package org.dcache.gridsite;

import com.google.common.base.Charsets;
import com.google.common.collect.Iterables;
import com.google.common.hash.Hashing;
import com.google.common.io.BaseEncoding;
import dmg.cells.nucleus.CellMessageReceiver;
import java.security.cert.CertPath;
import java.util.Map;
import javax.security.auth.Subject;
import org.dcache.auth.Subjects;
import org.dcache.delegation.gridsite2.DelegationException;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:org/dcache/gridsite/DelegationService.class */
public class DelegationService implements CellMessageReceiver {
    private Map<String, String> serviceMetadata;
    private CredentialDelegationStore delegations;
    private CredentialDelegationFactory factory;
    private CredentialStore credentials;

    @Required
    public void setServiceMetadata(Map<String, String> map) {
        this.serviceMetadata = map;
    }

    @Required
    public void setDelegations(CredentialDelegationStore credentialDelegationStore) {
        this.delegations = credentialDelegationStore;
    }

    @Required
    public void setFactory(CredentialDelegationFactory credentialDelegationFactory) {
        this.factory = credentialDelegationFactory;
    }

    @Required
    public void setCredentials(CredentialStore credentialStore) {
        this.credentials = credentialStore;
    }

    public GetServiceMetaDataResponse mesageArrived(GetServiceMetaDataRequest getServiceMetaDataRequest) throws DelegationException {
        String str = this.serviceMetadata.get(getServiceMetaDataRequest.getKey());
        Utilities.assertThat(str != null, "unknown key");
        return new GetServiceMetaDataResponse(str);
    }

    public GetProxyReqResponse messageArrived(GetProxyReqRequest getProxyReqRequest) throws DelegationException {
        return new GetProxyReqResponse(newDelegation(new DelegationIdentity(Subjects.getDn(getProxyReqRequest.getSubject()), getProxyReqRequest.getDelegationID()), getProxyReqRequest.getSubject()).getCertificateSigningRequest());
    }

    public GetNewProxyReqResponse messageArrived(GetNewProxyReqRequest getNewProxyReqRequest) throws DelegationException {
        DelegationIdentity delegationIdentity = new DelegationIdentity(Subjects.getDn(getNewProxyReqRequest.getSubject()), generateDelegationId(getNewProxyReqRequest.getSubject()));
        return new GetNewProxyReqResponse(newDelegation(delegationIdentity, getNewProxyReqRequest.getSubject()).getCertificateSigningRequest(), delegationIdentity.getDelegationId());
    }

    private CredentialDelegation newDelegation(DelegationIdentity delegationIdentity, Subject subject) throws DelegationException {
        Utilities.assertThat(!this.delegations.has(delegationIdentity), "delegation already started", delegationIdentity);
        Utilities.assertThat(!this.credentials.has(delegationIdentity), "delegated credential already exists", delegationIdentity);
        CredentialDelegation newDelegation = this.factory.newDelegation(delegationIdentity, ((CertPath) Iterables.getFirst(subject.getPublicCredentials(CertPath.class), (Object) null)).getCertificates());
        this.delegations.add(newDelegation);
        return newDelegation;
    }

    public PutProxyResponse messageArrived(PutProxyRequest putProxyRequest) throws DelegationException {
        DelegationIdentity delegationIdentity = new DelegationIdentity(Subjects.getDn(putProxyRequest.getSubject()), putProxyRequest.getDelegationID());
        this.credentials.put(delegationIdentity, this.delegations.remove(delegationIdentity).acceptCertificate(putProxyRequest.getProxy()), Subjects.getPrimaryFqan(putProxyRequest.getSubject()));
        return new PutProxyResponse();
    }

    public RenewProxyReqResponse messageArrived(RenewProxyReqRequest renewProxyReqRequest) throws DelegationException {
        DelegationIdentity delegationIdentity = new DelegationIdentity(Subjects.getDn(renewProxyReqRequest.getSubject()), renewProxyReqRequest.getDelegationID());
        Utilities.assertThat(!this.delegations.has(delegationIdentity), "delegation already started", delegationIdentity);
        Utilities.assertThat(this.credentials.has(delegationIdentity), "no delegated credential", delegationIdentity);
        CredentialDelegation newDelegation = this.factory.newDelegation(delegationIdentity, ((CertPath) Iterables.getFirst(renewProxyReqRequest.getSubject().getPublicCredentials(CertPath.class), (Object) null)).getCertificates());
        this.delegations.add(newDelegation);
        return new RenewProxyReqResponse(newDelegation.getCertificateSigningRequest());
    }

    public GetTerminationTimeResponse messageArrived(GetTerminationTimeRequest getTerminationTimeRequest) throws DelegationException {
        return new GetTerminationTimeResponse(this.credentials.getExpiry(new DelegationIdentity(Subjects.getDn(getTerminationTimeRequest.getSubject()), getTerminationTimeRequest.getDelegationID())));
    }

    public DestroyResponse messageArrived(DestroyRequest destroyRequest) throws DelegationException {
        DelegationIdentity delegationIdentity = new DelegationIdentity(Subjects.getDn(destroyRequest.getSubject()), destroyRequest.getDelegationID());
        this.delegations.removeIfPresent(delegationIdentity);
        this.credentials.remove(delegationIdentity);
        return new DestroyResponse();
    }

    private String generateDelegationId(Subject subject) throws DelegationException {
        return BaseEncoding.base16().encode(Hashing.sha1().hashBytes((Subjects.getDn(subject) + Subjects.getFqans(subject)).getBytes(Charsets.UTF_8)).asBytes(), 0, 20);
    }
}
