package org.globus.gridshib.security.util;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.security.auth.Subject;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.gridshib.security.SecurityContext;
import org.globus.gridshib.security.SecurityContextFactory;
import org.globus.gridshib.security.x509.NonCriticalX509Extension;
import org.globus.gridshib.security.x509.SAMLX509Extension;
import org.globus.gsi.bc.BouncyCastleUtil;
import org.globus.util.Util;

/* loaded from: input_file:org/globus/gridshib/security/util/CertUtil.class */
public class CertUtil {
    static Log logger;
    static Class class$org$globus$gridshib$security$util$CertUtil;
    static final boolean $assertionsDisabled;

    public static boolean isImpersonationProxy(X509Certificate x509Certificate) throws CertificateException {
        if (x509Certificate == null) {
            logger.error("Null X509Certificate argument");
            throw new IllegalArgumentException("Null X509Certificate argument");
        }
        int certificateType = BouncyCastleUtil.getCertificateType(x509Certificate);
        logger.debug(new StringBuffer().append("Certificate is ").append(org.globus.gsi.CertUtil.getProxyTypeAsString(certificateType)).toString());
        return org.globus.gsi.CertUtil.isImpersonationProxy(certificateType);
    }

    public static boolean hasNonCriticalExtension(X509Certificate x509Certificate, String str) {
        return NonCriticalX509Extension.hasNonCriticalExtension(x509Certificate, str);
    }

    public static boolean hasSAMLExtension(X509Certificate x509Certificate) {
        return SAMLX509Extension.hasSAMLExtension(x509Certificate);
    }

    public static void printSAMLExtension(X509Certificate x509Certificate) throws IOException {
        printExtension(x509Certificate, SAMLX509Extension.OID);
    }

    public static boolean writeSAMLExtensionToFile(X509Certificate x509Certificate, String str) throws SecurityException, IOException, FileNotFoundException {
        return writeExtensionToFile(x509Certificate, SAMLX509Extension.OID, str);
    }

    public static boolean writeSAMLExtensionToFile(X509Certificate x509Certificate, File file) throws SecurityException, IOException, FileNotFoundException {
        return writeExtensionToFile(x509Certificate, SAMLX509Extension.OID, file);
    }

    public static void printExtension(X509Certificate x509Certificate, String str) throws IOException {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("Null argument: X509Certificate cert");
        }
        if (str == null) {
            throw new IllegalArgumentException("Null argument: String oid");
        }
        byte[] extensionValue = x509Certificate.getExtensionValue(str);
        if (extensionValue == null) {
            return;
        }
        System.out.write(extensionValue);
        System.out.flush();
    }

    public static boolean writeExtensionToFile(X509Certificate x509Certificate, String str, String str2) throws SecurityException, IOException, FileNotFoundException {
        if (str2 == null) {
            throw new IllegalArgumentException("Null argument: String outputFilename");
        }
        return writeExtensionToFile(x509Certificate, str, Util.createFile(str2));
    }

    public static boolean writeExtensionToFile(X509Certificate x509Certificate, String str, File file) throws SecurityException, IOException, FileNotFoundException {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("Null argument: X509Certificate cert");
        }
        if (str == null) {
            throw new IllegalArgumentException("Null argument: String oid");
        }
        if (file == null) {
            throw new IllegalArgumentException("Null argument: File outputFile");
        }
        String path = file.getPath();
        boolean ownerAccessOnly = Util.setOwnerAccessOnly(path);
        if (!ownerAccessOnly) {
            logger.warn(new StringBuffer().append("Unable to set file permissions: ").append(path).toString());
        }
        byte[] extensionValue = x509Certificate.getExtensionValue(str);
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(file);
            fileOutputStream.write(extensionValue);
            fileOutputStream.flush();
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e) {
                }
            }
            return ownerAccessOnly;
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e2) {
                }
            }
            throw th;
        }
    }

    public static X509Certificate[] getCertificateChain(Subject subject) {
        if (subject == null) {
            logger.error("Subject is null");
            throw new IllegalArgumentException("Subject is null");
        }
        SecurityContext securityContextFactory = SecurityContextFactory.getInstance(subject);
        if ($assertionsDisabled || securityContextFactory != null) {
            return securityContextFactory.getCertificateChain();
        }
        throw new AssertionError();
    }

    public static X509Certificate getEEC(Subject subject) throws CertificateException {
        X509Certificate[] certificateChain = getCertificateChain(subject);
        if (certificateChain != null) {
            return getEEC(certificateChain);
        }
        logger.warn("No certificate chain found");
        return null;
    }

    public static X509Certificate getEEC(X509Certificate[] x509CertificateArr) throws CertificateException {
        if (x509CertificateArr == null) {
            logger.error("X509Certificate[] is null");
            throw new IllegalArgumentException("X509Certificate[] is null");
        }
        for (int i = 0; i < x509CertificateArr.length; i++) {
            logger.debug(new StringBuffer().append("Checking certs[").append(i).append("]").toString());
            if (!isImpersonationProxy(x509CertificateArr[i])) {
                logger.debug(new StringBuffer().append("EEC index is ").append(i).toString());
                return x509CertificateArr[i];
            }
        }
        logger.warn("Certificate chain did not contain a non-impersonation proxy");
        return null;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        if (class$org$globus$gridshib$security$util$CertUtil == null) {
            cls = class$("org.globus.gridshib.security.util.CertUtil");
            class$org$globus$gridshib$security$util$CertUtil = cls;
        } else {
            cls = class$org$globus$gridshib$security$util$CertUtil;
        }
        $assertionsDisabled = !cls.desiredAssertionStatus();
        if (class$org$globus$gridshib$security$util$CertUtil == null) {
            cls2 = class$("org.globus.gridshib.security.util.CertUtil");
            class$org$globus$gridshib$security$util$CertUtil = cls2;
        } else {
            cls2 = class$org$globus$gridshib$security$util$CertUtil;
        }
        logger = LogFactory.getLog(cls2.getName());
    }
}
