package fr.in2p3.jsaga.adaptor.security;

import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.impl.KeyAndCertCredential;
import eu.emi.security.authn.x509.proxy.ProxyCertificate;
import eu.emi.security.authn.x509.proxy.ProxyCertificateOptions;
import eu.emi.security.authn.x509.proxy.ProxyGenerator;
import eu.emi.security.authn.x509.proxy.ProxyPolicy;
import eu.emi.security.authn.x509.proxy.ProxyType;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CertificateParsingException;
import java.util.ArrayList;
import java.util.List;
import org.bouncycastle.asn1.x509.AttributeCertificate;
import org.globus.gsi.CredentialException;
import org.italiangrid.voms.VOMSError;
import org.italiangrid.voms.request.VOMSACRequest;
import org.italiangrid.voms.request.VOMSESLookupStrategy;
import org.italiangrid.voms.request.VOMSRequestListener;
import org.italiangrid.voms.request.VOMSResponse;
import org.italiangrid.voms.request.VOMSServerInfo;
import org.italiangrid.voms.request.impl.BaseVOMSESLookupStrategy;
import org.italiangrid.voms.request.impl.DefaultVOMSACService;
import org.italiangrid.voms.request.impl.DefaultVOMSServerInfoStore;
import org.italiangrid.voms.request.impl.LegacyProtocol;
import org.italiangrid.voms.request.impl.RESTProtocol;
import org.italiangrid.voms.util.CertificateValidatorBuilder;
import org.italiangrid.voms.util.NullListener;

/* loaded from: input_file:fr/in2p3/jsaga/adaptor/security/JSAGAVOMSACProxy.class */
public class JSAGAVOMSACProxy extends DefaultVOMSACService {
    private int proxyLifetime;
    private int proxyKeyLength;
    private boolean proxyLimited;
    private ProxyType proxyType;
    private ProxyPolicy proxyPolicy;
    private static final VOMSESLookupStrategy vomsesLookupStrategy = new BaseVOMSESLookupStrategy(new ArrayList());

    /* loaded from: input_file:fr/in2p3/jsaga/adaptor/security/JSAGAVOMSACProxy$VOMSException.class */
    public static class VOMSException extends Throwable {
        private static final long serialVersionUID = 1;

        public VOMSException() {
        }

        public VOMSException(String str) {
            super(str);
        }

        public VOMSException(String str, Throwable th) {
            super(str, th);
        }
    }

    public JSAGAVOMSACProxy(String str, VOMSRequestListener vOMSRequestListener) {
        super(new DefaultVOMSACService.Builder(CertificateValidatorBuilder.buildCertificateValidator(str)).requestListener(vOMSRequestListener));
        this.proxyLifetime = 86400;
        this.proxyKeyLength = 1024;
        this.proxyLimited = false;
        this.proxyType = ProxyType.LEGACY;
        this.proxyPolicy = null;
        this.serverInfoStore = new DefaultVOMSServerInfoStore.Builder().lookupStrategy(vomsesLookupStrategy).storeListener(NullListener.INSTANCE).vomsesPaths((List) null).build();
        this.httpProtocol = new RESTProtocol(this.validator, this.protocolListener, 2000, 5000) { // from class: fr.in2p3.jsaga.adaptor.security.JSAGAVOMSACProxy.1
            public VOMSResponse doRequest(VOMSServerInfo vOMSServerInfo, X509Credential x509Credential, VOMSACRequest vOMSACRequest) {
                try {
                    return super.doRequest(vOMSServerInfo, x509Credential, vOMSACRequest);
                } catch (VOMSError e) {
                    if ("Unexpected end of file from server".equals(e.getMessage())) {
                        return null;
                    }
                    throw e;
                }
            }
        };
        this.legacyProtocol = new LegacyProtocol(this.validator, this.protocolListener, 2000, 5000);
    }

    public void addVOMSServerInfo(VOMSServerInfo vOMSServerInfo) {
        this.serverInfoStore.addVOMSServerInfo(vOMSServerInfo);
    }

    public org.globus.gsi.X509Credential getVOMSProxyCertificate(org.globus.gsi.X509Credential x509Credential, VOMSACRequest vOMSACRequest) throws CredentialException, VOMSException {
        try {
            KeyAndCertCredential keyAndCertCredential = new KeyAndCertCredential(x509Credential.getPrivateKey(), x509Credential.getCertificateChain());
            AttributeCertificate attributeCertificate = null;
            if (vOMSACRequest != null) {
                attributeCertificate = getVOMSAttributeCertificate(keyAndCertCredential, vOMSACRequest);
                if (attributeCertificate == null) {
                    throw new VOMSException("Unable to get a single requested VOMSAttribute");
                }
            }
            ProxyCertificateOptions proxyCertificateOptions = new ProxyCertificateOptions(keyAndCertCredential.getCertificateChain());
            if (attributeCertificate != null) {
                proxyCertificateOptions.setAttributeCertificates(new AttributeCertificate[]{attributeCertificate});
            }
            proxyCertificateOptions.setKeyLength(this.proxyKeyLength);
            proxyCertificateOptions.setLifetime(this.proxyLifetime);
            proxyCertificateOptions.setType(this.proxyType);
            proxyCertificateOptions.setLimited(this.proxyLimited);
            if (this.proxyPolicy != null) {
                proxyCertificateOptions.setPolicy(this.proxyPolicy);
            }
            try {
                ProxyCertificate generate = ProxyGenerator.generate(proxyCertificateOptions, keyAndCertCredential.getKey());
                return new org.globus.gsi.X509Credential(generate.getPrivateKey(), generate.getCertificateChain());
            } catch (InvalidKeyException e) {
                throw new CredentialException(e);
            } catch (NoSuchAlgorithmException e2) {
                throw new CredentialException(e2);
            } catch (SignatureException e3) {
                throw new CredentialException(e3);
            } catch (CertificateParsingException e4) {
                throw new CredentialException(e4);
            }
        } catch (KeyStoreException e5) {
            throw new CredentialException(e5);
        }
    }

    public int getProxyKeyLength() {
        return this.proxyKeyLength;
    }

    public void setProxyKeyLength(int i) {
        this.proxyKeyLength = i;
    }

    public int getProxyLifetime() {
        return this.proxyLifetime;
    }

    public void setProxyLifetime(int i) {
        this.proxyLifetime = i;
    }

    public boolean isProxyLimited() {
        return this.proxyLimited;
    }

    public void setProxyLimited(boolean z) {
        this.proxyLimited = z;
    }

    public ProxyType getProxyType() {
        return this.proxyType;
    }

    public void setProxyType(ProxyType proxyType) {
        this.proxyType = proxyType;
    }

    public ProxyPolicy getProxyPolicy() {
        return this.proxyPolicy;
    }

    public void setProxyPolicy(ProxyPolicy proxyPolicy) {
        this.proxyPolicy = proxyPolicy;
    }
}
