package ca.nrc.cadc.auth;

import ca.nrc.cadc.util.ArrayUtil;
import ca.nrc.cadc.util.StringUtil;
import java.security.AccessControlException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;

/* loaded from: input_file:ca/nrc/cadc/auth/ServletPrincipalExtractor.class */
public class ServletPrincipalExtractor implements PrincipalExtractor {
    private static final Logger log = Logger.getLogger(ServletPrincipalExtractor.class);
    public static final String CERT_REQUEST_ATTRIBUTE = "javax.servlet.request.X509Certificate";
    private final HttpServletRequest request;
    private X509CertificateChain chain;
    private Set<Principal> principals;

    private ServletPrincipalExtractor() {
        this.principals = new HashSet();
        this.request = null;
    }

    public ServletPrincipalExtractor(HttpServletRequest httpServletRequest) {
        this.principals = new HashSet();
        this.request = httpServletRequest;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) this.request.getAttribute(CERT_REQUEST_ATTRIBUTE);
        if (!ArrayUtil.isEmpty(x509CertificateArr)) {
            this.chain = new X509CertificateChain(Arrays.asList(x509CertificateArr));
            if (this.chain != null) {
                this.principals.add(this.chain.getPrincipal());
            }
        }
        if (this.chain == null && "true".equals(System.getProperty(CERT_HEADER_ENABLE))) {
            String header = httpServletRequest.getHeader(PrincipalExtractor.CERT_HEADER_FIELD);
            log.debug("X-Client-Certificate:\n" + header + "\n");
            if (header != null && header.length() > 0) {
                try {
                    this.chain = new X509CertificateChain(SSLUtil.readCertificateChain(SSLUtil.getCertificates(header.getBytes())), null);
                    this.principals.add(this.chain.getPrincipal());
                } catch (Exception e) {
                    log.error("Failed to read certificate", e);
                    throw new AccessControlException("Failed to read certificate: " + e.getMessage());
                }
            }
        }
        String header2 = this.request.getHeader("X-CADC-DelegationToken");
        if (header2 != null) {
            this.principals.add(new AuthorizationTokenPrincipal("X-CADC-DelegationToken", header2));
        }
        Enumeration headers = this.request.getHeaders(AuthenticationUtil.AUTHORIZATION_HEADER);
        while (headers.hasMoreElements()) {
            String str = (String) headers.nextElement();
            if (BearerTokenPrincipal.isBearerToken(str).booleanValue()) {
                this.principals.add(new BearerTokenPrincipal(str));
            } else if ("true".equals(System.getProperty(AuthenticationUtil.class.getName() + ".allowBasicATP")) || !str.toLowerCase().startsWith(AuthenticationUtil.CHALLENGE_TYPE_BASIC.toLowerCase() + " ")) {
                this.principals.add(new AuthorizationTokenPrincipal(AuthenticationUtil.AUTHORIZATION_HEADER, str));
            }
        }
        String remoteUser = this.request.getRemoteUser();
        if (StringUtil.hasText(remoteUser)) {
            this.principals.add(new HttpPrincipal(remoteUser));
        }
        Cookie[] cookies = this.request.getCookies();
        log.debug("Request cookies: " + cookies);
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (SSOCookieManager.DEFAULT_SSO_COOKIE_NAME.equals(cookie.getName()) && StringUtil.hasText(cookie.getValue())) {
                    this.principals.add(new CookiePrincipal(cookie.getName(), cookie.getValue()));
                }
            }
        }
    }

    @Override // ca.nrc.cadc.auth.PrincipalExtractor
    public Set<Principal> getPrincipals() {
        return this.principals;
    }

    @Override // ca.nrc.cadc.auth.PrincipalExtractor
    public X509CertificateChain getCertificateChain() {
        return this.chain;
    }
}
