package org.glite.security.delegation.impl;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.x509.X509Name;
import org.glite.security.SecurityContext;
import org.glite.security.delegation.DelegationException;
import org.glite.security.delegation.GrDPConstants;
import org.glite.security.delegation.GrDPX509Util;
import org.glite.security.delegation.GrDProxyDlgeeOptions;
import org.glite.security.delegation.NewProxyReq;
import org.glite.security.delegation.storage.GrDPStorage;
import org.glite.security.delegation.storage.GrDPStorageCacheElement;
import org.glite.security.delegation.storage.GrDPStorageElement;
import org.glite.security.delegation.storage.GrDPStorageException;
import org.glite.security.util.PrivateKeyReader;
import org.glite.security.util.axis.InitSecurityContext;

/* loaded from: input_file:glite-security-delegation-java.jar:org/glite/security/delegation/impl/GliteDelegation.class */
public class GliteDelegation {
    private static Logger logger;
    private int DEFAULT_KEY_SIZE;
    private String ENC_ALGORITHM;
    private boolean m_bad_config;
    private GrDProxyDlgeeOptions dlgeeOpt;
    private GrDPStorage storage;
    private int keySize;
    static Class class$org$glite$security$delegation$impl$GliteDelegation;

    public GliteDelegation() throws IOException {
        this(new GrDProxyDlgeeOptions(GrDPX509Util.getDlgeePropertyFile()));
    }

    public GliteDelegation(GrDProxyDlgeeOptions grDProxyDlgeeOptions) {
        this.DEFAULT_KEY_SIZE = 512;
        this.ENC_ALGORITHM = "MD5WithRSAEncryption";
        this.m_bad_config = false;
        this.dlgeeOpt = null;
        this.storage = null;
        this.dlgeeOpt = grDProxyDlgeeOptions;
        logger.debug(new StringBuffer().append("Using DLGEE properties: DN: ").append(grDProxyDlgeeOptions.getDlgeeDN()).append(". Organization: ").append(grDProxyDlgeeOptions.getDlgeeOrganization()).append(".").append(" OrgUnit: ").append(grDProxyDlgeeOptions.getDlgeeOrgUnit()).append(". CommonName: ").append(grDProxyDlgeeOptions.getDlgeeCommonName()).append(". Country: ").append(grDProxyDlgeeOptions.getDlgeeCountry()).append(". Email: ").append(grDProxyDlgeeOptions.getDlgeeEmail()).append(". Pass: <hidden>. proxyFile: ").append(grDProxyDlgeeOptions.getDlgeeProxyFile()).append(". ").append("delegationStorageFactory: ").append(grDProxyDlgeeOptions.getDlgeeStorageFactory()).toString());
        try {
            this.storage = GrDPX509Util.getGrDPStorageFactory(grDProxyDlgeeOptions.getDlgeeStorageFactory()).createGrDPStorage(grDProxyDlgeeOptions);
            this.keySize = grDProxyDlgeeOptions.getDlgeeKeySize();
            if (this.keySize == -1) {
                this.keySize = this.DEFAULT_KEY_SIZE;
            }
        } catch (Exception e) {
            logger.error("Failed to get a GrDPStorage instance. Delegation is not active.", e);
            this.m_bad_config = true;
        }
    }

    public String getProxyReq(String str) throws DelegationException {
        logger.debug("Processing getProxyReq.");
        NewProxyReq newProxyReq = getNewProxyReq(str);
        if (newProxyReq != null) {
            return newProxyReq.getProxyRequest();
        }
        logger.error("Failed to create the certificate request.");
        throw new DelegationException("Failed to create the certificate request.");
    }

