package org.dataone.solr.servlet;

import java.io.IOException;
import java.util.ArrayList;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletResponse;
import org.dataone.client.auth.CertificateManager;
import org.dataone.cn.servlet.http.ProxyServletRequestWrapper;
import org.dataone.service.cn.impl.v1.CNIdentityLDAPImpl;
import org.dataone.service.exceptions.NotAuthorized;
import org.dataone.service.exceptions.NotFound;
import org.dataone.service.exceptions.NotImplemented;
import org.dataone.service.exceptions.ServiceFailure;
import org.dataone.service.types.v1.Group;
import org.dataone.service.types.v1.Person;
import org.dataone.service.types.v1.Session;
import org.dataone.service.types.v1.Subject;
import org.dataone.service.types.v1.SubjectInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/dataone/solr/servlet/SessionAuthorizationUtil.class */
public class SessionAuthorizationUtil {
    private static Logger logger = LoggerFactory.getLogger(SessionAuthorizationUtil.class);
    private static final CNIdentityLDAPImpl identityService = new CNIdentityLDAPImpl();

    private SessionAuthorizationUtil() {
    }

    public static void handleNoCertificateManagerSession(ProxyServletRequestWrapper proxyServletRequestWrapper, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException, NotAuthorized {
        logger.debug("session is null: default to public");
        filterChain.doFilter(proxyServletRequestWrapper, servletResponse);
    }

    public static void addAuthenticatedSubjectsToRequest(ProxyServletRequestWrapper proxyServletRequestWrapper, Session session, Subject subject) throws ServiceFailure, NotAuthorized, NotImplemented {
        SubjectInfo subjectInfo;
        ArrayList arrayList = new ArrayList();
        arrayList.add("public");
        arrayList.add("authenticatedUser");
        try {
            subjectInfo = identityService.getSubjectInfo(session, subject);
        } catch (NotFound e) {
            subjectInfo = session.getSubjectInfo();
        }
        if (subjectInfo == null) {
            arrayList.add(CertificateManager.getInstance().standardizeDN(subject.getValue()));
        } else {
            if (subjectInfo.sizeGroupList() > 0) {
                for (Group group : subjectInfo.getGroupList()) {
                    try {
                        arrayList.add(CertificateManager.getInstance().standardizeDN(group.getSubject().getValue()));
                        logger.info("found administrative subject");
                    } catch (IllegalArgumentException e2) {
                        logger.warn("Found improperly formatted group subject: " + group.getSubject().getValue() + "\n" + e2.getMessage());
                        arrayList.add(group.getSubject().getValue());
                    }
                }
            }
            if (subjectInfo.sizePersonList() > 0) {
                for (Person person : subjectInfo.getPersonList()) {
                    if (person.getVerified() != null && person.getVerified().booleanValue()) {
                        arrayList.add("verifiedUser");
                    }
                    try {
                        arrayList.add(CertificateManager.getInstance().standardizeDN(person.getSubject().getValue()));
                    } catch (IllegalArgumentException e3) {
                        logger.error("Found improperly formatted person subject: " + person.getSubject().getValue() + "\n" + e3.getMessage());
                    }
                }
            }
        }
        if (arrayList.isEmpty()) {
            return;
        }
        proxyServletRequestWrapper.setParameterValues("authorizedSubjects", (String[]) arrayList.toArray(new String[0]));
    }
}
