package org.integratedmodelling.auth.knode;

import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.integratedmodelling.api.network.INode;
import org.integratedmodelling.auth.indirect.IndirectAuthorizationProvider;
import org.integratedmodelling.common.auth.LicenseManager;
import org.integratedmodelling.common.auth.UserAuthorizationProvider;
import org.integratedmodelling.common.beans.requests.AuthorizationRequest;
import org.integratedmodelling.common.beans.responses.AuthorizationResponse;
import org.integratedmodelling.common.configuration.KLAB;
import org.integratedmodelling.common.utils.FileUtils;
import org.integratedmodelling.exceptions.KlabAuthorizationException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/integratedmodelling/auth/knode/AuthorizationController.class */
public class AuthorizationController {

    @Autowired
    UserAuthorizationProvider authorizationProvider;
    List<String> localCertificates;

    public AuthorizationResponse authorizeFromUsername(AuthorizationRequest authorizationRequest) throws KlabAuthorizationException {
        return this.authorizationProvider.authenticateUser(authorizationRequest.getUsername(), authorizationRequest.getPassword());
    }

    public AuthorizationResponse authorizeFromCertificate(String str) throws KlabAuthorizationException {
        try {
            return this.authorizationProvider.authenticateUser(str);
        } catch (Throwable th) {
            for (String str2 : getLocalCertificates()) {
                if (str.equals(str2)) {
                    KLAB.warn("regular authentication failed: attempting to use local authorization");
                    AuthorizationResponse readLocalCertificate = readLocalCertificate(str2);
                    if (readLocalCertificate != null) {
                        KLAB.warn("local authentication succeeded for user " + readLocalCertificate.getUsername() + ": network privileges are not guaranteed");
                        return readLocalCertificate;
                    }
                }
            }
            throw th;
        }
    }

    private AuthorizationResponse readLocalCertificate(String str) throws KlabAuthorizationException {
        File file = new File(KLAB.CONFIG.getDataPath() + File.separator + "ssh" + File.separator + "pubring.gpg");
        if (file.exists()) {
            try {
                return AuthorizationResponse.newFromCertificateContents(LicenseManager.readCertificate(str, file.toURI().toURL(), new String[0]));
            } catch (Exception e) {
            }
        }
        throw new KlabAuthorizationException("unable to authorize user from locally provided certificate");
    }

    private Collection<String> getLocalCertificates() {
        if (this.localCertificates == null) {
            this.localCertificates = new ArrayList();
            File file = new File(KLAB.CONFIG.getDataPath() + File.separator + "authorized");
            if (file.exists() && file.isDirectory()) {
                for (File file2 : file.listFiles()) {
                    if (file2.isFile() && file2.toString().endsWith(".cert")) {
                        try {
                            this.localCertificates.add(FileUtils.readFileToString(file2));
                        } catch (IOException e) {
                        }
                    }
                }
            }
        }
        return this.localCertificates;
    }

    public INode.Authentication isDirect() {
        return this.authorizationProvider instanceof IndirectAuthorizationProvider ? INode.Authentication.INDIRECT : INode.Authentication.DIRECT;
    }
}
