package org.gcube.vomanagement.vomsapi.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.Vector;
import javax.security.auth.Subject;
import javax.xml.rpc.handler.MessageContext;
import org.apache.log4j.Logger;
import org.gcube.common.core.security.utils.ProxyUtil;
import org.glite.security.util.FileCertReader;
import org.glite.security.voms.BasicVOMSTrustStore;
import org.glite.security.voms.FQAN;
import org.glite.security.voms.VOMSAttribute;
import org.glite.security.voms.VOMSValidator;
import org.globus.gsi.gssapi.GSSConstants;
import org.gridforum.jgss.ExtendedGSSContext;
import org.gridforum.jgss.ExtendedGSSCredential;
import org.ietf.jgss.GSSException;

/* loaded from: input_file:org/gcube/vomanagement/vomsapi/util/VOMSAttributesReader.class */
public class VOMSAttributesReader {
    private static Logger logger = Logger.getLogger(VOMSAttributesReader.class);
    private static final String PROPERTIES_FILE = "VOMSAttributeReader.properties";
    public static final String DEFAULT_TRUST_STORE_LISTING = "/etc/grid-security/vomsdir/*.pem";
    public static final long REFRESH_PERIOD = 0;
    private String defaultTrustStoreListing;
    private long refreshPeriod;
    private VOMSValidator validator;
    private VOMSAttribute[] vomsAttributes;

    protected VOMSAttributesReader() throws IOException {
        this.defaultTrustStoreListing = DEFAULT_TRUST_STORE_LISTING;
        this.refreshPeriod = 0L;
        this.vomsAttributes = new VOMSAttribute[0];
        InputStream resourceAsStream = ClassLoader.getSystemClassLoader().getResourceAsStream(PROPERTIES_FILE);
        if (resourceAsStream != null) {
            Properties properties = new Properties();
            properties.load(resourceAsStream);
            resourceAsStream.close();
            Set keySet = properties.keySet();
            if (keySet.contains("DEFAULT_TRUST_STORE_LISTING")) {
                this.defaultTrustStoreListing = properties.getProperty("DEFAULT_TRUST_STORE_LISTING");
            }
            if (keySet.contains("REFRESH_PERIOD")) {
                this.refreshPeriod = Long.parseLong(properties.getProperty("REFRESH_PERIOD"));
            }
        }
    }

    public VOMSAttributesReader(X509Certificate[] x509CertificateArr) throws Exception, IOException {
        this();
        extractVOMSAttributes(x509CertificateArr, this.defaultTrustStoreListing, this.refreshPeriod);
    }

    public VOMSAttributesReader(X509Certificate[] x509CertificateArr, String str, long j) throws Exception {
        this.defaultTrustStoreListing = DEFAULT_TRUST_STORE_LISTING;
        this.refreshPeriod = 0L;
        this.vomsAttributes = new VOMSAttribute[0];
        extractVOMSAttributes(x509CertificateArr, str, j);
    }

    public VOMSAttributesReader(String str) throws Exception, IOException {
        this();
        init(str, this.defaultTrustStoreListing, this.refreshPeriod);
    }

    public VOMSAttributesReader(String str, String str2, long j) throws Exception {
        this.defaultTrustStoreListing = DEFAULT_TRUST_STORE_LISTING;
        this.refreshPeriod = 0L;
        this.vomsAttributes = new VOMSAttribute[0];
        init(str, str2, j);
    }

    public VOMSAttributesReader(Subject subject, MessageContext messageContext) throws Exception, IOException {
        this();
        init(subject, messageContext, this.defaultTrustStoreListing, this.refreshPeriod);
    }

    public VOMSAttributesReader(Subject subject, MessageContext messageContext, String str, long j) throws Exception {
        this.defaultTrustStoreListing = DEFAULT_TRUST_STORE_LISTING;
        this.refreshPeriod = 0L;
        this.vomsAttributes = new VOMSAttribute[0];
        init(subject, messageContext, str, j);
    }

