package org.dcache.gridsite;

import com.google.common.collect.Iterables;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import org.dcache.auth.util.GSSUtils;
import org.dcache.delegation.gridsite2.DelegationException;
import org.globus.gsi.gssapi.auth.AuthorizationException;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:org/dcache/gridsite/InMemoryCredentialStore.class */
public class InMemoryCredentialStore implements CredentialStore {
    private Map<DelegationIdentity, GSSCredential> _storage = new HashMap();
    private String vomsDir;
    private String caDir;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/dcache/gridsite/InMemoryCredentialStore$DnFqanMatcher.class */
    public interface DnFqanMatcher {
        boolean matches(String str, String str2);
    }

    @Required
    public void setCaCertificatePath(String str) {
        this.caDir = str;
    }

    @Required
    public void setVomsdir(String str) {
        this.vomsDir = str;
    }

    @Override // org.dcache.gridsite.CredentialStore
    public GSSCredential get(DelegationIdentity delegationIdentity) throws DelegationException {
        GSSCredential andCheckForExpired = getAndCheckForExpired(delegationIdentity);
        Utilities.assertThat(andCheckForExpired != null, "no credential", delegationIdentity);
        return andCheckForExpired;
    }

    private GSSCredential getAndCheckForExpired(DelegationIdentity delegationIdentity) {
        GSSCredential gSSCredential = this._storage.get(delegationIdentity);
        if (gSSCredential != null && hasExpired(gSSCredential)) {
            this._storage.remove(delegationIdentity);
            gSSCredential = null;
        }
        return gSSCredential;
    }

    @Override // org.dcache.gridsite.CredentialStore
    public void put(DelegationIdentity delegationIdentity, GSSCredential gSSCredential) {
        this._storage.put(delegationIdentity, gSSCredential);
    }

    @Override // org.dcache.gridsite.CredentialStore
    public void remove(DelegationIdentity delegationIdentity) throws DelegationException {
        GSSCredential remove = this._storage.remove(delegationIdentity);
        if (remove != null && hasExpired(remove)) {
            this._storage.remove(delegationIdentity);
            remove = null;
        }
        Utilities.assertThat(remove != null, "no credential", delegationIdentity);
    }

    @Override // org.dcache.gridsite.CredentialStore
    public boolean has(DelegationIdentity delegationIdentity) {
        return getAndCheckForExpired(delegationIdentity) != null;
    }

    @Override // org.dcache.gridsite.CredentialStore
    public Calendar getExpiry(DelegationIdentity delegationIdentity) throws DelegationException {
        GSSCredential andCheckForExpired = getAndCheckForExpired(delegationIdentity);
        Utilities.assertThat(andCheckForExpired != null, "no credential", delegationIdentity);
        int remainingLifetimeOf = remainingLifetimeOf(andCheckForExpired);
        if (remainingLifetimeOf == Integer.MAX_VALUE) {
            throw new DelegationException("credential has no expiry date");
        }
        Calendar calendar = Calendar.getInstance();
        calendar.setTimeInMillis(System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(remainingLifetimeOf));
        return calendar;
    }

    private static int remainingLifetimeOf(GSSCredential gSSCredential) {
        int i;
        try {
            i = gSSCredential.getRemainingLifetime();
        } catch (GSSException e) {
            i = 0;
        }
        return i;
    }

    private static boolean hasExpired(GSSCredential gSSCredential) {
        return remainingLifetimeOf(gSSCredential) == 0;
    }

    @Override // org.dcache.gridsite.CredentialStore
    public GSSCredential search(final String str) {
        return bestCredentialMatching(new DnFqanMatcher() { // from class: org.dcache.gridsite.InMemoryCredentialStore.1
            @Override // org.dcache.gridsite.InMemoryCredentialStore.DnFqanMatcher
            public boolean matches(String str2, String str3) {
                return str.equals(str2);
            }
        });
    }

    @Override // org.dcache.gridsite.CredentialStore
    public GSSCredential search(final String str, final String str2) {
        return bestCredentialMatching(new DnFqanMatcher() { // from class: org.dcache.gridsite.InMemoryCredentialStore.2
            @Override // org.dcache.gridsite.InMemoryCredentialStore.DnFqanMatcher
            public boolean matches(String str3, String str4) {
                return str.equals(str3) && Objects.equals(str2, str4);
            }
        });
    }

    private GSSCredential bestCredentialMatching(DnFqanMatcher dnFqanMatcher) {
        GSSCredential gSSCredential = null;
        long j = 0;
        for (Map.Entry<DelegationIdentity, GSSCredential> entry : this._storage.entrySet()) {
            try {
                GSSCredential value = entry.getValue();
                if (dnFqanMatcher.matches(entry.getKey().getDn(), (String) Iterables.getFirst(GSSUtils.getFQANsFromGSSCredential(this.vomsDir, this.caDir, value), (Object) null))) {
                    long remainingLifetime = value.getRemainingLifetime();
                    if (remainingLifetime > j) {
                        j = remainingLifetime;
                        gSSCredential = value;
                    }
                }
            } catch (GSSException | AuthorizationException e) {
            }
        }
        return gSSCredential;
    }
}
