package org.dcache.webdav.transfer;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import diskCacheV111.srm.CredentialServiceAnnouncement;
import diskCacheV111.srm.CredentialServiceRequest;
import diskCacheV111.srm.dcache.SrmRequestCredentialMessage;
import diskCacheV111.util.CacheException;
import dmg.cells.nucleus.CellAddressCore;
import dmg.cells.nucleus.CellLifeCycleAware;
import dmg.cells.nucleus.CellMessageReceiver;
import dmg.cells.nucleus.CellPath;
import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.impl.KeyAndCertCredential;
import java.net.URI;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import org.dcache.cells.CellStub;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:org/dcache/webdav/transfer/CredentialServiceClient.class */
public class CredentialServiceClient implements CellMessageReceiver, CellLifeCycleAware {
    private static final Logger LOGGER = LoggerFactory.getLogger(CredentialServiceClient.class);
    private CellStub topic;
    private Cache<CellAddressCore, URI> cache = CacheBuilder.newBuilder().expireAfterWrite(70, TimeUnit.SECONDS).build();

    @Required
    public void setTopicStub(CellStub cellStub) {
        this.topic = cellStub;
    }

    public void afterStart() {
        this.topic.notify(new CredentialServiceRequest());
    }

    public void beforeStop() {
    }

    public void messageArrived(CredentialServiceAnnouncement credentialServiceAnnouncement) {
        this.cache.put(credentialServiceAnnouncement.getCellAddress(), credentialServiceAnnouncement.getDelegationEndpoint());
    }

    public Collection<URI> getDelegationEndpoints() {
        return this.cache.asMap().values();
    }

    public X509Credential getDelegatedCredential(String str, String str2, int i, TimeUnit timeUnit) throws InterruptedException, ErrorResponseException {
        long j = 0;
        KeyAndCertCredential keyAndCertCredential = null;
        Iterator it = this.cache.asMap().keySet().iterator();
        while (it.hasNext()) {
            CellPath cellPath = new CellPath(new CellAddressCore[]{(CellAddressCore) it.next()});
            try {
                SrmRequestCredentialMessage sendAndWait = this.topic.sendAndWait(cellPath, new SrmRequestCredentialMessage(str, str2));
                if (sendAndWait.hasCredential()) {
                    X509Certificate[] certificateChain = sendAndWait.getCertificateChain();
                    long calculateRemainingLifetime = calculateRemainingLifetime(certificateChain);
                    if (calculateRemainingLifetime > j) {
                        keyAndCertCredential = new KeyAndCertCredential(sendAndWait.getPrivateKey(), certificateChain);
                        j = calculateRemainingLifetime;
                    }
                }
            } catch (CacheException e) {
                LOGGER.debug("failed to contact {} querying for {}, {}: {}", new Object[]{cellPath, str, str2, e.getMessage()});
            } catch (KeyStoreException e2) {
                LOGGER.warn("Received invalid key pair from {} for {}, {}: {}", new Object[]{cellPath, str, str2, e2.getMessage()});
            }
        }
        if (j < timeUnit.toMillis(i)) {
            return null;
        }
        return keyAndCertCredential;
    }

    private static long calculateRemainingLifetime(X509Certificate[] x509CertificateArr) {
        long j = Long.MAX_VALUE;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            j = Math.min(j, x509Certificate.getNotAfter().getTime());
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (j <= currentTimeMillis) {
            return 0L;
        }
        return j - currentTimeMillis;
    }
}
