;
import eu.emi.security.authn.x509.impl.OpensslNameUtils;
import eu.emi.security.authn.x509.proxy.ProxyUtils;
import java.lang.reflect.InvocationTargetException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.Set;
import java.util.stream.Collectors;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.dcache.util.PrincipalSetMaker;
import org.globus.gsi.gssapi.jaas.GlobusPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/dcache/auth/Subjects.class */
public class Subjects {
    public static final String UNKNOWN = "<unknown>";
    public static final Subject NOBODY;
    private static final Logger LOGGER = LoggerFactory.getLogger(Subjects.class);
    private static final Class<? extends Principal>[] DISPLAYABLE = {FullNamePrincipal.class, UserNamePrincipal.class, GlobusPrincipal.class, KerberosPrincipal.class, Origin.class, Principal.class};
    public static final Subject ROOT = new Subject();

    /* loaded from: input_file:org/dcache/auth/Subjects$Builder.class */
    public static class Builder {
        private final Subject _subject = new Subject();
        private boolean haveFqan;
        private boolean haveGid;
        private boolean readOnly;

        public Subject build() {
            if (this.readOnly) {
                this._subject.setReadOnly();
            }
            return this._subject;
        }

        private void add(Principal principal) {
            this._subject.getPrincipals().add(principal);
        }

        public Builder readOnly() {
            this.readOnly = true;
            return this;
        }

        public Builder dn(String str) {
            add(new GlobusPrincipal(str));
            return this;
        }

        public Builder uid(long j) {
            add(new UidPrincipal(j));
            return this;
        }

        public Builder gid(long j) {
            add(new GidPrincipal(j, !this.haveGid));
            this.haveGid = true;
            return this;
        }

        public Builder fqan(String str) {
            return fqan(new FQAN(str));
        }

        public Builder fqan(FQAN fqan) {
            add(new FQANPrincipal(fqan, !this.haveFqan));
            this.haveFqan = true;
            return this;
        }

        public Builder username(String str) {
            add(new UserNamePrincipal(str));
            return this;
        }
    }

    public static boolean isRoot(Subject subject) {
        return hasUid(subject, 0L);
    }

    public static boolean isExemptFromNamespaceChecks(Subject subject) {
        return subject.getPrincipals().stream().anyMatch(principal -> {
            return ((principal instanceof UidPrincipal) && ((UidPrincipal) principal).getUid() == 0) || (principal instanceof ExemptFromNamespaceChecks);
        });
    }

    public static boolean isNobody(Subject subject) {
        Iterator<Principal> it = subject.getPrincipals().iterator();
        while (it.hasNext()) {
            if (it.next() instanceof UidPrincipal) {
                return false;
            }
        }
        return true;
    }

    public static boolean hasUid(Subject subject, long j) {
        Iterator it = subject.getPrincipals(UidPrincipal.class).iterator();
        while (it.hasNext()) {
            if (((UidPrincipal) it.next()).getUid() == j) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasGid(Subject subject, long j) {
        Iterator it = subject.getPrincipals(GidPrincipal.class).iterator();
        while (it.hasNext()) {
            if (((GidPrincipal) it.next()).getGid() == j) {
                return true;
            }
        }
        return false;
    }

    public static long[] getUids(Subject subject) {
        Set principals = subject.getPrincipals(UidPrincipal.class);
        long[] jArr = new long[principals.size()];
        int i = 0;
        Iterator it = principals.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            jArr[i2] = ((UidPrincipal) it.next()).getUid();
        }
        return jArr;
    }

    private static <T> T getUniquePrincipal(Subject subject, Class<T> cls) throws IllegalArgumentException {
        T t = null;
        if (subject == null) {
            return null;
        }
        for (Principal principal : subject.getPrincipals()) {
            if (cls.isInstance(principal)) {
                if (t != null) {
                    throw new IllegalArgumentException("Subject has multiple principals of type " + cls.getSimpleName());
                }
                t = cls.cast(principal);
            }
        }
        return t;
    }

    public static long getUid(Subject subject) throws NoSuchElementException, IllegalArgumentException {
        UidPrincipal uidPrincipal = (UidPrincipal) getUniquePrincipal(subject, UidPrincipal.class);
        if (uidPrincipal == null) {
            throw new NoSuchElementException("Subject has no UID");
        }
        return uidPrincipal.getUid();
    }

