package be.iminds.ilabt.jfed.lowlevel.api_wrapper.impl;

import be.iminds.ilabt.jfed.fedmon.webapi.service.json.Server;
import be.iminds.ilabt.jfed.lowlevel.api.AbstractFederationApi;
import be.iminds.ilabt.jfed.lowlevel.api.FederationMemberAuthorityApi2;
import be.iminds.ilabt.jfed.lowlevel.api.FederationSliceAuthorityApi2;
import be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper;
import be.iminds.ilabt.jfed.lowlevel.connection.JFedException;
import be.iminds.ilabt.jfed.lowlevel.connection.SfaConnection;
import be.iminds.ilabt.jfed.lowlevel.connection_pool.JFedConnectionProvider;
import be.iminds.ilabt.jfed.lowlevel.credential.AnyCredential;
import be.iminds.ilabt.jfed.lowlevel.testbed_info.ApiInfo;
import be.iminds.ilabt.jfed.lowlevel.user.GeniUserProvider;
import be.iminds.ilabt.jfed.preferences.JFedPreferences;
import be.iminds.ilabt.jfed.util.common.GeniUrn;
import be.iminds.ilabt.jfed.util.common.RFC3339Util;
import be.iminds.ilabt.jfed.util.library.KeyUtil;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/api_wrapper/impl/UniformFederationApi2UserAndSliceApiWrapper.class */
public class UniformFederationApi2UserAndSliceApiWrapper extends UserAndSliceApiWrapper {
    private static final Logger LOG;
    List<AnyCredential> userCredentials;
    static final /* synthetic */ boolean $assertionsDisabled;

    public UniformFederationApi2UserAndSliceApiWrapper(be.iminds.ilabt.jfed.log.Logger logger, GeniUserProvider geniUserProvider, JFedConnectionProvider jFedConnectionProvider, JFedPreferences jFedPreferences) {
        super(logger, geniUserProvider, jFedConnectionProvider, jFedPreferences);
    }

    private FederationMemberAuthorityApi2 ma(be.iminds.ilabt.jfed.log.Logger logger) {
        return new FederationMemberAuthorityApi2(logger, this.jFedPreferences);
    }

    private FederationSliceAuthorityApi2 sa(be.iminds.ilabt.jfed.log.Logger logger) {
        return new FederationSliceAuthorityApi2(logger, this.jFedPreferences);
    }

    private SfaConnection getSaConnection() throws JFedException {
        return getConnection(new ApiInfo.Api(ApiInfo.ApiName.GENI_CH_SA, 2));
    }

    private SfaConnection getMaConnection() throws JFedException {
        return getConnection(new ApiInfo.Api(ApiInfo.ApiName.GENI_CH_MA, 2));
    }

    @Nonnull
    public FederationSliceAuthorityApi2.GetVersionSAResult getGetVersionSAResult(be.iminds.ilabt.jfed.log.Logger logger) throws JFedException {
        AbstractFederationApi.FederationApiReply<FederationSliceAuthorityApi2.GetVersionSAResult> version = sa(logger).getVersion(getSaConnection());
        if (version.m6getGeniResponseCode().isSuccess()) {
            return version.getValue();
        }
        throw new JFedException("GetVersion call to SA not successful: code=" + version.m6getGeniResponseCode() + " output=" + version.getOutput(), version);
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public synchronized List<AnyCredential> getUserCredentials(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull GeniUrn geniUrn) throws JFedException {
        this.userCredentials = null;
        ArrayList arrayList = new ArrayList();
        if (this.speaksForCredentials != null && !this.speaksForCredentials.isEmpty()) {
            arrayList.addAll(this.speaksForCredentials);
            if (!$assertionsDisabled && this.speaksForUserUrn == null) {
                throw new AssertionError();
            }
            geniUrn = this.speaksForUserUrn;
        }
        AbstractFederationApi.FederationApiReply<List<AnyCredential>> credentials = ma(logger).getCredentials(getMaConnection(), arrayList, geniUrn, addCredentialExtraOptions(null));
        if (!credentials.m6getGeniResponseCode().isSuccess()) {
            throw new JFedException("Could not retrieve user credential from server");
        }
        this.userCredentials = new ArrayList();
        if (this.speaksForCredentials != null && !this.speaksForCredentials.isEmpty()) {
            this.userCredentials.addAll(this.speaksForCredentials);
        }
        this.userCredentials.addAll(credentials.getValue());
        return new ArrayList(this.userCredentials);
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public boolean hasUserCredentials() {
        return hasUserCredentials(this.userCredentials);
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public boolean hasSpeaksForSupport() {
        return true;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<AnyCredential> getCachedUserCredentialsForAM() {
        return this.userCredentials == null ? Collections.emptyList() : new ArrayList(this.userCredentials);
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<AnyCredential> getSliceCredentials(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull GeniUrn geniUrn) throws JFedException {
