package be.iminds.ilabt.jfed.lowlevel.api_wrapper.impl;

import be.iminds.ilabt.jfed.lowlevel.AnyCredential;
import be.iminds.ilabt.jfed.lowlevel.GeniUserProvider;
import be.iminds.ilabt.jfed.lowlevel.JFedException;
import be.iminds.ilabt.jfed.lowlevel.ServerType;
import be.iminds.ilabt.jfed.lowlevel.SfaCredential;
import be.iminds.ilabt.jfed.lowlevel.api.AbstractFederationApi;
import be.iminds.ilabt.jfed.lowlevel.api.FederationMemberAuthorityApi2;
import be.iminds.ilabt.jfed.lowlevel.api.FederationSliceAuthorityApi2;
import be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper;
import be.iminds.ilabt.jfed.lowlevel.authority.SfaAuthority;
import be.iminds.ilabt.jfed.lowlevel.connection.JFedConnectionProvider;
import be.iminds.ilabt.jfed.lowlevel.connection.SfaConnection;
import be.iminds.ilabt.jfed.preferences.JFedPreferences;
import be.iminds.ilabt.jfed.util.ExtraInfoCallback;
import be.iminds.ilabt.jfed.util.GeniUrn;
import be.iminds.ilabt.jfed.util.KeyUtil;
import be.iminds.ilabt.jfed.util.RFC3339Util;
import be.iminds.ilabt.jfed.util.TextUtil;
import ch.qos.logback.classic.ClassicConstants;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
import javax.annotation.Nullable;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/api_wrapper/impl/UniformFederationApi2UserAndSliceApiWrapper.class */
public class UniformFederationApi2UserAndSliceApiWrapper extends UserAndSliceApiWrapper {
    private static final Logger LOG;
    List<AnyCredential> userCredentials;
    static final /* synthetic */ boolean $assertionsDisabled;

    public UniformFederationApi2UserAndSliceApiWrapper(be.iminds.ilabt.jfed.log.Logger logger, GeniUserProvider geniUserProvider, JFedConnectionProvider jFedConnectionProvider, JFedPreferences jFedPreferences) {
        super(logger, geniUserProvider, jFedConnectionProvider, jFedPreferences);
    }

    private FederationMemberAuthorityApi2 ma(be.iminds.ilabt.jfed.log.Logger logger) {
        return new FederationMemberAuthorityApi2(logger, this.jFedPreferences);
    }

    private FederationSliceAuthorityApi2 sa(be.iminds.ilabt.jfed.log.Logger logger) {
        return new FederationSliceAuthorityApi2(logger, this.jFedPreferences);
    }

    private SfaConnection getSaConnection() throws JFedException {
        return getConnection(new ServerType(ServerType.GeniServerRole.GENI_CH_SA, 2));
    }

    private SfaConnection getMaConnection() throws JFedException {
        return getConnection(new ServerType(ServerType.GeniServerRole.GENI_CH_MA, 2));
    }

    public FederationSliceAuthorityApi2.GetVersionSAResult getGetVersionSAResult(be.iminds.ilabt.jfed.log.Logger logger) throws JFedException {
        AbstractFederationApi.FederationApiReply<FederationSliceAuthorityApi2.GetVersionSAResult> version = sa(logger).getVersion(getSaConnection());
        if (version.getGeniResponseCode().isSuccess()) {
            return version.getValue();
        }
        throw new JFedException("GetVersion call to SA not successful: code=" + version.getGeniResponseCode() + " output=" + version.getOutput(), version);
    }

    public List<AnyCredential> makeCredentialList(AnyCredential anyCredential) {
        ArrayList arrayList = new ArrayList();
        if (anyCredential != null) {
            arrayList.add(anyCredential);
        }
        return arrayList;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public synchronized List<AnyCredential> getUserCredentials(be.iminds.ilabt.jfed.log.Logger logger, GeniUrn geniUrn) throws JFedException {
        this.userCredentials = null;
        ArrayList arrayList = new ArrayList();
        if (this.speaksForCredential != null) {
            arrayList.add(this.speaksForCredential);
            if (!$assertionsDisabled && this.speakingForUrn == null) {
                throw new AssertionError();
            }
            geniUrn = this.speakingForUrn;
        }
        if (!$assertionsDisabled && geniUrn == null) {
            throw new AssertionError();
        }
        AbstractFederationApi.FederationApiReply<List<AnyCredential>> credentials = ma(logger).getCredentials(getMaConnection(), arrayList, geniUrn, addCredentialExtraOptions(null));
        if (!$assertionsDisabled && credentials == null) {
            throw new AssertionError();
        }
        if (!credentials.getGeniResponseCode().isSuccess()) {