    public NewProxyReq getNewProxyReq(String str) throws DelegationException {
        logger.debug("Processing newProxyReq.");
        String str2 = str;
        InitSecurityContext.init();
        SecurityContext currentContext = SecurityContext.getCurrentContext();
        if (currentContext == null) {
            logger.debug("Failed to get SecurityContext.");
            throw new DelegationException("Failed to get client security information.");
        }
        if (this.m_bad_config) {
            logger.error("Service is misconfigured. Stopping execution.");
            throw new DelegationException("Service is misconfigured.");
        }
        String clientName = currentContext.getClientName();
        if (clientName == null) {
            logger.error("Failed to get client DN.");
            throw new DelegationException("Failed to get client DN.");
        }
        logger.debug(new StringBuffer().append("Got proxy delegation request from client '").append(clientName).append("'").toString());
        String[] vOMSAttributes = GrDPX509Util.getVOMSAttributes(currentContext);
        if (str2 == null || str2.length() == 0) {
            str2 = GrDPX509Util.genDlgID(clientName, vOMSAttributes);
        }
        try {
            if (this.storage.findGrDPStorageElement(str2, clientName) != null) {
                String stringVOMSAttrs = GrDPX509Util.toStringVOMSAttrs(vOMSAttributes);
                logger.debug(new StringBuffer().append("Delegation ID '").append(str2).append("' already exists").append(" for client (DN='").append(clientName).append("; VOMS ATTRS='").append(stringVOMSAttrs).append("'). Call renewProxyReq.").toString());
                throw new DelegationException(new StringBuffer().append("Delegation ID '").append(str2).append("' already exists").append(" for client (DN='").append(clientName).append("; VOMS ATTRS='").append(stringVOMSAttrs).append("'). Call renewProxyReq.").toString());
            }
            String createAndStoreCertificateRequest = createAndStoreCertificateRequest(str2, clientName, vOMSAttributes);
            NewProxyReq newProxyReq = new NewProxyReq();
            newProxyReq.setDelegationID(str2);
            newProxyReq.setProxyRequest(createAndStoreCertificateRequest);
            return newProxyReq;
        } catch (GrDPStorageException e) {
            logger.error("Failure on storage interaction.", e);
            throw new DelegationException("Internal failure.");
        }
    }

    public String renewProxyReq(String str) throws DelegationException {
        logger.debug("Processing renewProxyReq.");
        InitSecurityContext.init();
        SecurityContext currentContext = SecurityContext.getCurrentContext();
        if (currentContext == null) {
            logger.debug("Failed to get SecurityContext.");
            throw new DelegationException("Failed to get client security information.");
        }
        if (this.m_bad_config) {
            logger.error("Service is misconfigured. Stopping execution.");
            throw new DelegationException("Service is misconfigured.");
        }
        String clientName = currentContext.getClientName();
        if (clientName == null) {
            logger.error("Failed to get client DN.");
            throw new DelegationException("Failed to get client DN.");
        }
        logger.debug(new StringBuffer().append("Got proxy delegation request from client '").append(clientName).append("'").toString());
        String[] vOMSAttributes = GrDPX509Util.getVOMSAttributes(currentContext);
        if (str == null || str.length() == 0) {
            str = GrDPX509Util.genDlgID(clientName, vOMSAttributes);
        }
        try {
            if (this.storage.findGrDPStorageElement(str, clientName) == null) {
                logger.debug(new StringBuffer().append("Failed to renew credential as there was no DLG ID '").append(str).append("' for client '").append(clientName).append("'").toString());
            }
            return createAndStoreCertificateRequest(str, clientName, vOMSAttributes);
        } catch (GrDPStorageException e) {
            logger.error("Failure on storage interaction.", e);
            throw new DelegationException("Internal failure.");
        }
    }

