package ca.nrc.cadc.ac.client;

import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupAlreadyExistsException;
import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.ReaderException;
import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.WriterException;
import ca.nrc.cadc.ac.xml.AbstractReaderWriter;
import ca.nrc.cadc.ac.xml.GroupListReader;
import ca.nrc.cadc.ac.xml.GroupReader;
import ca.nrc.cadc.ac.xml.GroupWriter;
import ca.nrc.cadc.auth.AuthMethod;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.net.FileContent;
import ca.nrc.cadc.net.HttpDelete;
import ca.nrc.cadc.net.HttpDownload;
import ca.nrc.cadc.net.HttpPost;
import ca.nrc.cadc.net.HttpTransfer;
import ca.nrc.cadc.net.HttpUpload;
import ca.nrc.cadc.net.InputStreamWrapper;
import ca.nrc.cadc.net.NetUtil;
import ca.nrc.cadc.net.ResourceNotFoundException;
import ca.nrc.cadc.net.event.TransferEvent;
import ca.nrc.cadc.net.event.TransferListener;
import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.RegistryClient;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.Charset;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;
import org.opencadc.gms.GroupClient;
import org.opencadc.gms.GroupURI;

/* loaded from: input_file:ca/nrc/cadc/ac/client/GMSClient.class */
public class GMSClient implements TransferListener, GroupClient {
    private static final Logger log = Logger.getLogger(GMSClient.class);
    private URI serviceID;

    public GMSClient(URI uri) {
        if (uri == null) {
            throw new IllegalArgumentException("invalid serviceID: " + uri);
        }
        if (uri.getFragment() != null) {
            throw new IllegalArgumentException("invalid serviceID (fragment not allowed): " + uri);
        }
        this.serviceID = uri;
    }

    public void transferEvent(TransferEvent transferEvent) {
        if (9 == transferEvent.getState()) {
            log.debug("retry after request failed, reason: " + transferEvent.getError());
        }
    }

    public String getEventHeader() {
        return null;
    }

    public boolean isMember(GroupURI groupURI) {
        if (groupURI == null) {
            throw new IllegalArgumentException("Null group");
        }
        if (!groupURI.getServiceID().equals(this.serviceID)) {
            throw new UnsupportedOperationException("Group is not in the target GMS service.");
        }
        try {
            return isMember(groupURI.getName(), Role.MEMBER);
        } catch (Throwable th) {
            throw new RuntimeException(th);
        }
    }

    public List<GroupURI> getMemberships() {
        try {
            List<Group> memberships = getMemberships(Role.MEMBER);
            ArrayList arrayList = new ArrayList(memberships.size());
            Iterator<Group> it = memberships.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getID());
            }
            return arrayList;
        } catch (Throwable th) {
            throw new RuntimeException(th);
        }
    }

    public List<Group> getGroups() {
        throw new UnsupportedOperationException("Not yet implemented");
    }

    public Group createGroup(Group group) throws GroupAlreadyExistsException, AccessControlException, UserNotFoundException, WriterException, IOException {
        URL lookupServiceURL = lookupServiceURL(Standards.GMS_GROUPS_01);
        log.debug("createGroupURL request to " + lookupServiceURL.toString());
        clearCache();
        StringBuilder sb = new StringBuilder();
        new GroupWriter().write(group, sb);
        log.debug("createGroup: " + ((Object) sb));
        HttpUpload httpUpload = new HttpUpload(new ByteArrayInputStream(sb.toString().getBytes("UTF-8")), lookupServiceURL);
        httpUpload.run();
        Throwable throwable = httpUpload.getThrowable();
        if (throwable == null) {
            String responseBody = httpUpload.getResponseBody();
            try {
                log.debug("createGroup returned: " + responseBody);
                return new GroupReader().read(responseBody);
            } catch (Exception e) {
                log.error("Unexpected exception", e);
                throw new RuntimeException(e);
            }
        }
        log.debug("createGroup throwable", throwable);
        if (httpUpload.getResponseCode() == -1 || httpUpload.getResponseCode() == 401 || httpUpload.getResponseCode() == 403) {
            throw new AccessControlException(throwable.getMessage());
        }
        if (httpUpload.getResponseCode() == 400) {
            throw new IllegalArgumentException(throwable.getMessage());
        }
        if (httpUpload.getResponseCode() == 409) {
            throw new GroupAlreadyExistsException(throwable.getMessage());
        }
        if (httpUpload.getResponseCode() == 404) {
            throw new UserNotFoundException(throwable.getMessage());
        }
        throw new IOException(throwable);
    }

