package org.gcube.common.vomanagement.security.authentication;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.axis.MessageContext;
import org.gcube.common.core.contexts.GCUBEServiceContext;
import org.gcube.common.core.contexts.GHNContext;
import org.gcube.common.core.faults.GCUBEException;
import org.gcube.common.core.faults.GCUBEUnrecoverableException;
import org.gcube.common.core.security.GCUBEServiceAuthenticationController;
import org.gcube.common.core.security.GCUBEServiceSecurityManager;
import org.gcube.common.core.utils.logging.GCUBELog;

/* loaded from: input_file:org/gcube/common/vomanagement/security/authentication/DNListAuthenticationController.class */
public class DNListAuthenticationController implements GCUBEServiceAuthenticationController {
    private GCUBEServiceSecurityManager securityManager;
    private Set<String> trustedCADN;
    private String TRUSTED_CA_LIST = "trustedca";
    private GCUBELog logger = new GCUBELog(this);

    public void initialise(GCUBEServiceContext gCUBEServiceContext, GCUBEServiceSecurityManager gCUBEServiceSecurityManager) throws Exception {
        this.securityManager = gCUBEServiceSecurityManager;
        String str = (String) gCUBEServiceContext.getProperty(this.TRUSTED_CA_LIST, new boolean[0]);
        if (str == null) {
            str = (String) GHNContext.getContext().getProperty(this.TRUSTED_CA_LIST, new boolean[0]);
        }
        if (str == null) {
            throw new Exception("Invalid configuration, no trusted CA list");
        }
        this.logger.debug("Trusted CA list " + str);
        String[] split = str.split("|");
        this.trustedCADN = new HashSet();
        for (String str2 : split) {
            this.logger.debug("Adding " + str2);
            this.trustedCADN.add(str2);
        }
    }

    public boolean isSecurityEnabled() {
        return this.securityManager.isSecurityEnabled();
    }

    public void authenticateCall(Map<String, Object> map) throws GCUBEException {
        this.logger.debug("Authenticating call...");
        if (!isSecurityEnabled()) {
            this.logger.debug("No security enabled, nothing to do");
            return;
        }
        Subject subject = (Subject) ((MessageContext) map.get("MESSAGE_CONTEXT")).getProperty("callerSubject");
        if (subject == null) {
            throw new GCUBEUnrecoverableException("No subject found in the call");
        }
        Set<Object> publicCredentials = subject.getPublicCredentials();
        boolean z = false;
        if (publicCredentials != null) {
            Iterator<Object> it = publicCredentials.iterator();
            while (it.hasNext() && !z) {
                Object next = it.next();
                X509Certificate[] x509CertificateArr = null;
                if (next instanceof X509Certificate[]) {
                    x509CertificateArr = (X509Certificate[]) next;
                } else if (next instanceof X509Certificate) {
                    x509CertificateArr = new X509Certificate[]{(X509Certificate) next};
                }
                for (int i = 0; i < x509CertificateArr.length && !z; i++) {
                    Principal issuerDN = x509CertificateArr[i].getIssuerDN();
                    if (issuerDN != null) {
                        String name = issuerDN.getName();
                        this.logger.debug("Checking the dn " + name);
                        z = this.trustedCADN.contains(name);
                        this.logger.debug("Found " + z);
                    }
                }
            }
        }
        if (!z) {
            throw new GCUBEUnrecoverableException("The Subject provided is not authenticated");
        }
    }
}