        if (!$assertionsDisabled && (this.userCredentials == null || this.userCredentials.isEmpty())) {
            throw new AssertionError();
        }
        AbstractFederationApi.FederationApiReply<List<AnyCredential>> sliceCredentials = sa(logger).getSliceCredentials(getSaConnection(), addSpeaksForCredentials(this.userCredentials), geniUrn, addCredentialExtraOptions(null));
        if (!sliceCredentials.m6getGeniResponseCode().isSuccess()) {
            throw new JFedException("Could not retrieve slice credential from server", sliceCredentials);
        }
        ArrayList arrayList = new ArrayList();
        if (this.speaksForCredentials != null && !this.speaksForCredentials.isEmpty()) {
            arrayList.addAll(this.speaksForCredentials);
        }
        arrayList.addAll(sliceCredentials.getValue());
        return arrayList;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<GeniUrn> getSlicesForUser(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull GeniUrn geniUrn) throws JFedException {
        if (!$assertionsDisabled && getLoggedInUserAuthorityServer() == null) {
            throw new AssertionError();
        }
        boolean hasFlag = getLoggedInUserAuthorityServer().hasFlag(Server.Flag.featureFedSaLookupSliceForMemberMatchExpired);
        HashMap hashMap = null;
        if (hasFlag) {
            HashMap hashMap2 = new HashMap();
            hashMap2.put("SLICE_EXPIRED", false);
            hashMap = new HashMap();
            hashMap.put("match", hashMap2);
        }
        AbstractFederationApi.FederationApiReply<List<FederationSliceAuthorityApi2.UrnRoleTuple>> lookupForMember = sa(logger).lookupForMember(getSaConnection(), FederationSliceAuthorityApi2.TYPE_SLICE, geniUrn, addSpeaksForCredentials(this.userCredentials), addCredentialExtraOptions(hashMap));
        if (!lookupForMember.m6getGeniResponseCode().isSuccess()) {
            throw new JFedException("Could not retrieve slices for user from server", lookupForMember);
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        boolean z = false;
        for (FederationSliceAuthorityApi2.UrnRoleTuple urnRoleTuple : lookupForMember.getValue()) {
            if (urnRoleTuple.isExpired()) {
                z = true;
            } else {
                arrayList.add(urnRoleTuple.getUrn());
                arrayList2.add(urnRoleTuple.getUrn().toString());
            }
        }
        if (arrayList2.isEmpty()) {
            LOG.debug("Not requesting extra SLICE info, because there are no non expired slices anyway.");
        } else {
            HashMap hashMap3 = new HashMap();
            hashMap3.put("SLICE_URN", arrayList2);
            if (hasFlag || z) {
                if (getLoggedInUserAuthorityServer().hasFlag(Server.Flag.workaroundFedSaLookupSliceExpiredMatchBoolean)) {
                    hashMap3.put("SLICE_EXPIRED", "false");
                } else {
                    hashMap3.put("SLICE_EXPIRED", false);
                }
            }
            boolean z2 = false;
            try {
                AbstractFederationApi.FederationApiReply<AbstractFederationApi.SliceInfoList> lookupSlice = sa(logger).lookupSlice(getSaConnection(), addSpeaksForCredentials(this.userCredentials), hashMap3, null, addCredentialExtraOptions(null));
                if (lookupSlice.m6getGeniResponseCode().isSuccess()) {
                    z2 = lookupSlice.getValue().values().stream().anyMatch(sliceInfo -> {
                        return Objects.equals(sliceInfo.getEmulabHasSlivers(), Boolean.TRUE);
                    });
                } else {
                    LOG.warn("The sliceInfo lookup for expired credentials failed. We cannot assure that we don't return expired credentials");
                }
            } catch (JFedException e) {
                LOG.error("Error fetching SLICE info. Will be ignored, because it's not crucial.");
            }
            if (!z2) {
                try {
                    sa(logger).lookupSliverInfo(getSaConnection(), addSpeaksForCredentials(this.userCredentials), null, Collections.singletonMap(AbstractFederationApi.SliverInfo.SLIVER_INFO_SLICE_URN, arrayList2), null, addCredentialExtraOptions(null));
                } catch (JFedException e2) {
                    LOG.error("Error fetching SLIVER_INFO. Will be ignored, because it's not crucial.");
                }
            }
        }
        return arrayList;
    }

    public List<GeniUrn> getUserProjects(be.iminds.ilabt.jfed.log.Logger logger, GeniUrn geniUrn) throws JFedException {
