package ca.nrc.cadc.ac.client;

import ca.nrc.cadc.ac.ReaderException;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserAlreadyExistsException;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.WriterException;
import ca.nrc.cadc.ac.xml.UserReader;
import ca.nrc.cadc.ac.xml.UserWriter;
import ca.nrc.cadc.auth.AuthMethod;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.auth.PosixPrincipal;
import ca.nrc.cadc.net.HttpDownload;
import ca.nrc.cadc.net.HttpUpload;
import ca.nrc.cadc.net.NetUtil;
import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.RegistryClient;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;

/* loaded from: input_file:ca/nrc/cadc/ac/client/UserClient.class */
public class UserClient {
    private static final Logger log = Logger.getLogger(UserClient.class);
    private URI serviceID;

    public UserClient(URI uri) throws IllegalArgumentException {
        if (uri == null) {
            throw new IllegalArgumentException("Service URI cannot be null.");
        }
        if (uri.getFragment() != null) {
            throw new IllegalArgumentException("invalid serviceURI (fragment not allowed): " + uri);
        }
        this.serviceID = uri;
    }

    public void augmentSubject(Subject subject) throws MalformedURLException {
        Principal principal = getPrincipal(subject);
        if (principal != null) {
            URL url = new URL(getRegistryClient().getServiceURL(this.serviceID, Standards.UMS_USERS_01, AuthMethod.CERT).toExternalForm() + ("/" + NetUtil.encode(principal.getName()) + "?idType=" + getIdType(principal)));
            log.debug("augmentSubject request to " + url.toString());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            HttpDownload httpDownload = new HttpDownload(url, byteArrayOutputStream);
            httpDownload.run();
            int responseCode = httpDownload.getResponseCode();
            if (responseCode == 404) {
                return;
            }
            if (responseCode != 200) {
                if (httpDownload.getThrowable() == null) {
                    throw new IllegalStateException("Error calling /ac to augment subject");
                }
                throw new IllegalStateException("Error calling /ac to augment subject", httpDownload.getThrowable());
            }
            subject.getPrincipals().clear();
            subject.getPrincipals().addAll(getPrincipals(byteArrayOutputStream));
        }
    }

    public List<User> getDisplayUsers() throws IOException {
        URL serviceURL = getRegistryClient().getServiceURL(this.serviceID, Standards.UMS_USERS_01, getAuthMethod());
        ArrayList arrayList = new ArrayList();
        HttpDownload httpDownload = new HttpDownload(serviceURL, new JsonUserListInputStreamWrapper(arrayList));
        httpDownload.setRequestProperty("Accept", "application/json");
        httpDownload.run();
        Throwable throwable = httpDownload.getThrowable();
        if (throwable == null) {
            log.debug("Content-Length: " + httpDownload.getContentLength());
            log.debug("Content-Type: " + httpDownload.getContentType());
            return arrayList;
        }
        String message = throwable.getMessage();
        int responseCode = httpDownload.getResponseCode();
        log.debug("getDisplayUsers response " + responseCode + ": " + message);
        if (responseCode == 401 || responseCode == 403 || responseCode == -1) {
            throw new AccessControlException(message);
        }
        if (responseCode == 400) {
            throw new IllegalArgumentException(message);
        }
        throw new IOException("HttpResponse (" + responseCode + ") - " + message);
    }

    public User createUser(Principal principal) throws UserAlreadyExistsException, IOException, WriterException, ReaderException, URISyntaxException {
        if (principal == null) {
            throw new IllegalArgumentException("principal required");
        }
        User user = new User();
        user.getIdentities().add(principal);
        UserWriter userWriter = new UserWriter();
        StringBuilder sb = new StringBuilder();
        userWriter.write(user, sb);
        URL serviceURL = getRegistryClient().getServiceURL(this.serviceID, Standards.UMS_USERS_01, getAuthMethod());
        if (serviceURL == null) {
            throw new IllegalArgumentException("No service endpoint for uri " + Standards.UMS_REQS_01);
        }
        log.debug("createUser request to " + serviceURL.toString());
        HttpUpload httpUpload = new HttpUpload(new ByteArrayInputStream(sb.toString().getBytes()), serviceURL);
        httpUpload.run();
        int responseCode = httpUpload.getResponseCode();
        if (responseCode == 200 || responseCode == 201) {
            return new UserReader().read(httpUpload.getResponseBody());
        }
        String str = "";
        if (httpUpload.getThrowable() != null) {
            log.debug("error calling createX509User", httpUpload.getThrowable());
            str = httpUpload.getThrowable().getMessage();
        }
        if (responseCode == 400) {
            throw new IllegalArgumentException(str);
        }
        if (responseCode == 409) {
            throw new UserAlreadyExistsException(str);
        }
        if (responseCode == 403) {
            throw new AccessControlException(str);
        }
        throw new IllegalStateException(str);
    }

