package org.globus.gridshib.security.util;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.globus.common.ChainedIOException;
import org.globus.gridshib.security.x509.SAMLX509Extension;
import org.globus.gsi.GlobusCredential;
import org.globus.gsi.GlobusCredentialException;
import org.globus.gsi.X509Extension;
import org.globus.gsi.X509ExtensionSet;
import org.globus.gsi.bc.BouncyCastleCertProcessingFactory;
import org.globus.gsi.bc.BouncyCastleOpenSSLKey;
import org.globus.gsi.bc.BouncyCastleUtil;
import org.globus.gsi.gssapi.GlobusGSSCredentialImpl;
import org.globus.opensaml11.saml.SAMLAssertion;
import org.globus.util.Util;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;

/* loaded from: input_file:org/globus/gridshib/security/util/GSIUtil.class */
public class GSIUtil {
    private static Log logger;
    private static final int DEFAULT_LIFETIME;
    private static BouncyCastleCertProcessingFactory certFactory;
    static Class class$org$globus$gridshib$security$util$GSIUtil;

    public static int getDefaultLifetime() {
        return DEFAULT_LIFETIME;
    }

    public static GlobusCredential embedAssertion(GlobusCredential globusCredential, SAMLAssertion sAMLAssertion) throws GlobusCredentialException {
        return bindAssertion(globusCredential, sAMLAssertion);
    }

    public static GlobusCredential embedAssertion(GlobusCredential globusCredential, SAMLAssertion sAMLAssertion, int i) throws GlobusCredentialException {
        return bindAssertion(globusCredential, sAMLAssertion, i);
    }

    public static GlobusCredential bindAssertion(GlobusCredential globusCredential, SAMLAssertion sAMLAssertion) throws GlobusCredentialException {
        return bindAssertion(globusCredential, sAMLAssertion, DEFAULT_LIFETIME);
    }

    public static GlobusCredential bindAssertion(GlobusCredential globusCredential, SAMLAssertion sAMLAssertion, int i) throws GlobusCredentialException {
        try {
            SAMLX509Extension sAMLX509Extension = new SAMLX509Extension(sAMLAssertion);
            X509ExtensionSet x509ExtensionSet = new X509ExtensionSet();
            x509ExtensionSet.add(sAMLX509Extension);
            GlobusCredential createCredential = createCredential(globusCredential, x509ExtensionSet, i);
            X509Certificate x509Certificate = createCredential.getCertificateChain()[0];
            try {
                Date notBefore = sAMLAssertion.getNotBefore();
                if (notBefore != null) {
                    x509Certificate.checkValidity(notBefore);
                }
                try {
                    Date notOnOrAfter = sAMLAssertion.getNotOnOrAfter();
                    if (notOnOrAfter != null) {
                        x509Certificate.checkValidity(notOnOrAfter);
                    }
                    return createCredential;
                } catch (CertificateExpiredException e) {
                    logger.error("SAML NotOnOrAfter greater than X.509 NotOnOrAfter");
                    throw new GlobusCredentialException(3, "error00", new GeneralSecurityException("SAML NotOnOrAfter greater than X.509 NotOnOrAfter"));
                } catch (CertificateNotYetValidException e2) {
                    logger.error("SAML NotOnOrAfter less than X.509 NotBefore");
                    throw new GlobusCredentialException(3, "error00", new GeneralSecurityException("SAML NotOnOrAfter less than X.509 NotBefore"));
                }
            } catch (CertificateExpiredException e3) {
                logger.error("SAML NotBefore greater than X.509 NotOnOrAfter");
                throw new GlobusCredentialException(3, "error00", new GeneralSecurityException("SAML NotBefore greater than X.509 NotOnOrAfter"));
            } catch (CertificateNotYetValidException e4) {
                logger.error("SAML NotBefore less than X.509 NotBefore");
                throw new GlobusCredentialException(3, "error00", new GeneralSecurityException("SAML NotBefore less than X.509 NotBefore"));
            }
        } catch (IOException e5) {
            logger.error("Unable to create the SAML Extension");
            throw new GlobusCredentialException(3, "error00", e5);
        }
    }

    public static GlobusCredential createCredential(GlobusCredential globusCredential, X509Extension x509Extension) throws GlobusCredentialException {
        return createCredential(globusCredential, x509Extension, DEFAULT_LIFETIME);
    }

    public static GlobusCredential createCredential(GlobusCredential globusCredential, X509Extension x509Extension, int i) throws GlobusCredentialException {
        X509ExtensionSet x509ExtensionSet = new X509ExtensionSet();
        x509ExtensionSet.add(x509Extension);
        return createCredential(globusCredential, x509ExtensionSet, i);
    }

    public static GlobusCredential createCredential(GlobusCredential globusCredential, X509ExtensionSet x509ExtensionSet) throws GlobusCredentialException {
        return createCredential(globusCredential, x509ExtensionSet, DEFAULT_LIFETIME);
    }

