package org.globus.delegation;

import java.io.IOException;
import java.net.URL;
import java.rmi.RemoteException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import javax.xml.rpc.Stub;
import org.apache.axis.encoding.AnyContentType;
import org.apache.axis.message.MessageElement;
import org.apache.axis.message.addressing.EndpointReference;
import org.apache.axis.message.addressing.EndpointReferenceType;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.message.token.PKIPathSecurity;
import org.globus.delegationService.DelegationFactoryServiceAddressingLocator;
import org.globus.delegationService.DelegationFactoryServiceLocator;
import org.globus.delegationService.DelegationServiceAddressingLocator;
import org.globus.gsi.GlobusCredential;
import org.globus.gsi.GlobusCredentialException;
import org.globus.gsi.X509ExtensionSet;
import org.globus.gsi.bc.BouncyCastleCertProcessingFactory;
import org.globus.gsi.gssapi.GlobusGSSCredentialImpl;
import org.globus.util.I18n;
import org.globus.ws.trust.RequestSecurityTokenType;
import org.globus.wsrf.encoding.ObjectDeserializer;
import org.globus.wsrf.impl.security.authentication.ContextCrypto;
import org.globus.wsrf.impl.security.descriptor.ClientSecurityDescriptor;
import org.globus.wsrf.security.SecurityException;
import org.globus.wsrf.security.SecurityManager;
import org.globus.wsrf.utils.XmlUtils;

/* loaded from: input_file:org/globus/delegation/DelegationUtil.class */
public class DelegationUtil {
    static Log logger;
    private static I18n i18n;
    static Class class$org$globus$delegation$DelegationUtil;
    static Class class$org$globus$delegationService$CertType;

    public static PKIPathSecurity getServiceCertAsToken(String str, boolean z) throws DelegationException {
        GlobusCredential serviceCredential = getServiceCredential(str, z);
        if (serviceCredential == null) {
            throw new DelegationException(i18n.getMessage("insecureService"));
        }
        X509Certificate[] certificateChain = serviceCredential.getCertificateChain();
        if (certificateChain != null) {
            return getPKIToken(certificateChain, false);
        }
        throw new DelegationException(i18n.getMessage("certChainNotFound"));
    }

    public static PrivateKey getServicePrivateKey(String str, boolean z) throws DelegationException {
        GlobusCredential serviceCredential = getServiceCredential(str, z);
        if (serviceCredential == null) {
            throw new DelegationException(i18n.getMessage("insecureService"));
        }
        return serviceCredential.getPrivateKey();
    }

    public static void registerDelegationListener(EndpointReferenceType endpointReferenceType, DelegationListener delegationListener) throws DelegationException {
        getDelegationResource(endpointReferenceType).addRefreshListener(delegationListener);
    }

    public static void registerDelegationListener(EndpointReferenceType endpointReferenceType, DelegationListener delegationListener, Subject subject) throws DelegationException {
        getDelegationResource(endpointReferenceType).addRefreshListener(delegationListener, subject);
    }

    public static void removeDelegationListener(EndpointReferenceType endpointReferenceType, String str) throws DelegationException {
        getDelegationResource(endpointReferenceType).removeRefreshListener(str);
    }

    /* JADX WARN: Code restructure failed: missing block: B:14:0x0104, code lost:
    
        r18 = new org.globus.wsrf.impl.SimpleResourceKey(r0[r20], r0);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static org.globus.delegation.service.DelegationResource getDelegationResource(org.apache.axis.message.addressing.EndpointReferenceType r9) throws org.globus.delegation.DelegationException {
        /*
            Method dump skipped, instructions count: 415
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.globus.delegation.DelegationUtil.getDelegationResource(org.apache.axis.message.addressing.EndpointReferenceType):org.globus.delegation.service.DelegationResource");
    }

    public static RequestSecurityTokenType getTokenToDelegate(GlobusCredential globusCredential, X509Certificate x509Certificate, int i, boolean z) throws DelegationException {
        return getTokenToDelegate(globusCredential.getCertificateChain(), globusCredential.getPrivateKey(), x509Certificate.getPublicKey(), i, z);
    }