    public Group getGroup(String str) throws GroupNotFoundException, AccessControlException, IOException {
        URL url = new URL(lookupServiceURL(Standards.GMS_GROUPS_01).toExternalForm() + "/" + str);
        log.debug("getGroup request to " + url.toString());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        HttpDownload httpDownload = new HttpDownload(url, byteArrayOutputStream);
        httpDownload.run();
        Throwable throwable = httpDownload.getThrowable();
        if (throwable == null) {
            try {
                String str2 = new String(byteArrayOutputStream.toByteArray(), "UTF-8");
                log.debug("getGroup returned: " + str2);
                return new GroupReader().read(str2);
            } catch (Exception e) {
                log.error("Unexpected exception", e);
                throw new RuntimeException(e);
            }
        }
        log.debug("getGroup throwable (" + httpDownload.getResponseCode() + ")", throwable);
        if (httpDownload.getResponseCode() == -1 || httpDownload.getResponseCode() == 401 || httpDownload.getResponseCode() == 403) {
            throw new AccessControlException(throwable.getMessage());
        }
        if (httpDownload.getResponseCode() == 400) {
            throw new IllegalArgumentException(throwable.getMessage());
        }
        if (httpDownload.getResponseCode() == 404) {
            throw new GroupNotFoundException(throwable.getMessage());
        }
        throw new IOException(throwable);
    }

    public List<String> getGroupNames() throws AccessControlException, IOException {
        URL lookupServiceURL = lookupServiceURL(Standards.GMS_GROUPS_01);
        log.debug("getGroupNames request to " + lookupServiceURL.toString());
        final ArrayList arrayList = new ArrayList();
        HttpDownload httpDownload = new HttpDownload(lookupServiceURL, new InputStreamWrapper() { // from class: ca.nrc.cadc.ac.client.GMSClient.1
            public void read(InputStream inputStream) throws IOException {
                try {
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            return;
                        } else {
                            arrayList.add(readLine);
                        }
                    }
                } catch (Exception e) {
                    GMSClient.log.error("Unexpected exception", e);
                    throw new RuntimeException(e);
                }
            }
        });
        httpDownload.setRetry(0, 0, HttpTransfer.RetryReason.NONE);
        httpDownload.run();
        Throwable throwable = httpDownload.getThrowable();
        if (throwable == null) {
            log.debug("Content-Length: " + httpDownload.getContentLength());
            log.debug("Content-Type: " + httpDownload.getContentType());
            return arrayList;
        }
        String message = throwable.getMessage();
        int responseCode = httpDownload.getResponseCode();
        log.debug("getGroupNames response " + responseCode + ": " + message);
        if (responseCode == 401 || responseCode == 403 || responseCode == -1) {
            throw new AccessControlException(message);
        }
        if (responseCode == 400) {
            throw new IllegalArgumentException(message);
        }
        throw new IOException("HttpResponse (" + responseCode + ") - " + message);
    }

    public Group updateGroup(Group group) throws IllegalArgumentException, GroupNotFoundException, UserNotFoundException, AccessControlException, WriterException, IOException, ReaderException, URISyntaxException {
        URL url = new URL(lookupServiceURL(Standards.GMS_GROUPS_01).toExternalForm() + "/" + group.getID().getName());
        log.debug("updateGroup request to " + url.toString());
        clearCache();
        StringBuilder sb = new StringBuilder();
        new GroupWriter().write(group, sb);
        log.debug("updateGroup: " + ((Object) sb));
        HttpPost httpPost = new HttpPost(url, new FileContent(sb.toString(), "application/xml", Charset.forName("UTF-8")), false);
        httpPost.setTransferListener(this);
        httpPost.run();
        Throwable throwable = httpPost.getThrowable();
        if (throwable == null) {
            return new GroupReader().read(httpPost.getResponseBody());
        }
        if (httpPost.getResponseCode() == -1 || httpPost.getResponseCode() == 401 || httpPost.getResponseCode() == 403) {
            throw new AccessControlException(throwable.getMessage());
        }
        if (httpPost.getResponseCode() == 400) {
            throw new IllegalArgumentException(throwable.getMessage());
        }
        if (httpPost.getResponseCode() != 404) {
            throw new IOException(throwable);
        }
        if (throwable.getMessage() == null || !throwable.getMessage().toLowerCase().contains(AbstractReaderWriter.USER)) {
            throw new GroupNotFoundException(throwable.getMessage());
        }
        throw new UserNotFoundException(throwable.getMessage());
    }