            throw new JFedException("Could not retrieve user credential from server: code=" + credentials.getGeniResponseCode() + " output=" + credentials.getOutput(), credentials);
        }
        if (!$assertionsDisabled && credentials.getValue() == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && credentials.getValue().isEmpty()) {
            throw new AssertionError();
        }
        this.userCredentials = new ArrayList();
        if (this.speaksForCredential != null) {
            this.userCredentials.add(this.speaksForCredential);
        }
        this.userCredentials.addAll(credentials.getValue());
        return new ArrayList(this.userCredentials);
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public boolean hasUserCredentials() {
        return hasUserCredentials(this.userCredentials);
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public boolean hasSpeaksForSupport() {
        return true;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<AnyCredential> getCachedUserCredentialsForAM() {
        return this.userCredentials == null ? Collections.emptyList() : new ArrayList(this.userCredentials);
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<AnyCredential> getSliceCredentials(be.iminds.ilabt.jfed.log.Logger logger, GeniUrn geniUrn) throws JFedException {
        if (!$assertionsDisabled && (this.userCredentials == null || this.userCredentials.isEmpty())) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && geniUrn == null) {
            throw new AssertionError();
        }
        AbstractFederationApi.FederationApiReply<List<AnyCredential>> sliceCredentials = sa(logger).getSliceCredentials(getSaConnection(), this.userCredentials, geniUrn, addCredentialExtraOptions(null));
        if (!sliceCredentials.getGeniResponseCode().isSuccess()) {
            throw new JFedException("Could not retrieve slice credential from server: code=" + sliceCredentials.getGeniResponseCode() + " output=" + sliceCredentials.getOutput(), sliceCredentials);
        }
        ArrayList arrayList = new ArrayList();
        if (this.speaksForCredential != null) {
            arrayList.add(this.speaksForCredential);
        }
        arrayList.addAll(sliceCredentials.getValue());
        return arrayList;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<GeniUrn> getSlicesForUser(be.iminds.ilabt.jfed.log.Logger logger, GeniUrn geniUrn) throws JFedException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        boolean hasSpecialCase = getUserAuthority().hasSpecialCase(SfaAuthority.SpecialCase.HAS_FEATURE_LOOKUP_SLICE_FOR_MEMBER_MATCH_EXPIRED);
        Hashtable hashtable = null;
        if (hasSpecialCase) {
            Hashtable hashtable2 = new Hashtable();
            hashtable2.put("SLICE_EXPIRED", false);
            hashtable = new Hashtable();
            hashtable.put("match", hashtable2);
        }
        AbstractFederationApi.FederationApiReply<List<FederationSliceAuthorityApi2.UrnRoleTuple>> lookupForMember = sa(logger).lookupForMember(getSaConnection(), "SLICE", geniUrn, this.userCredentials, addCredentialExtraOptions(hashtable));
        if (lookupForMember == null || lookupForMember.getGeniResponseCode() == null || !lookupForMember.getGeniResponseCode().isSuccess() || lookupForMember.getValue() == null) {
            return arrayList;
        }
        boolean z = false;
        for (FederationSliceAuthorityApi2.UrnRoleTuple urnRoleTuple : lookupForMember.getValue()) {
            if (urnRoleTuple.isExpired()) {
                z = true;
            } else {
                arrayList.add(urnRoleTuple.getUrn());
                arrayList2.add(urnRoleTuple.getUrn().toString());
            }
        }
        HashMap hashMap = new HashMap();
        hashMap.put("SLICE_URN", new Vector(arrayList2));
        if (hasSpecialCase || z) {
            if (getUserAuthority().hasSpecialCase(SfaAuthority.SpecialCase.BUG_WORKAROUND_LOOKUP_SLICE_EXPIRED_MATCH_BOOLEAN)) {
                hashMap.put("SLICE_EXPIRED", "false");
            } else {
                hashMap.put("SLICE_EXPIRED", false);
            }
        }
        sa(logger).lookup(getSaConnection(), "SLICE", this.userCredentials, hashMap, null, addCredentialExtraOptions(null));
        return arrayList;
    }

    public List<GeniUrn> getUserProjects(be.iminds.ilabt.jfed.log.Logger logger, GeniUrn geniUrn) throws JFedException {