    public VOMSAttributesReader(ExtendedGSSCredential extendedGSSCredential) throws Exception, GSSException, CertificateException, IOException {
        this();
        init(extendedGSSCredential, this.defaultTrustStoreListing, this.refreshPeriod);
    }

    public VOMSAttributesReader(ExtendedGSSCredential extendedGSSCredential, String str, long j) throws Exception, GSSException, CertificateException, IOException {
        this.defaultTrustStoreListing = DEFAULT_TRUST_STORE_LISTING;
        this.refreshPeriod = 0L;
        this.vomsAttributes = new VOMSAttribute[0];
        init(extendedGSSCredential, str, j);
    }

    private void extractVOMSAttributes(X509Certificate[] x509CertificateArr, String str, long j) throws Exception {
        X509Certificate[] orderChain = ProxyUtil.orderChain(x509CertificateArr);
        String str2 = "Certificates to parse: \n";
        int i = 0;
        for (X509Certificate x509Certificate : orderChain) {
            str2 = str2 + "\nCertificate number " + i + ":\n" + x509Certificate + "\n\n";
            i++;
        }
        logger.debug(str2);
        try {
            VOMSValidator.setTrustStore(new BasicVOMSTrustStore(str, j));
            this.vomsAttributes = (VOMSAttribute[]) new VOMSValidator(orderChain).validate().getVOMSAttributes().toArray(new VOMSAttribute[0]);
            String str3 = "Attributes found: ";
            for (VOMSAttribute vOMSAttribute : this.vomsAttributes) {
                str3 = str3 + vOMSAttribute + "\n";
            }
            logger.debug(str3);
        } catch (Exception e) {
            logger.error("Problems in reading VOMS Attributes information from the certificate chain", e);
            throw new Exception("Problems in reading VOMS Attributes information from the certificate chain", e);
        }
    }

    private void init(String str, String str2, long j) throws Exception {
        try {
            Vector readCerts = new FileCertReader().readCerts(str);
            if (readCerts.size() > 0) {
                X509Certificate[] x509CertificateArr = new X509Certificate[readCerts.size()];
                for (int i = 0; i < readCerts.size(); i++) {
                    x509CertificateArr[i] = (X509Certificate) readCerts.get(i);
                }
                extractVOMSAttributes(x509CertificateArr, str2, j);
            }
        } catch (Exception e) {
            logger.error("Error in reading the certificate file", e);
            throw new Exception("Error in reading the certificate file", e);
        }
    }

    private void init(Subject subject, MessageContext messageContext, String str, long j) throws Exception {
        ExtendedGSSContext extendedGSSContext;
        X509Certificate[] x509CertificateArr = null;
        org.apache.axis.MessageContext messageContext2 = (org.apache.axis.MessageContext) messageContext;
        Iterator<Object> it = subject.getPublicCredentials().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            if (next instanceof X509Certificate[]) {
                x509CertificateArr = (X509Certificate[]) next;
                break;
            }
        }
        if (x509CertificateArr == null && (extendedGSSContext = (ExtendedGSSContext) messageContext2.getProperty("org.globus.security.transport.context")) != null) {
            try {
                Object inquireByOid = extendedGSSContext.inquireByOid(GSSConstants.X509_CERT_CHAIN);
                if (inquireByOid instanceof X509Certificate[]) {
                    x509CertificateArr = (X509Certificate[]) inquireByOid;
                }
            } catch (GSSException e) {
                logger.error("Cannot get peerSubject credentials", e);
                throw new Exception("Cannot get peerSubject credentials", e);
            }
        }
        if (x509CertificateArr == null) {
            logger.error("Cannot get peerSubject credentials");
            throw new Exception("Cannot get peerSubject credentials");
        }
        extractVOMSAttributes(x509CertificateArr, str, j);
    }