    public void deleteGroup(String str) throws GroupNotFoundException, AccessControlException, IOException {
        URL url = new URL(lookupServiceURL(Standards.GMS_GROUPS_01).toExternalForm() + "/" + str);
        log.debug("deleteGroup request to " + url.toString());
        clearCache();
        HttpDelete httpDelete = new HttpDelete(url, true);
        httpDelete.run();
        Throwable throwable = httpDelete.getThrowable();
        if (throwable != null) {
            if (throwable instanceof AccessControlException) {
                throw new AccessControlException(throwable.getMessage());
            }
            if (httpDelete.getResponseCode() == 400) {
                throw new IllegalArgumentException(throwable.getMessage());
            }
            if (!(throwable instanceof ResourceNotFoundException)) {
                throw new IOException(throwable);
            }
            throw new GroupNotFoundException(throwable.getMessage());
        }
    }

    public void addGroupMember(String str, String str2) throws IllegalArgumentException, GroupNotFoundException, AccessControlException, IOException {
        URL url = new URL(lookupServiceURL(Standards.GMS_GROUPS_01).toExternalForm() + ("/" + str + "/groupMembers/" + str2));
        log.debug("addGroupMember request to " + url.toString());
        clearCache();
        HttpUpload httpUpload = new HttpUpload(new ByteArrayInputStream(new byte[0]), url);
        httpUpload.run();
        Throwable throwable = httpUpload.getThrowable();
        if (throwable != null) {
            int responseCode = httpUpload.getResponseCode();
            String message = throwable.getMessage();
            if (responseCode == -1 || responseCode == 401 || responseCode == 403) {
                throw new AccessControlException(message);
            }
            if (responseCode == 400) {
                throw new IllegalArgumentException(message);
            }
            if (responseCode != 404) {
                throw new IOException(message);
            }
            throw new GroupNotFoundException(message);
        }
    }

    public void addUserMember(String str, Principal principal) throws GroupNotFoundException, UserNotFoundException, AccessControlException, IOException {
        if (str == null) {
            throw new IllegalArgumentException("targetGroupName required");
        }
        if (principal == null) {
            throw new IllegalArgumentException("userID required");
        }
        log.debug("addUserMember: " + str + " + " + principal.getName());
        URL url = new URL(lookupServiceURL(Standards.GMS_GROUPS_01).toExternalForm() + ("/" + str + "/userMembers/" + NetUtil.encode(principal.getName()) + "?idType=" + AuthenticationUtil.getPrincipalType(principal)));
        log.debug("addUserMember request to " + url.toString());
        clearCache();
        HttpUpload httpUpload = new HttpUpload(new ByteArrayInputStream(new byte[0]), url);
        httpUpload.run();
        Throwable throwable = httpUpload.getThrowable();
        if (throwable != null) {
            int responseCode = httpUpload.getResponseCode();
            String message = throwable.getMessage();
            if (responseCode == -1 || responseCode == 401 || responseCode == 403) {
                throw new AccessControlException(message);
            }
            if (responseCode == 400) {
                throw new IllegalArgumentException(message);
            }
            if (responseCode != 404) {
                throw new IOException(message);
            }
            if (message != null && message.toLowerCase().contains(AbstractReaderWriter.USER)) {
                throw new UserNotFoundException(message);
            }
            throw new GroupNotFoundException(message);
        }
    }

    public void removeGroupMember(String str, String str2) throws GroupNotFoundException, AccessControlException, IOException {
        URL url = new URL(lookupServiceURL(Standards.GMS_GROUPS_01).toExternalForm() + ("/" + str + "/groupMembers/" + str2));
        log.debug("removeGroupMember request to " + url.toString());
        clearCache();
        HttpDelete httpDelete = new HttpDelete(url, true);
        httpDelete.run();
        Throwable throwable = httpDelete.getThrowable();
        if (throwable != null) {
            if (throwable instanceof AccessControlException) {
                throw ((AccessControlException) throwable);
            }
            if (httpDelete.getResponseCode() == 400) {
                throw new IllegalArgumentException(throwable.getMessage());
            }
            if (!(throwable instanceof ResourceNotFoundException)) {
                throw new IOException(throwable);
            }
            throw new GroupNotFoundException(throwable.getMessage());
        }
    }