    public void putProxy(String str, String str2) throws DelegationException {
        logger.info("Processing putProxy.");
        InitSecurityContext.init();
        SecurityContext currentContext = SecurityContext.getCurrentContext();
        if (currentContext == null) {
            logger.debug("Failed to get SecurityContext.");
            throw new DelegationException("Failed to get client security information.");
        }
        if (this.m_bad_config) {
            logger.error("Service is misconfigured. Stopping execution.");
            throw new DelegationException("Service is misconfigured.");
        }
        if (str2 == null) {
            logger.error("Failed to putProxy as proxy was null.");
            throw new DelegationException("No proxy was given.");
        }
        try {
            X509Certificate[] loadCertificateChain = GrDPX509Util.loadCertificateChain(str2.getBytes());
            if (loadCertificateChain == null || loadCertificateChain.length == 0) {
                logger.error("Failed to load proxy certificate chain - chain was null or size 0.");
                throw new DelegationException("Failed to load proxy certificate chain.");
            }
            logger.debug("Given proxy certificate loaded successfully.");
            try {
                loadCertificateChain[0].checkValidity();
                String obj = loadCertificateChain[0].getSubjectDN().toString();
                String name = loadCertificateChain[0].getIssuerDN().getName();
                logger.debug(new StringBuffer().append("Proxy Subject DN: ").append(obj).toString());
                logger.debug(new StringBuffer().append("Proxy Issuer DN: ").append(name).toString());
                if (obj == null || name == null) {
                    logger.error("Failed to get DN (subject or issuer) out of proxy. It came null");
                    throw new DelegationException("Failed to get DN (subject or issuer) out of proxy.");
                }
                String clientName = currentContext.getClientName();
                if (clientName == null) {
                    logger.error("Failed to get client DN. It came null");
                    throw new DelegationException("Failed to get client DN.");
                }
                logger.debug(new StringBuffer().append("Client DN: ").append(clientName).toString());
                String[] vOMSAttributes = GrDPX509Util.getVOMSAttributes(currentContext);
                String str3 = str;
                if (str3 == null || str3.length() == 0) {
                    str3 = GrDPX509Util.genDlgID(clientName, vOMSAttributes);
                }
                logger.debug(new StringBuffer().append("Delegation ID is '").append(str3).append("'").toString());
                if (!name.startsWith(clientName)) {
                    logger.error("Client is not issuer of given proxy.");
                    throw new DelegationException("Client and proxy issuer DNs do not match.");
                }
                try {
                    GrDPStorageCacheElement findGrDPStorageCacheElement = this.storage.findGrDPStorageCacheElement(str3, clientName);
                    if (findGrDPStorageCacheElement == null) {
                        logger.info(new StringBuffer().append("Could not find delegation ID '").append(str3).append("' for DN '").append(clientName).append("' in cache.").toString());
                        throw new DelegationException("Could not find a proper delegation request");
                    }
                    logger.debug(new StringBuffer().append("Got from cache element for DLG ID '").append(str3).append("' and DN '").append(clientName).append("'").toString());
                    String proxyWithPrivateKey = getProxyWithPrivateKey(loadCertificateChain, findGrDPStorageCacheElement.getPrivateKey());
                    if (proxyWithPrivateKey == null) {
                        logger.error("Failed to add private key to the proxy certificate chain.");
                        throw new DelegationException("Could not properly process given proxy.");
                    }
                    try {
                        GrDPStorageElement findGrDPStorageElement = this.storage.findGrDPStorageElement(str3, clientName);
                        if (findGrDPStorageElement != null) {
                            findGrDPStorageElement.setCertificate(proxyWithPrivateKey);
                            findGrDPStorageElement.setTerminationTime(loadCertificateChain[0].getNotAfter());
                            this.storage.updateGrDPStorageElement(findGrDPStorageElement);
                        } else {
                            GrDPStorageElement grDPStorageElement = new GrDPStorageElement();
                            grDPStorageElement.setDelegationID(str3);
                            grDPStorageElement.setDN(clientName);
                            grDPStorageElement.setVomsAttributes(vOMSAttributes);
                            grDPStorageElement.setCertificate(proxyWithPrivateKey);
                            grDPStorageElement.setTerminationTime(loadCertificateChain[0].getNotAfter());
                            this.storage.insertGrDPStorageElement(grDPStorageElement);
                        }
                        logger.debug("Delegation finished successfully.");
                    } catch (GrDPStorageException e) {
                        logger.error("Failed to put certificate request in storage.", e);
                        throw new DelegationException("Internal failure.");
                    }
                } catch (GrDPStorageException e2) {
                    logger.error("Failed to get certificate request information from storage.", e2);
                    throw new DelegationException("Internal failure.");
                }
            } catch (CertificateExpiredException e3) {
                throw new DelegationException("Failed proxy validation - it has expired.");
            } catch (CertificateNotYetValidException e4) {
                throw new DelegationException("Failed proxy validation - it is not yet valid.");
            }
        } catch (IOException e5) {
            logger.error("Failed to load proxy certificate chain: ", e5);
            throw new DelegationException("Failed to load proxy certificate chain.");
        } catch (GeneralSecurityException e6) {
            logger.error("Failed to load proxy certificate chain: ", e6);
            throw new DelegationException("Failed to load proxy certificate chain.");
        }
    }

