package diskCacheV111.srm.dcache;

import com.google.common.collect.Iterables;
import diskCacheV111.srm.dcache.CanonicalizingByteArrayStore;
import diskCacheV111.util.CacheException;
import diskCacheV111.util.PermissionDeniedCacheException;
import java.net.UnknownHostException;
import java.security.cert.CertPath;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.security.auth.Subject;
import javax.sql.DataSource;
import org.dcache.auth.LoginReply;
import org.dcache.auth.LoginStrategy;
import org.dcache.auth.Origin;
import org.dcache.srm.SRMAuthorizationException;
import org.dcache.srm.SRMInternalErrorException;
import org.dcache.srm.SRMUser;
import org.dcache.srm.SRMUserManager;
import org.dcache.util.CertificateFactories;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.dao.DataRetrievalFailureException;
import org.springframework.jdbc.core.JdbcTemplate;

/* loaded from: input_file:diskCacheV111/srm/dcache/DcacheUserManager.class */
public abstract class DcacheUserManager implements SRMUserManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(PersistentChainUserManager.class);
    protected final LoginStrategy loginStrategy;
    protected final CanonicalizingByteArrayStore persistence;
    protected final JdbcTemplate jdbcTemplate;
    protected final CertificateFactory cf = CertificateFactories.newX509CertificateFactory();

    public DcacheUserManager(LoginStrategy loginStrategy, DataSource dataSource, String str) {
        this.loginStrategy = loginStrategy;
        this.jdbcTemplate = new JdbcTemplate(dataSource);
        this.persistence = new CanonicalizingByteArrayStore((l, bArr) -> {
            this.jdbcTemplate.update("INSERT INTO srmuser (id, type, encoded) VALUES(?,?,?)", preparedStatement -> {
                preparedStatement.setLong(1, l.longValue());
                preparedStatement.setString(2, str);
                preparedStatement.setBytes(3, bArr);
            });
        }, l2 -> {
            return (byte[]) Iterables.get(this.jdbcTemplate.query("SELECT encoded FROM srmuser WHERE id = ?", (resultSet, i) -> {
                return resultSet.getBytes(1);
            }, new Object[]{l2}), 0, (Object) null);
        }, l3 -> {
            this.jdbcTemplate.update("DELETE FROM srmuser WHERE id=?", new Object[]{l3});
        });
    }

    public boolean isAuthorized(X509Certificate[] x509CertificateArr, String str) throws SRMInternalErrorException {
        try {
            login(this.cf.generateCertPath(Arrays.asList(x509CertificateArr)), str);
            return true;
        } catch (CertificateException e) {
            throw new SRMInternalErrorException("Failed to process certificate chain.", e);
        } catch (SRMAuthorizationException e2) {
            return false;
        }
    }

    public SRMUser authorize(X509Certificate[] x509CertificateArr, String str) throws SRMInternalErrorException, SRMAuthorizationException {
        try {
            CertPath generateCertPath = this.cf.generateCertPath(Arrays.asList(x509CertificateArr));
            return persist(generateCertPath, login(generateCertPath, str));
        } catch (CertificateException e) {
            throw new SRMInternalErrorException("Failed to process certificate chain.", e);
        }
    }

    public SRMUser persist(CertPath certPath, LoginReply loginReply) throws CertificateEncodingException {
        return new DcacheUser(this.persistence.toToken(encode(certPath, loginReply)), loginReply);
    }

    public SRMUser find(String str, long j) {
        CanonicalizingByteArrayStore.Token token = this.persistence.toToken(j);
        if (token == null) {
            throw new DataRetrievalFailureException("User identity " + j + " does not exist in the database.");
        }
        return decode(str, token, this.persistence.readBytes(token));
    }

    public SRMUser createAnonymous() {
        return new DcacheUser();
    }

    public void gc() {
        this.persistence.gc(this.jdbcTemplate.queryForList("SELECT id FROM srmuser WHERE NOT EXISTS (SELECT 1 FROM bringonlinerequests WHERE userid = srmuser.id) AND NOT EXISTS (SELECT 1 FROM copyrequests WHERE userid = srmuser.id) AND NOT EXISTS (SELECT 1 FROM getrequests WHERE userid = srmuser.id) AND NOT EXISTS (SELECT 1 FROM lsrequests WHERE userid = srmuser.id) AND NOT EXISTS (SELECT 1 FROM putrequests WHERE userid = srmuser.id) AND NOT EXISTS (SELECT 1 FROM reservespacerequests WHERE userid = srmuser.id)", Long.class));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LoginReply login(CertPath certPath, String str) throws SRMInternalErrorException, SRMAuthorizationException {
        try {
            Subject subject = new Subject();
            subject.getPublicCredentials().add(certPath);
            try {
                subject.getPrincipals().add(new Origin(str));
            } catch (UnknownHostException e) {
                LOGGER.info("Could not add origin {}: {}", str, e.getMessage());
            }
            return this.loginStrategy.login(subject);
        } catch (CacheException e2) {
            throw new SRMInternalErrorException(e2.getMessage(), e2);
        } catch (PermissionDeniedCacheException e3) {
            throw new SRMAuthorizationException(e3.getMessage(), e3);
        }
    }

    protected abstract byte[] encode(CertPath certPath, LoginReply loginReply) throws CertificateEncodingException;

    protected abstract SRMUser decode(String str, CanonicalizingByteArrayStore.Token token, byte[] bArr);
}