        AbstractFederationApi.FederationApiReply<List<FederationSliceAuthorityApi2.UrnRoleTuple>> lookupForMember = sa(logger).lookupForMember(getSaConnection(), "PROJECT", geniUrn, addSpeaksForCredentials(this.userCredentials), addCredentialExtraOptions(null));
        if (!lookupForMember.m6getGeniResponseCode().isSuccess()) {
            throw new JFedException("Could not retrieve projects for user from server", lookupForMember);
        }
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        for (FederationSliceAuthorityApi2.UrnRoleTuple urnRoleTuple : lookupForMember.getValue()) {
            if (urnRoleTuple.isExpired()) {
                z = true;
                LOG.debug("skipping expired project: " + urnRoleTuple.getUrn());
            } else {
                arrayList.add(urnRoleTuple.getUrn());
            }
        }
        if (z) {
            LOG.debug("no second call needed to check for expired projects");
        } else {
            LOG.debug("doing second call to check for expired projects");
            if (!$assertionsDisabled && getLoggedInUserAuthorityServer() == null) {
                throw new AssertionError();
            }
            try {
                AbstractFederationApi.FederationApiReply<AbstractFederationApi.ProjectInfoList> lookupProject = sa(logger).lookupProject(getSaConnection(), addSpeaksForCredentials(this.userCredentials), getLoggedInUserAuthorityServer().hasFlag(Server.Flag.workaroundFedMaMatchProjectExpired) ? Collections.singletonMap("EXPIRED", Boolean.FALSE) : Collections.emptyMap(), Collections.singletonList("PROJECT_URN"), addCredentialExtraOptions(null));
                if (!lookupProject.m6getGeniResponseCode().isSuccess() || lookupProject.getValue() == null) {
                    LOG.warn("lookup_projects call failed. Could not check for expired projects. This error will be ignored (possibly leaving expired projects in the list).");
                } else {
                    LOG.debug("Found " + lookupProject.getValue().size() + " non expired projects on server.");
                    arrayList.removeIf(geniUrn2 -> {
                        Stream filter = ((AbstractFederationApi.ProjectInfoList) lookupProject.getValue()).stream().filter((v0) -> {
                            return Objects.nonNull(v0);
                        }).filter(projectInfo -> {
                            return projectInfo.getExpired() != Boolean.TRUE;
                        }).map((v0) -> {
                            return v0.getProjectUrn();
                        }).filter((v0) -> {
                            return Objects.nonNull(v0);
                        });
                        Objects.requireNonNull(geniUrn2);
                        return filter.noneMatch((v1) -> {
                            return r1.equals(v1);
                        });
                    });
                }
            } catch (AssertionError | Exception e) {
                LOG.warn("lookup_projects call failed. Could not check for expired projects. This error will be ignored (possibly leaving expired projects in the list).", e);
            }
        }
        return arrayList;
    }

    public AbstractFederationApi.MemberInfoList getUserIdentifyingInfo(be.iminds.ilabt.jfed.log.Logger logger, GeniUrn geniUrn) throws JFedException {
        AbstractFederationApi.FederationApiReply<AbstractFederationApi.MemberInfoList> lookupMember = ma(logger).lookupMember(getMaConnection(), addSpeaksForCredentials(this.userCredentials), Collections.singletonMap("MEMBER_URN", geniUrn.getValue()), null, addCredentialExtraOptions(null));
        if (lookupMember.m6getGeniResponseCode().isSuccess()) {
            return lookupMember.getValue();
        }
        throw new JFedException("Problem looking up user info for " + geniUrn, lookupMember);
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<GeniUrn> getAggregatesForSlice(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull List<AnyCredential> list, @Nonnull GeniUrn geniUrn) throws JFedException {
        AbstractFederationApi.FederationApiReply<AbstractFederationApi.SliverInfoList> lookupSliverInfo = sa(logger).lookupSliverInfo(getSaConnection(), finalizeSliceCredentials(list), geniUrn, null, null, addCredentialExtraOptions(null));
        if (!lookupSliverInfo.m6getGeniResponseCode().isSuccess()) {
            throw new JFedException("Problem looking up aggregates for slice '" + geniUrn + "'", lookupSliverInfo);
        }
        if (lookupSliverInfo.getValue() == null) {
            throw new JFedException("Got null value when looking up aggregates for slice '" + geniUrn + "'", lookupSliverInfo);
        }
        return (List) lookupSliverInfo.getValue().values().stream().map((v0) -> {
            return v0.getAggregateUrn();
