package org.globus.gsi;

import java.io.File;
import java.io.FilenameFilter;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.common.CoGProperties;
import org.globus.gsi.stores.ResourceSigningPolicyStore;
import org.globus.gsi.stores.Stores;
import org.globus.gsi.util.CertificateUtil;
import org.globus.gsi.util.KeyStoreUtil;
import org.springframework.util.ResourceUtils;

/* loaded from: input_file:BOOT-INF/lib/ssl-proxies-2.1.0.jar:org/globus/gsi/TrustedCertificates.class */
public class TrustedCertificates implements Serializable {
    private static Log logger = LogFactory.getLog(TrustedCertificates.class.getName());
    public static final CertFilter certFileFilter;
    private static TrustedCertificates trustedCertificates;
    private Map certSubjectDNMap;
    private Map policyDNMap;
    private Vector certList;
    private final Set<X500Principal> invalidPolicies;
    private boolean changed;
    public static final String SIGNING_POLICY_FILE_SUFFIX = ".signing_policy";
    private static KeyStore ms_trustStore;
    private static CertStore ms_crlStore;
    private static ResourceSigningPolicyStore ms_sigPolStore;

    /* loaded from: input_file:BOOT-INF/lib/ssl-proxies-2.1.0.jar:org/globus/gsi/TrustedCertificates$CertFilter.class */
    public static class CertFilter implements FilenameFilter {
        @Override // java.io.FilenameFilter
        public boolean accept(File file, String str) {
            int length = str.length();
            return length > 2 && str.charAt(length - 2) == '.' && str.charAt(length - 1) >= '0' && str.charAt(length - 1) <= '9';
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/ssl-proxies-2.1.0.jar:org/globus/gsi/TrustedCertificates$DefaultTrustedCertificates.class */
    public static class DefaultTrustedCertificates extends TrustedCertificates {
        private DefaultTrustedCertificates() {
        }

        public void refresh() {
            reload(CoGProperties.getDefault().getCaCertLocations());
        }
    }

    protected TrustedCertificates() {
        this.invalidPolicies = new HashSet();
    }

    public TrustedCertificates(X509Certificate[] x509CertificateArr) {
        this(x509CertificateArr, null);
    }

    public TrustedCertificates(X509Certificate[] x509CertificateArr, SigningPolicy[] signingPolicyArr) {
        this.invalidPolicies = new HashSet();
        this.certSubjectDNMap = new HashMap();
        for (int i = 0; i < x509CertificateArr.length; i++) {
            if (x509CertificateArr[i] != null) {
                this.certSubjectDNMap.put(x509CertificateArr[i].getSubjectDN().toString(), x509CertificateArr[i]);
            }
        }
        if (signingPolicyArr != null) {
            this.policyDNMap = new HashMap();
            for (int i2 = 0; i2 < signingPolicyArr.length; i2++) {
                if (signingPolicyArr[i2] != null) {
                    this.policyDNMap.put(CertificateUtil.toGlobusID(signingPolicyArr[i2].getCASubjectDN()), signingPolicyArr[i2]);
                }
            }
        }
    }

    public X509Certificate[] getCertificates() {
        if (this.certSubjectDNMap == null) {
            return null;
        }
        Collection values = this.certSubjectDNMap.values();
        return (X509Certificate[]) values.toArray(new X509Certificate[values.size()]);
    }

    public X509Certificate getCertificate(String str) {
        if (this.certSubjectDNMap == null) {
            return null;
        }
        return (X509Certificate) this.certSubjectDNMap.get(str);
    }

    public SigningPolicy[] getSigningPolicies() {
        if (this.policyDNMap == null) {
            return null;
        }
        return (SigningPolicy[]) this.policyDNMap.values().toArray(new SigningPolicy[this.policyDNMap.values().size()]);
    }

    public SigningPolicy getSigningPolicy(String str) {
        if (this.policyDNMap == null) {
            return null;
        }
        return (SigningPolicy) this.policyDNMap.get(str);
    }

    public static X509Certificate[] loadCertificates(String str) {
        TrustedCertificates load = load(str);
        if (load == null) {
            return null;
        }
        return load.getCertificates();
    }

    public static TrustedCertificates load(String str) {
        TrustedCertificates trustedCertificates2 = new TrustedCertificates();
        trustedCertificates2.reload(str);
        return trustedCertificates2;
    }

    public static FilenameFilter getCertFilter() {
        return certFileFilter;
    }