    private void init(ExtendedGSSCredential extendedGSSCredential, String str, long j) throws GSSException, CertificateException, Exception {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(extendedGSSCredential.export(0));
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ArrayList arrayList = new ArrayList();
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
        arrayList.add(x509Certificate);
        logger.debug("Added certificate to the chain for DN: " + x509Certificate.getSubjectDN().getName());
        String str2 = "";
        do {
            int read = byteArrayInputStream.read();
            if (read == -1) {
                break;
            } else {
                str2 = str2 + ((char) read);
            }
        } while (!str2.endsWith("-----END RSA PRIVATE KEY-----"));
        byteArrayInputStream.read();
        while (true) {
            try {
                X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                arrayList.add(x509Certificate2);
                logger.debug("Added certificate to the chain for DN: " + x509Certificate2.getSubjectDN().getName());
            } catch (Exception e) {
                logger.error("Certificate chain is composed by " + arrayList.size() + " certificates\n");
                extractVOMSAttributes((X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]), str, j);
                return;
            }
        }
    }

    public String[] getRoles(String str) {
        HashSet hashSet = new HashSet();
        for (int i = 0; i < this.vomsAttributes.length; i++) {
            List fullyQualifiedAttributes = this.vomsAttributes[i].getFullyQualifiedAttributes();
            if (!fullyQualifiedAttributes.isEmpty()) {
                Iterator it = fullyQualifiedAttributes.iterator();
                while (it.hasNext()) {
                    FQAN fqan = new FQAN((String) it.next());
                    if (fqan.getGroup().equals(str) && !fqan.getRole().equals("NULL")) {
                        hashSet.add(fqan.getRole());
                    }
                }
            }
        }
        return (String[]) hashSet.toArray(new String[0]);
    }

    public String getParentGroup(String str) {
        return str.substring(0, str.lastIndexOf("/"));
    }

    public String[] getChildGroups(String str) {
        Vector vector = new Vector();
        String[] groups = getGroups(getRootGroup(str));
        int i = 0;
        for (int i2 = 0; i2 < groups.length; i2++) {
            if (groups[i2].matches(str + "/[^/]+")) {
                vector.add(groups[i2]);
                i++;
            }
        }
        return (String[]) vector.toArray(new String[0]);
    }

    public boolean hasRole(String str, String str2) {
        boolean z = false;
        for (int i = 0; i < this.vomsAttributes.length; i++) {
            List fullyQualifiedAttributes = this.vomsAttributes[i].getFullyQualifiedAttributes();
            if (!fullyQualifiedAttributes.isEmpty()) {
                Iterator it = fullyQualifiedAttributes.iterator();
                while (it.hasNext()) {
                    FQAN fqan = new FQAN((String) it.next());
                    String group = fqan.getGroup();
                    String role = fqan.getRole();
                    if (group.equals(str2) && role.equals(str)) {
                        z = true;
                    }
                }
            }
        }
        return z;
    }

    public String[] getGroups() {
        HashSet hashSet = new HashSet();
        for (int i = 0; i < this.vomsAttributes.length; i++) {
            List fullyQualifiedAttributes = this.vomsAttributes[i].getFullyQualifiedAttributes();
            if (!fullyQualifiedAttributes.isEmpty()) {
                Iterator it = fullyQualifiedAttributes.iterator();
                while (it.hasNext()) {
                    hashSet.add(new FQAN((String) it.next()).getGroup());
                }
            }
        }
        return (String[]) hashSet.toArray(new String[0]);
    }

    public String[] getGroups(String str) {
        HashSet hashSet = new HashSet();
        for (int i = 0; i < this.vomsAttributes.length; i++) {
            if (this.vomsAttributes[i].getVO().equals(str)) {
                List fullyQualifiedAttributes = this.vomsAttributes[i].getFullyQualifiedAttributes();
                if (!fullyQualifiedAttributes.isEmpty()) {
                    Iterator it = fullyQualifiedAttributes.iterator();
                    while (it.hasNext()) {
                        hashSet.add(new FQAN((String) it.next()).getGroup());
                    }
                }
            }
        }
        return (String[]) hashSet.toArray(new String[0]);
    }

    public String[] getAbsoluteDLNames() {
        HashSet hashSet = new HashSet();
        for (int i = 0; i < this.vomsAttributes.length; i++) {
            List fullyQualifiedAttributes = this.vomsAttributes[i].getFullyQualifiedAttributes();
            if (!fullyQualifiedAttributes.isEmpty()) {
                Iterator it = fullyQualifiedAttributes.iterator();
                while (it.hasNext()) {
                    hashSet.add(new FQAN((String) it.next()).getGroup());
                }
            }
        }
        return (String[]) hashSet.toArray(new String[0]);
    }

