package diskCacheV111.srm.dcache;

import diskCacheV111.util.CacheException;
import diskCacheV111.util.PermissionDeniedCacheException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.security.auth.Subject;
import org.dcache.auth.LoginStrategy;
import org.dcache.auth.Origin;
import org.dcache.srm.SRMAuthenticationException;
import org.dcache.srm.SRMAuthorization;
import org.dcache.srm.SRMAuthorizationException;
import org.dcache.srm.SRMInternalErrorException;
import org.dcache.srm.SRMUser;
import org.dcache.util.CertificateFactories;
import org.globus.gsi.jaas.GlobusPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:diskCacheV111/srm/dcache/DCacheAuthorization.class */
public final class DCacheAuthorization implements SRMAuthorization {
    private static final Logger LOGGER = LoggerFactory.getLogger(DCacheAuthorization.class);
    private final DcacheUserPersistenceManager persistenceManager;
    private final LoginStrategy loginStrategy;
    private final CertificateFactory cf = CertificateFactories.newX509CertificateFactory();

    public DCacheAuthorization(LoginStrategy loginStrategy, DcacheUserPersistenceManager dcacheUserPersistenceManager) {
        this.loginStrategy = loginStrategy;
        this.persistenceManager = dcacheUserPersistenceManager;
    }

    public SRMUser authorize(Long l, String str, X509Certificate[] x509CertificateArr, String str2) throws SRMAuthorizationException, SRMInternalErrorException, SRMAuthenticationException {
        LOGGER.trace("authorize {}:{}", l, str);
        try {
            Subject subject = new Subject();
            if (str != null && !str.isEmpty()) {
                subject.getPrincipals().add(new GlobusPrincipal(str));
            }
            subject.getPublicCredentials().add(this.cf.generateCertPath(Arrays.asList(x509CertificateArr)));
            try {
                subject.getPrincipals().add(new Origin(Origin.AuthType.ORIGIN_AUTHTYPE_STRONG, InetAddress.getByName(str2)));
                LOGGER.debug("User connected from the following IP, setting as origin: {}.", str2);
            } catch (UnknownHostException e) {
                LOGGER.info("Could not add the remote-IP {} as an origin principal.", str2);
            }
            return this.persistenceManager.persist(this.loginStrategy.login(subject));
        } catch (PermissionDeniedCacheException e2) {
            throw new SRMAuthorizationException(e2.getMessage(), e2);
        } catch (CertificateException e3) {
            throw new SRMAuthenticationException(e3.getMessage(), e3);
        } catch (CacheException e4) {
            throw new SRMInternalErrorException(e4.getMessage(), e4);
        }
    }
}