        }).distinct().collect(Collectors.toList());
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    @Nullable
    public Date getSliceExpiration(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull List<AnyCredential> list, @Nonnull GeniUrn geniUrn) throws JFedException {
        AbstractFederationApi.FederationApiReply<AbstractFederationApi.SliceInfoList> lookupSlice = sa(logger).lookupSlice(getSaConnection(), finalizeSliceCredentials(list), Collections.singletonMap("SLICE_URN", geniUrn.getValue()), null, null);
        if (lookupSlice.m6getGeniResponseCode().isSuccess()) {
            return (Date) lookupSlice.getValue().values().stream().map((v0) -> {
                return v0.getExpirationDate();
            }).findAny().orElse(null);
        }
        throw new JFedException("Could not retrieve slice expiration from server", lookupSlice);
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public boolean isRegisterAggregatesForSliceSupported() {
        return true;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public void registerAggregatesForSlice(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull List<AnyCredential> list, @Nonnull GeniUrn geniUrn, @Nonnull GeniUrn geniUrn2, @Nonnull Collection<GeniUrn> collection, @Nonnull Date date) throws JFedException {
        LOG.debug("UniformFederationApi2UserAndSliceApiWrapper will register: " + collection.size());
        GeniUrn relevantUserUrn = getRelevantUserUrn();
        if (!$assertionsDisabled && relevantUserUrn == null) {
            throw new AssertionError();
        }
        boolean z = false;
        for (GeniUrn geniUrn3 : collection) {
            LOG.debug("UniformFederationApi2UserAndSliceApiWrapper is registering: " + geniUrn3);
            try {
                sa(logger).createSliverInfo(getSaConnection(), finalizeSliceCredentials(list), geniUrn, geniUrn3, geniUrn2, relevantUserUrn, date, null, addCredentialExtraOptions(null));
            } catch (JFedException e) {
                LOG.error("Failed to register {} for slice {}", new Object[]{geniUrn3, geniUrn, e});
                z = true;
            }
        }
        if (z) {
            throw new JFedException("One or more slivers failed to register to the SliceRegistery");
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public void updateSliverExpirationDateInfoForSlice(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull List<AnyCredential> list, @Nonnull GeniUrn geniUrn, @Nonnull GeniUrn geniUrn2, @Nonnull Collection<GeniUrn> collection, @Nonnull Date date) throws JFedException {
        LOG.debug("UniformFederationApi2UserAndSliceApiWrapper will update SLIVER_INFO expiration: " + collection.size());
        GeniUrn relevantUserUrn = getRelevantUserUrn();
        if (!$assertionsDisabled && relevantUserUrn == null) {
            throw new AssertionError();
        }
        HashMap hashMap = new HashMap();
        hashMap.put("SLIVER_INFO_EXPIRATION", RFC3339Util.dateToRFC3339String(date, true));
        for (GeniUrn geniUrn3 : collection) {
            try {
                LOG.debug("UniformFederationApi2UserAndSliceApiWrapper is updating SLIVER_INFO: " + geniUrn3);
                AbstractFederationApi.FederationApiReply<String> updateSliverInfo = sa(logger).updateSliverInfo(getSaConnection(), finalizeSliceCredentials(list), geniUrn3.toString(), hashMap, addCredentialExtraOptions(null));
                if (!updateSliverInfo.m6getGeniResponseCode().isSuccess()) {
                    LOG.error("Error reply while trying to update SLIVER_INFO for '" + geniUrn3 + "' to " + date + " (" + updateSliverInfo.m6getGeniResponseCode().getCode() + " " + updateSliverInfo.m6getGeniResponseCode().getDescription() + " -> " + updateSliverInfo.getOutput() + ") -> not critical -> will try to create the SLIVER_INFO as fallback");
                    AbstractFederationApi.FederationApiReply<AbstractFederationApi.SliverInfo> createSliverInfo = sa(logger).createSliverInfo(getSaConnection(), finalizeSliceCredentials(list), geniUrn, geniUrn3, geniUrn2, relevantUserUrn, new Date(), hashMap, addCredentialExtraOptions(null));
                    if (!createSliverInfo.m6getGeniResponseCode().isSuccess()) {
                        LOG.error("Error reply while trying to (as a fallback) create SLIVER_INFO for '" + geniUrn3 + "' expiring at " + date + " (" + createSliverInfo.m6getGeniResponseCode().getCode() + " " + createSliverInfo.m6getGeniResponseCode().getDescription() + " -> " + createSliverInfo.getOutput() + ") -> not critical -> will ignore");
                    }
                }
            } catch (JFedException e) {
                LOG.error("Exception while trying to update SLIVER_INFO for '" + geniUrn3 + "' to " + date + " -> Will be ignored.", e);