    public static RequestSecurityTokenType getTokenToDelegate(X509Certificate[] x509CertificateArr, PrivateKey privateKey, PublicKey publicKey, int i, boolean z) throws DelegationException {
        try {
            X509Certificate createProxyCertificate = BouncyCastleCertProcessingFactory.getDefault().createProxyCertificate(x509CertificateArr[0], privateKey, publicKey, i, z ? 3 : 2, (X509ExtensionSet) null, (String) null);
            X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + 1];
            x509CertificateArr2[0] = createProxyCertificate;
            System.arraycopy(x509CertificateArr, 0, x509CertificateArr2, 1, x509CertificateArr.length);
            logger.debug("New delegated chain");
            for (X509Certificate x509Certificate : x509CertificateArr2) {
                logger.debug(x509Certificate.getSubjectDN());
            }
            PKIPathSecurity pKIToken = getPKIToken(x509CertificateArr2, false);
            logger.debug("New certificate chain");
            for (X509Certificate x509Certificate2 : x509CertificateArr2) {
                logger.debug(x509Certificate2.getSubjectDN());
            }
            MessageElement messageElement = new MessageElement(pKIToken.getElement());
            RequestSecurityTokenType requestSecurityTokenType = new RequestSecurityTokenType();
            requestSecurityTokenType.set_any(new MessageElement[]{messageElement});
            return requestSecurityTokenType;
        } catch (GeneralSecurityException e) {
            logger.error(i18n.getMessage("createDelegCred"), e);
            throw new DelegationException(i18n.getMessage("createDelegCred"), e);
        }
    }

    public static EndpointReferenceType delegate(String str, GlobusCredential globusCredential, X509Certificate x509Certificate, boolean z, ClientSecurityDescriptor clientSecurityDescriptor) throws DelegationException {
        return delegate(str, globusCredential, x509Certificate, new Long(globusCredential.getTimeLeft()).intValue(), z, clientSecurityDescriptor);
    }

    public static EndpointReferenceType delegate(String str, GlobusCredential globusCredential, X509Certificate x509Certificate, int i, boolean z, ClientSecurityDescriptor clientSecurityDescriptor) throws DelegationException {
        RequestSecurityTokenType tokenToDelegate = getTokenToDelegate(globusCredential, x509Certificate, i, z);
        try {
            Stub delegationFactoryPortTypePort = new DelegationFactoryServiceLocator().getDelegationFactoryPortTypePort(new URL(str));
            if (clientSecurityDescriptor != null) {
                delegationFactoryPortTypePort._setProperty("clientDescriptor", clientSecurityDescriptor);
            }
            return new EndpointReference(delegationFactoryPortTypePort.requestSecurityToken(tokenToDelegate).get_any()[0].getAsDOM());
        } catch (Exception e) {
            logger.error(e);
            throw new DelegationException(e);
        }
    }

    public static void refresh(GlobusCredential globusCredential, X509Certificate x509Certificate, int i, boolean z, ClientSecurityDescriptor clientSecurityDescriptor, EndpointReferenceType endpointReferenceType) throws DelegationException {
        RequestSecurityTokenType tokenToDelegate = getTokenToDelegate(globusCredential, x509Certificate, i, z);
        try {
            Stub delegationPortTypePort = new DelegationServiceAddressingLocator().getDelegationPortTypePort(endpointReferenceType);
            delegationPortTypePort._setProperty("clientDescriptor", clientSecurityDescriptor);
            try {
                delegationPortTypePort.refresh(tokenToDelegate);
            } catch (Exception e) {
                logger.error(e);
                throw new DelegationException(e);
            }
        } catch (Exception e2) {
            logger.error(e2);
            throw new DelegationException(e2);
        }
    }

    public static X509Certificate[] getCertificateChainRP(EndpointReferenceType endpointReferenceType, ClientSecurityDescriptor clientSecurityDescriptor) throws DelegationException {
        Class cls;
        QName qName = new QName(DelegationConstants.NS, "CertificateChain");
        if (class$org$globus$delegationService$CertType == null) {
            cls = class$("org.globus.delegationService.CertType");
            class$org$globus$delegationService$CertType = cls;
        } else {
            cls = class$org$globus$delegationService$CertType;
        }
        return getCertificateChainRP(endpointReferenceType, qName, cls, clientSecurityDescriptor);
    }

