package fr.in2p3.jsaga.adaptor.security;

import eu.emi.security.authn.x509.proxy.ProxyPolicy;
import eu.emi.security.authn.x509.proxy.ProxyType;
import fr.in2p3.jsaga.adaptor.base.usage.UDuration;
import fr.in2p3.jsaga.adaptor.security.JSAGAVOMSACProxy;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import org.apache.log4j.Logger;
import org.bouncycastle.openssl.PasswordFinder;
import org.globus.gsi.CredentialException;
import org.globus.gsi.GSIConstants;
import org.globus.gsi.X509Credential;
import org.globus.gsi.gssapi.GlobusGSSCredentialImpl;
import org.globus.gsi.util.CertificateLoadUtil;
import org.globus.util.Util;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.italiangrid.voms.VOMSAttribute;
import org.italiangrid.voms.VOMSValidators;
import org.italiangrid.voms.request.VOMSACRequest;
import org.italiangrid.voms.request.VOMSErrorMessage;
import org.italiangrid.voms.request.VOMSRequestListener;
import org.italiangrid.voms.request.VOMSServerInfo;
import org.italiangrid.voms.request.VOMSWarningMessage;
import org.italiangrid.voms.request.impl.DefaultVOMSACRequest;
import org.italiangrid.voms.request.impl.DefaultVOMSServerInfo;
import org.italiangrid.voms.store.impl.DefaultVOMSTrustStore;
import org.italiangrid.voms.util.CertificateValidatorBuilder;
import org.ogf.saga.error.BadParameterException;
import org.ogf.saga.error.NoSuccessException;

/* loaded from: input_file:fr/in2p3/jsaga/adaptor/security/VOMSProxyFactory.class */
public class VOMSProxyFactory {
    private static final Logger logger = Logger.getLogger(VOMSProxyFactory.class);
    public static final int CERTIFICATE_PEM = 0;
    public static final int CERTIFICATE_PKCS12 = 1;
    public static final String DEFAULTLIFE_TIME = "PT12H";
    private JSAGAVOMSACProxy m_jsagaVomsACProxy;
    private DefaultVOMSACRequest m_vomsACRequest;
    private X509Credential m_userCredential;
    private final String m_userProxyFile;
    private final String vomsdir;
    private final String cadir;
    private static /* synthetic */ int[] $SWITCH_TABLE$org$globus$gsi$GSIConstants$DelegationType;

    public VOMSProxyFactory(Map map, int i) throws BadParameterException, ParseException, URISyntaxException {
        this(map, i, null);
    }

    public VOMSProxyFactory(Map map, GSSCredential gSSCredential) throws BadParameterException, ParseException, URISyntaxException {
        this(map, 0, gSSCredential);
    }

    private VOMSProxyFactory(Map map, int i, GSSCredential gSSCredential) throws BadParameterException, ParseException, URISyntaxException {
        char[] charArray;
        this.cadir = (String) map.get("CertRepository");
        this.vomsdir = (String) map.get(VOMSContext.VOMSDIR);
        URI uri = new URI(((String) map.get("Server")).replaceAll(" ", "%20"));
        if (uri.getHost() == null) {
            throw new BadParameterException("Attribute Server has no host name: " + uri.toString());
        }
        VOMSServerInfo defaultVOMSServerInfo = new DefaultVOMSServerInfo();
        defaultVOMSServerInfo.setURL(uri);
        defaultVOMSServerInfo.setVOMSServerDN(uri.getPath());
        defaultVOMSServerInfo.setVoName((String) map.get("UserVO"));
        this.m_jsagaVomsACProxy = new JSAGAVOMSACProxy(this.cadir, new VOMSRequestListener() { // from class: fr.in2p3.jsaga.adaptor.security.VOMSProxyFactory.1
            public void notifyWarningsInVOMSResponse(VOMSACRequest vOMSACRequest, VOMSServerInfo vOMSServerInfo, VOMSWarningMessage[] vOMSWarningMessageArr) {
                VOMSProxyFactory.logger.warn("Warnings In VOMS Response : \n\t- req:" + Arrays.toString(vOMSACRequest.getRequestedFQANs().toArray()) + "\n\t- si: " + vOMSServerInfo + "\n\t- warnings: " + Arrays.toString(vOMSWarningMessageArr));
            }