    public static long[] getGids(Subject subject) {
        Set<GidPrincipal> principals = subject.getPrincipals(GidPrincipal.class);
        long[] jArr = new long[principals.size()];
        int i = 0;
        for (GidPrincipal gidPrincipal : principals) {
            if (gidPrincipal.isPrimaryGroup()) {
                int i2 = i;
                i++;
                jArr[i2] = jArr[0];
                jArr[0] = gidPrincipal.getGid();
            } else {
                int i3 = i;
                i++;
                jArr[i3] = gidPrincipal.getGid();
            }
        }
        return jArr;
    }

    public static long getPrimaryGid(Subject subject) throws NoSuchElementException, IllegalArgumentException {
        int i = 0;
        long j = 0;
        for (GidPrincipal gidPrincipal : subject.getPrincipals(GidPrincipal.class)) {
            if (gidPrincipal.isPrimaryGroup()) {
                j = gidPrincipal.getGid();
                i++;
            }
        }
        if (i == 0) {
            throw new NoSuchElementException("Subject has no primary GID");
        }
        if (i > 1) {
            throw new IllegalArgumentException("Subject has multiple primary GIDs");
        }
        return j;
    }

    public static Origin getOrigin(Subject subject) throws IllegalArgumentException {
        return (Origin) getUniquePrincipal(subject, Origin.class);
    }

    public static String getDn(Subject subject) throws IllegalArgumentException {
        GlobusPrincipal globusPrincipal = (GlobusPrincipal) getUniquePrincipal(subject, GlobusPrincipal.class);
        if (globusPrincipal == null) {
            return null;
        }
        return globusPrincipal.getName();
    }

    public static FQAN getPrimaryFqan(Subject subject) throws IllegalArgumentException {
        FQAN fqan = null;
        for (FQANPrincipal fQANPrincipal : subject.getPrincipals(FQANPrincipal.class)) {
            if (fQANPrincipal.isPrimaryGroup()) {
                if (fqan != null) {
                    throw new IllegalArgumentException("Subject has multiple primary FQANs");
                }
                fqan = fQANPrincipal.getFqan();
            }
        }
        return fqan;
    }

    public static Collection<FQAN> getFqans(Subject subject) {
        ArrayList arrayList = new ArrayList();
        for (Principal principal : subject.getPrincipals()) {
            if (principal instanceof FQANPrincipal) {
                arrayList.add(((FQANPrincipal) principal).getFqan());
            }
        }
        return arrayList;
    }

    public static String getUserName(Subject subject) {
        UserNamePrincipal userNamePrincipal = (UserNamePrincipal) getUniquePrincipal(subject, UserNamePrincipal.class);
        if (userNamePrincipal == null) {
            return null;
        }
        return userNamePrincipal.getName();
    }

    public static String getLoginName(Subject subject) {
        LoginNamePrincipal loginNamePrincipal = (LoginNamePrincipal) getUniquePrincipal(subject, LoginNamePrincipal.class);
        if (loginNamePrincipal == null) {
            return null;
        }
        return loginNamePrincipal.getName();
    }

    public static String getDisplayName(Subject subject) {
        for (Class<? extends Principal> cls : DISPLAYABLE) {
            Set principals = subject.getPrincipals(cls);
            if (!principals.isEmpty()) {
                return ((Principal) principals.iterator().next()).getName();
            }
        }
        return UNKNOWN;
    }

    public static String getKerberosName(Subject subject) throws IllegalArgumentException {
        KerberosPrincipal kerberosPrincipal = (KerberosPrincipal) getUniquePrincipal(subject, KerberosPrincipal.class);
        if (kerberosPrincipal == null) {
            return null;
        }
        return kerberosPrincipal.getName();
    }

    public static List<String> getEmailAddresses(Subject subject) {
        return (List) subject.getPrincipals(EmailAddressPrincipal.class).stream().map((v0) -> {
            return v0.getName();
        }).sorted().collect(Collectors.toList());
    }

