package be.iminds.ilabt.jfed.lowlevel.user;

import be.iminds.ilabt.jfed.fedmon.webapi.service.json.Server;
import be.iminds.ilabt.jfed.lowlevel.credential.AbacCredential;
import be.iminds.ilabt.jfed.lowlevel.credential.AnyCredential;
import be.iminds.ilabt.jfed.lowlevel.credential.SfaCredential;
import be.iminds.ilabt.jfed.lowlevel.lib.CredentialException;
import be.iminds.ilabt.jfed.lowlevel.userloginmodel.InvalidLoginException;
import be.iminds.ilabt.jfed.util.common.GeniUrn;
import java.io.File;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/user/SimpleGeniUserWithSpeaksFor.class */
public class SimpleGeniUserWithSpeaksFor extends SimpleGeniUser implements GeniUserWithSpeaksFor {
    private static final Logger LOG;
    protected final List<AnyCredential> speaksForCredentials;
    private GeniUrn speaksForUrn;
    private List<X509Certificate> speaksForCertificateChain;
    private PublicKey speaksForPublicKey;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/user/SimpleGeniUserWithSpeaksFor$InvalidSpeaksForException.class */
    public static class InvalidSpeaksForException extends Exception {
        public InvalidSpeaksForException(String str) {
            super(str);
        }

        public InvalidSpeaksForException(String str, Throwable th) {
            super(str, th);
        }

        public InvalidSpeaksForException(Throwable th) {
            super(th);
        }
    }

    public SimpleGeniUserWithSpeaksFor(@Nullable Server server, @Nonnull GeniUrn geniUrn, @Nonnull String str, @Nullable char[] cArr, @Nullable File file, @Nullable File file2, @Nonnull List<AnyCredential> list) throws InvalidSpeaksForException, InvalidLoginException {
        super(server, geniUrn, str, cArr, file, file2);
        this.speaksForCredentials = list;
        if (!$assertionsDisabled && list.isEmpty()) {
            throw new AssertionError();
        }
        deriveSpeaksForDetailsFromCredentials();
        if (!$assertionsDisabled && this.speaksForUrn == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && this.speaksForCertificateChain == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && this.speaksForPublicKey == null) {
            throw new AssertionError();
        }
    }

    public SimpleGeniUserWithSpeaksFor(@Nullable Server server, @Nonnull GeniUrn geniUrn, @Nonnull List<X509Certificate> list, @Nonnull PrivateKey privateKey, @Nullable File file, @Nullable File file2, @Nonnull List<AnyCredential> list2) throws InvalidSpeaksForException {
        super(server, geniUrn, list, privateKey, file, file2);
        this.speaksForCredentials = list2;
        if (!$assertionsDisabled && list2.isEmpty()) {
            throw new AssertionError();
        }
        deriveSpeaksForDetailsFromCredentials();
        if (!$assertionsDisabled && this.speaksForUrn == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && this.speaksForCertificateChain == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && this.speaksForPublicKey == null) {
            throw new AssertionError();
        }
    }

    public SimpleGeniUserWithSpeaksFor(@Nonnull GeniUserWithSpeaksFor geniUserWithSpeaksFor) {
        super(geniUserWithSpeaksFor);
        this.speaksForCredentials = geniUserWithSpeaksFor.getSpeaksForCredentials();
        this.speaksForCertificateChain = geniUserWithSpeaksFor.getSpeaksForUserCertificateChain();
        this.speaksForPublicKey = geniUserWithSpeaksFor.getSpeaksForUserPublicKey();
        this.speaksForUrn = geniUserWithSpeaksFor.getSpeaksForUrn();
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.user.GeniUserWithSpeaksFor
    @Nonnull
    public List<AnyCredential> getSpeaksForCredentials() {
        return this.speaksForCredentials;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.user.GeniUserWithSpeaksFor
    @Nonnull
    public GeniUrn getSpeaksForUrn() {
        return this.speaksForUrn;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.user.GeniUserWithSpeaksFor
    @Nonnull
    public List<X509Certificate> getSpeaksForUserCertificateChain() {
        return this.speaksForCertificateChain;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.user.GeniUserWithSpeaksFor
    @Nonnull
    public PublicKey getSpeaksForUserPublicKey() {
        return this.speaksForPublicKey;
    }

