package org.italiangrid.voms.request.impl;

import eu.emi.security.authn.x509.X509CertChainValidatorExt;
import eu.emi.security.authn.x509.X509Credential;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.x509.AttributeCertificate;
import org.italiangrid.voms.VOMSError;
import org.italiangrid.voms.request.VOMSACRequest;
import org.italiangrid.voms.request.VOMSACService;
import org.italiangrid.voms.request.VOMSESLookupStrategy;
import org.italiangrid.voms.request.VOMSProtocol;
import org.italiangrid.voms.request.VOMSProtocolError;
import org.italiangrid.voms.request.VOMSProtocolListener;
import org.italiangrid.voms.request.VOMSRequestListener;
import org.italiangrid.voms.request.VOMSResponse;
import org.italiangrid.voms.request.VOMSServerInfo;
import org.italiangrid.voms.request.VOMSServerInfoStore;
import org.italiangrid.voms.request.VOMSServerInfoStoreListener;
import org.italiangrid.voms.request.impl.DefaultVOMSServerInfoStore;
import org.italiangrid.voms.util.NullListener;

/* loaded from: input_file:org/italiangrid/voms/request/impl/DefaultVOMSACService.class */
public class DefaultVOMSACService implements VOMSACService {
    protected VOMSRequestListener requestListener;
    protected VOMSProtocolListener protocolListener;
    protected X509CertChainValidatorExt validator;
    protected VOMSServerInfoStore serverInfoStore;
    protected VOMSProtocol httpProtocol;
    protected VOMSProtocol legacyProtocol;

    /* loaded from: input_file:org/italiangrid/voms/request/impl/DefaultVOMSACService$Builder.class */
    public static class Builder {
        private X509CertChainValidatorExt validator;
        private VOMSServerInfoStore serverInfoStore;
        private VOMSESLookupStrategy vomsesLookupStrategy;
        private List<String> vomsesLocations;
        protected VOMSProtocol httpProtocol;
        protected VOMSProtocol legacyProtocol;
        private VOMSRequestListener requestListener = NullListener.INSTANCE;
        private VOMSProtocolListener protocolListener = NullListener.INSTANCE;
        private VOMSServerInfoStoreListener storeListener = NullListener.INSTANCE;
        private int connectTimeout = AbstractVOMSProtocol.DEFAULT_CONNECT_TIMEOUT;
        private int readTimeout = AbstractVOMSProtocol.DEFAULT_READ_TIMEOUT;

        public Builder(X509CertChainValidatorExt x509CertChainValidatorExt) {
            if (x509CertChainValidatorExt == null) {
                throw new NullPointerException("Please provide a non-null certificate chain validator");
            }
            this.validator = x509CertChainValidatorExt;
        }

        public Builder requestListener(VOMSRequestListener vOMSRequestListener) {
            this.requestListener = vOMSRequestListener;
            return this;
        }

        public Builder serverInfoStoreListener(VOMSServerInfoStoreListener vOMSServerInfoStoreListener) {
            this.storeListener = vOMSServerInfoStoreListener;
            return this;
        }

        public Builder serverInfoStore(VOMSServerInfoStore vOMSServerInfoStore) {
            this.serverInfoStore = vOMSServerInfoStore;
            return this;
        }

        public Builder protocolListener(VOMSProtocolListener vOMSProtocolListener) {
            this.protocolListener = vOMSProtocolListener;
            return this;
        }

        public Builder connectTimeout(int i) {
            this.connectTimeout = i;
            return this;
        }

        public Builder readTimeout(int i) {
            this.readTimeout = i;
            return this;
        }

        public Builder vomsesLookupStrategy(VOMSESLookupStrategy vOMSESLookupStrategy) {
            this.vomsesLookupStrategy = vOMSESLookupStrategy;
            return this;
        }

        public Builder vomsesLocations(List<String> list) {
            this.vomsesLocations = list;
            return this;
        }

        public Builder httpProtocol(VOMSProtocol vOMSProtocol) {
            this.httpProtocol = vOMSProtocol;
            return this;
        }

        public Builder legacyProtocol(VOMSProtocol vOMSProtocol) {
            this.legacyProtocol = vOMSProtocol;
            return this;
        }

        protected void buildServerInfoStore() {
            if (this.serverInfoStore != null) {
                return;
            }
            this.serverInfoStore = new DefaultVOMSServerInfoStore.Builder().lookupStrategy(this.vomsesLookupStrategy).storeListener(this.storeListener).vomsesPaths(this.vomsesLocations).build();
        }