    public void destroy(String str) throws DelegationException {
        logger.debug("Processing destroy.");
        String str2 = str;
        if (this.m_bad_config) {
            logger.error("Service is misconfigured. Stopping execution.");
            throw new DelegationException("Service is misconfigured.");
        }
        InitSecurityContext.init();
        SecurityContext currentContext = SecurityContext.getCurrentContext();
        if (currentContext == null) {
            logger.debug("Failed to get SecurityContext.");
            throw new DelegationException("Failed to get client security information.");
        }
        String clientName = currentContext.getClientName();
        if (clientName == null) {
            logger.error("Failed to get client DN.");
            throw new DelegationException("Failed to get client DN.");
        }
        logger.debug(new StringBuffer().append("Got destroy request for delegation id '").append(str2).append("' from client '").append(clientName).append("'").toString());
        String[] vOMSAttributes = GrDPX509Util.getVOMSAttributes(currentContext);
        if (str2 == null || str2.length() == 0) {
            str2 = GrDPX509Util.genDlgID(clientName, vOMSAttributes);
        }
        try {
            if (this.storage.findGrDPStorageElement(str2, clientName) == null) {
                logger.debug(new StringBuffer().append("Failed to find delegation ID '").append(str2).append("' for client '").append(clientName).append("' in storage.").toString());
                throw new DelegationException(new StringBuffer().append("Failed to find delegation ID '").append(str2).append("' in storage.").toString());
            }
            try {
                this.storage.deleteGrDPStorageCacheElement(str2, clientName);
                try {
                    this.storage.deleteGrDPStorageElement(str2, clientName);
                    logger.debug("Delegated credential destroyed.");
                } catch (GrDPStorageException e) {
                    logger.warn(new StringBuffer().append("Inconsistency needs manual intervention. Delegation ID '").append(str2).append(" of client '").append(clientName).append("' successfully removed from cache ").append("but could not be removed from storage.").toString());
                    throw new DelegationException("Failed to destroy delegated credential.");
                }
            } catch (GrDPStorageException e2) {
                logger.error("Failed to remove credential from storage cache.");
                throw new DelegationException("Failed to destroy delegated credential.");
            }
        } catch (GrDPStorageException e3) {
            logger.error("Failure on storage interaction. Exception: ", e3);
            throw new DelegationException("Internal failure.");
        }
    }

    public Calendar getTerminationTime(String str) throws DelegationException {
        logger.debug("Processing getTerminationTime.");
        String str2 = str;
        if (this.m_bad_config) {
            logger.error("Service is misconfigured. Stopping execution.");
            throw new DelegationException("Service is misconfigured.");
        }
        InitSecurityContext.init();
        SecurityContext currentContext = SecurityContext.getCurrentContext();
        if (currentContext == null) {
            logger.debug("Failed to get SecurityContext.");
            throw new DelegationException("Failed to get client security information.");
        }
        String clientName = currentContext.getClientName();
        if (clientName == null) {
            logger.error("Failed to get client DN.");
            throw new DelegationException("Failed to get client DN.");
        }
        logger.debug(new StringBuffer().append("Got getTerminationTime request for delegation id '").append(str2).append("' from client '").append(clientName).append("'").toString());
        String[] vOMSAttributes = GrDPX509Util.getVOMSAttributes(currentContext);
        if (str2 == null || str2.length() == 0) {
            str2 = GrDPX509Util.genDlgID(clientName, vOMSAttributes);
        }
        try {
            GrDPStorageElement findGrDPStorageElement = this.storage.findGrDPStorageElement(str2, clientName);
            if (findGrDPStorageElement == null) {
                logger.debug(new StringBuffer().append("Failed to find delegation ID '").append(str2).append("' for client '").append(clientName).append("' in storage.").toString());
                throw new DelegationException(new StringBuffer().append("Failed to find delegation ID '").append(str2).append("' in storage.").toString());
            }
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(findGrDPStorageElement.getTerminationTime());
            return calendar;
        } catch (GrDPStorageException e) {
            logger.error("Failure on storage interaction. Exception: ", e);
            throw new DelegationException("Internal failure.");
        }
    }