    private void deriveSpeaksForDetailsFromCredentials() throws InvalidSpeaksForException {
        if (this.speaksForCredentials == null || this.speaksForCredentials.isEmpty()) {
            return;
        }
        for (AnyCredential anyCredential : this.speaksForCredentials) {
            if (anyCredential == null) {
                throw new InvalidSpeaksForException("Experiment.speaksForCredential is not a valid credential. (null after parsing)");
            }
            if (anyCredential instanceof AbacCredential) {
                AbacCredential abacCredential = (AbacCredential) anyCredential;
                if (!abacCredential.isSpeaksFor()) {
                    throw new InvalidSpeaksForException("Experiment.speaksForCredential is a valid ABAC credential, but it is not a speaksFor credential (which is required).");
                }
                Date date = new Date();
                if (abacCredential.getExpiresDate() != null && abacCredential.getExpiresDate().before(date)) {
                    throw new InvalidSpeaksForException("Experiment.speaksForCredential expired at " + abacCredential.getExpires());
                }
                try {
                    this.speaksForCertificateChain = abacCredential.getSignerCertificates();
                    if (this.speaksForCertificateChain == null) {
                        throw new InvalidSpeaksForException("Experiment.speaksForCredential is not a valid ABAC speaksFor credential: the signer certificate(s) could not be found");
                    }
                    for (X509Certificate x509Certificate : this.speaksForCertificateChain) {
                        try {
                            x509Certificate.checkValidity();
                        } catch (CertificateExpiredException e) {
                            LOG.error("The signer certificate in the speaks_for credential has expired.(NotAfter= " + x509Certificate.getNotAfter() + ")", (Throwable) e);
                            throw new InvalidSpeaksForException("The signer certificate in the speaks_for credential has expired. (NotAfter= " + x509Certificate.getNotAfter() + ")", e);
                        } catch (CertificateNotYetValidException e2) {
                            throw new InvalidSpeaksForException("The signer certificate in the speaks_for credential is not yet valid (NotBefore=" + x509Certificate.getNotBefore() + ")", e2);
                        }
                    }
                    this.speaksForUrn = abacCredential.getSpokenForUrn();
                    this.speaksForPublicKey = abacCredential.getSpokenForPubKey();
                    if (this.speaksForUrn == null) {
                        throw new InvalidSpeaksForException("Experiment.speaksForCredential is a valid ABAC speaksFor credential, however the speaks_for user could not be derived from it.");
                    }
                    if (this.speaksForPublicKey == null) {
                        throw new InvalidSpeaksForException("Experiment.speaksForCredential is a valid ABAC speaksFor credential, however the speaks_for public key could not be derived from it.");
                    }
                    if (this.speaksForCertificateChain != null) {
                        break;
                    }
                } catch (CredentialException e3) {
                    throw new InvalidSpeaksForException("Invalid speaks_for credential", e3);
                }
            } else if ((anyCredential instanceof SfaCredential) && !anyCredential.isSpeaksFor()) {
                throw new InvalidSpeaksForException("Experiment.speaksForCredential is a valid " + anyCredential.getClass().getName() + " credential, but only ABAC speaksFor credentials are currently supported. Additionally, the SfaCredential does not appear to be a speaksFor credential.");
            }
        }
        if (this.speaksForCertificateChain == null || this.speaksForPublicKey == null || this.speaksForUrn == null) {
            throw new InvalidSpeaksForException("No speaksFor details could be derived from the provided speaksFor credentials.");
        }
    }

    static {
        $assertionsDisabled = !SimpleGeniUserWithSpeaksFor.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger((Class<?>) SimpleGeniUserWithSpeaksFor.class);
    }
}