        ArrayList<GeniUrn> arrayList = new ArrayList();
        AbstractFederationApi.FederationApiReply<List<FederationSliceAuthorityApi2.UrnRoleTuple>> lookupForMember = sa(logger).lookupForMember(getSaConnection(), "PROJECT", geniUrn, this.userCredentials, addCredentialExtraOptions(null));
        if (lookupForMember == null || lookupForMember.getGeniResponseCode() == null || !lookupForMember.getGeniResponseCode().isSuccess() || lookupForMember.getValue() == null) {
            return arrayList;
        }
        List<FederationSliceAuthorityApi2.UrnRoleTuple> value = lookupForMember.getValue();
        LOG.debug("UniformFederationApi1UserAndSliceApiWrapper#getUserProjects urnRoleTuples.size()=" + value.size());
        boolean z = false;
        for (FederationSliceAuthorityApi2.UrnRoleTuple urnRoleTuple : value) {
            if (urnRoleTuple.dictRaw != null && urnRoleTuple.dictRaw.containsKey("EXPIRED")) {
                z = true;
                if (TextUtil.objectToBoolean(urnRoleTuple.dictRaw.get("EXPIRED")).booleanValue()) {
                    LOG.debug("skipping expired project: " + urnRoleTuple.getUrn());
                }
            }
            arrayList.add(urnRoleTuple.getUrn());
        }
        if (z) {
            LOG.debug("no second call needed to check for expired projects");
        } else {
            LOG.debug("doing second call to check for expired projects");
            HashMap hashMap = new HashMap();
            if (getUserAuthority().hasSpecialCase(SfaAuthority.SpecialCase.HAS_MATCH_PROJECT_EXPIRED)) {
                hashMap.put("EXPIRED", Boolean.FALSE);
            }
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add("PROJECT_URN");
            try {
                AbstractFederationApi.FederationApiReply<AbstractFederationApi.LookupResult> lookup = sa(logger).lookup(getSaConnection(), "PROJECT", this.userCredentials, hashMap, arrayList2, addCredentialExtraOptions(null));
                if (lookup == null || lookup.getGeniResponseCode() == null || !lookup.getGeniResponseCode().isSuccess() || lookup.getValue() == null) {
                    LOG.warn("lookup_projects call failed. Could not check for expired projects. This error will be ignored (possibly leaving expired projects in the list).");
                } else {
                    LOG.debug("Found " + lookup.getValue().size() + " non expired projects on server.");
                    ArrayList arrayList3 = new ArrayList();
                    for (GeniUrn geniUrn2 : arrayList) {
                        if (lookup.getValue().get(geniUrn2) == null) {
                            arrayList3.add(geniUrn2);
                        }
                    }
                    LOG.debug("found " + arrayList3.size() + " expired projects in " + arrayList.size() + " user projects: will remove them");
                    arrayList.removeAll(arrayList3);
                }
            } catch (Throwable th) {
                LOG.warn("lookup_projects call failed. Could not check for expired projects. This error will be ignored (possibly leaving expired projects in the list).", th);
                return arrayList;
            }
        }
        LOG.debug("UniformFederationApi1UserAndSliceApiWrapper#getUserProjects res.size()=" + arrayList.size());
        return arrayList;
    }

    public AbstractFederationApi.LookupResult getUserIdentifyingInfo(be.iminds.ilabt.jfed.log.Logger logger, GeniUrn geniUrn) throws JFedException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("MEMBER_URN", getUser().getUserUrnString());
        AbstractFederationApi.FederationApiReply<AbstractFederationApi.LookupResult> lookup = ma(logger).lookup(getMaConnection(), "MEMBER", this.userCredentials, hashtable, null, addCredentialExtraOptions(null));
        if (lookup == null) {
            throw new JFedException("Problem looking up user info for " + getUser().getUserUrnString());
        }
        if (lookup.getGeniResponseCode() == null || !lookup.getGeniResponseCode().isSuccess() || lookup.getValue() == null) {
            throw new JFedException("Problem looking up user info for " + getUser().getUserUrnString(), lookup);
        }
        return lookup.getValue();
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<String> getAggregatesForSlice(be.iminds.ilabt.jfed.log.Logger logger, List<AnyCredential> list, GeniUrn geniUrn) throws JFedException {
