package org.dataone.cn.batch.logging;

import java.util.ArrayList;
import java.util.List;
import org.apache.log4j.Logger;
import org.dataone.client.auth.CertificateManager;
import org.dataone.service.types.v1.AccessRule;
import org.dataone.service.types.v1.Permission;
import org.dataone.service.types.v1.Subject;
import org.dataone.service.types.v2.SystemMetadata;

/* loaded from: input_file:org/dataone/cn/batch/logging/LogAccessRestriction.class */
public class LogAccessRestriction {
    private static Logger logger = Logger.getLogger(LogAccessRestriction.class.getName());
    private static Subject authenticatedSubject = new Subject();
    private static Subject verifiedSubject = new Subject();

    public List<String> subjectsAllowedRead(SystemMetadata systemMetadata) {
        ArrayList arrayList = new ArrayList();
        Subject rightsHolder = systemMetadata.getRightsHolder();
        if (rightsHolder != null && !rightsHolder.getValue().isEmpty()) {
            arrayList.add(CertificateManager.getInstance().standardizeDN(rightsHolder.getValue()));
        }
        if (systemMetadata.getAccessPolicy() != null) {
            for (AccessRule accessRule : systemMetadata.getAccessPolicy().getAllowList()) {
                if (accessRule.getPermissionList().contains(Permission.CHANGE_PERMISSION)) {
                    for (Subject subject : accessRule.getSubjectList()) {
                        if (subject.equals(authenticatedSubject)) {
                            arrayList.add("authenticatedUser");
                        } else if (subject.equals(verifiedSubject)) {
                            arrayList.add("verifiedUser");
                        } else {
                            try {
                                arrayList.add(CertificateManager.getInstance().standardizeDN(subject.getValue()));
                            } catch (IllegalArgumentException e) {
                                arrayList.add(subject.getValue());
                                logger.warn("SystemMetadata with PID " + systemMetadata.getIdentifier().getValue() + " has a Subject: " + subject.getValue() + " that does not conform to RFC2253 conventions");
                            }
                        }
                    }
                }
            }
        } else {
            logger.info("SystemMetadata with PID " + systemMetadata.getIdentifier().getValue() + " does not have an access policy");
        }
        return arrayList;
    }

    static {
        authenticatedSubject.setValue("authenticatedUser");
        verifiedSubject.setValue("verifiedUser");
    }
}
