package org.globus.gsi;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.Arrays;
import java.util.Date;
import java.util.Vector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.util.encoders.Base64;
import org.globus.common.CoGProperties;
import org.globus.gsi.GSIConstants;
import org.globus.gsi.bc.BouncyCastleOpenSSLKey;
import org.globus.gsi.bc.BouncyCastleUtil;
import org.globus.gsi.gssapi.KeyPairCache;
import org.globus.gsi.stores.Stores;
import org.globus.gsi.trustmanager.X509ProxyCertPathValidator;
import org.globus.gsi.util.CertificateIOUtil;
import org.globus.gsi.util.CertificateLoadUtil;
import org.globus.gsi.util.CertificateUtil;
import org.globus.gsi.util.ProxyCertificateUtil;

/* loaded from: input_file:org/globus/gsi/X509Credential.class */
public class X509Credential implements Serializable {
    private static final long serialVersionUID = 1;
    public static final int BUFFER_SIZE = Integer.MAX_VALUE;
    private OpenSSLKey opensslKey;
    private X509Certificate[] certChain;
    private static X509Credential defaultCred;
    private static Log logger = LogFactory.getLog(X509Credential.class.getCanonicalName());
    private static long credentialLastModified = -1;
    private static boolean credentialSet = false;
    private static File credentialFile = null;

    public X509Credential(PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
        if (privateKey == null) {
            throw new IllegalArgumentException("Key cannot be null");
        }
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            throw new IllegalArgumentException("At least one public certificate required");
        }
        this.certChain = new X509Certificate[x509CertificateArr.length];
        System.arraycopy(x509CertificateArr, 0, this.certChain, 0, x509CertificateArr.length);
        this.opensslKey = new BouncyCastleOpenSSLKey(privateKey);
    }

    public X509Credential(InputStream inputStream, InputStream inputStream2) throws CredentialException {
        if (inputStream.markSupported()) {
            inputStream.mark(Integer.MAX_VALUE);
        }
        loadKey(inputStream2);
        loadCertificate(inputStream);
        validateCredential();
    }

    public X509Credential(String str, String str2) throws CredentialException, IOException {
        loadKey(new FileInputStream(new File(str2)));
        loadCertificate(new FileInputStream(new File(str)));
        validateCredential();
    }

    public X509Credential(String str) throws CredentialException {
        if (str == null) {
            throw new IllegalArgumentException("proxy file is null");
        }
        logger.debug("Loading proxy file: " + str);
        try {
            load(new FileInputStream(str));
        } catch (FileNotFoundException e) {
            throw new CredentialException("proxy not found");
        }
    }

    public X509Credential(InputStream inputStream) throws CredentialException {
        load(inputStream);
    }

    public X509Certificate[] getCertificateChain() {
        X509Certificate[] x509CertificateArr = new X509Certificate[this.certChain.length];
        System.arraycopy(this.certChain, 0, x509CertificateArr, 0, this.certChain.length);
        return x509CertificateArr;
    }

    public PrivateKey getPrivateKey() throws CredentialException {
        return getPrivateKey(null);
    }

    public PrivateKey getPrivateKey(String str) throws CredentialException {
        if (this.opensslKey.isEncrypted()) {
            if (str == null) {
                throw new CredentialException("Key encrypted, password required");
            }
            try {
                this.opensslKey.decrypt(str);
            } catch (GeneralSecurityException e) {
                throw new CredentialException(e.getMessage(), e);
            }
        }
        return this.opensslKey.getPrivateKey();
    }

    public boolean isEncryptedKey() {
        return this.opensslKey.isEncrypted();
    }

    private static byte[] getDecodedPEMObject(BufferedReader bufferedReader) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                throw new EOFException("Missing PEM end footer");
            }
            if (readLine.indexOf("--END") != -1) {
                return Base64.decode(stringBuffer.toString().getBytes());
            }
            stringBuffer.append(readLine);
        }
    }

    public void saveKey(OutputStream outputStream) throws IOException {
        this.opensslKey.writeTo(outputStream);
        outputStream.flush();
    }