        AbstractFederationApi.LookupResult value;
        AbstractFederationApi.FederationApiReply<AbstractFederationApi.LookupResult> lookupSliverInfo = sa(logger).lookupSliverInfo(getSaConnection(), list, geniUrn, null, null, addCredentialExtraOptions(null));
        if (!lookupSliverInfo.getGeniResponseCode().isSuccess() || (value = lookupSliverInfo.getValue()) == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = value.getKeys().iterator();
        while (it.hasNext()) {
            String str = (String) value.get(it.next()).get("SLIVER_INFO_AGGREGATE_URN");
            if (str != null) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public boolean isRegisterAggregatesForSliceSupported() {
        return true;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public void registerAggregatesForSlice(be.iminds.ilabt.jfed.log.Logger logger, List<AnyCredential> list, GeniUrn geniUrn, GeniUrn geniUrn2, Collection<GeniUrn> collection, Date date) throws JFedException {
        LOG.debug("UniformFederationApi2UserAndSliceApiWrapper will register: " + collection.size());
        GeniUrn userUrn = getUser().getUserUrn();
        Date date2 = date;
        if (date2 == null) {
            for (AnyCredential anyCredential : list) {
                if (anyCredential.getExpiresDate() != null && (date2 == null || date2.after(anyCredential.getExpiresDate()))) {
                    date2 = anyCredential.getExpiresDate();
                }
            }
        }
        for (GeniUrn geniUrn3 : collection) {
            LOG.debug("UniformFederationApi2UserAndSliceApiWrapper is registering: " + geniUrn3);
            sa(logger).createSliverInfo(getSaConnection(), list, geniUrn.toString(), geniUrn3.toString(), geniUrn2.toString(), userUrn.toString(), date2, null, addCredentialExtraOptions(null));
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public void updateSliverExpirationDateInfoForSlice(be.iminds.ilabt.jfed.log.Logger logger, List<AnyCredential> list, GeniUrn geniUrn, Collection<GeniUrn> collection, Date date) throws JFedException {
        LOG.debug("UniformFederationApi2UserAndSliceApiWrapper will register: " + collection.size());
        getUser().getUserUrn();
        Date date2 = date;
        if (date2 == null) {
            for (AnyCredential anyCredential : list) {
                if (anyCredential.getExpiresDate() != null && (date2 == null || date2.after(anyCredential.getExpiresDate()))) {
                    date2 = anyCredential.getExpiresDate();
                }
            }
        }
        HashMap hashMap = new HashMap();
        hashMap.put("SLIVER_INFO_EXPIRATION", RFC3339Util.dateToRFC3339String(date2, true));
        for (GeniUrn geniUrn2 : collection) {
            LOG.debug("UniformFederationApi2UserAndSliceApiWrapper is registering: " + geniUrn2);
            sa(logger).updateSliverInfo(getSaConnection(), list, geniUrn2 + "", hashMap, addCredentialExtraOptions(null));
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public void unregisterAggregatesForSlice(be.iminds.ilabt.jfed.log.Logger logger, List<AnyCredential> list, GeniUrn geniUrn, GeniUrn geniUrn2, Collection<GeniUrn> collection) throws JFedException {
        LOG.debug("UniformFederationApi2UserAndSliceApiWrapper will unregister: " + collection.size());
        getUser().getUserUrn();
        Date date = null;
        for (AnyCredential anyCredential : list) {
            if (anyCredential.getExpiresDate() != null && (date == null || date.after(anyCredential.getExpiresDate()))) {
                date = anyCredential.getExpiresDate();
            }
        }
        if (geniUrn != null) {
            try {
                AbstractFederationApi.LookupResult value = sa(logger).lookupSliverInfo(getSaConnection(), list, geniUrn, null, null, addCredentialExtraOptions(null)).getValue();
                r17 = value != null ? new ArrayList(value.getKeys()) : null;
            } catch (Throwable th) {
                LOG.warn("Exception checking registered slivers before deleting them", th);
                r17 = null;
            }
        }
        for (GeniUrn geniUrn3 : collection) {
            if (r17 == null || r17.contains(geniUrn3.toString())) {
                LOG.debug("UniformFederationApi2UserAndSliceApiWrapper is unregistering: " + geniUrn3);
