package org.glite.voms.contact;

import java.io.ByteArrayInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
import java.util.TimeZone;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.glite.voms.PKIVerifier;
import org.glite.voms.ac.AttributeCertificate;

/* loaded from: input_file:WEB-INF/lib/voms-api-2.0.6.jar:org/glite/voms/contact/VOMSProxyBuilder.class */
public class VOMSProxyBuilder {
    private static final Logger log = Logger.getLogger(VOMSProxyBuilder.class);
    public static final int GT2_PROXY = 2;
    public static final int GT3_PROXY = 3;
    public static final int GT4_PROXY = 4;
    public static final int DEFAULT_PROXY_TYPE = 2;
    public static final int DEFAULT_DELEGATION_TYPE = 0;
    public static final int DEFAULT_PROXY_LIFETIME = 86400;
    private static final String PROXY_CERT_INFO_V3_OID = "1.3.6.1.4.1.3536.1.222";
    private static final String PROXY_CERT_INFO_V4_OID = "1.3.6.1.5.5.7.1.14";

    public static AttributeCertificate buildAC(byte[] bArr) {
        try {
            return AttributeCertificate.getInstance(new ByteArrayInputStream(bArr));
        } catch (IOException e) {
            log.error("Error parsing attribute certificate:" + e.getMessage());
            if (log.isDebugEnabled()) {
                log.error(e.getMessage(), e);
            }
            throw new VOMSException(e);
        }
    }

    public static UserCredentials buildProxy(UserCredentials userCredentials, List list, int i, int i2, int i3, String str) {
        return buildProxy(userCredentials, list, i, i2, i3, str, 1024);
    }

    public static UserCredentials buildProxy(UserCredentials userCredentials, List list, int i, int i2, int i3, String str, int i4) {
        if (list.isEmpty()) {
            throw new VOMSException("Please specify a non-empty list of attribute certificate to build a voms-proxy.");
        }
        Iterator it2 = list.iterator();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        while (it2.hasNext()) {
            aSN1EncodableVector.add((AttributeCertificate) it2.next());
        }
        HashMap hashMap = new HashMap();
        if (!list.isEmpty()) {
            hashMap.put("1.3.6.1.4.1.8005.100.100.5", ExtensionData.creator("1.3.6.1.4.1.8005.100.100.5", new DERSequence(new DERSequence(aSN1EncodableVector))));
        }
        hashMap.put(PKIVerifier.KEY_USAGE_IDENTIFIER, ExtensionData.creator(PKIVerifier.KEY_USAGE_IDENTIFIER, true, new KeyUsage(176).getDERObject()));
        return myCreateCredential(userCredentials.getUserChain(), userCredentials.getUserKey(), i4, i, i3, i2, hashMap, str);
    }

    public static UserCredentials buildProxy(UserCredentials userCredentials, int i, int i2) {
        return buildProxy(userCredentials, i, i2, 1024);
    }

    public static UserCredentials buildProxy(UserCredentials userCredentials, int i, int i2, int i3) {
        return myCreateCredential(userCredentials.getUserChain(), userCredentials.getUserKey(), i3, i, i2, 2, new HashMap(), "");
    }

    private static UserCredentials myCreateCredential(X509Certificate[] x509CertificateArr, PrivateKey privateKey, int i, int i2, int i3, int i4, HashMap hashMap, String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
            keyPairGenerator.initialize(i);
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            X509Certificate myCreateProxyCertificate = myCreateProxyCertificate(x509CertificateArr[0], privateKey, genKeyPair.getPublic(), i2, i3, i4, hashMap, str);
            X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + 1];
            x509CertificateArr2[0] = myCreateProxyCertificate;
            System.arraycopy(x509CertificateArr, 0, x509CertificateArr2, 1, x509CertificateArr.length);
            if (log.isDebugEnabled()) {
                for (int i5 = 0; i5 < x509CertificateArr2.length; i5++) {
                    log.debug("CERT[" + i5 + "] IS: " + x509CertificateArr2[i5].getSubjectDN());
                }
            }
            return UserCredentials.instance(genKeyPair.getPrivate(), x509CertificateArr2);
        } catch (NoSuchAlgorithmException e) {
            log.error("Error activating bouncycastle: " + e.getMessage());
            if (log.isDebugEnabled()) {
                log.error(e.getMessage(), e);
            }
            throw new VOMSException(e.getMessage(), e.getCause());
        } catch (NoSuchProviderException e2) {
            log.error("Error activating bouncycastle: " + e2.getMessage());
            if (log.isDebugEnabled()) {
                log.error(e2.getMessage(), e2);
            }
            throw new VOMSException(e2.getMessage(), e2.getCause());
        }
    }

