package org.opencadc.gms;

import ca.nrc.cadc.auth.AuthMethod;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.cred.client.CredUtil;
import ca.nrc.cadc.net.HttpGet;
import ca.nrc.cadc.net.ResourceAlreadyExistsException;
import ca.nrc.cadc.net.ResourceNotFoundException;
import ca.nrc.cadc.reg.Capabilities;
import ca.nrc.cadc.reg.Capability;
import ca.nrc.cadc.reg.Interface;
import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.RegistryClient;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.LineNumberReader;
import java.net.URI;
import java.net.URL;
import java.security.AccessControlException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/opencadc/gms/IvoaGroupClient.class */
public class IvoaGroupClient {
    private static final Logger log = Logger.getLogger(IvoaGroupClient.class);
    private final RegistryClient reg = new RegistryClient();

    public boolean isMember(GroupURI groupURI) throws IOException, InterruptedException, ResourceNotFoundException {
        URI serviceID = groupURI.getServiceID();
        TreeSet treeSet = new TreeSet();
        treeSet.add(groupURI.getName());
        return !getMemberships(serviceID, treeSet).isEmpty();
    }

    public Set<GroupURI> getMemberships(Set<GroupURI> set) throws IOException, InterruptedException, ResourceNotFoundException {
        Map<URI, Set<String>> splitByResourceID = splitByResourceID(set);
        TreeSet treeSet = new TreeSet();
        for (Map.Entry<URI, Set<String>> entry : splitByResourceID.entrySet()) {
            treeSet.addAll(getMemberships(entry.getKey(), entry.getValue()));
        }
        return treeSet;
    }

    public Set<GroupURI> getMemberships(URI uri) throws IOException, InterruptedException, ResourceNotFoundException {
        return getMemberships(uri, null);
    }

    public Set<GroupURI> getMemberships(URI uri, Set<String> set) throws IOException, InterruptedException, ResourceNotFoundException {
        Subject currentSubject = AuthenticationUtil.getCurrentSubject();
        AuthMethod authMethod = AuthenticationUtil.getAuthMethod(currentSubject);
        if (authMethod == null || AuthMethod.ANON.equals(authMethod)) {
            throw new UnsupportedOperationException("cannot get group memberships for anonymous");
        }
        Capabilities capabilities = this.reg.getCapabilities(uri);
        if (capabilities == null) {
            throw new ResourceNotFoundException("service not found in registry: " + uri);
        }
        Capability findCapability = capabilities.findCapability(Standards.GMS_SEARCH_10);
        if (findCapability == null) {
            throw new UnsupportedOperationException("service " + uri + " does not implement " + Standards.GMS_SEARCH_10);
        }
        try {
            if (!CredUtil.checkCredentials()) {
                throw new AccessControlException("delegated credentials not found");
            }
            AuthMethod authMethodFromCredentials = AuthenticationUtil.getAuthMethodFromCredentials(currentSubject);
            if (authMethodFromCredentials == null || AuthMethod.ANON.equals(authMethodFromCredentials)) {
                throw new RuntimeException("BUG: subject has credentials but type unknown");
            }
            URI securityMethod = Standards.getSecurityMethod(authMethodFromCredentials);
            Interface findInterface = findCapability.findInterface(securityMethod);
            if (findInterface == null) {
                throw new UnsupportedOperationException("service " + uri + " " + Standards.GMS_SEARCH_10 + " does not support auth via " + securityMethod);
            }
            URL url = findInterface.getAccessURL().getURL();
            if (set != null && !set.isEmpty()) {
                StringBuilder sb = new StringBuilder(url.toExternalForm());
                String str = "?";
                Iterator<String> it = set.iterator();
                while (it.hasNext()) {
                    sb.append(str).append("group=").append(it.next());
                    str = "&";
                }
                url = new URL(sb.toString());
            }
            log.debug("queryURL: " + url);
            TreeSet treeSet = new TreeSet();
            try {
                HttpGet httpGet = new HttpGet(url, true);
                httpGet.prepare();
                LineNumberReader lineNumberReader = new LineNumberReader(new InputStreamReader(httpGet.getInputStream()));
                for (String readLine = lineNumberReader.readLine(); readLine != null; readLine = lineNumberReader.readLine()) {
                    treeSet.add(new GroupURI(uri, readLine.trim()));
                }
                return treeSet;
            } catch (ResourceAlreadyExistsException e) {
                throw new RuntimeException("BUG: unexpected failure: " + e, e);
            }
        } catch (CertificateExpiredException | CertificateNotYetValidException e2) {
            throw new AccessControlException("invalid delegated credentials: " + e2);
        }
    }

    private Map<URI, Set<String>> splitByResourceID(Set<GroupURI> set) {
        TreeMap treeMap = new TreeMap();
        for (GroupURI groupURI : set) {
            Set set2 = (Set) treeMap.get(groupURI.getServiceID());
            if (set2 == null) {
                set2 = new TreeSet();
                treeMap.put(groupURI.getServiceID(), set2);
            }
            set2.add(groupURI.getName());
        }
        return treeMap;
    }
}