        protected void buildProtocols() {
            if (this.httpProtocol == null) {
                this.httpProtocol = new RESTProtocol(this.validator, this.protocolListener, this.connectTimeout, this.readTimeout);
            }
            if (this.legacyProtocol == null) {
                this.legacyProtocol = new LegacyProtocol(this.validator, this.protocolListener, this.connectTimeout, this.readTimeout);
            }
        }

        public DefaultVOMSACService build() {
            buildServerInfoStore();
            buildProtocols();
            return new DefaultVOMSACService(this);
        }
    }

    protected DefaultVOMSACService(Builder builder) {
        this.validator = builder.validator;
        this.requestListener = builder.requestListener;
        this.protocolListener = builder.protocolListener;
        this.serverInfoStore = builder.serverInfoStore;
        this.httpProtocol = builder.httpProtocol;
        this.legacyProtocol = builder.legacyProtocol;
    }

    protected AttributeCertificate getACFromResponse(VOMSACRequest vOMSACRequest, VOMSResponse vOMSResponse) {
        byte[] ac = vOMSResponse.getAC();
        if (ac == null) {
            return null;
        }
        ASN1InputStream aSN1InputStream = new ASN1InputStream(ac);
        try {
            AttributeCertificate attributeCertificate = AttributeCertificate.getInstance(aSN1InputStream.readObject());
            aSN1InputStream.close();
            return attributeCertificate;
        } catch (Throwable th) {
            this.requestListener.notifyVOMSRequestFailure(vOMSACRequest, null, new VOMSError("Error unmarshalling VOMS AC. Cause: " + th.getMessage(), th));
            return null;
        }
    }

    private VOMSResponse doRequest(VOMSProtocol vOMSProtocol, VOMSServerInfo vOMSServerInfo, X509Credential x509Credential, VOMSACRequest vOMSACRequest) {
        VOMSResponse vOMSResponse = null;
        try {
            vOMSResponse = vOMSProtocol.doRequest(vOMSServerInfo, x509Credential, vOMSACRequest);
        } catch (VOMSProtocolError e) {
            this.requestListener.notifyVOMSRequestFailure(vOMSACRequest, vOMSServerInfo, e);
        }
        return vOMSResponse;
    }

    protected void handleErrorsInResponse(VOMSACRequest vOMSACRequest, VOMSServerInfo vOMSServerInfo, VOMSResponse vOMSResponse) {
        if (vOMSResponse.hasErrors()) {
            this.requestListener.notifyErrorsInVOMSReponse(vOMSACRequest, vOMSServerInfo, vOMSResponse.errorMessages());
        }
    }

    protected void handleWarningsInResponse(VOMSACRequest vOMSACRequest, VOMSServerInfo vOMSServerInfo, VOMSResponse vOMSResponse) {
        if (vOMSResponse.hasWarnings()) {
            this.requestListener.notifyWarningsInVOMSResponse(vOMSACRequest, vOMSServerInfo, vOMSResponse.warningMessages());
        }
    }

    @Override // org.italiangrid.voms.request.VOMSACService
    public AttributeCertificate getVOMSAttributeCertificate(X509Credential x509Credential, VOMSACRequest vOMSACRequest) {
        Set<VOMSServerInfo> vOMSServerInfos = getVOMSServerInfos(vOMSACRequest);
        if (vOMSServerInfos.isEmpty()) {
            throw new VOMSError("VOMS server for VO " + vOMSACRequest.getVoName() + " is not known! Check your vomses configuration.");
        }
        VOMSResponse vOMSResponse = null;
        Iterator<VOMSServerInfo> it = vOMSServerInfos.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            VOMSServerInfo next = it.next();
            this.requestListener.notifyVOMSRequestStart(vOMSACRequest, next);
            vOMSResponse = doRequest(this.httpProtocol, next, x509Credential, vOMSACRequest);
            if (vOMSResponse == null) {
                vOMSResponse = doRequest(this.legacyProtocol, next, x509Credential, vOMSACRequest);
            }
            if (vOMSResponse != null) {
                this.requestListener.notifyVOMSRequestSuccess(vOMSACRequest, next);
                handleErrorsInResponse(vOMSACRequest, next, vOMSResponse);
                handleWarningsInResponse(vOMSACRequest, next, vOMSResponse);
                break;
            }
            this.requestListener.notifyVOMSRequestFailure(vOMSACRequest, next, new VOMSError("REST and legacy VOMS endpoints failed."));
        }
        if (vOMSResponse != null) {
            return getACFromResponse(vOMSACRequest, vOMSResponse);
        }
        this.requestListener.notifyVOMSRequestFailure(vOMSACRequest, null, null);
        return null;
    }

    protected Set<VOMSServerInfo> getVOMSServerInfos(VOMSACRequest vOMSACRequest) {
        return this.serverInfoStore.getVOMSServerInfo(vOMSACRequest.getVoName());
    }
}