    public void removeUserMember(String str, Principal principal) throws GroupNotFoundException, UserNotFoundException, AccessControlException, IOException {
        String principalType = AuthenticationUtil.getPrincipalType(principal);
        log.debug("removeUserMember: " + str + " - " + principal.getName() + " type: " + principalType);
        URL url = new URL(lookupServiceURL(Standards.GMS_GROUPS_01).toExternalForm() + ("/" + str + "/userMembers/" + NetUtil.encode(principal.getName()) + "?idType=" + principalType));
        log.debug("removeUserMember: " + url.toString());
        clearCache();
        HttpDelete httpDelete = new HttpDelete(url, true);
        httpDelete.run();
        Throwable throwable = httpDelete.getThrowable();
        if (throwable != null) {
            if (throwable instanceof AccessControlException) {
                throw new AccessControlException(throwable.getMessage());
            }
            if (httpDelete.getResponseCode() == 400) {
                throw new IllegalArgumentException(throwable.getMessage());
            }
            if (!(throwable instanceof ResourceNotFoundException)) {
                throw new IOException(throwable);
            }
            String message = throwable.getMessage();
            if (message != null && message.toLowerCase().contains(AbstractReaderWriter.USER)) {
                throw new UserNotFoundException(message);
            }
            throw new GroupNotFoundException(message);
        }
    }

    private Principal getCurrentUserID() {
        Subject currentSubject = AuthenticationUtil.getCurrentSubject();
        if (currentSubject == null) {
            return null;
        }
        Set principals = currentSubject.getPrincipals(HttpPrincipal.class);
        if (principals.isEmpty()) {
            return null;
        }
        Principal principal = (Principal) principals.iterator().next();
        log.debug("getCurrentID: " + principal.getClass());
        return principal;
    }

    public List<Group> getMemberships(Role role) throws UserNotFoundException, AccessControlException, IOException {
        return getMemberships(null, role);
    }

    private List<Group> getMemberships(Principal principal, Role role) throws UserNotFoundException, AccessControlException, IOException {
        List<Group> cachedGroups;
        if (role == null) {
            throw new IllegalArgumentException("role are required.");
        }
        Principal currentUserID = getCurrentUserID();
        if (currentUserID != null && (cachedGroups = getCachedGroups(currentUserID, role, true)) != null) {
            return cachedGroups;
        }
        URL url = new URL(lookupServiceURL(Standards.GMS_SEARCH_01).toExternalForm() + "?ROLE=" + NetUtil.encode(role.getValue()));
        log.debug("getMemberships request to " + url.toString());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        HttpDownload httpDownload = new HttpDownload(url, byteArrayOutputStream);
        httpDownload.run();
        Throwable throwable = httpDownload.getThrowable();
        if (throwable == null) {
            try {
                String str = new String(byteArrayOutputStream.toByteArray(), "UTF-8");
                log.debug("getMemberships returned: " + str);
                List<Group> read = new GroupListReader().read(str);
                setCachedGroups(currentUserID, read, role);
                return read;
            } catch (Exception e) {
                log.error("Unexpected exception", e);
                throw new RuntimeException(e);
            }
        }
        log.debug("getMemberships throwable", throwable);
        if (httpDownload.getResponseCode() == -1 || httpDownload.getResponseCode() == 401 || httpDownload.getResponseCode() == 403) {
            throw new AccessControlException(throwable.getMessage());
        }
        if (httpDownload.getResponseCode() == 404) {
            throw new UserNotFoundException(throwable.getMessage());
        }
        if (httpDownload.getResponseCode() == 400) {
            throw new IllegalArgumentException(throwable.getMessage());
        }
        throw new IOException(throwable);
    }

    public Group getMembership(String str) throws UserNotFoundException, AccessControlException, IOException {
        return getMembership(str, Role.MEMBER);
    }

    public Group getMembership(String str, Role role) throws UserNotFoundException, AccessControlException, IOException {
        Group cachedGroup;
        if (str == null || role == null) {
            throw new IllegalArgumentException("groupName and role are required.");
        }
        Principal currentUserID = getCurrentUserID();
        if (currentUserID != null && (cachedGroup = getCachedGroup(currentUserID, str, role)) != null) {
            return cachedGroup;
        }
        URL url = new URL(lookupServiceURL(Standards.GMS_SEARCH_01).toExternalForm() + ("?ROLE=" + NetUtil.encode(role.getValue()) + "&GROUPID=" + NetUtil.encode(str)));
        log.debug("getMembership request to " + url.toString());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        HttpDownload httpDownload = new HttpDownload(url, byteArrayOutputStream);
        httpDownload.run();
        Throwable throwable = httpDownload.getThrowable();
        if (throwable != null) {
            log.debug("getMembership throwable", throwable);
            if (httpDownload.getResponseCode() == -1 || httpDownload.getResponseCode() == 401 || httpDownload.getResponseCode() == 403) {
                throw new AccessControlException(throwable.getMessage());
            }
            if (httpDownload.getResponseCode() == 404) {
                throw new UserNotFoundException(throwable.getMessage());
            }
            if (httpDownload.getResponseCode() == 400) {
                throw new IllegalArgumentException(throwable.getMessage());
            }
            throw new IOException(throwable);
        }
        try {
            String str2 = new String(byteArrayOutputStream.toByteArray(), "UTF-8");
            log.debug("getMembership returned: " + str2);
            List<Group> read = new GroupListReader().read(str2);
            if (read.isEmpty()) {
                return null;
            }
            if (read.size() != 1) {
                throw new IllegalStateException("Duplicate membership for " + currentUserID + " in group " + str);
            }
            Group group = read.get(0);
            addCachedGroup(currentUserID, group, role);
            return group;
        } catch (Exception e) {
            log.error("Unexpected exception", e);
            throw new RuntimeException(e);
        }
    }