    public String[] getGroupsNames(String str) {
        HashSet hashSet = new HashSet();
        for (int i = 0; i < this.vomsAttributes.length; i++) {
            if (this.vomsAttributes[i].getVO().equals(str)) {
                List fullyQualifiedAttributes = this.vomsAttributes[i].getFullyQualifiedAttributes();
                if (!fullyQualifiedAttributes.isEmpty()) {
                    Iterator it = fullyQualifiedAttributes.iterator();
                    while (it.hasNext()) {
                        hashSet.add(new FQAN((String) it.next()).getGroup());
                    }
                }
            }
        }
        return (String[]) hashSet.toArray(new String[0]);
    }

    public String[] getVONames() {
        HashSet hashSet = new HashSet();
        for (int i = 0; i < this.vomsAttributes.length; i++) {
            hashSet.add(this.vomsAttributes[i].getVO());
        }
        return (String[]) hashSet.toArray(new String[0]);
    }

    public String[] getRootGroups() {
        HashSet hashSet = new HashSet();
        for (int i = 0; i < this.vomsAttributes.length; i++) {
            hashSet.add("/" + this.vomsAttributes[i].getVO());
        }
        return (String[]) hashSet.toArray(new String[0]);
    }

    private String getRootGroup(String str) {
        if (str.lastIndexOf("/") == 0) {
            return str.substring(1);
        }
        String substring = str.substring(1);
        return substring.substring(0, substring.indexOf("/"));
    }

    public String getAbsoluteDLName() {
        String[] absoluteDLNames = getAbsoluteDLNames();
        String str = "";
        int i = 0;
        while (true) {
            if (i >= absoluteDLNames.length) {
                break;
            }
            if (getRoles(absoluteDLNames[i]).length != 0) {
                str = absoluteDLNames[i];
                break;
            }
            i++;
        }
        return str;
    }

    public String[] getLocalDLNames() {
        HashSet hashSet = new HashSet();
        for (int i = 0; i < this.vomsAttributes.length; i++) {
            List fullyQualifiedAttributes = this.vomsAttributes[i].getFullyQualifiedAttributes();
            if (!fullyQualifiedAttributes.isEmpty()) {
                Iterator it = fullyQualifiedAttributes.iterator();
                while (it.hasNext()) {
                    hashSet.add(getLocalGroupName(new FQAN((String) it.next()).getGroup()));
                }
            }
        }
        return (String[]) hashSet.toArray(new String[0]);
    }

    public String getLocalDLName() {
        String[] absoluteDLNames = getAbsoluteDLNames();
        String str = "";
        int i = 0;
        while (true) {
            if (i >= absoluteDLNames.length) {
                break;
            }
            if (getRoles(absoluteDLNames[i]).length != 0) {
                str = absoluteDLNames[i];
                break;
            }
            i++;
        }
        return getLocalGroupName(str);
    }

    private String getLocalGroupName(String str) {
        return str.split("/")[str.split("/").length - 1];
    }

    public static String getDEFAULT_TRUST_STORE_LISTING() {
        return DEFAULT_TRUST_STORE_LISTING;
    }

    public static String getPROPERTIES_FILE() {
        return PROPERTIES_FILE;
    }

    public static long getREFRESH_PERIOD() {
        return 0L;
    }

    public String getDefaultTrustStoreListing() {
        return this.defaultTrustStoreListing;
    }

    public void setDefaultTrustStoreListing(String str) {
        this.defaultTrustStoreListing = str;
    }

    public long getRefreshPeriod() {
        return this.refreshPeriod;
    }

    public void setRefreshPeriod(long j) {
        this.refreshPeriod = j;
    }

    public VOMSValidator getValidator() {
        return this.validator;
    }

    public void setValidator(VOMSValidator vOMSValidator) {
        this.validator = vOMSValidator;
    }
}