    public void saveCertificateChain(OutputStream outputStream) throws IOException, CertificateEncodingException {
        CertificateIOUtil.writeCertificate(outputStream, this.certChain[0]);
        for (int i = 1; i < this.certChain.length; i++) {
            if (!this.certChain[i].getSubjectDN().equals(this.certChain[i].getIssuerDN())) {
                CertificateIOUtil.writeCertificate(outputStream, this.certChain[i]);
            }
        }
        outputStream.flush();
    }

    public void save(OutputStream outputStream) throws IOException, CertificateEncodingException {
        CertificateIOUtil.writeCertificate(outputStream, this.certChain[0]);
        saveKey(outputStream);
        for (int i = 1; i < this.certChain.length; i++) {
            if (!this.certChain[i].getSubjectDN().equals(this.certChain[i].getIssuerDN())) {
                CertificateIOUtil.writeCertificate(outputStream, this.certChain[i]);
            }
        }
        outputStream.flush();
    }

    public void writeToFile(File file) throws IOException, CertificateEncodingException {
        writeToFile(file, file);
    }

    /* JADX WARN: Removed duplicated region for block: B:33:0x00b0 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void writeToFile(java.io.File r5, java.io.File r6) throws java.io.IOException, java.security.cert.CertificateEncodingException {
        /*
            r4 = this;
            r0 = 0
            r7 = r0
            r0 = 0
            r8 = r0
            java.io.FileOutputStream r0 = new java.io.FileOutputStream     // Catch: java.lang.Throwable -> L7e
            r1 = r0
            r2 = r6
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L7e
            r7 = r0
            java.io.FileOutputStream r0 = new java.io.FileOutputStream     // Catch: java.lang.Throwable -> L7e
            r1 = r0
            r2 = r5
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L7e
            r8 = r0
            r0 = r4
            r1 = r7
            r0.saveKey(r1)     // Catch: java.lang.Throwable -> L7e
            r0 = r4
            r1 = r8
            r0.saveCertificateChain(r1)     // Catch: java.lang.Throwable -> L7e
            r0 = r7
            if (r0 == 0) goto L2b
            r0 = r7
            r0.close()     // Catch: java.io.IOException -> L2e
        L2b:
            goto L4e
        L2e:
            r9 = move-exception
            org.apache.commons.logging.Log r0 = org.globus.gsi.X509Credential.logger
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "Could not close stream on save of key to file. "
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r6
            java.lang.String r2 = r2.getPath()
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.warn(r1)
        L4e:
            r0 = r8
            if (r0 == 0) goto L58
            r0 = r8
            r0.close()     // Catch: java.io.IOException -> L5b
        L58:
            goto Ldb
        L5b:
            r9 = move-exception
            org.apache.commons.logging.Log r0 = org.globus.gsi.X509Credential.logger
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "Could not close stream on save certificate chain to file. "
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r5
            java.lang.String r2 = r2.getPath()
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.warn(r1)
            goto Ldb
        L7e:
            r10 = move-exception
            r0 = r7
            if (r0 == 0) goto L88
            r0 = r7
            r0.close()     // Catch: java.io.IOException -> L8b
        L88:
            goto Lab
        L8b:
            r11 = move-exception
            org.apache.commons.logging.Log r0 = org.globus.gsi.X509Credential.logger
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "Could not close stream on save of key to file. "
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r6
            java.lang.String r2 = r2.getPath()
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.warn(r1)
        Lab:
            r0 = r8
            if (r0 == 0) goto Lb5
            r0 = r8
            r0.close()     // Catch: java.io.IOException -> Lb8
        Lb5:
            goto Ld8
        Lb8:
            r11 = move-exception
            org.apache.commons.logging.Log r0 = org.globus.gsi.X509Credential.logger
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "Could not close stream on save certificate chain to file. "
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r5
            java.lang.String r2 = r2.getPath()
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.warn(r1)
        Ld8:
            r0 = r10
            throw r0
        Ldb:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.globus.gsi.X509Credential.writeToFile(java.io.File, java.io.File):void");
    }

    public Date getNotBefore() {
        Date notBefore = this.certChain[0].getNotBefore();
        for (int i = 1; i < this.certChain.length; i++) {
            Date notBefore2 = this.certChain[i].getNotBefore();
            if (notBefore2.before(notBefore)) {
                notBefore = notBefore2;
            }
        }
        return notBefore;
    }