    public static GlobusCredential createCredential(GlobusCredential globusCredential, X509ExtensionSet x509ExtensionSet, int i) throws GlobusCredentialException {
        int version = globusCredential.getCertificateChain()[0].getVersion();
        if (version < 3) {
            String stringBuffer = new StringBuffer().append("Signing cert is v").append(version).append(" cert").toString();
            logger.error(stringBuffer);
            throw new GlobusCredentialException(2, "error00", new GeneralSecurityException(stringBuffer));
        }
        X509Certificate[] certificateChain = globusCredential.getCertificateChain();
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
        for (int i2 = 0; i2 < certificateChain.length; i2++) {
            try {
                x509CertificateArr[i2] = certFactory.loadCertificate(new ByteArrayInputStream(certificateChain[i2].getEncoded()));
            } catch (IOException e) {
                throw new GlobusCredentialException(3, "ioError00", e);
            } catch (GeneralSecurityException e2) {
                throw new GlobusCredentialException(3, "secError00", e2);
            }
        }
        int i3 = 3;
        try {
            int certificateType = BouncyCastleUtil.getCertificateType(globusCredential.getCertificateChain()[0]);
            if (!org.globus.gsi.CertUtil.isGsi4Proxy(certificateType) && !org.globus.gsi.CertUtil.isGsi3Proxy(certificateType)) {
                if (!org.globus.gsi.CertUtil.isGsi2Proxy(certificateType)) {
                    i3 = 18;
                }
            }
            try {
                return certFactory.createCredential(x509CertificateArr, globusCredential.getPrivateKey(), 512, i, i3, x509ExtensionSet, (String) null);
            } catch (GeneralSecurityException e3) {
                throw new GlobusCredentialException(3, "secError00", e3);
            }
        } catch (CertificateException e4) {
            throw new GlobusCredentialException(3, "secError00", e4);
        }
    }

    /* JADX WARN: Finally extract failed */
    public static GlobusCredential createCredential(File file, char[] cArr, String str, char[] cArr2) throws GlobusCredentialException {
        if (file == null || cArr == null || str == null) {
            throw new IllegalArgumentException("Null argument");
        }
        if (cArr2 == null) {
            logger.warn("Null keyStoreKeyPassword, trying keyStorePassword");
            cArr2 = cArr;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream fileInputStream = null;
            try {
                try {
                    fileInputStream = new FileInputStream(file);
                    keyStore.load(fileInputStream, cArr);
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e) {
                        }
                    }
                    try {
                        PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, cArr2);
                        if (privateKey == null) {
                            throw new GlobusCredentialException(3, "noKey00", new GeneralSecurityException("No private key found"));
                        }
                        try {
                            Certificate[] certificateChain = keyStore.getCertificateChain(str);
                            if (certificateChain == null || certificateChain.length == 0) {
                                Certificate certificate = keyStore.getCertificate(str);
                                if (certificate == null) {
                                    throw new GlobusCredentialException(-1, "noCertData", new GeneralSecurityException("No certificate found"));
                                }
                                certificateChain = new Certificate[]{certificate};
                            }
                            X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
                            for (int i = 0; i < certificateChain.length; i++) {
                                if (!(certificateChain[i] instanceof X509Certificate)) {
                                    throw new GlobusCredentialException(2, "certTypeErr", new String[]{"Non-X.509 cert found"});
                                }
                                x509CertificateArr[i] = (X509Certificate) certificateChain[i];
                            }
                            return new GlobusCredential(privateKey, x509CertificateArr);
                        } catch (KeyStoreException e2) {
                            throw new GlobusCredentialException(3, "secError00", e2);
                        }
                    } catch (KeyStoreException e3) {
                        throw new GlobusCredentialException(3, "secError00", e3);
                    } catch (NoSuchAlgorithmException e4) {
                        throw new GlobusCredentialException(3, "algNotSup", e4);
                    } catch (UnrecoverableKeyException e5) {
                        throw new GlobusCredentialException(3, "secError00", e5);
                    }
                } catch (IOException e6) {
                    throw new GlobusCredentialException(3, "ioError00", e6);
                } catch (NoSuchAlgorithmException e7) {
                    throw new GlobusCredentialException(3, "algNotSup", e7);
                } catch (CertificateException e8) {
                    throw new GlobusCredentialException(3, "secError00", e8);
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e9) {
                    }
                }
                throw th;
            }
        } catch (KeyStoreException e10) {
            throw new GlobusCredentialException(-1, "error00", e10);
        }
    }

    public static GlobusCredential getCredential() throws GlobusCredentialException {
        return GlobusCredential.getDefaultCredential();
    }

    public static GlobusCredential getCredential(String str) throws GlobusCredentialException {
        if (str == null) {
            throw new IllegalArgumentException("Null argument");
        }
        GlobusCredential globusCredential = new GlobusCredential(str);
        globusCredential.verify();
        return globusCredential;
    }

    public static GlobusCredential getCredential(File file) throws GlobusCredentialException {
        if (file == null) {
            throw new IllegalArgumentException("Null argument");
        }
        GlobusCredential globusCredential = new GlobusCredential(file.getPath());
        globusCredential.verify();
        return globusCredential;
    }

