package fr.in2p3.jsaga.adaptor.security;

import fr.in2p3.jsaga.adaptor.base.usage.UDuration;
import java.io.File;
import java.io.IOException;
import java.text.ParseException;
import java.util.Map;
import org.bouncycastle.openssl.PasswordFinder;
import org.globus.common.Version;
import org.globus.gsi.CredentialException;
import org.globus.gsi.GSIConstants;
import org.globus.gsi.X509Credential;
import org.globus.gsi.bc.BouncyCastleCertProcessingFactory;
import org.globus.gsi.gssapi.GlobusGSSCredentialImpl;
import org.globus.gsi.util.CertificateLoadUtil;
import org.globus.util.Util;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ogf.saga.error.BadParameterException;
import org.ogf.saga.error.IncorrectStateException;
import org.ogf.saga.error.NoSuccessException;

/* loaded from: input_file:fr/in2p3/jsaga/adaptor/security/GlobusProxyFactory.class */
public class GlobusProxyFactory {
    public static final int OID_OLD = 2;
    public static final int OID_GLOBUS = 3;
    public static final int OID_RFC3820 = 4;
    private static final int PROXY_BITS = 1024;
    private static final int DEFAULT_PROXY_LIFETIME = 43200;
    protected static final int CERTIFICATE_PEM = 0;
    protected static final int CERTIFICATE_PKCS12 = 1;
    private X509Credential m_userCredential;
    private String m_proxyFile;
    private int m_proxyLifetime;
    private GSIConstants.CertificateType m_proxyType;
    private String m_cadir;

    public GlobusProxyFactory(Map map, int i, int i2) throws BadParameterException, ParseException {
        char[] charArray;
        this.m_userCredential = null;
        this.m_proxyFile = "";
        this.m_proxyLifetime = CERTIFICATE_PEM;
        this.m_proxyType = null;
        this.m_cadir = null;
        String str = (String) map.get("UserPass");
        this.m_cadir = (String) map.get("CertRepository");
        this.m_proxyFile = (String) map.get("UserProxy");
        str = "".equals(str) ? CERTIFICATE_PEM : str;
        char[] charArray2 = str != null ? str.toCharArray() : CERTIFICATE_PEM;
        switch (i2) {
            case CERTIFICATE_PEM /* 0 */:
                String str2 = (String) map.get("UserCert");
                String str3 = (String) map.get("UserKey");
                try {
                    final char[] cArr = charArray2;
                    this.m_userCredential = new X509Credential(CertificateLoadUtil.loadPrivateKey(str3, new PasswordFinder() { // from class: fr.in2p3.jsaga.adaptor.security.GlobusProxyFactory.1
                        public char[] getPassword() {
                            return cArr;
                        }
                    }), CertificateLoadUtil.loadCertificates(str2));
                    break;
                } catch (Exception e) {
                    throw new BadParameterException("Unable to load the provided pems files (cert: '" + str2 + "', key: '" + str3, e);
                }
            case CERTIFICATE_PKCS12 /* 1 */:
                String str4 = (String) map.get(GlobusContext.USERCERTKEY);
                if (str != null) {
                    try {
                        charArray = str.toCharArray();
                    } catch (Exception e2) {
                        throw new BadParameterException("Unable to load the provided pkcs12 file (" + str4 + ")");
                    }
                } else {
                    charArray = null;
                }
                this.m_userCredential = CertificateLoadUtil.loadKeystore(str4, charArray, (char[]) null, (String) null, "PKCS12");
                break;
            default:
                throw new BadParameterException("Invalid case, either PEM or PKCS12 certificates is supported");
        }
        if (map.containsKey("LifeTime")) {
            this.m_proxyLifetime = UDuration.toInt(map.get("LifeTime"));
        } else {
            this.m_proxyLifetime = DEFAULT_PROXY_LIFETIME;
        }
        boolean equalsIgnoreCase = map.containsKey(GlobusContext.DELEGATION) ? ((String) map.get(GlobusContext.DELEGATION)).equalsIgnoreCase("limited") : CERTIFICATE_PEM;
        switch (i) {
            case OID_OLD /* 2 */:
                this.m_proxyType = equalsIgnoreCase ? GSIConstants.CertificateType.GSI_2_LIMITED_PROXY : GSIConstants.CertificateType.GSI_2_PROXY;
                return;
            case OID_GLOBUS /* 3 */:
                this.m_proxyType = equalsIgnoreCase ? GSIConstants.CertificateType.GSI_3_LIMITED_PROXY : GSIConstants.CertificateType.GSI_3_IMPERSONATION_PROXY;
                return;
            case OID_RFC3820 /* 4 */:
                this.m_proxyType = equalsIgnoreCase ? GSIConstants.CertificateType.GSI_4_LIMITED_PROXY : GSIConstants.CertificateType.GSI_4_IMPERSONATION_PROXY;
                return;
            default:
                return;
        }
    }

    public GSSCredential createProxy() throws IncorrectStateException, NoSuccessException {
        try {
            X509Credential createCredential = BouncyCastleCertProcessingFactory.getDefault().createCredential(this.m_userCredential.getCertificateChain(), this.m_userCredential.getPrivateKey(), PROXY_BITS, this.m_proxyLifetime, this.m_proxyType);
            try {
                createCredential.verify(this.m_cadir);
                try {
                    GlobusGSSCredentialImpl globusGSSCredentialImpl = new GlobusGSSCredentialImpl(createCredential, CERTIFICATE_PKCS12);
                    createCredential.writeToFile(new File(this.m_proxyFile));
                    Util.setFilePermissions(this.m_proxyFile, 600);
                    return globusGSSCredentialImpl;
                } catch (GSSException e) {
                    throw new NoSuccessException("Proxy convertion failed", e);
                } catch (CredentialException e2) {
                    throw new NoSuccessException("Unable to save the generated proxy in '" + this.m_proxyFile + "'", e2);
                } catch (IOException e3) {
                    throw new NoSuccessException("Unable to save the generated proxy in '" + this.m_proxyFile + "'", e3);
                }
            } catch (CredentialException e4) {
                if (createCredential.getTimeLeft() < 0) {
                    throw new IncorrectStateException("Your certificate is expired", e4);
                }
                throw new NoSuccessException("Proxy verification failed", e4);
            }
        } catch (Exception e5) {
            throw new NoSuccessException("Unable to generate the user proxy", e5);
        }
    }

    public String getVersion() {
        return Version.getVersion();
    }
}
