package diskCacheV111.srm;

import com.google.common.collect.Iterables;
import com.google.common.hash.Hashing;
import diskCacheV111.srm.dcache.DcacheUserManager;
import dmg.cells.nucleus.CellAddressCore;
import dmg.cells.nucleus.CellIdentityAware;
import dmg.cells.nucleus.CellLifeCycleAware;
import dmg.cells.nucleus.CellMessageReceiver;
import eu.emi.security.authn.x509.X509Credential;
import java.lang.reflect.InvocationTargetException;
import java.nio.charset.StandardCharsets;
import java.security.KeyStoreException;
import java.security.cert.CertPath;
import java.security.cert.CertificateEncodingException;
import java.util.Objects;
import javax.security.auth.Subject;
import org.apache.curator.framework.CuratorFramework;
import org.apache.curator.framework.recipes.nodes.PersistentNode;
import org.apache.curator.utils.CloseableUtils;
import org.apache.curator.utils.ZKPaths;
import org.apache.zookeeper.CreateMode;
import org.dcache.auth.LoginReply;
import org.dcache.auth.Subjects;
import org.dcache.cells.CuratorFrameworkAware;
import org.dcache.srm.AbstractStorageElement;
import org.dcache.srm.SRM;
import org.dcache.srm.SRMException;
import org.dcache.srm.SRMInternalErrorException;
import org.dcache.srm.SRMNotSupportedException;
import org.dcache.srm.SRMUser;
import org.dcache.srm.SrmRequest;
import org.dcache.srm.SrmResponse;
import org.dcache.srm.handler.CredentialAwareHandler;
import org.dcache.srm.request.RequestCredential;
import org.dcache.srm.request.RequestCredentialStorage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:diskCacheV111/srm/SrmService.class */
public class SrmService implements CellMessageReceiver, CuratorFrameworkAware, CellIdentityAware, CellLifeCycleAware {
    private static final Logger LOGGER = LoggerFactory.getLogger(SrmService.class);
    private SRM srm;
    private AbstractStorageElement storage;
    private RequestCredentialStorage requestCredentialStorage;
    private DcacheUserManager userManager;
    private CuratorFramework client;
    private PersistentNode node;
    private CellAddressCore address;
    private String id;

    public void setCuratorFramework(CuratorFramework curatorFramework) {
        this.client = curatorFramework;
    }

    public void setCellAddress(CellAddressCore cellAddressCore) {
        this.address = cellAddressCore;
        this.id = Hashing.murmur3_32().hashString(cellAddressCore.toString(), StandardCharsets.US_ASCII).toString();
    }

    @Required
    public void setStorage(AbstractStorageElement abstractStorageElement) {
        this.storage = abstractStorageElement;
    }

    @Required
    public void setSrm(SRM srm) {
        this.srm = srm;
    }

    @Required
    public void setRequestCredentialStorage(RequestCredentialStorage requestCredentialStorage) {
        this.requestCredentialStorage = requestCredentialStorage;
    }

    @Required
    public void setUserManager(DcacheUserManager dcacheUserManager) {
        this.userManager = dcacheUserManager;
    }

    public void afterStart() {
        this.node = new PersistentNode(this.client, CreateMode.EPHEMERAL, false, getZooKeeperBackendPath(this.id), this.address.toString().getBytes(StandardCharsets.US_ASCII));
        this.node.start();
    }

    public void beforeStop() {
        if (this.node != null) {
            CloseableUtils.closeQuietly(this.node);
        }
    }

    public SrmResponse messageArrived(SrmRequest srmRequest) throws SRMException {
        try {
            SRMUser persist = this.userManager.persist((CertPath) Iterables.getFirst(srmRequest.getSubject().getPublicCredentials(CertPath.class), (Object) null), new LoginReply(srmRequest.getSubject(), srmRequest.getLoginAttributes()));
            String requestName = srmRequest.getRequestName();
            Class<?> cls = srmRequest.getRequest().getClass();
            String str = Character.toUpperCase(requestName.charAt(0)) + requestName.substring(1);
            LOGGER.debug("About to call {} handler", requestName);
            try {
                Class<?> cls2 = Class.forName("org.dcache.srm.handler." + str);
                Object newInstance = cls2.getConstructor(SRMUser.class, cls, AbstractStorageElement.class, SRM.class, String.class).newInstance(persist, srmRequest.getRequest(), this.storage, this.srm, srmRequest.getRemoteHost());
                if (newInstance instanceof CredentialAwareHandler) {
                    ((CredentialAwareHandler) newInstance).setCredential(saveRequestCredential(srmRequest.getSubject(), srmRequest.getCredential()));
                }
                return new SrmResponse(this.id, cls2.getMethod("getResponse", new Class[0]).invoke(newInstance, new Object[0]));
            } catch (ClassNotFoundException e) {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.info("handler discovery and dynamic loading failed", e);
                } else {
                    LOGGER.info("handler discovery and dynamic loading failed");
                }
                throw new SRMNotSupportedException(requestName + " is unsupported");
            }
        } catch (IllegalAccessException | InstantiationException | NoSuchMethodException | RuntimeException | InvocationTargetException e2) {
            LOGGER.error("Please report this failure to support@dcache.org", e2);
            throw new SRMInternalErrorException("Internal error (server log contains additional information)");
        } catch (KeyStoreException | CertificateEncodingException e3) {
            throw new SRMInternalErrorException("Failed to process certificate chain.", e3);
        }
    }

    private RequestCredential saveRequestCredential(Subject subject, X509Credential x509Credential) {
        RequestCredential newRequestCredential = RequestCredential.newRequestCredential(Subjects.getDn(subject), Objects.toString(Subjects.getPrimaryFqan(subject), null), this.requestCredentialStorage);
        newRequestCredential.keepBestDelegatedCredential(x509Credential);
        newRequestCredential.saveCredential();
        return newRequestCredential;
    }

    public static String getZooKeeperBackendPath(String str) {
        return ZKPaths.makePath("/dcache/srm/backends", str);
    }
}