    public static GlobusCredential getCredential(InputStream inputStream) throws GlobusCredentialException {
        if (inputStream == null) {
            throw new IllegalArgumentException("Null argument");
        }
        GlobusCredential globusCredential = new GlobusCredential(inputStream);
        globusCredential.verify();
        return globusCredential;
    }

    public static GlobusCredential getCredential(File file, File file2) throws GlobusCredentialException {
        if (file == null || file2 == null) {
            throw new IllegalArgumentException("Null argument");
        }
        return getCredential(file.getPath(), file2.getPath());
    }

    public static GlobusCredential getCredential(String str, String str2) throws GlobusCredentialException {
        if (str == null || str2 == null) {
            throw new IllegalArgumentException("Null argument");
        }
        return new GlobusCredential(str, str2);
    }

    public static String getIdentity(GlobusCredential globusCredential) throws GlobusCredentialException {
        try {
            X509Certificate eec = CertUtil.getEEC(globusCredential.getCertificateChain());
            if (eec != null) {
                return eec.getSubjectX500Principal().getName("RFC2253");
            }
            logger.error("Certificate chain contains no EEC");
            throw new GlobusCredentialException(3, "eecNotFound", new String[]{"Certificate chain contains no EEC"});
        } catch (CertificateException e) {
            logger.error("Unable to retrieve the EEC", e);
            throw new GlobusCredentialException(3, "unknownCertType", new String[]{"Unable to retrieve the EEC"});
        }
    }

    public static String getDefaultSAMLIssuer(GlobusCredential globusCredential) {
        return globusCredential.getCertificateChain()[0].getSubjectX500Principal().getName("RFC2253");
    }

    public static boolean writeCredentialToFile(GlobusCredential globusCredential, String str) throws SecurityException, FileNotFoundException, IOException {
        if (str == null) {
            throw new IllegalArgumentException("Null argument (outputFilename)");
        }
        return writeCredentialToFile(globusCredential, Util.createFile(str));
    }

    public static boolean writeCredentialToFile(GlobusCredential globusCredential, File file) throws SecurityException, FileNotFoundException, IOException {
        if (file == null) {
            throw new IllegalArgumentException("Null argument (outputFile)");
        }
        String path = file.getPath();
        boolean ownerAccessOnly = Util.setOwnerAccessOnly(path);
        if (!ownerAccessOnly) {
            logger.warn(new StringBuffer().append("Unable to set file permissions: ").append(path).toString());
        }
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(file);
            saveCredential(globusCredential, fileOutputStream);
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e) {
                }
            }
            return ownerAccessOnly;
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e2) {
                }
            }
            throw th;
        }
    }

    public static void printCredential(GlobusCredential globusCredential) throws IOException {
        saveCredential(globusCredential, System.out);
    }

    public static void saveCredential(GlobusCredential globusCredential, OutputStream outputStream) throws IOException {
        if (globusCredential == null) {
            throw new IllegalArgumentException("Null argument (credential)");
        }
        X509Certificate[] certificateChain = globusCredential.getCertificateChain();
        try {
            org.globus.gsi.CertUtil.writeCertificate(outputStream, certificateChain[0]);
            new BouncyCastleOpenSSLKey(globusCredential.getPrivateKey()).writeTo(outputStream);
            for (int i = 1; i < certificateChain.length; i++) {
                org.globus.gsi.CertUtil.writeCertificate(outputStream, certificateChain[i]);
            }
            outputStream.flush();
        } catch (CertificateEncodingException e) {
            throw new ChainedIOException(e.getMessage(), e);
        }
    }

    public static GSSCredential toGSSCredential(GlobusCredential globusCredential) throws GSSException {
        if (globusCredential == null) {
            throw new IllegalArgumentException("Null argument (cred)");
        }
        return new GlobusGSSCredentialImpl(globusCredential, 0);
    }

    public static GlobusCredential toGlobusCredential(GSSCredential gSSCredential) throws GSSException {
        if (gSSCredential == null) {
            throw new IllegalArgumentException("Null argument (gsscred)");
        }
        if (gSSCredential instanceof GlobusGSSCredentialImpl) {
            return ((GlobusGSSCredentialImpl) gSSCredential).getGlobusCredential();
        }
        throw new GSSException(11, 16, "Argument is not of type GlobusGSSCredentialImpl");
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$globus$gridshib$security$util$GSIUtil == null) {
            cls = class$("org.globus.gridshib.security.util.GSIUtil");
            class$org$globus$gridshib$security$util$GSIUtil = cls;
        } else {
            cls = class$org$globus$gridshib$security$util$GSIUtil;
        }
        logger = LogFactory.getLog(cls.getName());
        DEFAULT_LIFETIME = 43200;
        certFactory = BouncyCastleCertProcessingFactory.getDefault();
        Security.addProvider(new BouncyCastleProvider());
    }
}