            }
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public void unregisterAggregatesForSlice(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull List<AnyCredential> list, @Nonnull GeniUrn geniUrn, @Nonnull GeniUrn geniUrn2, @Nullable Collection<GeniUrn> collection) throws JFedException {
        Date date = null;
        for (AnyCredential anyCredential : list) {
            if (anyCredential.getExpiresDate() != null && (date == null || date.after(anyCredential.getExpiresDate()))) {
                date = anyCredential.getExpiresDate();
            }
        }
        ArrayList<GeniUrn> arrayList = new ArrayList();
        if (collection != null) {
            LOG.debug("UniformFederationApi2UserAndSliceApiWrapper will unregister: " + collection.size());
            try {
                AbstractFederationApi.FederationApiReply<AbstractFederationApi.SliverInfoList> lookupSliverInfo = sa(logger).lookupSliverInfo(getSaConnection(), finalizeSliceCredentials(list), geniUrn, null, null, addCredentialExtraOptions(null));
                if (lookupSliverInfo.m6getGeniResponseCode().isSuccess()) {
                    Stream map = lookupSliverInfo.getValue().values().stream().map((v0) -> {
                        return v0.getSliverUrn();
                    });
                    Objects.requireNonNull(collection);
                    Stream filter = map.filter((v1) -> {
                        return r1.contains(v1);
                    });
                    Objects.requireNonNull(arrayList);
                    filter.forEach((v1) -> {
                        r1.add(v1);
                    });
                } else {
                    LOG.warn("lookupSliverInfo call failed for slice {}. Will forcefully try to remove all passed slivers.", geniUrn);
                    arrayList.addAll(collection);
                }
            } catch (JFedException e) {
                LOG.warn("Exception checking registered slivers before deleting them. Will forcefully try to remove all passed slivers", e);
                arrayList.addAll(collection);
            }
        } else {
            LOG.debug("UniformFederationApi2UserAndSliceApiWrapper will unregister ALL sliver for " + geniUrn2);
            AbstractFederationApi.FederationApiReply<AbstractFederationApi.SliverInfoList> lookupSliverInfo2 = sa(logger).lookupSliverInfo(getSaConnection(), finalizeSliceCredentials(list), geniUrn, null, null, addCredentialExtraOptions(null));
            if (!lookupSliverInfo2.m6getGeniResponseCode().isSuccess()) {
                throw new JFedException("Could not retrieve registered slivers for slice '" + geniUrn + "' from server", lookupSliverInfo2);
            }
            for (AbstractFederationApi.SliverInfo sliverInfo : lookupSliverInfo2.getValue().values()) {
                if (Objects.equals(sliverInfo.getAggregateUrn(), geniUrn2)) {
                    arrayList.add(sliverInfo.getSliverUrn());
                }
            }
        }
        boolean z = false;
        for (GeniUrn geniUrn3 : arrayList) {
            LOG.debug("UniformFederationApi2UserAndSliceApiWrapper is unregistering: " + geniUrn3);
            try {
                sa(logger).deleteSliverInfo(getSaConnection(), finalizeSliceCredentials(list), geniUrn3.toString(), addCredentialExtraOptions(null));
            } catch (JFedException e2) {
                LOG.warn("Error while deleting sliverInfo for {}", geniUrn3, e2);
                z = true;
            }
        }
        if (z) {
            throw new JFedException("One or more deleteSliverInfo calls failed");
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public void shareSlice(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull GeniUrn geniUrn, @Nonnull List<AnyCredential> list, @Nonnull GeniUrn geniUrn2) throws JFedException {
        AbstractFederationApi.FederationApiReply<String> modifyMembership = sa(logger).modifyMembership(getSaConnection(), FederationSliceAuthorityApi2.TYPE_SLICE, geniUrn, Collections.singletonList(new FederationSliceAuthorityApi2.UrnRoleTuple(FederationSliceAuthorityApi2.TYPE_SLICE, geniUrn2, "MEMBER")), null, null, finalizeSliceCredentials(list), addCredentialExtraOptions(null));
        if (modifyMembership.m6getGeniResponseCode().isSuccess()) {
            return;
        }
        if (modifyMembership.getOutput() == null || !modifyMembership.getOutput().contains("DUPLICATE")) {
            throw new JFedException("Sharing slice with " + geniUrn2 + " did not succeed: ", modifyMembership);
        }
        LOG.warn("Reply to shared slice was \"" + modifyMembership.getOutput() + "\". Assuming this means it is successfully shared already.");