            public void notifyVOMSRequestSuccess(VOMSACRequest vOMSACRequest, VOMSServerInfo vOMSServerInfo) {
                VOMSProxyFactory.logger.info("VOMS Request Success : \n\t- req:" + Arrays.toString(vOMSACRequest.getRequestedFQANs().toArray()) + "\n\t- endpoint: " + vOMSServerInfo);
            }

            public void notifyVOMSRequestStart(VOMSACRequest vOMSACRequest, VOMSServerInfo vOMSServerInfo) {
                VOMSProxyFactory.logger.info("VOMS Request Start : \n\t- req:" + Arrays.toString(vOMSACRequest.getRequestedFQANs().toArray()) + "\n\t- si: " + vOMSServerInfo);
            }

            public void notifyVOMSRequestFailure(VOMSACRequest vOMSACRequest, VOMSServerInfo vOMSServerInfo, Throwable th) {
                VOMSProxyFactory.logger.error("Errors In VOMS Reponse : \n\t- req:" + Arrays.toString(vOMSACRequest.getRequestedFQANs().toArray()) + "\n\t- endpoint: " + vOMSServerInfo + "\n\t- errors: " + th.getMessage());
            }

            public void notifyErrorsInVOMSReponse(VOMSACRequest vOMSACRequest, VOMSServerInfo vOMSServerInfo, VOMSErrorMessage[] vOMSErrorMessageArr) {
                VOMSProxyFactory.logger.error("Errors In VOMS Reponse : \n\t- req:" + Arrays.toString(vOMSACRequest.getRequestedFQANs().toArray()) + "\n\t- si: " + vOMSServerInfo + "\n\t- errors: " + Arrays.toString(vOMSErrorMessageArr));
            }
        });
        if (gSSCredential == null) {
            String str = (String) map.get("UserPass");
            str = "".equals(str) ? null : str;
            char[] charArray2 = str != null ? str.toCharArray() : null;
            switch (i) {
                case CERTIFICATE_PEM /* 0 */:
                    String str2 = (String) map.get("UserCert");
                    String str3 = (String) map.get("UserKey");
                    try {
                        final char[] cArr = charArray2;
                        this.m_userCredential = new X509Credential(CertificateLoadUtil.loadPrivateKey(str3, new PasswordFinder() { // from class: fr.in2p3.jsaga.adaptor.security.VOMSProxyFactory.2
                            public char[] getPassword() {
                                return cArr;
                            }
                        }), CertificateLoadUtil.loadCertificates(str2));
                        break;
                    } catch (Exception e) {
                        throw new BadParameterException("Unable to load the provided pems files (cert: '" + str2 + "', key: '" + str3, e);
                    }
                case CERTIFICATE_PKCS12 /* 1 */:
                    String str4 = (String) map.get(VOMSContext.USERCERTKEY);
                    if (str != null) {
                        try {
                            charArray = str.toCharArray();
                        } catch (Exception e2) {
                            throw new BadParameterException("Unable to load the provided pkcs12 file (" + str4 + ")");
                        }
                    } else {
                        charArray = null;
                    }
                    this.m_userCredential = CertificateLoadUtil.loadKeystore(str4, charArray, (char[]) null, (String) null, "PKCS12");
                    break;
                default:
                    throw new BadParameterException("Invalid case, either PEM or PKCS12 certificates is supported");
            }
        } else {
            if (!(gSSCredential instanceof GlobusGSSCredentialImpl)) {
                throw new BadParameterException("Not a globus proxy");
            }
            this.m_userCredential = ((GlobusGSSCredentialImpl) gSSCredential).getX509Credential();
        }
        this.m_jsagaVomsACProxy.addVOMSServerInfo(defaultVOMSServerInfo);
        this.m_userProxyFile = (String) map.get("UserProxy");
        DefaultVOMSACRequest.Builder builder = new DefaultVOMSACRequest.Builder((String) map.get("UserVO"));
        if (map.containsKey(VOMSContext.USERFQAN)) {