                sa(logger).deleteSliverInfo(getSaConnection(), list, geniUrn3.toString(), addCredentialExtraOptions(null));
            } else {
                LOG.debug("UniformFederationApi2UserAndSliceApiWrapper is skipping delete of SLIVER_INFO because sliver is not registered anymore.");
            }
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public void shareSlice(be.iminds.ilabt.jfed.log.Logger logger, GeniUrn geniUrn, List<AnyCredential> list, GeniUrn geniUrn2) throws JFedException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new FederationSliceAuthorityApi2.UrnRoleTuple("SLICE", geniUrn2, "MEMBER"));
        AbstractFederationApi.FederationApiReply<String> modifyMembership = sa(logger).modifyMembership(getSaConnection(), "SLICE", geniUrn, arrayList, new ArrayList(), new ArrayList(), list, addCredentialExtraOptions(null));
        if (modifyMembership == null || modifyMembership.getGeniResponseCode() == null) {
            throw new JFedException("Sharing slice with " + geniUrn2 + " did not succeed: ", modifyMembership);
        }
        if (modifyMembership.getGeniResponseCode().isSuccess()) {
            return;
        }
        if (!modifyMembership.getOutput().contains("DUPLICATE")) {
            throw new JFedException("Sharing slice with " + geniUrn2 + " did not succeed: ", modifyMembership);
        }
        LOG.warn("Reply to shared slice was \"" + modifyMembership.getOutput() + "\". Assuming this means it is successfully shared already.");
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<GeniUrn> getUsersForSubAuthority(be.iminds.ilabt.jfed.log.Logger logger, String str) throws JFedException {
        GeniUrn createGeniUrnFromEncodedParts = GeniUrn.createGeniUrnFromEncodedParts(getUserAuthority().getNameForUrn(), "project", str);
        AbstractFederationApi.FederationApiReply<List<FederationSliceAuthorityApi2.UrnRoleTuple>> lookupMembers = sa(logger).lookupMembers(getSaConnection(), "PROJECT", createGeniUrnFromEncodedParts, this.userCredentials, addCredentialExtraOptions(null));
        if (lookupMembers == null || lookupMembers.getGeniResponseCode() == null || !lookupMembers.getGeniResponseCode().isSuccess() || lookupMembers.getValue() == null) {
            if (lookupMembers == null) {
                throw new JFedException("Error getting users in project " + createGeniUrnFromEncodedParts);
            }
            throw new JFedException("Error getting users in project " + createGeniUrnFromEncodedParts, lookupMembers);
        }
        ArrayList arrayList = new ArrayList();
        Iterator<FederationSliceAuthorityApi2.UrnRoleTuple> it = lookupMembers.getValue().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getUrn());
        }
        return arrayList;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<GeniUrn> getUsersForSlice(be.iminds.ilabt.jfed.log.Logger logger, GeniUrn geniUrn, List<AnyCredential> list) throws JFedException {
        AbstractFederationApi.FederationApiReply<List<FederationSliceAuthorityApi2.UrnRoleTuple>> lookupMembers = sa(logger).lookupMembers(getSaConnection(), "SLICE", geniUrn, list, addCredentialExtraOptions(null));
        if (lookupMembers == null || lookupMembers.getGeniResponseCode() == null || !lookupMembers.getGeniResponseCode().isSuccess() || lookupMembers.getValue() == null) {
            if (lookupMembers == null) {
                throw new JFedException("Error getting users in " + geniUrn);
            }
            throw new JFedException("Error getting users in " + geniUrn, lookupMembers);
        }
        ArrayList arrayList = new ArrayList();
        Iterator<FederationSliceAuthorityApi2.UrnRoleTuple> it = lookupMembers.getValue().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getUrn());
        }
        return arrayList;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public void addUsersToSlice(be.iminds.ilabt.jfed.log.Logger logger, GeniUrn geniUrn, List<AnyCredential> list, List<GeniUrn> list2, String str) throws JFedException {
        ArrayList arrayList = new ArrayList();
        Iterator<GeniUrn> it = list2.iterator();
        while (it.hasNext()) {
            arrayList.add(new FederationSliceAuthorityApi2.UrnRoleTuple("SLICE", it.next(), str));
        }
