package org.dcache.srm.server;

import java.net.InetAddress;
import java.net.UnknownHostException;
import javax.servlet.http.HttpServletRequest;
import org.apache.axis.MessageContext;
import org.apache.axis.transport.http.HTTPConstants;
import org.dcache.auth.util.GSSUtils;
import org.dcache.srm.SRMAuthorization;
import org.dcache.srm.SRMAuthorizationException;
import org.dcache.srm.SRMUser;
import org.dcache.srm.request.RequestCredential;
import org.dcache.srm.request.RequestCredentialStorage;
import org.globus.gsi.gssapi.auth.AuthorizationException;
import org.gridforum.jgss.ExtendedGSSContext;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/dcache/srm/server/SrmAuthorizer.class */
public class SrmAuthorizer {
    private static final Logger log = LoggerFactory.getLogger(SrmAuthorizer.class);
    private static final String REMOTE_ADDR = "REMOTE_ADDR";
    private final RequestCredentialStorage storage;
    private final SRMAuthorization authorization;
    private final boolean isClientDNSLookup;

    public SrmAuthorizer(SRMAuthorization sRMAuthorization, RequestCredentialStorage requestCredentialStorage, boolean z) {
        this.isClientDNSLookup = z;
        this.authorization = sRMAuthorization;
        this.storage = requestCredentialStorage;
        log.debug("Successfully initialized");
    }

    public UserCredential getUserCredentials() throws SRMAuthorizationException {
        try {
            MessageContext currentContext = MessageContext.getCurrentContext();
            setUpEnv(currentContext);
            GSSContext gSSContext = (GSSContext) currentContext.getProperty("org.globus.gsi.context");
            if (gSSContext == null) {
                throw new SRMAuthorizationException("cant extract gsscontext from MessageContext, gsscontext is null");
            }
            String gSSName = gSSContext.getSrcName().toString();
            log.debug("User ID (secureId) is: " + gSSName);
            GSSCredential delegCred = gSSContext.getDelegCred();
            if (delegCred != null) {
                try {
                    log.debug("User credential (delegcred) is: " + delegCred.getName());
                } catch (Exception e) {
                    log.debug("Caught occasional (usually harmless) exception when calling delegcred.getName()): ", e);
                }
            }
            UserCredential userCredential = new UserCredential();
            userCredential.secureId = gSSName;
            userCredential.context = gSSContext;
            userCredential.credential = delegCred;
            String str = (String) currentContext.getProperty(REMOTE_ADDR);
            if (this.isClientDNSLookup) {
                userCredential.clientHost = InetAddress.getByName(str).getCanonicalHostName();
            } else {
                userCredential.clientHost = str;
            }
            return userCredential;
        } catch (GSSException | UnknownHostException e2) {
            log.error("getUserCredentials failed with exception", e2);
            throw new SRMAuthorizationException(e2.toString(), e2);
        }
    }

    public SRMUser getRequestUser(RequestCredential requestCredential, String str, GSSContext gSSContext) throws SRMAuthorizationException {
        return this.authorization.authorize(Long.valueOf(requestCredential.getId()), requestCredential.getCredentialName(), str, gSSContext, (String) MessageContext.getCurrentContext().getProperty(REMOTE_ADDR));
    }

    public RequestCredential getRequestCredential(UserCredential userCredential, String str) {
        try {
            String str2 = userCredential.secureId;
            GSSCredential gSSCredential = userCredential.credential;
            RequestCredential newRequestCredential = RequestCredential.newRequestCredential(str2, str, this.storage);
            newRequestCredential.keepBestDelegatedCredential(gSSCredential);
            newRequestCredential.saveCredential();
            return newRequestCredential;
        } catch (GSSException e) {
            throw new RuntimeException("Problem getting request credential", e);
        }
    }

    private void setUpEnv(MessageContext messageContext) {
        Object property = messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
        if (property == null || !(property instanceof HttpServletRequest)) {
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) property;
        Object attribute = httpServletRequest.getAttribute("org.globus.gsi.context");
        if (attribute != null) {
            messageContext.setProperty("org.globus.gsi.context", attribute);
        }
        String remoteAddr = httpServletRequest.getRemoteAddr();
        if (remoteAddr != null) {
            messageContext.setProperty(REMOTE_ADDR, remoteAddr);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Iterable<String> getFQANsFromContext(String str, String str2, ExtendedGSSContext extendedGSSContext) throws SRMAuthorizationException {
        try {
            return GSSUtils.getFQANsFromGSSContext(str, str2, extendedGSSContext);
        } catch (AuthorizationException e) {
            log.error("Could not extract FQANs from context", e);
            throw new SRMAuthorizationException("Could not extract FQANs from context " + e.getMessage());
        }
    }
}