    public int getCertNum() {
        for (int length = this.certChain.length - 1; length >= 0; length--) {
            if (!this.certChain[length].getSubjectDN().equals(this.certChain[length].getIssuerDN())) {
                return length + 1;
            }
        }
        return this.certChain.length;
    }

    public int getStrength() throws CredentialException {
        return getStrength(null);
    }

    public int getStrength(String str) throws CredentialException {
        if (this.opensslKey == null) {
            return -1;
        }
        if (this.opensslKey.isEncrypted()) {
            if (str == null) {
                throw new CredentialException("Key encrypted, password required");
            }
            try {
                this.opensslKey.decrypt(str);
            } catch (GeneralSecurityException e) {
                throw new CredentialException(e.getMessage(), e);
            }
        }
        return ((RSAPrivateKey) this.opensslKey.getPrivateKey()).getModulus().bitLength();
    }

    public String getSubject() {
        return this.certChain[0].getSubjectDN().getName();
    }

    public String getIssuer() {
        return this.certChain[0].getIssuerDN().getName();
    }

    public GSIConstants.CertificateType getProxyType() {
        try {
            return BouncyCastleUtil.getCertificateType(this.certChain[0]);
        } catch (CertificateException e) {
            logger.error("Error getting certificate type.", e);
            return GSIConstants.CertificateType.UNDEFINED;
        }
    }

    public long getTimeLeft() {
        Date date = null;
        for (int i = 0; i < this.certChain.length; i++) {
            Date notAfter = this.certChain[i].getNotAfter();
            if (date == null || notAfter.before(date)) {
                date = notAfter;
            }
        }
        long time = (date.getTime() - System.currentTimeMillis()) / 1000;
        if (time < 0) {
            return 0L;
        }
        return time;
    }

    public String getIdentity() {
        try {
            return BouncyCastleUtil.getIdentity(this.certChain);
        } catch (CertificateException e) {
            logger.debug("Error getting certificate identity.", e);
            return null;
        }
    }

    public X509Certificate getIdentityCertificate() {
        try {
            return BouncyCastleUtil.getIdentityCertificate(this.certChain);
        } catch (CertificateException e) {
            logger.debug("Error getting certificate identity.", e);
            return null;
        }
    }

    public int getPathConstraint() {
        int i = Integer.MAX_VALUE;
        for (int i2 = 0; i2 < this.certChain.length; i2++) {
            try {
                int proxyPathConstraint = BouncyCastleUtil.getProxyPathConstraint(this.certChain[i2]);
                if (proxyPathConstraint == -1) {
                    proxyPathConstraint = Integer.MAX_VALUE;
                }
                if (proxyPathConstraint < i) {
                    i = proxyPathConstraint;
                }
            } catch (Exception e) {
                logger.warn("Error retrieving path length.", e);
                i = -1;
            }
        }
        return i;
    }

    public void verify() throws CredentialException {
        try {
            String str = "file:" + CoGProperties.getDefault().getCaCertLocations();
            new X509ProxyCertPathValidator().engineValidate(CertificateUtil.getCertPath(this.certChain), new X509ProxyCertPathParameters(Stores.getTrustStore(str + "/" + Stores.getDefaultCAFilesPattern()), Stores.getCRLStore(str + "/" + Stores.getDefaultCRLFilesPattern()), Stores.getSigningPolicyStore(str + "/" + Stores.getDefaultSigningPolicyFilesPattern()), false));
        } catch (Exception e) {
            throw new CredentialException(e);
        }
    }

    public static synchronized X509Credential getDefaultCredential() throws CredentialException {
        if (defaultCred == null) {
            reloadDefaultCredential();
        } else if (!credentialSet) {
            if (credentialFile.lastModified() == credentialLastModified) {
                defaultCred.verify();
            } else {
                defaultCred = null;
                reloadDefaultCredential();
            }
        }
        return defaultCred;
    }

    private static void reloadDefaultCredential() throws CredentialException {
        String proxyFile = CoGProperties.getDefault().getProxyFile();
        defaultCred = new X509Credential(proxyFile);
        credentialFile = new File(proxyFile);
        credentialLastModified = credentialFile.lastModified();
        defaultCred.verify();
    }

