package it.eng.rdlab.soa3.connector.utils;

import it.eng.rdlab.soa3.connector.utils.security.InheritableTLSSLSocketFactory;
import java.io.File;
import java.io.FileReader;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.openssl.PasswordFinder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/gcube-security-utils-0.5.0-4.0.0-125564.jar:it/eng/rdlab/soa3/connector/utils/SecurityManager.class */
public class SecurityManager {
    private Logger log = LoggerFactory.getLogger(getClass());
    public static final String KEYSTORE_PWD = "changeit";
    private static SecurityManager instance;
    public static final String DEFAULT_CERT_FILE = "/etc/grid-security/hostcert.pem";
    public static final String DEFAULT_KEY_FILE = "/etc/grid-security/hostkey.pem";
    public static final String DEFAULT_TRUST_DIR = "/etc/grid-security/certificates/";
    public static final String DEFAULT_TRUST_FILE_EXTENSION = ".0";
    private KeyStore keyStore;
    private String certFile;
    private String keyFile;
    private String trustDir;
    private String trustExt;
    private InternalPasswordFinder internalPasswordFinder;
    private boolean invalidateTrustDirectory;
    private List<String> trustedCertificates;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/gcube-security-utils-0.5.0-4.0.0-125564.jar:it/eng/rdlab/soa3/connector/utils/SecurityManager$InternalPasswordFinder.class */
    public class InternalPasswordFinder implements PasswordFinder {
        char[] privateKeyPassword;

        private InternalPasswordFinder() {
            this.privateKeyPassword = null;
        }

        @Override // org.bouncycastle.openssl.PasswordFinder
        public char[] getPassword() {
            return this.privateKeyPassword;
        }
    }

    private SecurityManager() {
        Security.addProvider(new BouncyCastleProvider());
        this.certFile = DEFAULT_CERT_FILE;
        this.keyFile = DEFAULT_KEY_FILE;
        this.trustDir = DEFAULT_TRUST_DIR;
        this.trustExt = DEFAULT_TRUST_FILE_EXTENSION;
        this.internalPasswordFinder = new InternalPasswordFinder();
        this.invalidateTrustDirectory = false;
        this.trustedCertificates = new ArrayList();
        this.keyStore = null;
    }

    public static SecurityManager getInstance() {
        if (instance == null) {
            instance = new SecurityManager();
        }
        return instance;
    }

    public void setCertFile(String str) {
        if (str != null) {
            this.certFile = str;
        }
    }

    public void setPrivateKeyPassword(char[] cArr) {
        this.internalPasswordFinder.privateKeyPassword = cArr;
    }

    public void setKeyFile(String str) {
        if (str != null) {
            this.keyFile = str;
        }
    }

    public void setTrustDir(String str) {
        if (str != null) {
            if (!str.endsWith("/")) {
                str = str + "/";
            }
            this.trustDir = str;
        }
    }

    public void setTrustExt(String str) {
        if (str != null) {
            this.trustExt = str;
        }
    }

    public String getCertFile() {
        return this.certFile;
    }

    public String getKeyFile() {
        return this.keyFile;
    }

    public String getTrustDir() {
        return this.trustDir;
    }

    public void invalidateTrustedDir(boolean z) {
        this.invalidateTrustDirectory = z;
    }

    public void addTrustedCert(String str) {
        this.trustedCertificates.add(str);
    }

    private KeyStore generateKeyStore() throws Exception {
        this.log.debug("Getting keystore");
        this.log.debug("Cert file " + this.certFile);
        FileReader fileReader = new FileReader(this.certFile);
        PEMReader pEMReader = new PEMReader(fileReader);
        X509Certificate x509Certificate = (X509Certificate) pEMReader.readObject();
        pEMReader.close();
        fileReader.close();
        this.log.debug("Cert file loaded");
        this.log.debug("Key file " + this.keyFile);
        FileReader fileReader2 = new FileReader(this.keyFile);
        PEMReader pEMReader2 = new PEMReader(fileReader2, this.internalPasswordFinder);
        PrivateKey privateKey = ((KeyPair) pEMReader2.readObject()).getPrivate();
        pEMReader2.close();
        fileReader2.close();
        this.log.debug("Key file loaded");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        keyStore.setKeyEntry("certs", privateKey, KEYSTORE_PWD.toCharArray(), new Certificate[]{x509Certificate});
        List<String> trustedCerts = getTrustedCerts();
        this.log.debug("trusted files");
        for (int i = 0; i < trustedCerts.size(); i++) {
            this.log.debug(trustedCerts.get(i));
            FileReader fileReader3 = new FileReader(trustedCerts.get(i));
            PEMReader pEMReader3 = new PEMReader(fileReader3);
            X509Certificate x509Certificate2 = (X509Certificate) pEMReader3.readObject();
            pEMReader3.close();
            fileReader3.close();
            keyStore.setCertificateEntry("trust" + i, x509Certificate2);
        }
        return keyStore;
    }

    private List<String> getTrustedCerts() {
        ArrayList arrayList = new ArrayList(this.trustedCertificates);
        if (!this.invalidateTrustDirectory) {
            this.log.debug("Reading the trust directory");
            String[] list = new File(this.trustDir).list();
            this.log.debug("Files in the trust directory");
            for (String str : list) {
                this.log.debug(str);
                if (str.endsWith(this.trustExt)) {
                    arrayList.add(this.trustDir + str);
                }
            }
        }
        return arrayList;
    }

    public void loadCertificate() throws Exception {
        loadCertificate(true);
    }

    public void loadCertificate(boolean z) throws Exception {
        this.log.debug("Loading certificates...");
        this.log.debug("Loading keystore...");
        this.keyStore = generateKeyStore();
        this.log.debug("Keystore loaded");
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(this.keyStore, KEYSTORE_PWD.toCharArray());
        this.log.debug("Initializing trust manager");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(this.keyStore);
        SSLContext sSLContext = SSLContext.getInstance(SSLSocketFactory.TLS);
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
        javax.net.ssl.SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        if (z) {
            this.log.debug("Generating inheritable thread local ssl factory");
            InheritableTLSSLSocketFactory.getInstance().setSSLSocketFactory(socketFactory);
            socketFactory = InheritableTLSSLSocketFactory.getInstance();
        } else {
            this.log.debug("Generated not thread local ssl factory");
        }
        HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);
        this.log.debug("Operation completed");
    }

    public void removeCertificate() {
        InheritableTLSSLSocketFactory.getInstance().reset();
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public static void main(String[] strArr) throws Exception {
        System.out.println(new Date());
        SecurityManager securityManager = new SecurityManager();
        securityManager.setTrustDir("/home/ciro/certs");
        securityManager.loadCertificate();
    }
}