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public void shareSlice(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull GeniUrn geniUrn, @Nonnull List<AnyCredential> list, @Nonnull List<GeniUrn> list2, @Nonnull String str) throws JFedException {
        AbstractFederationApi.FederationApiReply<String> modifyMembership = sa(logger).modifyMembership(getSaConnection(), FederationSliceAuthorityApi2.TYPE_SLICE, geniUrn, (List) list2.stream().map(geniUrn2 -> {
            return new FederationSliceAuthorityApi2.UrnRoleTuple(FederationSliceAuthorityApi2.TYPE_SLICE, geniUrn2, str);
        }).collect(Collectors.toList()), null, null, finalizeSliceCredentials(list), addCredentialExtraOptions(null));
        if (!modifyMembership.m6getGeniResponseCode().isSuccess()) {
            throw new JFedException("Error adding user to " + geniUrn, modifyMembership);
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public void unshareSlice(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull GeniUrn geniUrn, @Nonnull List<AnyCredential> list, @Nonnull GeniUrn geniUrn2) throws JFedException {
        AbstractFederationApi.FederationApiReply<String> modifyMembership = sa(logger).modifyMembership(getSaConnection(), FederationSliceAuthorityApi2.TYPE_SLICE, geniUrn, null, Collections.singletonList(geniUrn2), null, finalizeSliceCredentials(list), addCredentialExtraOptions(null));
        if (!modifyMembership.m6getGeniResponseCode().isSuccess()) {
            throw new JFedException("Unsharing slice with " + geniUrn2 + " did not succeed: ", modifyMembership);
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<GeniUrn> getUsersForSubAuthority(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull String str) throws JFedException {
        if (!$assertionsDisabled && getLoggedInUserAuthorityServer() == null) {
            throw new AssertionError();
        }
        GeniUrn createGeniUrnFromEncodedParts = GeniUrn.createGeniUrnFromEncodedParts(getLoggedInUserAuthorityServer().getUrnTld(), "project", str);
        AbstractFederationApi.FederationApiReply<List<FederationSliceAuthorityApi2.UrnRoleTuple>> lookupMembers = sa(logger).lookupMembers(getSaConnection(), "PROJECT", createGeniUrnFromEncodedParts, addSpeaksForCredentials(this.userCredentials), addCredentialExtraOptions(null));
        if (!lookupMembers.m6getGeniResponseCode().isSuccess()) {
            throw new JFedException("Error getting users in project " + createGeniUrnFromEncodedParts, lookupMembers);
        }
        if (lookupMembers.getValue() == null) {
            throw new JFedException("Null reply value getting users in project " + createGeniUrnFromEncodedParts, lookupMembers);
        }
        return (List) lookupMembers.getValue().stream().map((v0) -> {
            return v0.getUrn();
        }).collect(Collectors.toList());
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<GeniUrn> getUsersForSlice(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull GeniUrn geniUrn, @Nonnull List<AnyCredential> list) throws JFedException {
        AbstractFederationApi.FederationApiReply<List<FederationSliceAuthorityApi2.UrnRoleTuple>> lookupMembers = sa(logger).lookupMembers(getSaConnection(), FederationSliceAuthorityApi2.TYPE_SLICE, geniUrn, finalizeSliceCredentials(list), addCredentialExtraOptions(null));
        if (!lookupMembers.m6getGeniResponseCode().isSuccess()) {
            throw new JFedException("Error getting users in " + geniUrn, lookupMembers);
        }
        if (lookupMembers.getValue() == null) {
            throw new JFedException("Null reply value getting users in " + geniUrn, lookupMembers);
        }
        return (List) lookupMembers.getValue().stream().map((v0) -> {
            return v0.getUrn();
        }).collect(Collectors.toList());
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public UserAndSliceApiWrapper.SliceInfo createSlice(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull String str, Date date, @Nullable String str2) throws JFedException {
        LOG.debug("createSlice called");
        FederationSliceAuthorityApi2.GetVersionSAResult getVersionSAResult = getGetVersionSAResult(logger);
        HashMap hashMap = new HashMap();
        hashMap.put("SLICE_DESCRIPTION", "jFed Experimenter GUI slice '" + str + "' for user " + getRelevantUserUrnString());
        if (getVersionSAResult.getServices().contains("PROJECT")) {
            if (str2 == null) {
                throw new JFedException("A project must be provided to create a slice");
            }
            if (!$assertionsDisabled && getRelevantUserUrn() == null) {
                throw new AssertionError();
            }