    public static synchronized void setDefaultCredential(X509Credential x509Credential) {
        defaultCred = x509Credential;
        credentialSet = x509Credential != null;
    }

    public String toString() {
        String property = System.getProperty("line.separator");
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("subject    : ").append(getSubject()).append(property);
        stringBuffer.append("issuer     : ").append(getIssuer()).append(property);
        int i = -1;
        try {
            i = getStrength();
        } catch (Exception e) {
        }
        stringBuffer.append("strength   : ").append(i).append(property);
        stringBuffer.append("timeleft   : ").append(getTimeLeft() + " sec").append(property);
        stringBuffer.append("proxy type : ").append(ProxyCertificateUtil.getProxyTypeAsString(getProxyType()));
        return stringBuffer.toString();
    }

    protected void load(InputStream inputStream) throws CredentialException {
        if (inputStream == null) {
            throw new IllegalArgumentException("input stream cannot be null");
        }
        Vector vector = new Vector(3);
        BufferedReader bufferedReader = null;
        try {
            try {
                bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    if (readLine.indexOf("BEGIN CERTIFICATE") != -1) {
                        vector.addElement(CertificateLoadUtil.loadCertificate(new ByteArrayInputStream(getDecodedPEMObject(bufferedReader))));
                    } else if (readLine.indexOf("BEGIN RSA PRIVATE KEY") != -1) {
                        this.opensslKey = new BouncyCastleOpenSSLKey(KeyPairCache.DEFAULT_ALGORITHM, getDecodedPEMObject(bufferedReader));
                    }
                }
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e) {
                    }
                }
                int size = vector.size();
                if (size == 0) {
                    throw new CredentialException("no certs");
                }
                if (this.opensslKey == null) {
                    throw new CredentialException("no key");
                }
                this.certChain = new X509Certificate[size];
                vector.copyInto(this.certChain);
            } catch (Throwable th) {
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e2) {
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            throw new CredentialException(e3);
        }
    }

    protected void loadCertificate(InputStream inputStream) throws CredentialException {
        if (inputStream == null) {
            throw new IllegalArgumentException("Input stream to load X509Credential is null");
        }
        Vector vector = new Vector();
        BufferedReader bufferedReader = null;
        try {
            try {
                if (inputStream.markSupported()) {
                    inputStream.reset();
                }
                bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    } else if (readLine.indexOf("BEGIN CERTIFICATE") != -1) {
                        vector.addElement(CertificateLoadUtil.loadCertificate(new ByteArrayInputStream(getDecodedPEMObject(bufferedReader))));
                    }
                }
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e) {
                        logger.debug("error closing reader", e);
                    }
                }
                int size = vector.size();
                if (size > 0) {
                    this.certChain = new X509Certificate[size];
                    vector.copyInto(this.certChain);
                }
            } catch (Throwable th) {
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e2) {
                        logger.debug("error closing reader", e2);
                    }
                }
                throw th;
            }
        } catch (IOException e3) {
            throw new CredentialException(e3);
        } catch (GeneralSecurityException e4) {
            throw new CredentialException(e4);
        }
    }

    protected void loadKey(InputStream inputStream) throws CredentialException {
        try {
            this.opensslKey = new BouncyCastleOpenSSLKey(inputStream);
        } catch (IOException e) {
            throw new CredentialException(e.getMessage(), e);
        } catch (GeneralSecurityException e2) {
            throw new CredentialException(e2.getMessage(), e2);
        }
    }

    private void validateCredential() throws CredentialException {
        if (this.certChain == null) {
            throw new CredentialException("No certificates found");
        }
        if (this.certChain.length < 0) {
            throw new CredentialException("No certificates found.");
        }
        if (this.opensslKey == null) {
            throw new CredentialException("NO private key found");
        }
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof X509Credential)) {
            return false;
        }
        X509Credential x509Credential = (X509Credential) obj;
        return Arrays.equals(this.certChain, x509Credential.certChain) && this.opensslKey.equals(x509Credential.opensslKey);
    }

    public int hashCode() {
        return (this.certChain == null ? 0 : Arrays.hashCode(this.certChain)) ^ this.opensslKey.hashCode();
    }

    static {
        new ProviderLoader();
    }
}