        AbstractFederationApi.FederationApiReply<String> modifyMembership = sa(logger).modifyMembership(getSaConnection(), "SLICE", geniUrn, arrayList, null, null, list, addCredentialExtraOptions(null));
        if (modifyMembership == null || modifyMembership.getGeniResponseCode() == null || !modifyMembership.getGeniResponseCode().isSuccess()) {
            if (modifyMembership != null) {
                throw new JFedException("Error adding user to " + geniUrn, modifyMembership);
            }
            throw new JFedException("Error adding user to " + geniUrn);
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public UserAndSliceApiWrapper.SliceInfo createSlice(be.iminds.ilabt.jfed.log.Logger logger, String str, Date date, String str2) throws JFedException {
        GeniUrn geniUrn;
        LOG.debug("createSlice called");
        FederationSliceAuthorityApi2.GetVersionSAResult getVersionSAResult = getGetVersionSAResult(logger);
        if (!$assertionsDisabled && getVersionSAResult == null) {
            throw new AssertionError();
        }
        HashMap hashMap = new HashMap();
        hashMap.put("SLICE_DESCRIPTION", "jFed Experimenter GUI slice '" + str + "' for user " + getUser().getUserUrnString());
        if (getVersionSAResult.getServices().contains("PROJECT")) {
            if (str2 == null) {
                List<GeniUrn> userProjects = getUserProjects(logger, getUser().getUserUrn());
                if (userProjects.isEmpty()) {
                    throw new JFedException("Slice creation requires a project, but user is not a member of any project.");
                }
                if (userProjects.size() <= 0) {
                    LOG.error("User " + getUser().getUserUrnString() + " is member of no projects! Will try to create slice without project, but that will most likely fail.");
                    return null;
                }
                if (userProjects.size() <= 1) {
                    geniUrn = userProjects.get(0);
                } else if (ExtraInfoCallback.getFederationApiProjectSelectionCallback() != null) {
                    LOG.debug("User is member of " + userProjects.size() + " projects. Using callback to let user choose one.");
                    geniUrn = ExtraInfoCallback.getFederationApiProjectSelection(userProjects);
                } else {
                    LOG.warn("User " + getUser().getUserUrnString() + " is member of multiple projects: " + userProjects + ". No callback available to let user choose project: Choosing first project as project for this slice.");
                    geniUrn = userProjects.get(0);
                }
                if (geniUrn != null) {
                    hashMap.put("SLICE_PROJECT_URN", geniUrn.getValue());
                }
            } else {
                hashMap.put("SLICE_PROJECT_URN", GeniUrn.createGeniUrnFromEncodedParts(getUser().getUserUrn().getEncodedTopLevelAuthority(), "project", str2).getValue());
            }
        }
        if (getVersionSAResult.getFieldsForObject("PROJECT").containsKey("_GENI_SLICE_EMAIL")) {
            AbstractFederationApi.LookupResult userIdentifyingInfo = getUserIdentifyingInfo(logger, getUser().getUserUrn());
            if (userIdentifyingInfo == null || !userIdentifyingInfo.get(getUser().getUserUrn()).containsKey("MEMBER_EMAIL")) {
                throw new JFedException("Slice creation requires a user email, but the user email is not known.");
            }
            hashMap.put("_GENI_SLICE_EMAIL", (String) userIdentifyingInfo.get(getUser().getUserUrn()).get("MEMBER_EMAIL"));
        }
        if (date != null) {
            hashMap.put("SLICE_EXPIRATION", RFC3339Util.dateToRFC3339String(date, true, true, true));
        }
        LOG.debug("createSlice is calling server with sliceName=" + str + " and fields: " + hashMap);
        AbstractFederationApi.FederationApiReply<Hashtable<String, Object>> createSlice = sa(logger).createSlice(getSaConnection(), this.userCredentials, str, hashMap, addCredentialExtraOptions(null));
        LOG.debug("createSlice got answer from server");
        if (createSlice == null || createSlice.getGeniResponseCode() == null || !createSlice.getGeniResponseCode().isSuccess() || createSlice.getValue() == null) {
            if (createSlice == null) {
                throw new JFedException("Error creating slice");
            }
            throw new JFedException("Error creating slice", createSlice);
