package org.globus.gsi.stores;

import java.io.IOException;
import java.net.URI;
import java.security.InvalidAlgorithmParameterException;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jena.atlas.json.io.JSWriter;
import org.globus.gsi.SigningPolicy;
import org.globus.gsi.provider.SigningPolicyStore;
import org.globus.gsi.provider.SigningPolicyStoreException;
import org.globus.gsi.provider.SigningPolicyStoreParameters;
import org.globus.gsi.util.CertificateIOUtil;
import org.globus.util.GlobusPathMatchingResourcePatternResolver;
import org.globus.util.GlobusResource;

/* loaded from: input_file:BOOT-INF/lib/ssl-proxies-2.1.0.jar:org/globus/gsi/stores/ResourceSigningPolicyStore.class */
public class ResourceSigningPolicyStore implements SigningPolicyStore {
    private ResourceSigningPolicyStoreParameters parameters;
    private static final Log logger = LogFactory.getLog(ResourceSigningPolicyStore.class.getCanonicalName());
    private static final long CACHE_TIME_MILLIS = 3600000;
    private Map<URI, ResourceSigningPolicy> signingPolicyFileMap = new HashMap();
    private Map<String, SigningPolicy> policyMap = new HashMap();
    private final Map<String, Long> invalidPoliciesCache = new HashMap();
    private final Map<String, Long> validPoliciesCache = new HashMap();

    public ResourceSigningPolicyStore(SigningPolicyStoreParameters signingPolicyStoreParameters) throws InvalidAlgorithmParameterException {
        if (signingPolicyStoreParameters == null) {
            throw new IllegalArgumentException();
        }
        if (!(signingPolicyStoreParameters instanceof ResourceSigningPolicyStoreParameters)) {
            throw new InvalidAlgorithmParameterException();
        }
        this.parameters = (ResourceSigningPolicyStoreParameters) signingPolicyStoreParameters;
    }

    @Override // org.globus.gsi.provider.SigningPolicyStore
    public synchronized SigningPolicy getSigningPolicy(X500Principal x500Principal) throws SigningPolicyStoreException {
        if (x500Principal == null) {
            return null;
        }
        String name = x500Principal.getName();
        long currentTimeMillis = System.currentTimeMillis();
        String nameHash = CertificateIOUtil.nameHash(x500Principal);
        Long l = this.validPoliciesCache.get(name);
        Long l2 = this.invalidPoliciesCache.get(name);
        if (l2 != null && currentTimeMillis - l2.longValue() < 36000000) {
            return null;
        }
        if (l == null || currentTimeMillis - l.longValue() >= 3600000 || !this.policyMap.containsKey(name)) {
            loadPolicy(nameHash, name);
        }
        return this.policyMap.get(name);
    }

    private synchronized void loadPolicy(String str, String str2) throws SigningPolicyStoreException {
        GlobusResource[] resources = new GlobusPathMatchingResourcePatternResolver().getResources(this.parameters.getTrustRootLocations());
        long currentTimeMillis = System.currentTimeMillis();
        boolean z = false;
        for (GlobusResource globusResource : resources) {
            if (globusResource.getFilename().startsWith(str) && loadSigningPolicy(globusResource, this.policyMap, this.signingPolicyFileMap, currentTimeMillis)) {
                z = true;
            }
        }
        if (!z) {
            for (GlobusResource globusResource2 : resources) {
                loadSigningPolicy(globusResource2, this.policyMap, this.signingPolicyFileMap, currentTimeMillis);
            }
        }
        if (this.validPoliciesCache.containsKey(str2)) {
            return;
        }
        this.invalidPoliciesCache.put(str2, Long.valueOf(currentTimeMillis));
    }

    private boolean loadSigningPolicy(GlobusResource globusResource, Map<String, SigningPolicy> map, Map<URI, ResourceSigningPolicy> map2, long j) {
        String filename = globusResource.getFilename();
        boolean z = false;
        Long l = this.invalidPoliciesCache.get(filename);
        if (l != null && j - l.longValue() < 36000000) {
            return false;
        }
        try {
        } catch (SigningPolicyStoreException e) {
            if (l == null || j - l.longValue() >= 36000000) {
                logger.warn("Failed to load signing policy: " + filename + JSWriter.ObjectPairSep + e.getMessage());
                logger.debug("Failed to load signing policy: " + filename, e);
                this.invalidPoliciesCache.put(filename, Long.valueOf(j));
            }
        }
        if (!globusResource.isReadable()) {
            throw new SigningPolicyStoreException("file is not readable");
        }
        try {
            URI uri = globusResource.getURI();
            ResourceSigningPolicy resourceSigningPolicy = this.signingPolicyFileMap.get(uri);
            if (resourceSigningPolicy == null) {
                try {
                    resourceSigningPolicy = new ResourceSigningPolicy(globusResource);
                } catch (ResourceStoreException e2) {
                    throw new SigningPolicyStoreException(e2);
                }
            }
            Collection<SigningPolicy> signingPolicies = resourceSigningPolicy.getSigningPolicies();
            map2.put(uri, resourceSigningPolicy);
            if (signingPolicies != null) {
                for (SigningPolicy signingPolicy : signingPolicies) {
                    X500Principal cASubjectDN = signingPolicy.getCASubjectDN();
                    map.put(cASubjectDN.getName(), signingPolicy);
                    this.validPoliciesCache.put(cASubjectDN.getName(), Long.valueOf(j));
                }
            }
            z = true;
            return z;
        } catch (IOException e3) {
            throw new SigningPolicyStoreException(e3);
        }
    }
}