            ArrayList arrayList = new ArrayList();
            arrayList.add((String) map.get(VOMSContext.USERFQAN));
            builder.fqans(arrayList);
        }
        int i2 = map.containsKey("LifeTime") ? UDuration.toInt(map.get("LifeTime")) : UDuration.toInt(DEFAULTLIFE_TIME);
        this.m_jsagaVomsACProxy.setProxyLifetime(i2);
        builder.lifetime(i2);
        this.m_vomsACRequest = builder.build();
        GSIConstants.DelegationType delegationType = GSIConstants.DelegationType.NONE;
        if (map.containsKey(VOMSContext.DELEGATION)) {
            String str5 = (String) map.get(VOMSContext.DELEGATION);
            if (str5.equalsIgnoreCase("none")) {
                delegationType = GSIConstants.DelegationType.NONE;
            } else if (str5.equalsIgnoreCase("limited")) {
                delegationType = GSIConstants.DelegationType.LIMITED;
            } else if (str5.equalsIgnoreCase("full")) {
                delegationType = GSIConstants.DelegationType.FULL;
            }
        }
        if (map.containsKey(VOMSContext.PROXYTYPE)) {
            String str6 = (String) map.get(VOMSContext.PROXYTYPE);
            if (str6.equalsIgnoreCase("old")) {
                switch ($SWITCH_TABLE$org$globus$gsi$GSIConstants$DelegationType()[delegationType.ordinal()]) {
                    case CERTIFICATE_PKCS12 /* 1 */:
                    case 3:
                        this.m_jsagaVomsACProxy.setProxyType(ProxyType.LEGACY);
                        this.m_jsagaVomsACProxy.setProxyLimited(false);
                        return;
                    case 2:
                        this.m_jsagaVomsACProxy.setProxyType(ProxyType.LEGACY);
                        this.m_jsagaVomsACProxy.setProxyLimited(true);
                        return;
                    default:
                        return;
                }
            }
            if (str6.equalsIgnoreCase("globus")) {
                switch ($SWITCH_TABLE$org$globus$gsi$GSIConstants$DelegationType()[delegationType.ordinal()]) {
                    case CERTIFICATE_PKCS12 /* 1 */:
                        this.m_jsagaVomsACProxy.setProxyType(ProxyType.DRAFT_RFC);
                        this.m_jsagaVomsACProxy.setProxyPolicy(new ProxyPolicy("1.3.6.1.5.5.7.21.2"));
                        return;
                    case 2:
                        this.m_jsagaVomsACProxy.setProxyType(ProxyType.DRAFT_RFC);
                        this.m_jsagaVomsACProxy.setProxyPolicy(new ProxyPolicy("1.3.6.1.4.1.3536.1.1.1.9"));
                        return;
                    case 3:
                        this.m_jsagaVomsACProxy.setProxyType(ProxyType.DRAFT_RFC);
                        this.m_jsagaVomsACProxy.setProxyPolicy(new ProxyPolicy("1.3.6.1.5.5.7.21.1"));
                        return;
                    default:
                        return;
                }
            }
            if (str6.equalsIgnoreCase("RFC3820")) {
                switch ($SWITCH_TABLE$org$globus$gsi$GSIConstants$DelegationType()[delegationType.ordinal()]) {
                    case CERTIFICATE_PKCS12 /* 1 */:
                        this.m_jsagaVomsACProxy.setProxyType(ProxyType.RFC3820);
                        this.m_jsagaVomsACProxy.setProxyLimited(true);
                        this.m_jsagaVomsACProxy.setProxyPolicy(new ProxyPolicy("1.3.6.1.5.5.7.21.2"));
                        return;
                    case 2:
                        this.m_jsagaVomsACProxy.setProxyType(ProxyType.RFC3820);
                        this.m_jsagaVomsACProxy.setProxyPolicy(new ProxyPolicy("1.3.6.1.4.1.3536.1.1.1.9"));
                        return;
                    case 3:
                        this.m_jsagaVomsACProxy.setProxyType(ProxyType.RFC3820);
                        this.m_jsagaVomsACProxy.setProxyPolicy(new ProxyPolicy("1.3.6.1.5.5.7.21.1"));
                        return;
                    default:
                        return;
                }
            }
        }
    }

