package ca.nrc.cadc.vosi.actions;

import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.cred.client.CredUtil;
import ca.nrc.cadc.net.ResourceNotFoundException;
import ca.nrc.cadc.tap.schema.TapPermissions;
import java.io.IOException;
import java.security.AccessControlException;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;
import org.opencadc.gms.GroupURI;
import org.opencadc.gms.IvoaGroupClient;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:ca/nrc/cadc/vosi/actions/Util.class */
public class Util {
    private static final Logger log = Logger.getLogger(Util.class);

    private Util() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isSchemaName(String str) {
        return str.split("[.]").length == 1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isTableName(String str) {
        return str.split("[.]").length == 2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getSchemaFromTable(String str) {
        String[] split = str.split("[.]");
        if (split.length == 2) {
            return split[0];
        }
        throw new IllegalArgumentException("invalid table name: " + str + " (expected: <schema>.<table>)");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isOwner(TapPermissions tapPermissions) {
        Subject currentSubject = AuthenticationUtil.getCurrentSubject();
        return (currentSubject == null || currentSubject.getPrincipals() == null || currentSubject.getPrincipals().isEmpty() || !isOwner(tapPermissions, currentSubject)) ? false : true;
    }

    private static boolean isOwner(TapPermissions tapPermissions, Subject subject) {
        if (tapPermissions.owner == null) {
            return false;
        }
        for (Principal principal : tapPermissions.owner.getPrincipals()) {
            Iterator<Principal> it = subject.getPrincipals().iterator();
            while (it.hasNext()) {
                if (AuthenticationUtil.equals(principal, it.next())) {
                    return true;
                }
            }
        }
        return false;
    }

    public static GroupURI getPermittedGroup(IvoaGroupClient ivoaGroupClient, Set<GroupURI> set) throws IOException, ResourceNotFoundException {
        Subject currentSubject;
        if (set == null || set.isEmpty() || (currentSubject = AuthenticationUtil.getCurrentSubject()) == null || currentSubject.getPrincipals() == null || currentSubject.getPrincipals().isEmpty()) {
            return null;
        }
        if (!ensureCredentials()) {
            throw new AccessControlException("No delegated credentials");
        }
        try {
            Set memberships = ivoaGroupClient.getMemberships(set);
            if (memberships == null || memberships.isEmpty()) {
                return null;
            }
            return (GroupURI) memberships.iterator().next();
        } catch (InterruptedException e) {
            throw new RuntimeException("UNEXPECTED: " + e, e);
        }
    }

    private static boolean ensureCredentials() {
        try {
            return CredUtil.checkCredentials();
        } catch (CertificateException e) {
            throw new RuntimeException("failed to find group memberships (invalid proxy certficate)", e);
        }
    }
}