    public static final Subject getSubject(UserAuthBase userAuthBase, boolean z) {
        Subject subject = new Subject();
        Set<Principal> principals = subject.getPrincipals();
        principals.add(new UidPrincipal(userAuthBase.UID));
        boolean z2 = z;
        Iterator<Integer> it = userAuthBase.GIDs.iterator();
        while (it.hasNext()) {
            principals.add(new GidPrincipal(it.next().intValue(), z2));
            z2 = false;
        }
        String str = userAuthBase.Username;
        if (str != null && !str.isEmpty()) {
            principals.add(new UserNamePrincipal(str));
        }
        String str2 = userAuthBase.DN;
        if (str2 != null && !str2.isEmpty()) {
            principals.add(new GlobusPrincipal(str2));
        }
        String fqan = userAuthBase.getFqan().toString();
        if (fqan != null && !fqan.isEmpty()) {
            principals.add(new FQANPrincipal(fqan, z));
        }
        return subject;
    }

    public static final Subject getSubject(UserAuthRecord userAuthRecord) {
        String fqan;
        Subject subject = new Subject();
        Set<Principal> principals = subject.getPrincipals();
        principals.add(new UidPrincipal(userAuthRecord.UID));
        boolean z = true;
        Iterator<Integer> it = userAuthRecord.GIDs.iterator();
        while (it.hasNext()) {
            principals.add(new GidPrincipal(it.next().intValue(), z));
            z = false;
        }
        String str = userAuthRecord.Username;
        if (str != null && !str.isEmpty()) {
            principals.add(new UserNamePrincipal(str));
        }
        String str2 = userAuthRecord.DN;
        if (str2 != null && !str2.isEmpty()) {
            principals.add(new GlobusPrincipal(str2));
        }
        FQAN fqan2 = userAuthRecord.getFqan();
        if (fqan2 != null && (fqan = fqan2.toString()) != null && !fqan.isEmpty()) {
            principals.add(new FQANPrincipal(fqan, true));
        }
        return subject;
    }

    public static Subject subjectFromArgs(List<String> list) {
        return new Subject(false, principalsFromArgs(list), Collections.emptySet(), Collections.emptySet());
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:42:0x017c. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:7:0x0064. Please report as an issue. */
    public static Set<Principal> principalsFromArgs(List<String> list) {
        KerberosPrincipal kerberosPrincipal;
        HashSet hashSet = new HashSet();
        boolean z = true;
        boolean z2 = true;
        for (String str : list) {
            int indexOf = str.indexOf(58);
            if (indexOf == -1) {
                throw new IllegalArgumentException("format for principals is <type>:<value>");
            }
            String substring = str.substring(0, indexOf);
            String substring2 = str.substring(indexOf + 1);
            boolean z3 = -1;
            switch (substring.hashCode()) {
                case -1008619738:
                    if (substring.equals("origin")) {
                        z3 = 5;
                        break;
                    }
                    break;
                case -265713450:
                    if (substring.equals("username")) {
                        z3 = 10;
                        break;
                    }
                    break;
                case 3210:
                    if (substring.equals("dn")) {
                        z3 = false;
                        break;
                    }
                    break;
                case 102338:
                    if (substring.equals("gid")) {
                        z3 = true;
                        break;
                    }
                    break;
                case 115792:
                    if (substring.equals("uid")) {
                        z3 = 8;
                        break;
                    }
                    break;
                case 3150392:
                    if (substring.equals("fqan")) {
                        z3 = 3;
                        break;
                    }
                    break;
                case 3373707:
                    if (substring.equals("name")) {
                        z3 = 4;
                        break;
                    }
                    break;
                case 3410905:
                    if (substring.equals("oidc")) {
                        z3 = 6;
                        break;
                    }
                    break;
                case 3599307:
                    if (substring.equals("user")) {
                        z3 = 9;
                        break;
                    }
                    break;
                case 96619420:
                    if (substring.equals("email")) {
                        z3 = 7;
                        break;
                    }
                    break;
                case 303053659:
                    if (substring.equals("kerberos")) {
                        z3 = 2;
                        break;
                    }
                    break;
            }
            switch (z3) {
                case false:
                    kerberosPrincipal = new GlobusPrincipal(substring2);
                    hashSet.add(kerberosPrincipal);
                case true:
                    kerberosPrincipal = new GidPrincipal(substring2, z2);
                    z2 = false;
                    hashSet.add(kerberosPrincipal);
                case true:
                    kerberosPrincipal = new KerberosPrincipal(substring2);
                    hashSet.add(kerberosPrincipal);
                case true:
                    kerberosPrincipal = new FQANPrincipal(substring2, z);
                    z = false;
                    hashSet.add(kerberosPrincipal);
                case true:
                    kerberosPrincipal = new LoginNamePrincipal(substring2);
                    hashSet.add(kerberosPrincipal);
                case true:
                    kerberosPrincipal = new Origin(InetAddresses.forString(substring2));
                    hashSet.add(kerberosPrincipal);
                case true:
                    int lastIndexOf = substring2.lastIndexOf(64);
                    Preconditions.checkArgument(lastIndexOf != -1, "format for 'oidc' principals is <value>@<OP>");
                    kerberosPrincipal = new OidcSubjectPrincipal(substring2.substring(0, lastIndexOf), substring2.substring(lastIndexOf + 1));
                    hashSet.add(kerberosPrincipal);
                case true:
                    kerberosPrincipal = new EmailAddressPrincipal(substring2);
                    hashSet.add(kerberosPrincipal);
                case true:
                    kerberosPrincipal = new UidPrincipal(substring2);
                    hashSet.add(kerberosPrincipal);
                case true:
                    LOGGER.warn("Please use \"username:{}\" instead of \"{}\"", substring2, str);
                case true:
                    kerberosPrincipal = new UserNamePrincipal(substring2);
                    hashSet.add(kerberosPrincipal);
                default:
                    try {
                        kerberosPrincipal = (Principal) Class.forName(substring).asSubclass(Principal.class).getConstructor(String.class).newInstance(substring2);
                        hashSet.add(kerberosPrincipal);
                    } catch (ClassNotFoundException e) {
                        throw new IllegalArgumentException("No matching class found: " + substring);
                    } catch (IllegalAccessException e2) {
                        throw new IllegalArgumentException("Access Exception: " + e2.toString());
                    } catch (InstantiationException e3) {
                        throw new IllegalArgumentException("Instantiation failed: " + e3.toString());
                    } catch (NoSuchMethodException e4) {
                        throw new IllegalArgumentException("No matching constructor found: " + substring + "(String)");
                    } catch (InvocationTargetException e5) {
                        throw new IllegalArgumentException("Invocation failed: " + e5.toString());
                    }
            }
        }
        return hashSet;
    }

