package diskCacheV111.srm.dcache;

import com.google.common.base.Throwables;
import diskCacheV111.srm.dcache.CanonicalizingByteArrayStore;
import eu.emi.security.authn.x509.impl.OpensslNameUtils;
import eu.emi.security.authn.x509.proxy.ProxyUtils;
import java.io.ByteArrayInputStream;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.sql.DataSource;
import org.dcache.auth.LoginReply;
import org.dcache.auth.LoginStrategy;
import org.dcache.srm.SRMAuthorizationException;
import org.dcache.srm.SRMInternalErrorException;
import org.dcache.srm.SRMUser;
import org.globus.gsi.gssapi.jaas.GlobusPrincipal;
import org.springframework.dao.DataRetrievalFailureException;

/* loaded from: input_file:diskCacheV111/srm/dcache/PersistentChainUserManager.class */
public final class PersistentChainUserManager extends DcacheUserManager {
    private static final String ENCODING = "PkiPath";
    private static final String TYPE = "PkiPath";

    public PersistentChainUserManager(LoginStrategy loginStrategy, DataSource dataSource) {
        super(loginStrategy, dataSource, "PkiPath");
    }

    @Override // diskCacheV111.srm.dcache.DcacheUserManager
    protected byte[] encode(CertPath certPath, LoginReply loginReply) throws CertificateEncodingException {
        return certPath.getEncoded("PkiPath");
    }

    @Override // diskCacheV111.srm.dcache.DcacheUserManager
    protected SRMUser decode(String str, CanonicalizingByteArrayStore.Token token, byte[] bArr) {
        try {
            CertPath generateCertPath = this.cf.generateCertPath(new ByteArrayInputStream(bArr), "PkiPath");
            try {
                return new DcacheUser(token, login(generateCertPath, str));
            } catch (SRMAuthorizationException e) {
                return new DcacheUser(token, getGlobusPrincipal(generateCertPath));
            }
        } catch (SRMInternalErrorException e2) {
            throw new DataRetrievalFailureException("Failed to retrieve user identity", e2);
        } catch (CertificateException e3) {
            throw Throwables.propagate(e3);
        }
    }

    private GlobusPrincipal getGlobusPrincipal(CertPath certPath) {
        List<? extends Certificate> certificates = certPath.getCertificates();
        return new GlobusPrincipal(OpensslNameUtils.convertFromRfc2253(ProxyUtils.getOriginalUserDN((X509Certificate[]) certificates.toArray(new X509Certificate[certificates.size()])).getName(), true));
    }
}