            hashMap.put("SLICE_PROJECT_URN", GeniUrn.createGeniUrnFromEncodedParts(getRelevantUserUrn().getEncodedTopLevelAuthority(), "project", str2).getValue());
        }
        if (getVersionSAResult.getFieldsForObject("PROJECT").containsKey("_GENI_SLICE_EMAIL")) {
            AbstractFederationApi.MemberInfoList userIdentifyingInfo = getUserIdentifyingInfo(logger, getRelevantUserUrn());
            if (userIdentifyingInfo == null || ((AbstractFederationApi.MemberInfo) userIdentifyingInfo.get(getRelevantUserUrn())).getEmail() == null) {
                throw new JFedException("Slice creation requires a user email, but the user email is not known.");
            }
            hashMap.put("_GENI_SLICE_EMAIL", ((AbstractFederationApi.MemberInfo) userIdentifyingInfo.get(getRelevantUserUrn())).getEmail());
        }
        if (date != null) {
            hashMap.put("SLICE_EXPIRATION", RFC3339Util.dateToRFC3339String(date, true, true, true));
        }
        LOG.debug("createSlice is calling server with sliceName=" + str + " and fields: " + hashMap);
        AbstractFederationApi.FederationApiReply<AbstractFederationApi.SliceInfo> createSlice = sa(logger).createSlice(getSaConnection(), addSpeaksForCredentials(this.userCredentials), str, hashMap, addCredentialExtraOptions(null));
        LOG.debug("createSlice got answer from server");
        if (!createSlice.m6getGeniResponseCode().isSuccess()) {
            throw new JFedException("Error creating slice", createSlice);
        }
        AbstractFederationApi.SliceInfo value = createSlice.getValue();
        AbstractFederationApi.FederationApiReply<List<AnyCredential>> sliceCredentials = sa(logger).getSliceCredentials(getSaConnection(), addSpeaksForCredentials(this.userCredentials), value.getSliceUrn(), addCredentialExtraOptions(null));
        if (!sliceCredentials.m6getGeniResponseCode().isSuccess()) {
            throw new JFedException("Failed to get slice credentials", sliceCredentials);
        }
        ArrayList arrayList = new ArrayList();
        if (this.speaksForCredentials != null && !this.speaksForCredentials.isEmpty()) {
            arrayList.addAll(this.speaksForCredentials);
        }
        arrayList.addAll(sliceCredentials.getValue());
        return new UserAndSliceApiWrapper.SliceInfo(str, value.getSliceUrn(), arrayList);
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<AnyCredential> renewSlice(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull List<AnyCredential> list, @Nonnull Date date) throws JFedException {
        try {
            GeniUrn findSliceUrn = findSliceUrn(list);
            HashMap hashMap = new HashMap();
            hashMap.put("SLICE_EXPIRATION", RFC3339Util.dateToRFC3339String(date, true, true, true));
            AbstractFederationApi.FederationApiReply<String> updateSlice = sa(logger).updateSlice(getSaConnection(), finalizeSliceCredentials(list), findSliceUrn, hashMap, addCredentialExtraOptions(null));
            if (!updateSlice.m6getGeniResponseCode().isSuccess()) {
                throw new JFedException("Failed to update SLICE_EXPIRATION", updateSlice);
            }
            AbstractFederationApi.FederationApiReply<List<AnyCredential>> sliceCredentials = sa(logger).getSliceCredentials(getSaConnection(), addSpeaksForCredentials(this.userCredentials), findSliceUrn, addCredentialExtraOptions(null));
            if (!sliceCredentials.m6getGeniResponseCode().isSuccess()) {
                throw new JFedException("Failed to get updated slice credentials", sliceCredentials);
            }
            ArrayList arrayList = new ArrayList();
            if (this.speaksForCredentials != null && !this.speaksForCredentials.isEmpty()) {
                arrayList.addAll(this.speaksForCredentials);
            }
            arrayList.addAll(sliceCredentials.getValue());
            return arrayList;
        } catch (IllegalArgumentException e) {
            throw new JFedException("Could not find slice URN in provided slice credential list.");
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<String> getSshKeysForUser(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull GeniUrn geniUrn) throws JFedException {
        AbstractFederationApi.FederationApiReply<AbstractFederationApi.MemberInfoList> lookupMember;
        AbstractFederationApi.FederationApiReply<AbstractFederationApi.MemberKeyInfoList> lookupKeyForMember = ma(logger).lookupKeyForMember(getMaConnection(), addSpeaksForCredentials(this.userCredentials), geniUrn, null, null, addCredentialExtraOptions(null));
        if (!lookupKeyForMember.m6getGeniResponseCode().isSuccess()) {
            throw new JFedException("Failed to get SSH keys", lookupKeyForMember);
        }