    public synchronized void reload(String str) {
        if (str == null) {
            return;
        }
        this.changed = false;
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        while (stringTokenizer.hasMoreTokens()) {
            File file = new File(stringTokenizer.nextToken().toString().trim());
            if (file.canRead()) {
                String str2 = ResourceUtils.FILE_URL_PREFIX + file.getAbsolutePath();
                try {
                    ms_trustStore = Stores.getTrustStore(str2 + "/" + Stores.getDefaultCAFilesPattern());
                    Iterator<? extends Certificate> it = KeyStoreUtil.getTrustedCertificates(ms_trustStore, new X509CertSelector()).iterator();
                    while (it.hasNext()) {
                        X509Certificate x509Certificate = (X509Certificate) it.next();
                        if (!hashMap.containsKey(x509Certificate.getSubjectDN().toString())) {
                            hashMap.put(x509Certificate.getSubjectDN().toString(), x509Certificate);
                        }
                    }
                } catch (Exception e) {
                    logger.warn("Failed to create trust store", e);
                }
                try {
                    ms_sigPolStore = Stores.getSigningPolicyStore(str2 + "/" + Stores.getDefaultSigningPolicyFilesPattern());
                } catch (GeneralSecurityException e2) {
                    logger.warn("Failed to create signing_policy store", e2);
                }
                try {
                    ms_sigPolStore = Stores.getSigningPolicyStore(str2 + "/" + Stores.getDefaultSigningPolicyFilesPattern());
                    Iterator<? extends Certificate> it2 = KeyStoreUtil.getTrustedCertificates(ms_trustStore, new X509CertSelector()).iterator();
                    while (it2.hasNext()) {
                        X509Certificate x509Certificate2 = (X509Certificate) it2.next();
                        X500Principal subjectX500Principal = x509Certificate2.getSubjectX500Principal();
                        if (hashMap.containsKey(x509Certificate2.getSubjectDN().toString())) {
                            try {
                                SigningPolicy signingPolicy = ms_sigPolStore.getSigningPolicy(subjectX500Principal);
                                if (signingPolicy != null) {
                                    hashMap2.put(CertificateUtil.toGlobusID(signingPolicy.getCASubjectDN()), signingPolicy);
                                } else if (!this.invalidPolicies.contains(subjectX500Principal)) {
                                    logger.warn("no signing policy for ca cert " + x509Certificate2.getSubjectDN());
                                    this.invalidPolicies.add(subjectX500Principal);
                                }
                            } catch (Exception e3) {
                                if (!this.invalidPolicies.contains(subjectX500Principal)) {
                                    logger.warn("Invalid signing policy for CA certificate; skipping");
                                    logger.debug("Invalid signing policy for CA certificate; skipping", e3);
                                    this.invalidPolicies.add(subjectX500Principal);
                                }
                            }
                        }
                    }
                } catch (Exception e4) {
                    logger.warn("Failed to create signing policy store", e4);
                }
            } else {
                logger.debug("Cannot read: " + file.getAbsolutePath());
            }
        }
        this.changed = true;
        this.certSubjectDNMap = hashMap;
        this.policyDNMap = hashMap2;
        if (this.changed) {
            this.certList = null;
        }
    }

    private String getPolicyFileName(String str) {
        return str.substring(0, str.lastIndexOf(".")) + SIGNING_POLICY_FILE_SUFFIX;
    }

    public boolean isChanged() {
        return this.changed;
    }

    public static synchronized TrustedCertificates getDefaultTrustedCertificates() {
        return getDefault();
    }

    public static void setDefaultTrustedCertificates(TrustedCertificates trustedCertificates2) {
        trustedCertificates = trustedCertificates2;
    }

    public static synchronized TrustedCertificates getDefault() {
        if (trustedCertificates == null) {
            trustedCertificates = new DefaultTrustedCertificates();
        }
        return trustedCertificates;
    }

    public static KeyStore getTrustStore() {
        return ms_trustStore;
    }

    public static CertStore getcrlStore() {
        return ms_crlStore;
    }

    public static ResourceSigningPolicyStore getsigPolStore() {
        return ms_sigPolStore;
    }

    public String toString() {
        String obj = this.certSubjectDNMap == null ? "Certificate list is empty." : this.certSubjectDNMap.toString();
        return this.policyDNMap == null ? obj + "Signing policy list is empty." : obj + this.policyDNMap.toString();
    }

    static {
        new ProviderLoader();
        certFileFilter = new CertFilter();
        trustedCertificates = null;
        ms_trustStore = null;
        ms_crlStore = null;
        ms_sigPolStore = null;
    }
}
