package org.dcache.srm.server;

import eu.emi.security.authn.x509.X509Credential;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Objects;
import org.dcache.auth.FQAN;
import org.dcache.srm.SRMAuthenticationException;
import org.dcache.srm.SRMAuthorization;
import org.dcache.srm.SRMAuthorizationException;
import org.dcache.srm.SRMInternalErrorException;
import org.dcache.srm.SRMUser;
import org.dcache.srm.request.RequestCredential;
import org.dcache.srm.request.RequestCredentialStorage;
import org.dcache.srm.util.Axis;
import org.italiangrid.voms.VOMSAttribute;
import org.italiangrid.voms.ac.VOMSACValidator;

/* loaded from: input_file:org/dcache/srm/server/SrmAuthorizer.class */
public class SrmAuthorizer {
    private final RequestCredentialStorage storage;
    private final SRMAuthorization authorization;
    private final boolean isClientDNSLookup;
    private final VOMSACValidator validator;

    public SrmAuthorizer(SRMAuthorization sRMAuthorization, RequestCredentialStorage requestCredentialStorage, boolean z, VOMSACValidator vOMSACValidator) {
        this.isClientDNSLookup = z;
        this.authorization = sRMAuthorization;
        this.storage = requestCredentialStorage;
        this.validator = vOMSACValidator;
    }

    public SRMUser getRequestUser() throws SRMInternalErrorException, SRMAuthorizationException, SRMAuthenticationException {
        return this.authorization.authorize(Axis.getCertificateChain().orElseThrow(() -> {
            return new SRMAuthenticationException("Client's certificate chain is missing from request");
        }), Axis.getRemoteAddress());
    }

    public boolean isUserAuthorized() throws SRMInternalErrorException, SRMAuthenticationException {
        return this.authorization.isAuthorized(Axis.getCertificateChain().orElseThrow(() -> {
            return new SRMAuthenticationException("Client's certificate chain is missing from request");
        }), Axis.getRemoteAddress());
    }

    public RequestCredential getRequestCredential() throws SRMAuthenticationException {
        X509Certificate[] orElseThrow = Axis.getCertificateChain().orElseThrow(() -> {
            return new SRMAuthenticationException("Client's certificate chain is missing from request");
        });
        String orElseThrow2 = Axis.getDN().orElseThrow(() -> {
            return new SRMAuthenticationException("Failed to resolve DN");
        });
        X509Credential orElse = Axis.getDelegatedCredential().orElse(null);
        RequestCredential newRequestCredential = RequestCredential.newRequestCredential(orElseThrow2, Objects.toString(getPrimary(this.validator.validate(orElseThrow)), null), this.storage);
        newRequestCredential.keepBestDelegatedCredential(orElse);
        newRequestCredential.saveCredential();
        return newRequestCredential;
    }

    private FQAN getPrimary(List<VOMSAttribute> list) {
        return (FQAN) list.stream().flatMap(vOMSAttribute -> {
            return vOMSAttribute.getFQANs().stream();
        }).findFirst().map(FQAN::new).orElse(null);
    }
}