    public User getUser(Principal principal) throws ReaderException, IOException, URISyntaxException, UserNotFoundException {
        URL url = new URL(getRegistryClient().getServiceURL(this.serviceID, Standards.UMS_USERS_01, getAuthMethod()).toExternalForm() + ("/" + NetUtil.encode(principal.getName()) + "?idType=" + AuthenticationUtil.getPrincipalType(principal)));
        log.debug("getUser request to " + url.toString());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        HttpDownload httpDownload = new HttpDownload(url, byteArrayOutputStream);
        httpDownload.run();
        int responseCode = httpDownload.getResponseCode();
        if (responseCode == 200) {
            return new UserReader().read(byteArrayOutputStream.toString());
        }
        String str = "";
        if (httpDownload.getThrowable() != null) {
            log.debug("error calling get user", httpDownload.getThrowable());
            str = httpDownload.getThrowable().getMessage();
        }
        if (responseCode == 400) {
            throw new IllegalArgumentException(str);
        }
        if (responseCode == 404) {
            throw new UserNotFoundException(str);
        }
        if (responseCode == 403) {
            throw new AccessControlException(str);
        }
        throw new IllegalStateException(str);
    }

    protected Principal getPrincipal(Subject subject) {
        if (subject == null || subject.getPrincipals() == null || subject.getPrincipals().isEmpty()) {
            return null;
        }
        if (subject.getPrincipals().size() == 1) {
            return subject.getPrincipals().iterator().next();
        }
        Set principals = subject.getPrincipals(X500Principal.class);
        if (principals.size() > 0) {
            return (Principal) principals.iterator().next();
        }
        Set principals2 = subject.getPrincipals(NumericPrincipal.class);
        if (principals2.size() > 0) {
            return (Principal) principals2.iterator().next();
        }
        Set principals3 = subject.getPrincipals(HttpPrincipal.class);
        return principals3.size() > 0 ? (Principal) principals3.iterator().next() : subject.getPrincipals().iterator().next();
    }

    protected Set<Principal> getPrincipals(ByteArrayOutputStream byteArrayOutputStream) {
        try {
            String str = new String(byteArrayOutputStream.toByteArray(), "UTF-8");
            log.debug("userXML Input to getPrincipals(): " + str);
            User read = new UserReader().read(str);
            if (read.posixDetails != null) {
                for (PosixPrincipal posixPrincipal : read.getIdentities(PosixPrincipal.class)) {
                    if (posixPrincipal.getUidNumber() == read.posixDetails.getUid()) {
                        posixPrincipal.defaultGroup = Integer.valueOf(read.posixDetails.getGid());
                        posixPrincipal.username = read.posixDetails.getUsername();
                    }
                }
            }
            return read.getIdentities();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected String getIdType(Principal principal) {
        String principalType = AuthenticationUtil.getPrincipalType(principal);
        if (principalType == null) {
            throw new IllegalArgumentException("Subject has unsupported principal " + principal.getClass());
        }
        return principalType;
    }

    protected RegistryClient getRegistryClient() {
        return new RegistryClient();
    }

    protected HttpDownload download(URL url, OutputStream outputStream) throws IOException {
        HttpDownload httpDownload = new HttpDownload(url, outputStream);
        httpDownload.run();
        return httpDownload;
    }

    protected OutputStream getOutputStream() {
        return new ByteArrayOutputStream();
    }

    public User whoAmI() throws IOException, UserNotFoundException {
        URL serviceURL = getRegistryClient().getServiceURL(this.serviceID, Standards.UMS_WHOAMI_01, getAuthMethod());
        if (serviceURL == null) {
            throw new IllegalArgumentException("No service endpoint for uri " + Standards.UMS_WHOAMI_01);
        }
        log.debug("getUser request to " + serviceURL.toString());
        OutputStream outputStream = getOutputStream();
        HttpDownload download = download(serviceURL, outputStream);
        int responseCode = download.getResponseCode();
        if (responseCode == 200) {
            try {
                return new UserReader().read(outputStream.toString());
            } catch (ReaderException | URISyntaxException e) {
                throw new IllegalStateException(e);
            }
        }
        String str = "";
        if (download.getThrowable() != null) {
            log.debug("error calling get user", download.getThrowable());
            str = download.getThrowable().getMessage();
        }
        if (responseCode == 400) {
            throw new IllegalArgumentException(str);
        }
        if (responseCode == 404) {
            throw new UserNotFoundException(str);
        }
        if (responseCode == 403) {
            throw new AccessControlException(str);
        }
        throw new IllegalStateException(str);
    }

    private AuthMethod getAuthMethod() throws AccessControlException {
        AuthMethod authMethodFromCredentials = AuthenticationUtil.getAuthMethodFromCredentials(AuthenticationUtil.getCurrentSubject());
        if (authMethodFromCredentials == null || authMethodFromCredentials.equals(AuthMethod.ANON)) {
            throw new AccessControlException("Anonymous access not supported.");
        }
        return authMethodFromCredentials;
    }
}