        }
        Hashtable<String, Object> value = createSlice.getValue();
        if (!value.containsKey("SLICE_URN")) {
            throw new JFedException("Error creating slice, no SLICE_URN returned", createSlice);
        }
        String obj = value.get("SLICE_URN").toString();
        GeniUrn parse = GeniUrn.parse(obj);
        if (parse == null) {
            throw new JFedException("Error creating slice, invalid slice urn: " + obj, createSlice);
        }
        AbstractFederationApi.FederationApiReply<List<AnyCredential>> sliceCredentials = sa(logger).getSliceCredentials(getSaConnection(), this.userCredentials, parse, addCredentialExtraOptions(null));
        if (!sliceCredentials.getGeniResponseCode().isSuccess()) {
            throw new JFedException("Failed to get slice credentials", sliceCredentials);
        }
        ArrayList arrayList = new ArrayList();
        if (this.speaksForCredential != null) {
            arrayList.add(this.speaksForCredential);
        }
        arrayList.addAll(sliceCredentials.getValue());
        return new UserAndSliceApiWrapper.SliceInfo(str, parse, arrayList);
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<AnyCredential> renewSlice(be.iminds.ilabt.jfed.log.Logger logger, List<AnyCredential> list, Date date) throws JFedException {
        GeniUrn parse;
        GeniUrn geniUrn = null;
        Iterator<AnyCredential> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            AnyCredential next = it.next();
            if ((next instanceof SfaCredential) && (parse = GeniUrn.parse(((SfaCredential) next).getTargetUrn())) != null && parse.getEncodedResourceType().equals("slice")) {
                geniUrn = parse;
                break;
            }
        }
        if (geniUrn == null) {
            throw new JFedException("Could not find slice URN in provided slice credential list.");
        }
        HashMap hashMap = new HashMap();
        hashMap.put("SLICE_EXPIRATION", RFC3339Util.dateToRFC3339String(date));
        AbstractFederationApi.FederationApiReply<String> updateSlice = sa(logger).updateSlice(getSaConnection(), list, geniUrn, hashMap, addCredentialExtraOptions(null));
        if (!updateSlice.getGeniResponseCode().isSuccess()) {
            throw new JFedException("Failed to update SLICE_EXPIRATION", updateSlice);
        }
        AbstractFederationApi.FederationApiReply<List<AnyCredential>> sliceCredentials = sa(logger).getSliceCredentials(getSaConnection(), this.userCredentials, geniUrn, addCredentialExtraOptions(null));
        if (!sliceCredentials.getGeniResponseCode().isSuccess()) {
            throw new JFedException("Failed to get updated slice credentials", sliceCredentials);
        }
        ArrayList arrayList = new ArrayList();
        if (this.speaksForCredential != null) {
            arrayList.add(this.speaksForCredential);
        }
        arrayList.addAll(sliceCredentials.getValue());
        return arrayList;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<String> getSshKeysForUser(be.iminds.ilabt.jfed.log.Logger logger, GeniUrn geniUrn) throws JFedException {
        new HashMap().put("KEY_MEMBER", geniUrn.toString());
        AbstractFederationApi.FederationApiReply<AbstractFederationApi.LookupResult> lookupKeyForMember = ma(logger).lookupKeyForMember(getMaConnection(), this.userCredentials, geniUrn, null, null, addCredentialExtraOptions(null));
        if (!lookupKeyForMember.getGeniResponseCode().isSuccess()) {
            throw new JFedException("Failed to get SSH keys", lookupKeyForMember);
        }
        AbstractFederationApi.LookupResult value = lookupKeyForMember.getValue();
        ArrayList<String> arrayList = new ArrayList();
        Iterator<Hashtable<String, Object>> it = value.getRaw().values().iterator();
        while (it.hasNext()) {
            Object obj = it.next().get("KEY_PUBLIC");
            if (obj != null) {
                arrayList.add(obj + "");
            }
        }
        HashMap hashMap = new HashMap();
        hashMap.put("MEMBER_URN", geniUrn.toString());
        AbstractFederationApi.FederationApiReply<AbstractFederationApi.LookupResult> lookupMember = ma(logger).lookupMember(getMaConnection(), this.userCredentials, hashMap, null, addCredentialExtraOptions(null));
        try {
        } catch (Exception e) {