        AbstractFederationApi.MemberKeyInfoList value = lookupKeyForMember.getValue();
        ArrayList<String> arrayList = new ArrayList();
        for (AbstractFederationApi.MemberKeyInfo memberKeyInfo : value.values()) {
            if (memberKeyInfo.getPublicKey() != null) {
                arrayList.add(memberKeyInfo.getPublicKey());
            }
        }
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("MEMBER_URN", geniUrn.toString());
            lookupMember = ma(logger).lookupMember(getMaConnection(), addSpeaksForCredentials(this.userCredentials), hashMap, null, addCredentialExtraOptions(null));
        } catch (Exception e) {
            LOG.warn("Failed to get SSH keys from user certificate", e);
        }
        if (!lookupKeyForMember.m6getGeniResponseCode().isSuccess()) {
            throw new JFedException("Failed to get SSH keys from user certificate because lookup MEMBER " + geniUrn + " call failed", lookupKeyForMember);
        }
        AbstractFederationApi.MemberInfoList value2 = lookupMember.getValue();
        if (value2.size() != 1) {
            throw new JFedException("Failed to get SSH keys from user certificate because lookup MEMBER " + geniUrn + " call does not contain a member ssl certificate", lookupKeyForMember);
        }
        LOG.debug("Looked up member in order to find public key in ssl certificate");
        AbstractFederationApi.MemberInfo memberInfo = (AbstractFederationApi.MemberInfo) value2.values().iterator().next();
        if (memberInfo.getX509pemCerts() == null) {
            throw new JFedException("Failed to get SSH keys from user certificate because lookup MEMBER " + geniUrn + " call does not contain a member ssl certificate.", lookupKeyForMember);
        }
        for (X509Certificate x509Certificate : memberInfo.getX509pemCerts()) {
            List findUrnsInCertAltNames = KeyUtil.findUrnsInCertAltNames(x509Certificate, KeyUtil.AltNamesSource.SUBJECT_ALT_NAMES, false);
            LOG.debug("subjectUrns in cert: " + findUrnsInCertAltNames);
            Iterator it = findUrnsInCertAltNames.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (Objects.equals(((GeniUrn) it.next()).getResourceType(), "user")) {
                    String publicKeyToOpenSshAuthorizedKeysFormat = KeyUtil.publicKeyToOpenSshAuthorizedKeysFormat(x509Certificate.getPublicKey());
                    arrayList.add(publicKeyToOpenSshAuthorizedKeysFormat);
                    LOG.debug("Got user key from certificate: " + publicKeyToOpenSshAuthorizedKeysFormat);
                    break;
                }
            }
        }
        LOG.debug("Keys (" + arrayList.size() + ") seen for " + geniUrn + ": " + arrayList);
        ArrayList arrayList2 = new ArrayList();
        HashSet hashSet = new HashSet();
        for (String str : arrayList) {
            String[] split = str.split(" ");
            if (split.length < 2 || !split[0].startsWith("ssh-")) {
                LOG.warn("Unexpected key format seen: " + str);
                arrayList2.add(str);
            } else if (hashSet.add(split[1])) {
                arrayList2.add(str);
            } else {
                LOG.debug("Duplicate key removed: " + str);
            }
        }
        return arrayList2;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public UserAndSliceApiWrapper.SubAuthoritySupport getSubAuthoritySupport(@Nonnull be.iminds.ilabt.jfed.log.Logger logger) throws JFedException {
        return !getGetVersionSAResult(logger).getServices().contains("PROJECT") ? UserAndSliceApiWrapper.SubAuthoritySupport.SUB_AUTHORITY_FORBIDDEN : UserAndSliceApiWrapper.SubAuthoritySupport.SUB_AUTHORITY_MANDATORY;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper
    public List<String> getSubAuthorityNames(@Nonnull be.iminds.ilabt.jfed.log.Logger logger, @Nonnull GeniUrn geniUrn) throws JFedException {
        List<String> list = (List) getUserProjects(logger, geniUrn).stream().map((v0) -> {
            return v0.getEncodedResourceName();
        }).collect(Collectors.toList());
        LOG.debug("returning subauthorities: {}", list);
        return list;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.api_wrapper.UserAndSliceApiWrapper, be.iminds.ilabt.jfed.lowlevel.api_wrapper.ApiWrapper
    public void setSpeaksFor(List<AnyCredential> list, @Nullable GeniUrn geniUrn) {
        super.setSpeaksFor(list, geniUrn);
        if (geniUrn != null) {
            setExtraOptionsForCallsWithCredential(Collections.singletonMap("speaking_for", geniUrn.getValue()));
        }
    }

    static {
        $assertionsDisabled = !UniformFederationApi2UserAndSliceApiWrapper.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(UniformFederationApi2UserAndSliceApiWrapper.class);
    }
}
