package org.gcube.common.core.security.utils;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Vector;
import org.apache.log4j.Logger;
import org.globus.gsi.CertUtil;
import org.globus.myproxy.MyProxy;
import org.globus.myproxy.MyProxyException;
import org.gridforum.jgss.ExtendedGSSCredential;
import org.gridforum.jgss.ExtendedGSSManager;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;

/* loaded from: input_file:org/gcube/common/core/security/utils/ProxyUtil.class */
public class ProxyUtil {
    private static Logger logger = Logger.getLogger(ProxyUtil.class);

    public static ExtendedGSSCredential loadProxyCredentials(byte[] bArr) throws GSSException {
        if (bArr == null) {
            throw new NullPointerException("credentials to parse cannot be null");
        }
        return ExtendedGSSManager.getInstance().createCredential(bArr, 0, 0, (Oid) null, 0);
    }

    public static ExtendedGSSCredential loadProxyCredentials(String str) throws IOException, GSSException {
        if (str == null) {
            throw new NullPointerException("credentials file cannot be null");
        }
        File file = new File(str);
        byte[] bArr = new byte[(int) file.length()];
        FileInputStream fileInputStream = new FileInputStream(file);
        fileInputStream.read(bArr);
        fileInputStream.close();
        return loadProxyCredentials(bArr);
    }

    public static void storeProxyCredentials(String str, ExtendedGSSCredential extendedGSSCredential) throws GSSException, IOException {
        if (str == null) {
            throw new NullPointerException("Credentials file cannot be null");
        }
        if (extendedGSSCredential == null) {
            throw new NullPointerException("Credentials to be stored cannot be null");
        }
        byte[] export = extendedGSSCredential.export(0);
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        fileOutputStream.write(export);
        fileOutputStream.close();
    }

    public static ExtendedGSSCredential getCredentialsFromMyproxy(String str, int i, String str2, String str3, int i2) throws MyProxyException {
        if (str == null) {
            throw new NullPointerException("The MyProxy host cannot be null");
        }
        if (str2 == null) {
            throw new NullPointerException("The username cannot be null");
        }
        logger.debug("Using MyProxy on host " + str + " and port " + i + " to get credentials for account " + str2 + " (lifetime " + i2 + " hours)");
        try {
            ExtendedGSSCredential extendedGSSCredential = new MyProxy(str, i).get(str2, str3, i2 * 3600);
            if (extendedGSSCredential == null) {
                throw new MyProxyException("Null credentials retrieved from MyProxy at address (host: '" + str + "', port: '" + i + "') to get delegated credentials for " + str2 + " with lifetime of " + i2 + "hours. ");
            }
            return extendedGSSCredential;
        } catch (MyProxyException e) {
            logger.error("Cannot retrieve credentials from MyProxy at address (host: '" + str + "', port: '" + i + "') to get delegated credentials for " + str2 + " with lifetime of " + i2 + " hours. ", e);
            throw e;
        }
    }

    public static String getDN(ExtendedGSSCredential extendedGSSCredential) throws Exception {
        if (extendedGSSCredential == null) {
            throw new NullPointerException("Credentials cannot be null");
        }
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(extendedGSSCredential.export(0));
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ArrayList arrayList = new ArrayList();
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
            arrayList.add(x509Certificate);
            logger.debug("Added certificate to the chain for DN: " + x509Certificate.getSubjectDN().getName());
            String str = "";
            do {
                int read = byteArrayInputStream.read();
                if (read == -1) {
                    break;
                }
                str = str + ((char) read);
            } while (!str.endsWith("-----END RSA PRIVATE KEY-----"));
            byteArrayInputStream.read();
            while (true) {
                try {
                    X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                    arrayList.add(x509Certificate2);
                    logger.debug("Added certificate to the chain for DN: " + x509Certificate2.getSubjectDN().getName());
                } catch (Exception e) {
                    logger.error("Certificate chain is composed by " + arrayList.size() + " certificates\n");
                    X509Certificate[] orderChain = orderChain((X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]));
                    if (orderChain == null || orderChain.length <= 0) {
                        throw new Exception("The certificate chain is empty, cannot retrieve the DN");
                    }
                    return getDNOnlineRepresentation(orderChain[0].getIssuerX500Principal().getName());
                }
            }
        } catch (Exception e2) {
            logger.error("Cannot retrieve the DN from credentials", e2);
            throw new Exception("Cannot retrieve the DN from credentials", e2);
        }
    }

    public static String getCA(ExtendedGSSCredential extendedGSSCredential) throws Exception {
        if (extendedGSSCredential == null) {
            throw new NullPointerException("Credentials cannot be null");
        }
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(extendedGSSCredential.export(0));
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ArrayList arrayList = new ArrayList();
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
            arrayList.add(x509Certificate);
            logger.debug("Added certificate to the chain for DN: " + x509Certificate.getSubjectDN().getName());
            String str = "";
            do {
                int read = byteArrayInputStream.read();
                if (read == -1) {
                    break;
                }
                str = str + ((char) read);
            } while (!str.endsWith("-----END RSA PRIVATE KEY-----"));
            byteArrayInputStream.read();
            while (true) {
                try {
                    X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                    arrayList.add(x509Certificate2);
                    logger.debug("Added certificate to the chain for DN: " + x509Certificate2.getSubjectDN().getName());
                } catch (Exception e) {
                    logger.error("Certificate chain is composed by " + arrayList.size() + " certificates\n");
                    X509Certificate[] orderChain = orderChain((X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]));
                    if (orderChain == null || orderChain.length <= 0) {
                        throw new Exception("The certificate chain is empty, cannot retrieve the CA");
                    }
                    String dNOnlineRepresentation = getDNOnlineRepresentation(orderChain[0].getIssuerX500Principal().getName());
                    System.out.println("OLD NAME " + dNOnlineRepresentation);
                    logger.info("the root CA for this certificate is " + dNOnlineRepresentation);
                    return dNOnlineRepresentation;
                }
            }
        } catch (Exception e2) {
            logger.error("Cannot retrieve the CA from credentials", e2);
            throw new Exception("Cannot retrieve the CA from credentials", e2);
        }
    }

