package org.dcache.xrootd.plugins.alice;

import java.io.File;
import java.net.InetSocketAddress;
import java.security.AccessControlException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Map;
import javax.security.auth.Subject;
import org.dcache.xrootd.plugins.AuthorizationHandler;
import org.dcache.xrootd.plugins.alice.Envelope;
import org.dcache.xrootd.protocol.XrootdProtocol;

/* loaded from: input_file:org/dcache/xrootd/plugins/alice/TokenAuthorization1.class */
public class TokenAuthorization1 implements AuthorizationHandler {
    private final Map<String, KeyPair> keystore;

    public TokenAuthorization1(Map<String, KeyPair> map) {
        this.keystore = map;
    }

    public String authorize(Subject subject, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, String str, Map<String, String> map, int i, XrootdProtocol.FilePerm filePerm) throws SecurityException, GeneralSecurityException {
        if (str == null) {
            throw new IllegalArgumentException("the lfn string must not be null");
        }
        String str2 = map.get("authz");
        if (str2 == null) {
            if (i == 3017 || i == 3022 || i == 3004) {
                return str;
            }
            throw new GeneralSecurityException("No authorization token found in open request, access denied.");
        }
        try {
            Envelope.GridFile findFile = findFile(str, decodeEnvelope(str2, getKeys(map.get("vo"))));
            if (findFile == null) {
                throw new GeneralSecurityException("authorization token doesn't contain any file permissions for lfn " + str);
            }
            if (!Arrays.equals(findFile.getTurlHost().getAddress(), inetSocketAddress.getAddress().getAddress())) {
                throw new GeneralSecurityException("Hostname mismatch in authorization token (lfn=" + findFile.getLfn() + " TURL=" + findFile.getTurl() + ")");
            }
            if ((findFile.getTurlPort() == -1 ? 1094 : findFile.getTurlPort()) != inetSocketAddress.getPort()) {
                throw new GeneralSecurityException("Port mismatch in authorization token (lfn=" + findFile.getLfn() + " TURL=" + findFile.getTurl() + ")");
            }
            int access = findFile.getAccess();
            if (filePerm == XrootdProtocol.FilePerm.WRITE) {
                if (access < XrootdProtocol.FilePerm.WRITE_ONCE.ordinal()) {
                    throw new AccessControlException("Token lacks authorization for requested operation");
                }
            } else if (filePerm == XrootdProtocol.FilePerm.DELETE && access < XrootdProtocol.FilePerm.DELETE.ordinal()) {
                throw new AccessControlException("Token lacks authorization for requested operation");
            }
            return findFile.getTurlPath();
        } catch (CorruptedEnvelopeException e) {
            throw new GeneralSecurityException("Error parsing authorization token: " + e.getMessage());
        }
    }

    private Envelope.GridFile findFile(String str, Envelope envelope) {
        for (Envelope.GridFile gridFile : envelope.getFiles()) {
            if (str.equals(gridFile.getLfn())) {
                return gridFile;
            }
        }
        return null;
    }

    private Envelope decodeEnvelope(String str, KeyPair keyPair) throws GeneralSecurityException, CorruptedEnvelopeException {
        EncryptedAuthzToken encryptedAuthzToken = new EncryptedAuthzToken(str, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
        encryptedAuthzToken.decrypt();
        return encryptedAuthzToken.getEnvelope();
    }

    private KeyPair getKeys(String str) throws GeneralSecurityException {
        KeyPair keyPair;
        if (this.keystore == null) {
            throw new GeneralSecurityException("no keystore found");
        }
        if (str != null) {
            if (!this.keystore.containsKey(str)) {
                throw new GeneralSecurityException("no keypair for VO " + str + " found in keystore");
            }
            keyPair = this.keystore.get(str);
        } else {
            if (!this.keystore.containsKey("*")) {
                throw new GeneralSecurityException("no default keypair found in keystore, required for decoding authorization token");
            }
            keyPair = this.keystore.get("*");
        }
        return keyPair;
    }

    public static void main(String[] strArr) throws Exception {
        TokenAuthorization1Factory tokenAuthorization1Factory = new TokenAuthorization1Factory(new File(strArr[0]));
        String str = strArr[1];
        TokenAuthorization1 m4createHandler = tokenAuthorization1Factory.m4createHandler();
        System.out.println(m4createHandler.decodeEnvelope(str, m4createHandler.getKeys(null)));
    }
}