    public static String toString(Subject subject) {
        StringBuilder sb = new StringBuilder();
        for (Object obj : subject.getPublicCredentials()) {
            appendComma(sb);
            if (obj instanceof CertPath) {
                appendX509Array(sb, (X509Certificate[]) ((CertPath) obj).getCertificates().toArray(i -> {
                    return new X509Certificate[i];
                }));
            } else if (obj instanceof X509Certificate[]) {
                appendX509Array(sb, (X509Certificate[]) obj);
            } else {
                appendOptionallyInQuotes(sb, obj.toString());
            }
        }
        for (Object obj2 : subject.getPrivateCredentials()) {
            appendComma(sb);
            if (obj2 instanceof PasswordCredential) {
                String describeCredential = ((PasswordCredential) obj2).describeCredential();
                sb.append("username-with-password:");
                appendOptionallyInQuotes(sb, describeCredential);
            } else if (obj2 instanceof BearerTokenCredential) {
                String describeToken = ((BearerTokenCredential) obj2).describeToken();
                sb.append("bearer-token:");
                appendOptionallyInQuotes(sb, describeToken);
            } else {
                appendOptionallyInQuotes(sb, obj2.toString());
            }
        }
        for (Principal principal : subject.getPrincipals()) {
            appendComma(sb);
            if (principal instanceof GlobusPrincipal) {
                sb.append("dn:");
                appendOptionallyInQuotes(sb, principal.getName());
            } else if (principal instanceof KerberosPrincipal) {
                sb.append("kerberos:");
                appendOptionallyInQuotes(sb, principal.getName());
            } else if (principal instanceof FQANPrincipal) {
                sb.append("fqan:");
                appendOptionallyInQuotes(sb, ((FQANPrincipal) principal).isPrimaryGroup() ? "!" + principal.getName() : principal.getName());
            } else if (principal instanceof LoginNamePrincipal) {
                sb.append("desired-username:");
                appendOptionallyInQuotes(sb, principal.getName());
            } else if (principal instanceof Origin) {
                sb.append("origin:");
                appendOptionallyInQuotes(sb, principal.getName());
            } else if (principal instanceof OidcSubjectPrincipal) {
                sb.append("oidc:");
                appendOptionallyInQuotes(sb, principal.getName());
            } else if (principal instanceof EmailAddressPrincipal) {
                sb.append("email:");
                appendOptionallyInQuotes(sb, principal.getName());
            } else if (principal instanceof UserNamePrincipal) {
                sb.append("user:");
                appendOptionallyInQuotes(sb, principal.getName());
            } else if (principal instanceof GroupNamePrincipal) {
                sb.append("group:");
                appendOptionallyInQuotes(sb, ((GroupNamePrincipal) principal).isPrimaryGroup() ? "!" + principal.getName() : principal.getName());
            } else if (principal instanceof UidPrincipal) {
                sb.append("uid:").append(((UidPrincipal) principal).getUid());
            } else if (principal instanceof GidPrincipal) {
                sb.append("gid:");
                if (((GidPrincipal) principal).isPrimaryGroup()) {
                    sb.append('!');
                }
                sb.append(principal.getName());
            } else if (principal instanceof DesiredRole) {
                sb.append("desired-role:");
                appendOptionallyInQuotes(sb, principal.getName());
            } else if (principal instanceof EntityDefinitionPrincipal) {
                sb.append("entity-defn:").append(principal.getName());
            } else if (principal instanceof FullNamePrincipal) {
                sb.append("full-name:");
                appendOptionallyInQuotes(sb, principal.getName());
            } else if (principal instanceof IGTFPolicyPrincipal) {
                sb.append("IGTF-policy:");
                appendOptionallyInQuotes(sb, principal.getName());
            } else if (principal instanceof IGTFStatusPrincipal) {
                sb.append("IGTF-status:");
                appendOptionallyInQuotes(sb, principal.getName());
            } else if (principal instanceof LoAPrincipal) {
                sb.append("LoA:");
                appendOptionallyInQuotes(sb, principal.getName());
            } else if (principal instanceof LoginGidPrincipal) {
                sb.append("desired-gid:").append(((LoginGidPrincipal) principal).getGid());
            } else if (principal instanceof LoginUidPrincipal) {
                sb.append("desired-uid:").append(((LoginUidPrincipal) principal).getUid());
            } else if (principal instanceof MacaroonPrincipal) {
                sb.append("macaroon:");
                appendOptionallyInQuotes(sb, principal.getName());
            } else if (principal instanceof OpenIdGroupPrincipal) {
                sb.append("oidc-group:");
                appendOptionallyInQuotes(sb, principal.getName());
            } else if (principal instanceof Origin) {
                sb.append("origin:").append(principal.getName());
            } else {
                sb.append(principal.getClass().getSimpleName()).append(':');
                appendOptionallyInQuotes(sb, principal.getName());
            }
        }
        return "{" + sb + "}";
    }

