package ca.nrc.cadc.auth.restlet;

import ca.nrc.cadc.auth.AuthorizationTokenPrincipal;
import ca.nrc.cadc.auth.BearerTokenPrincipal;
import ca.nrc.cadc.auth.CookiePrincipal;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.PrincipalExtractor;
import ca.nrc.cadc.auth.SSLUtil;
import ca.nrc.cadc.auth.X509CertificateChain;
import ca.nrc.cadc.util.StringUtil;
import java.security.AccessControlException;
import java.security.Principal;
import java.security.PrivateKey;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.log4j.Logger;
import org.restlet.Request;
import org.restlet.data.Cookie;
import org.restlet.data.Form;
import org.restlet.util.Series;

/* loaded from: input_file:ca/nrc/cadc/auth/restlet/RestletPrincipalExtractor.class */
public class RestletPrincipalExtractor implements PrincipalExtractor {
    private static final Logger log = Logger.getLogger(RestletPrincipalExtractor.class);
    private final Request request;
    private X509CertificateChain chain;
    private Set<Principal> principals;

    RestletPrincipalExtractor() {
        this.principals = new HashSet();
        this.request = null;
    }

    public RestletPrincipalExtractor(Request request) {
        this.principals = new HashSet();
        this.request = request;
    }

    private void init() {
        Collection collection;
        if (this.chain == null && (collection = (Collection) getRequest().getAttributes().get("org.restlet.https.clientCertificates")) != null && !collection.isEmpty()) {
            this.chain = new X509CertificateChain(collection);
            this.principals.add(this.chain.getPrincipal());
        }
        log.debug("Value of CERT_HEADER_ENABLE sys prop: " + System.getProperty(CERT_HEADER_ENABLE));
        if (this.chain == null && "true".equals(System.getProperty(CERT_HEADER_ENABLE))) {
            String firstValue = ((Form) getRequest().getAttributes().get("org.restlet.http.headers")).getFirstValue("X-Client-Certificate", true);
            log.debug("X-Client-Certificate:\n" + firstValue + "\n");
            if (firstValue != null && firstValue.length() > 0) {
                try {
                    this.chain = new X509CertificateChain(SSLUtil.readCertificateChain(SSLUtil.getCertificates(firstValue.getBytes())), (PrivateKey) null);
                    this.principals.add(this.chain.getPrincipal());
                } catch (Exception e) {
                    log.error("Failed to read certificate", e);
                    throw new AccessControlException("Failed to read certificate: " + e.getMessage());
                }
            }
        }
        Form form = (Form) getRequest().getAttributes().get("org.restlet.http.headers");
        String firstValue2 = form.getFirstValue("X-CADC-DelegationToken");
        if (firstValue2 != null) {
            this.principals.add(new AuthorizationTokenPrincipal("X-CADC-DelegationToken", firstValue2));
        }
        for (String str : form.getValuesArray("Authorization")) {
            if (BearerTokenPrincipal.isBearerToken(str).booleanValue()) {
                this.principals.add(new BearerTokenPrincipal(str));
            } else {
                this.principals.add(new AuthorizationTokenPrincipal("Authorization", str));
            }
        }
        String authenticatedUsername = getAuthenticatedUsername();
        if (StringUtil.hasText(authenticatedUsername)) {
            this.principals.add(new HttpPrincipal(authenticatedUsername));
        }
        Series cookies = getRequest().getCookies();
        log.debug("cookie count: " + cookies.size());
        log.debug("principal count: " + this.principals.size());
        log.debug(this.principals);
        if (cookies == null || cookies.size() == 0) {
            return;
        }
        Iterator it = cookies.iterator();
        while (it.hasNext()) {
            Cookie cookie = (Cookie) it.next();
            log.debug(cookie.toString());
            if ("CADC_SSO".equals(cookie.getName()) && StringUtil.hasText(cookie.getValue())) {
                this.principals.add(new CookiePrincipal(cookie.getName(), cookie.getValue()));
            }
        }
    }

    public X509CertificateChain getCertificateChain() {
        init();
        return this.chain;
    }

    public Set<Principal> getPrincipals() {
        init();
        return this.principals;
    }

    protected String getAuthenticatedUsername() {
        String str;
        if (getRequest().getClientInfo().getPrincipals().isEmpty()) {
            str = null;
        } else {
            str = ((Principal) getRequest().getClientInfo().getPrincipals().get(0)).getName();
            log.debug("username: " + str);
        }
        return str;
    }

    public Request getRequest() {
        return this.request;
    }
}