    public boolean isMember(String str) throws UserNotFoundException, AccessControlException, IOException {
        return isMember(str, Role.MEMBER);
    }

    public boolean isMember(String str, Role role) throws UserNotFoundException, AccessControlException, IOException {
        return isMember(getCurrentUserID(), str, role);
    }

    private boolean isMember(Principal principal, String str, Role role) throws UserNotFoundException, AccessControlException, IOException {
        return getMembership(str, role) != null;
    }

    protected void clearCache() {
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject != null) {
            subject.getPrivateCredentials().remove(new GroupMemberships());
        }
    }

    protected GroupMemberships getGroupCache(Principal principal) {
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (!userIsSubject(principal, subject)) {
            return null;
        }
        Set privateCredentials = subject.getPrivateCredentials(GroupMemberships.class);
        if (privateCredentials == null || privateCredentials.isEmpty()) {
            GroupMemberships groupMemberships = new GroupMemberships(this.serviceID.toString(), principal);
            subject.getPrivateCredentials().add(groupMemberships);
            return groupMemberships;
        }
        GroupMemberships groupMemberships2 = (GroupMemberships) privateCredentials.iterator().next();
        if (this.serviceID.toString().equals(groupMemberships2.getServiceURI())) {
            return groupMemberships2;
        }
        log.debug("Not using cache because of differing service URIs: [" + this.serviceID.toString() + "][" + groupMemberships2.getServiceURI() + "]");
        return null;
    }

    protected Group getCachedGroup(Principal principal, String str, Role role) {
        List<Group> cachedGroups = getCachedGroups(principal, role, false);
        if (cachedGroups == null) {
            return null;
        }
        for (Group group : cachedGroups) {
            if (group.getID().getName().equals(str)) {
                return group;
            }
        }
        return null;
    }

    protected List<Group> getCachedGroups(Principal principal, Role role, boolean z) {
        GroupMemberships groupCache = getGroupCache(principal);
        if (groupCache == null) {
            return null;
        }
        Boolean valueOf = Boolean.valueOf(groupCache.isComplete(role));
        if (!z || Boolean.TRUE.equals(valueOf)) {
            return groupCache.getMemberships(role);
        }
        return null;
    }

    protected void addCachedGroup(Principal principal, Group group, Role role) {
        GroupMemberships groupCache = getGroupCache(principal);
        if (groupCache == null) {
            return;
        }
        groupCache.add(group, role);
    }

    protected void setCachedGroups(Principal principal, List<Group> list, Role role) {
        GroupMemberships groupCache = getGroupCache(principal);
        if (groupCache == null) {
            return;
        }
        groupCache.add(list, role);
    }

    protected boolean userIsSubject(Principal principal, Subject subject) {
        if (principal == null || subject == null) {
            return false;
        }
        Iterator<Principal> it = subject.getPrincipals().iterator();
        while (it.hasNext()) {
            if (AuthenticationUtil.equals(it.next(), principal)) {
                return true;
            }
        }
        return false;
    }

    protected RegistryClient getRegistryClient() {
        return new RegistryClient();
    }

    private URL lookupServiceURL(URI uri) throws AccessControlException {
        AuthMethod authMethodFromCredentials = AuthenticationUtil.getAuthMethodFromCredentials(AuthenticationUtil.getCurrentSubject());
        if (authMethodFromCredentials == null || authMethodFromCredentials.equals(AuthMethod.ANON)) {
            throw new AccessControlException("Anonymous access not supported.");
        }
        URL serviceURL = getRegistryClient().getServiceURL(this.serviceID, uri, authMethodFromCredentials);
        if (serviceURL == null) {
            throw new RuntimeException(String.format("Unable to get Service URL for '%s', '%s', '%s'", this.serviceID.toString(), uri, authMethodFromCredentials));
        }
        return serviceURL;
    }
}
