package diskCacheV111.services.space;

import diskCacheV111.util.VOInfo;
import java.util.Iterator;
import javax.security.auth.Subject;
import org.dcache.auth.FQAN;
import org.dcache.auth.FQANPrincipal;
import org.dcache.auth.Subjects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:diskCacheV111/services/space/SimpleSpaceManagerAuthorizationPolicy.class */
public class SimpleSpaceManagerAuthorizationPolicy implements SpaceManagerAuthorizationPolicy {
    private static Logger logger = LoggerFactory.getLogger(SimpleSpaceManagerAuthorizationPolicy.class);

    @Override // diskCacheV111.services.space.SpaceManagerAuthorizationPolicy
    public void checkReleasePermission(Subject subject, Space space) throws SpaceAuthorizationException {
        String voGroup = space.getVoGroup();
        String voRole = space.getVoRole();
        if (voGroup == null && voRole != null) {
            logger.debug("Space {} has no owner and can be released by anybody", space);
            return;
        }
        if (voGroup != null && voGroup.equals(Subjects.getUserName(subject)) && voRole == null) {
            logger.debug("Subject with user name {} has permission to release space {}", Subjects.getUserName(subject), space);
            return;
        }
        Iterator it = subject.getPrincipals(FQANPrincipal.class).iterator();
        while (it.hasNext()) {
            FQAN fqan = ((FQANPrincipal) it.next()).getFqan();
            if (voGroup == null || voGroup.equals(fqan.getGroup())) {
                if (voRole == null || voRole.equals(fqan.getRole())) {
                    logger.debug("Subject with fqan {} has permission to release space {}", fqan, space);
                    return;
                }
            }
        }
        throw new SpaceAuthorizationException("Subject " + subject.getPrincipals() + " has no permission to release " + space);
    }

    @Override // diskCacheV111.services.space.SpaceManagerAuthorizationPolicy
    public VOInfo checkReservePermission(Subject subject, LinkGroup linkGroup) throws SpaceAuthorizationException {
        for (VOInfo vOInfo : linkGroup.getVOs()) {
            String userName = Subjects.getUserName(subject);
            if (userName != null && vOInfo.match(userName, null)) {
                logger.debug("Subject with user name {} has permission to reserve {}", userName, linkGroup);
                return new VOInfo(userName, null);
            }
            Iterator it = subject.getPrincipals(FQANPrincipal.class).iterator();
            while (it.hasNext()) {
                FQAN fqan = ((FQANPrincipal) it.next()).getFqan();
                if (vOInfo.match(fqan.getGroup(), fqan.getRole())) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Subject with FQAN {} has permission to reserve {}", fqan, linkGroup);
                    }
                    return new VOInfo(fqan.getGroup(), fqan.getRole());
                }
            }
        }
        throw new SpaceAuthorizationException("Subject " + subject.getPrincipals() + " has no permission to reserve in " + linkGroup);
    }
}