    public static int getEndUserCertificateindex(X509Certificate[] x509CertificateArr) {
        int i = -1;
        for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
            boolean z = false;
            for (int i3 = 0; i3 < x509CertificateArr.length; i3++) {
                if (i2 != i3 && x509CertificateArr[i2].getIssuerX500Principal().equals(x509CertificateArr[i3].getSubjectX500Principal())) {
                    z = true;
                }
            }
            if (!z) {
                i = i2;
            }
        }
        return i;
    }

    public static X509Certificate[] removeCACertificateFromArray(X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = x509CertificateArr;
        int i = 0;
        for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
            if (x509CertificateArr[i2].getIssuerX500Principal().equals(x509CertificateArr[i2].getSubjectX500Principal())) {
                i++;
            }
        }
        if (i > 0) {
            x509CertificateArr2 = new X509Certificate[x509CertificateArr.length - i];
            int i3 = 0;
            for (int i4 = 0; i4 < x509CertificateArr.length; i4++) {
                if (!x509CertificateArr[i4].getIssuerX500Principal().equals(x509CertificateArr[i4].getSubjectX500Principal())) {
                    x509CertificateArr2[i3] = x509CertificateArr[i4];
                    i3++;
                }
            }
        }
        return x509CertificateArr2;
    }

    public static X509Certificate[] orderChain(X509Certificate[] x509CertificateArr) throws Exception {
        if (x509CertificateArr.length == 0) {
            return x509CertificateArr;
        }
        X509Certificate[] removeCACertificateFromArray = removeCACertificateFromArray(x509CertificateArr);
        X509Certificate[] x509CertificateArr2 = new X509Certificate[removeCACertificateFromArray.length];
        int endUserCertificateindex = getEndUserCertificateindex(removeCACertificateFromArray);
        if (endUserCertificateindex == -1) {
            logger.error("Cannot find rootCertificate in file");
            throw new Exception("Cannot find rootCertificate in file");
        }
        if (endUserCertificateindex > -1) {
            Vector vector = new Vector();
            vector.add(removeCACertificateFromArray[endUserCertificateindex]);
            for (int i = 1; i < removeCACertificateFromArray.length; i++) {
                for (int i2 = 0; i2 < removeCACertificateFromArray.length; i2++) {
                    if (((X509Certificate) vector.get(i - 1)).getSubjectX500Principal().equals(removeCACertificateFromArray[i2].getIssuerX500Principal())) {
                        vector.add(removeCACertificateFromArray[i2]);
                    }
                }
            }
            X509Certificate[] x509CertificateArr3 = (X509Certificate[]) vector.toArray(new X509Certificate[0]);
            x509CertificateArr2 = new X509Certificate[x509CertificateArr3.length];
            x509CertificateArr2[0] = x509CertificateArr3[0];
            int i3 = 1;
            for (int length = x509CertificateArr3.length - 1; length >= 1; length--) {
                x509CertificateArr2[i3] = x509CertificateArr3[length];
                i3++;
            }
        }
        return x509CertificateArr2;
    }

    public static ExtendedGSSCredential orderCredentials(ExtendedGSSCredential extendedGSSCredential) throws Exception {
        if (extendedGSSCredential == null) {
            throw new NullPointerException("Credentials cannot be null");
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(extendedGSSCredential.export(0));
            String str = "";
            do {
                int read = byteArrayInputStream.read();
                if (read == -1) {
                    break;
                }
                byteArrayOutputStream.write(read);
                str = str + ((char) read);
            } while (!str.endsWith("-----END RSA PRIVATE KEY-----\n"));
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ArrayList arrayList = new ArrayList();
            while (true) {
                try {
                    X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                    arrayList.add(x509Certificate);
                    logger.debug("Added certificate to the chain for DN: " + x509Certificate.getSubjectDN().getName());
                } catch (Exception e) {
                    logger.error("Certificate chain is composed by " + (arrayList.size() + 1) + " certificates\n");
                    X509Certificate[] orderChain = orderChain((X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]));
                    X509Certificate[] x509CertificateArr = new X509Certificate[orderChain.length];
                    if (x509CertificateArr.length > 0) {
                        x509CertificateArr[x509CertificateArr.length - 1] = orderChain[0];
                        for (int i = 1; i < orderChain.length; i++) {
                            x509CertificateArr[i - 1] = orderChain[i];
                        }
                    }
                    String str2 = "";
                    for (X509Certificate x509Certificate2 : x509CertificateArr) {
                        str2 = str2 + x509Certificate2.getSubjectDN().getName() + "\n";
                    }
                    logger.debug("The ordered certificate chain (without the last delegated certificate) is composed by:\n" + str2);
                    for (X509Certificate x509Certificate3 : x509CertificateArr) {
                        CertUtil.writeCertificate(byteArrayOutputStream, x509Certificate3);
                    }
                    return loadProxyCredentials(byteArrayOutputStream.toByteArray());
                }
            }
        } catch (Exception e2) {
            logger.error("Cannot order the certificate chain", e2);
            throw new Exception("Cannot order the certificate chain", e2);
        }
    }

    public static String getDNOnlineRepresentation(String str) {
        String[] split = str.split(",");
        StringBuilder sb = new StringBuilder();
        for (int length = split.length - 1; length >= 0; length--) {
            sb.append('/').append(split[length].trim());
        }
        return sb.toString();
    }
}