            LOG.warn("Failed to get SSH keys from user certificate", (Throwable) e);
        }
        if (!lookupKeyForMember.getGeniResponseCode().isSuccess()) {
            throw new JFedException("Failed to get SSH keys from user certificate because lookup MEMBER " + geniUrn + " call failed", lookupKeyForMember);
        }
        AbstractFederationApi.LookupResult value2 = lookupMember.getValue();
        if (value2 == null || value2.size() != 1) {
            throw new JFedException("Failed to get SSH keys from user certificate because lookup MEMBER " + geniUrn + " call does not contain a member ssl certificate", lookupKeyForMember);
        }
        String str = value2.get(0).get("_GENI_MEMBER_SSL_CERTIFICATE") != null ? (String) value2.get(0).get("_GENI_MEMBER_SSL_CERTIFICATE") : null;
        if (value2.get(0).get("_EMULAB_MEMBER_SSL_CERTIFICATE") != null) {
            str = (String) value2.get(0).get("_EMULAB_MEMBER_SSL_CERTIFICATE");
        }
        LOG.debug("Looked up member in order to find public key in ssl certificate");
        if (str == null) {
            throw new JFedException("Failed to get SSH keys from user certificate because lookup MEMBER " + geniUrn + " call does not contain a member ssl certificate. (Searched for keys: _GENI_MEMBER_SSL_CERTIFICATE, _EMULAB_MEMBER_SSL_CERTIFICATE" + DefaultExpressionEngine.DEFAULT_INDEX_END, lookupKeyForMember);
        }
        for (X509Certificate x509Certificate : KeyUtil.pemToX509CertificateChain(str)) {
            List<GeniUrn> findUrnsInCertAltNames = KeyUtil.findUrnsInCertAltNames(x509Certificate, KeyUtil.AltNamesSource.SUBJECT_ALT_NAMES, false);
            LOG.debug("subjectUrns in cert: " + findUrnsInCertAltNames);
            Iterator<GeniUrn> it2 = findUrnsInCertAltNames.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (it2.next().getResourceType().equals(ClassicConstants.USER_MDC_KEY)) {
                    String publicKeyToOpenSshAuthorizedKeysFormat = KeyUtil.publicKeyToOpenSshAuthorizedKeysFormat(x509Certificate.getPublicKey());
                    arrayList.add(publicKeyToOpenSshAuthorizedKeysFormat);
                    LOG.debug("Got user key from certificate: " + publicKeyToOpenSshAuthorizedKeysFormat);
                    break;
                }
            }
        }
        LOG.debug("Keys (" + arrayList.size() + ") seen for " + geniUrn + ": " + arrayList);
        ArrayList arrayList2 = new ArrayList();
        HashSet hashSet = new HashSet();
        for (String str2 : arrayList) {
            String[] split = str2.split(" ");
            if (split.length < 2 || !split[0].startsWith("ssh-")) {
                LOG.warn("Unexpected key format seen: " + str2);
                arrayList2.add(str2);
            } else if (hashSet.add(split[1])) {
                arrayList2.add(str2);
            } else {
                LOG.debug("Duplicate key removed: " + str2);
            }
        }
        return arrayList2;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public UserAndSliceApiWrapper.SubAuthoritySupport getSubAuthoritySupport(be.iminds.ilabt.jfed.log.Logger logger) throws JFedException {
        return !getGetVersionSAResult(logger).getServices().contains("PROJECT") ? UserAndSliceApiWrapper.SubAuthoritySupport.SUB_AUTHORITY_FORBIDDEN : UserAndSliceApiWrapper.SubAuthoritySupport.SUB_AUTHORITY_MANDATORY;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<String> getSubAuthorityNames(be.iminds.ilabt.jfed.log.Logger logger, GeniUrn geniUrn) throws JFedException {
        ArrayList arrayList = new ArrayList();
        Iterator<GeniUrn> it = getUserProjects(logger, geniUrn).iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getEncodedResourceName());
        }
        LOG.debug("returning subauthorities: " + arrayList);
        return arrayList;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public void setSpeaksFor(AnyCredential anyCredential, @Nullable GeniUrn geniUrn) {
        super.setSpeaksFor(anyCredential, geniUrn);
        if (geniUrn != null) {
            setExtraOptionsForCallsWithCredential(Collections.singletonMap("speaking_for", geniUrn.getValue()));
        }
    }

    static {
        $assertionsDisabled = !UniformFederationApi2UserAndSliceApiWrapper.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger((Class<?>) UniformFederationApi2UserAndSliceApiWrapper.class);
    }
}