    private String createAndStoreCertificateRequest(String str, String str2, String[] strArr) throws DelegationException {
        KeyPair keyPair = GrDPX509Util.getKeyPair(this.keySize);
        String writePEM = GrDPX509Util.writePEM(PrivateKeyReader.getEncoded(keyPair.getPrivate()), new StringBuffer().append(GrDPConstants.PRVH).append(GrDPConstants.NEWLINE).toString(), new StringBuffer().append(GrDPConstants.PRVF).append(GrDPConstants.NEWLINE).toString());
        logger.debug("KeyPair generation was successfull.");
        try {
            String createCertificateRequest = GrDPX509Util.createCertificateRequest(new X509Name(str2), this.ENC_ALGORITHM, keyPair);
            logger.debug("Certificate request generation was successfull.");
            try {
                GrDPStorageCacheElement findGrDPStorageCacheElement = this.storage.findGrDPStorageCacheElement(str, str2);
                if (findGrDPStorageCacheElement != null) {
                    findGrDPStorageCacheElement.setCertificateRequest(createCertificateRequest);
                    findGrDPStorageCacheElement.setPrivateKey(writePEM);
                    findGrDPStorageCacheElement.setVomsAttributes(strArr);
                    this.storage.updateGrDPStorageCacheElement(findGrDPStorageCacheElement);
                } else {
                    GrDPStorageCacheElement grDPStorageCacheElement = new GrDPStorageCacheElement();
                    grDPStorageCacheElement.setDelegationID(str);
                    grDPStorageCacheElement.setDN(str2);
                    grDPStorageCacheElement.setVomsAttributes(strArr);
                    grDPStorageCacheElement.setCertificateRequest(createCertificateRequest);
                    grDPStorageCacheElement.setPrivateKey(writePEM);
                    this.storage.insertGrDPStorageCacheElement(grDPStorageCacheElement);
                }
                logger.debug("New certificate request successfully stored in cache.");
                return createCertificateRequest;
            } catch (GrDPStorageException e) {
                logger.error("Failed to put certificate request in storage.", e);
                throw new DelegationException("Internal failure.");
            }
        } catch (GeneralSecurityException e2) {
            logger.error(new StringBuffer().append("Error while generating the certificate request.").append(e2).toString());
            throw new DelegationException("Failed to generate a certificate request.");
        }
    }

    private String getProxyWithPrivateKey(X509Certificate[] x509CertificateArr, String str) {
        StringBuffer stringBuffer = new StringBuffer();
        try {
            stringBuffer.append(GrDPX509Util.writePEM(x509CertificateArr[0].getEncoded(), new StringBuffer().append(GrDPConstants.CH).append(GrDPConstants.NEWLINE).toString(), new StringBuffer().append(GrDPConstants.CF).append(GrDPConstants.NEWLINE).toString()));
            stringBuffer.append(str);
            for (int i = 1; i < x509CertificateArr.length; i++) {
                try {
                    stringBuffer.append(GrDPX509Util.writePEM(x509CertificateArr[i].getEncoded(), new StringBuffer().append(GrDPConstants.CH).append(GrDPConstants.NEWLINE).toString(), new StringBuffer().append(GrDPConstants.CF).append(GrDPConstants.NEWLINE).toString()));
                } catch (CertificateEncodingException e) {
                    logger.error("Failed to encode certificate in proxy chain.");
                    return null;
                }
            }
            return stringBuffer.toString();
        } catch (CertificateEncodingException e2) {
            logger.error("Failed to encode certificate in proxy chain.");
            return null;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$glite$security$delegation$impl$GliteDelegation == null) {
            cls = class$("org.glite.security.delegation.impl.GliteDelegation");
            class$org$glite$security$delegation$impl$GliteDelegation = cls;
        } else {
            cls = class$org$glite$security$delegation$impl$GliteDelegation;
        }
        logger = Logger.getLogger(cls);
    }
}