    private static StringBuilder appendX509Array(StringBuilder sb, X509Certificate[] x509CertificateArr) {
        String convertFromRfc2253 = OpensslNameUtils.convertFromRfc2253(ProxyUtils.getEndUserCertificate(x509CertificateArr).getSubjectX500Principal().getName(), true);
        sb.append(ProxyUtils.isProxy(x509CertificateArr) ? "proxy" : "x509").append("-chain:");
        appendOptionallyInQuotes(sb, convertFromRfc2253);
        return sb;
    }

    private static StringBuilder appendComma(StringBuilder sb) {
        if (sb.length() > 0) {
            sb.append(", ");
        }
        return sb;
    }

    private static StringBuilder appendOptionallyInQuotes(StringBuilder sb, String str) {
        if (str.contains(" ")) {
            sb.append('\"').append(str).append('\"');
        } else {
            sb.append(str);
        }
        return sb;
    }

    public static Subject of(int i, int i2, int[] iArr) {
        Builder gid = of().uid(i).gid(i2);
        for (int i3 : iArr) {
            gid.gid(i3);
        }
        return gid.build();
    }

    public static Builder of() {
        return new Builder();
    }

    public static Subject ofPrincipals(Set<Principal> set) {
        Subject subject = new Subject();
        subject.getPrincipals().addAll(set);
        return subject;
    }

    public static Subject of(PrincipalSetMaker principalSetMaker) {
        return ofPrincipals(principalSetMaker.build());
    }

    static {
        ROOT.getPrincipals().add(new UidPrincipal(0L));
        ROOT.getPrincipals().add(new GidPrincipal(0L, true));
        ROOT.setReadOnly();
        NOBODY = new Subject();
        NOBODY.setReadOnly();
    }
}