    private static X509Certificate myCreateProxyCertificate(X509Certificate x509Certificate, PrivateKey privateKey, PublicKey publicKey, int i, int i2, int i3, HashMap hashMap, String str) {
        ProxyPolicy proxyPolicy;
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        String str2 = null;
        BigInteger bigInteger = null;
        if (privateKey == null) {
            log.error("Passed issuer key is null");
            throw new VOMSException("Passed issuerKey is null!");
        }
        switch (i3) {
            case 2:
                bigInteger = x509Certificate.getSerialNumber();
                switch (i2) {
                    case 0:
                        str2 = "proxy";
                        break;
                    case 1:
                        str2 = "limited proxy";
                        break;
                }
            case 3:
            case 4:
                int abs = Math.abs(new Random().nextInt(Integer.MAX_VALUE));
                str2 = String.valueOf(abs);
                bigInteger = new BigInteger(String.valueOf(abs));
                if (((ExtensionData) hashMap.get("1.3.6.1.4.1.3536.1.222")) == null) {
                    if (str == null) {
                        switch (i2) {
                            case 0:
                            case 4:
                            case 5:
                                proxyPolicy = new ProxyPolicy(ProxyPolicy.IMPERSONATION);
                                break;
                            case 1:
                            case 2:
                            case 3:
                                proxyPolicy = new ProxyPolicy(ProxyPolicy.LIMITED);
                                break;
                            case 6:
                                throw new IllegalArgumentException("Restricted proxy requires ProxyCertInfo");
                            case 7:
                                proxyPolicy = new ProxyPolicy(ProxyPolicy.INDEPENDENT);
                                break;
                            default:
                                throw new IllegalArgumentException("Invalid proxyType");
                        }
                    } else {
                        try {
                            proxyPolicy = new ProxyPolicy(new DERObjectIdentifier(str));
                        } catch (IllegalArgumentException e) {
                            throw new VOMSException("OID required as policyType");
                        }
                    }
                    if (i3 == 3) {
                        hashMap.put("1.3.6.1.4.1.3536.1.222", ExtensionData.creator("1.3.6.1.4.1.3536.1.222", new MyProxyCertInfo(proxyPolicy, i3).getDERObject()));
                        break;
                    } else {
                        hashMap.put("1.3.6.1.5.5.7.1.14", ExtensionData.creator("1.3.6.1.5.5.7.1.14", true, new MyProxyCertInfo(proxyPolicy, i3).getDERObject()));
                        break;
                    }
                }
                break;
        }
        if (str2 == null) {
            throw new IllegalArgumentException("Type of delegation unspecified");
        }
        ExtensionData[] extensionDataArr = (ExtensionData[]) hashMap.values().toArray(new ExtensionData[0]);
        for (int i4 = 0; i4 < extensionDataArr.length; i4++) {
            x509V3CertificateGenerator.addExtension(extensionDataArr[i4].getOID(), extensionDataArr[i4].getCritical(), extensionDataArr[i4].getObj());
        }
        X509Name x509Name = (X509Name) x509Certificate.getSubjectDN();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(X509Name.CN);
        aSN1EncodableVector.add(new DERPrintableString(str2));
        Enumeration objects = ((ASN1Sequence) x509Name.getDERObject()).getObjects();
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        while (objects.hasMoreElements()) {
            aSN1EncodableVector2.add((DERObject) objects.nextElement());
        }
        aSN1EncodableVector2.add(new DERSet(new DERSequence(aSN1EncodableVector)));
        x509V3CertificateGenerator.setSubjectDN(new X509Name(new DERSequence(aSN1EncodableVector2)));
        x509V3CertificateGenerator.setIssuerDN(x509Name);
        x509V3CertificateGenerator.setSerialNumber(bigInteger);
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setSignatureAlgorithm(x509Certificate.getSigAlgName());
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("GMT"));
        gregorianCalendar.add(12, -5);
        x509V3CertificateGenerator.setNotBefore(gregorianCalendar.getTime());
        if (i <= 0) {
            x509V3CertificateGenerator.setNotAfter(x509Certificate.getNotAfter());
        } else {
            gregorianCalendar.add(12, 5);
            gregorianCalendar.add(13, i);
            x509V3CertificateGenerator.setNotAfter(gregorianCalendar.getTime());
        }
        try {
            return x509V3CertificateGenerator.generateX509Certificate(privateKey);
        } catch (InvalidKeyException e2) {
            log.error("Error creating proxy: " + e2.getMessage());
            if (log.isDebugEnabled()) {
                log.error(e2.getMessage(), e2);
            }
            throw new VOMSException(e2);
        } catch (SignatureException e3) {
            log.error("Error creating proxy: " + e3.getMessage());
            if (log.isDebugEnabled()) {
                log.error(e3.getMessage(), e3);
            }
            throw new VOMSException(e3);
        }
    }

    public static void saveProxy(UserCredentials userCredentials, OutputStream outputStream) {
        try {
            userCredentials.save(outputStream);
        } catch (IOException e) {
            log.error("Error saving generated proxy: " + e.getMessage());
            if (log.isDebugEnabled()) {
                log.error(e.getMessage(), e);
            }
            throw new VOMSException("Error saving generated proxy: " + e.getMessage(), e);
        }
    }

    public static void saveProxy(UserCredentials userCredentials, String str) throws FileNotFoundException {
        saveProxy(userCredentials, new FileOutputStream(str));
    }
}