    public static X509Certificate[] getCertificateChainRP(EndpointReferenceType endpointReferenceType, QName qName, Class cls, ClientSecurityDescriptor clientSecurityDescriptor) throws DelegationException {
        try {
            Stub delegationFactoryPortTypePort = new DelegationFactoryServiceAddressingLocator().getDelegationFactoryPortTypePort(endpointReferenceType);
            if (clientSecurityDescriptor != null) {
                delegationFactoryPortTypePort._setProperty("clientDescriptor", clientSecurityDescriptor);
            }
            try {
                try {
                    try {
                        X509Certificate[] x509Certificates = new PKIPathSecurity(WSSConfig.getDefaultWSConfig(), ((AnyContentType) ObjectDeserializer.toObject(delegationFactoryPortTypePort.getResourceProperty(qName).get_any()[0], cls)).get_any()[0].getAsDOM()).getX509Certificates(false, new ContextCrypto());
                        try {
                            new GlobusCredential((PrivateKey) null, x509Certificates).verify();
                            return x509Certificates;
                        } catch (Exception e) {
                            throw new DelegationException(e);
                        }
                    } catch (IOException e2) {
                        logger.error(e2);
                        throw new DelegationException(e2);
                    }
                } catch (Exception e3) {
                    logger.error(e3);
                    throw new DelegationException(e3);
                }
            } catch (RemoteException e4) {
                logger.error(e4);
                throw new DelegationException((Throwable) e4);
            }
        } catch (Exception e5) {
            logger.error(e5);
            throw new DelegationException(e5);
        }
    }

    private static GlobusCredential getServiceCredential(String str, boolean z) throws DelegationException {
        try {
            Subject serviceSubject = SecurityManager.getManager().getServiceSubject(str);
            if (serviceSubject == null) {
                throw new DelegationException(i18n.getMessage("insecureService"));
            }
            GlobusCredential globusCredential = null;
            Iterator<Object> it = serviceSubject.getPrivateCredentials().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Object next = it.next();
                if (next instanceof GlobusGSSCredentialImpl) {
                    globusCredential = ((GlobusGSSCredentialImpl) next).getGlobusCredential();
                    break;
                }
            }
            if (z && globusCredential == null) {
                try {
                    globusCredential = GlobusCredential.getDefaultCredential();
                } catch (GlobusCredentialException e) {
                    throw new DelegationException((Throwable) e);
                }
            }
            return globusCredential;
        } catch (SecurityException e2) {
            throw new DelegationException((Throwable) e2);
        }
    }

    private static PKIPathSecurity getPKIToken(X509Certificate[] x509CertificateArr, boolean z) throws DelegationException {
        try {
            PKIPathSecurity pKIPathSecurity = new PKIPathSecurity(WSSConfig.getDefaultWSConfig(), XmlUtils.newDocument());
            pKIPathSecurity.setX509Certificates(x509CertificateArr, z, new ContextCrypto());
            return pKIPathSecurity;
        } catch (Exception e) {
            logger.error(e);
            throw new DelegationException(e);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        Class cls2;
        if (class$org$globus$delegation$DelegationUtil == null) {
            cls = class$("org.globus.delegation.DelegationUtil");
            class$org$globus$delegation$DelegationUtil = cls;
        } else {
            cls = class$org$globus$delegation$DelegationUtil;
        }
        logger = LogFactory.getLog(cls.getName());
        if (class$org$globus$delegation$DelegationUtil == null) {
            cls2 = class$("org.globus.delegation.DelegationUtil");
            class$org$globus$delegation$DelegationUtil = cls2;
        } else {
            cls2 = class$org$globus$delegation$DelegationUtil;
        }
        i18n = I18n.getI18n("org.globus.delegation.errors", cls2.getClassLoader());
    }
}