    public GSSCredential createProxy() throws GSSException, BadParameterException, NoSuccessException, JSAGAVOMSACProxy.VOMSException {
        X509Credential vOMSProxyCertificate;
        if ("NOVO".equals(this.m_vomsACRequest.getVoName())) {
            try {
                vOMSProxyCertificate = this.m_jsagaVomsACProxy.getVOMSProxyCertificate(this.m_userCredential, null);
            } catch (CredentialException e) {
                throw new NoSuccessException("Unable to generate the requested Grid proxy (NOVO)", e);
            }
        } else {
            try {
                vOMSProxyCertificate = this.m_jsagaVomsACProxy.getVOMSProxyCertificate(this.m_userCredential, this.m_vomsACRequest);
                ArrayList arrayList = new ArrayList();
                arrayList.add(this.vomsdir);
                List parse = VOMSValidators.newValidator(new DefaultVOMSTrustStore(arrayList), CertificateValidatorBuilder.buildCertificateValidator(this.cadir)).parse(vOMSProxyCertificate.getCertificateChain());
                for (int i = 0; i < parse.size(); i++) {
                    VOMSAttribute vOMSAttribute = (VOMSAttribute) parse.get(i);
                    if (!vOMSAttribute.getVO().equals(this.m_vomsACRequest.getVoName())) {
                        throw new NoSuccessException("The VO name of the created VOMS proxy ('" + vOMSAttribute.getVO() + "') does not match with the required VO name ('" + this.m_vomsACRequest.getVoName() + "').");
                    }
                }
                try {
                    FileOutputStream fileOutputStream = new FileOutputStream(this.m_userProxyFile);
                    try {
                        vOMSProxyCertificate.save(fileOutputStream);
                        Util.setFilePermissions(this.m_userProxyFile, 600);
                    } finally {
                        try {
                            fileOutputStream.close();
                        } catch (IOException e2) {
                        }
                    }
                } catch (Exception e3) {
                    throw new NoSuccessException("Unable to save the generated VOMS proxy in '" + this.m_userProxyFile + "'", e3);
                }
            } catch (CredentialException e4) {
                throw new NoSuccessException("Unable to generate the requested VOMS proxy", e4);
            }
        }
        return new GlobusGSSCredentialImpl(vOMSProxyCertificate, 0);
    }

    static /* synthetic */ int[] $SWITCH_TABLE$org$globus$gsi$GSIConstants$DelegationType() {
        int[] iArr = $SWITCH_TABLE$org$globus$gsi$GSIConstants$DelegationType;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[GSIConstants.DelegationType.values().length];
        try {
            iArr2[GSIConstants.DelegationType.FULL.ordinal()] = 3;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[GSIConstants.DelegationType.LIMITED.ordinal()] = 2;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[GSIConstants.DelegationType.NONE.ordinal()] = 1;
        } catch (NoSuchFieldError unused3) {
        }
        $SWITCH_TABLE$org$globus$gsi$GSIConstants$DelegationType = iArr2;
        return iArr2;
    }
}
