package org.dcache.gridsite;

import com.google.common.collect.Iterables;
import java.io.IOException;
import java.util.Calendar;
import java.util.Date;
import org.dcache.auth.util.GSSUtils;
import org.dcache.delegation.gridsite2.DelegationException;
import org.dcache.srm.request.RequestCredential;
import org.dcache.srm.request.RequestCredentialStorage;
import org.dcache.srm.unixfs.Main;
import org.dcache.util.Glob;
import org.globus.gsi.gssapi.auth.AuthorizationException;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:org/dcache/gridsite/SrmCredentialStore.class */
public class SrmCredentialStore implements CredentialStore {
    private RequestCredentialStorage _store;
    private String caDir;
    private String vomsDir;

    @Required
    public void setCaCertificatePath(String str) {
        this.caDir = str;
    }

    @Required
    public void setVomsdir(String str) {
        this.vomsDir = str;
    }

    @Required
    public void setRequestCredentialStorage(RequestCredentialStorage requestCredentialStorage) {
        this._store = requestCredentialStorage;
    }

    @Override // org.dcache.gridsite.CredentialStore
    public GSSCredential get(DelegationIdentity delegationIdentity) throws DelegationException {
        RequestCredential requestCredential = this._store.getRequestCredential(nameFromId(delegationIdentity), null);
        Utilities.assertThat(requestCredential != null, "no stored credential", delegationIdentity);
        return requestCredential.getDelegatedCredential();
    }

    @Override // org.dcache.gridsite.CredentialStore
    public void put(DelegationIdentity delegationIdentity, GSSCredential gSSCredential) throws DelegationException {
        try {
            this._store.saveRequestCredential(new RequestCredential(nameFromId(delegationIdentity), (String) Iterables.getFirst(GSSUtils.getFQANsFromGSSCredential(this.vomsDir, this.caDir, gSSCredential), (Object) null), gSSCredential, this._store));
        } catch (AuthorizationException | GSSException | RuntimeException e) {
            throw new DelegationException("failed to save credential: " + e.getMessage());
        }
    }

    @Override // org.dcache.gridsite.CredentialStore
    public void remove(DelegationIdentity delegationIdentity) throws DelegationException {
        try {
            Utilities.assertThat(this._store.deleteRequestCredential(nameFromId(delegationIdentity), null), "no credential", delegationIdentity);
        } catch (IOException e) {
            throw new DelegationException("internal problem: " + e.getMessage());
        }
    }

    @Override // org.dcache.gridsite.CredentialStore
    public boolean has(DelegationIdentity delegationIdentity) throws DelegationException {
        try {
            return this._store.hasRequestCredential(nameFromId(delegationIdentity), null);
        } catch (IOException e) {
            throw new DelegationException("internal problem: " + e.getMessage());
        }
    }

    @Override // org.dcache.gridsite.CredentialStore
    public Calendar getExpiry(DelegationIdentity delegationIdentity) throws DelegationException {
        RequestCredential requestCredential = this._store.getRequestCredential(nameFromId(delegationIdentity), null);
        Utilities.assertThat(requestCredential != null, "no credential", delegationIdentity);
        Date date = new Date(requestCredential.getDelegatedCredentialExpiration());
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        return calendar;
    }

    private static String nameFromId(DelegationIdentity delegationIdentity) {
        return delegationIdentity.getDelegationId().equals("gsi") ? delegationIdentity.getDn() : delegationIdentity.getDelegationId() + Main.hh_exit + delegationIdentity.getDn();
    }

    @Override // org.dcache.gridsite.CredentialStore
    public GSSCredential search(String str) {
        long j;
        long j2;
        GSSCredential search = search(str, new Glob("*"));
        GSSCredential search2 = search(str, (Glob) null);
        if (search == null) {
            return search2;
        }
        if (search2 == null) {
            return search;
        }
        try {
            j = search.getRemainingLifetime();
        } catch (GSSException e) {
            j = 0;
        }
        try {
            j2 = search2.getRemainingLifetime();
        } catch (GSSException e2) {
            j2 = 0;
        }
        if (j2 > j) {
            return search2;
        }
        if (j > 0) {
            return search;
        }
        return null;
    }

    @Override // org.dcache.gridsite.CredentialStore
    public GSSCredential search(String str, String str2) {
        return search(str, str2 != null ? new Glob(str2) : null);
    }

    private GSSCredential search(String str, Glob glob) {
        long j = 0;
        RequestCredential requestCredential = null;
        RequestCredential searchRequestCredential = this._store.searchRequestCredential(new Glob(str), glob);
        if (searchRequestCredential != null) {
            j = searchRequestCredential.getDelegatedCredentialRemainingLifetime();
            if (j > 0) {
                requestCredential = searchRequestCredential;
            }
        }
        RequestCredential searchRequestCredential2 = this._store.searchRequestCredential(new Glob("* " + str), glob);
        if (searchRequestCredential2 != null && searchRequestCredential2.getDelegatedCredentialRemainingLifetime() > j) {
            requestCredential = searchRequestCredential2;
        }
        if (requestCredential != null) {
            return requestCredential.getDelegatedCredential();
        }
        return null;
    }
}
