package org.astrogrid.security;

import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.Socket;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import org.astrogrid.registry.RegistryException;
import org.astrogrid.security.authorization.AccessPolicy;
import org.astrogrid.security.community.RegistryClient;
import org.astrogrid.security.community.SsoClient;
import org.astrogrid.security.keystore.KeyStoreClient;
import org.astrogrid.security.myproxy.MyProxyClient;
import org.astrogrid.security.ssl.GullibleX509TrustManager;
import org.mortbay.http.HttpMessage;

/* loaded from: input_file:org/astrogrid/security/SecurityGuard.class */
public class SecurityGuard implements X509KeyManager {
    protected Subject subject;
    protected AccessPolicy accessPolicy;
    protected RegistryClient registry;
    static final /* synthetic */ boolean $assertionsDisabled;

    public SecurityGuard() {
        this.subject = new Subject();
        this.accessPolicy = null;
    }

    public SecurityGuard(Subject subject) {
        this.subject = cloneSubject(subject);
        this.accessPolicy = null;
    }

    public SecurityGuard(SecurityGuard securityGuard) {
        this.subject = cloneSubject(securityGuard.getSubject());
        this.accessPolicy = securityGuard.accessPolicy;
    }

    public void setRegistryClient(RegistryClient registryClient) {
        this.registry = registryClient;
    }

    public Subject getSubject() {
        return this.subject;
    }

    public Subject getSsoSubject() {
        return this.subject;
    }

    public Subject getGridSubject() {
        return this.subject;
    }

    public void setSsoUsername(String str) {
        this.subject.getPublicCredentials().add(new AccountName(str));
    }

    public String getSsoUsername() {
        Set publicCredentials = this.subject.getPublicCredentials(AccountName.class);
        if (publicCredentials.size() > 0) {
            return ((AccountName) publicCredentials.iterator().next()).getName();
        }
        return null;
    }

    public void setSsoPassword(String str) {
        this.subject.getPrivateCredentials().add(str);
    }

    public String getSsoPassword() {
        Set privateCredentials = this.subject.getPrivateCredentials(String.class);
        if (privateCredentials.size() == 0) {
            return null;
        }
        return (String) privateCredentials.iterator().next();
    }

    public boolean isSignedOn() {
        return getX500Principal() != null;
    }

    public X500Principal getX500Principal() {
        Iterator it = this.subject.getPrincipals(X500Principal.class).iterator();
        if (it.hasNext()) {
            return (X500Principal) it.next();
        }
        return null;
    }

    public void setX500Principal(X500Principal x500Principal) {
        this.subject.getPrincipals().add(x500Principal);
    }

    public X509Certificate[] getCertificateChain() {
        Iterator it = this.subject.getPublicCredentials(CertPath.class).iterator();
        if (!it.hasNext()) {
            return new X509Certificate[0];
        }
        List<? extends Certificate> certificates = ((CertPath) it.next()).getCertificates();
        X509Certificate[] x509CertificateArr = new X509Certificate[certificates.size()];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr[i] = (X509Certificate) certificates.get(i);
        }
        return x509CertificateArr;
    }

    public void setCertificateChain(X509Certificate[] x509CertificateArr) throws CertificateException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        ArrayList arrayList = new ArrayList(x509CertificateArr.length);
        for (int i = 0; i < x509CertificateArr.length; i++) {
            if (!$assertionsDisabled && x509CertificateArr[i] == null) {
                throw new AssertionError();
            }
            arrayList.add(x509CertificateArr[i]);
        }
        this.subject.getPublicCredentials().add(certificateFactory.generateCertPath(arrayList));
    }

    public void setCertificateChain(CertPath certPath) {
        this.subject.getPublicCredentials().add(certPath);
    }

    public void setX500PrincipalFromCertificateChain() {
        X509Certificate identityCertificate = getIdentityCertificate();
        if (identityCertificate != null) {
            this.subject.getPrincipals().add(identityCertificate.getSubjectX500Principal());
        }
    }

    public PrivateKey getPrivateKey() {
        Set privateCredentials = this.subject.getPrivateCredentials(PrivateKey.class);
        if (privateCredentials.size() > 0) {
            return (PrivateKey) privateCredentials.iterator().next();
        }
        return null;
    }

    public void setPrivateKey(PrivateKey privateKey) {
        PrivateKey privateKey2 = getPrivateKey();
        if (privateKey2 != null) {
            this.subject.getPrivateCredentials().remove(privateKey2);
        }
        if (privateKey != null) {
            this.subject.getPrivateCredentials().add(privateKey);
        }
    }

    public X509Certificate getIdentityCertificate() {
        X509Certificate[] certificateChain = getCertificateChain();
        for (int i = 0; i < certificateChain.length; i++) {
            if (certificateChain[i].getExtensionValue("1.3.6.1.5.5.7.1.14") == null && certificateChain[i].getExtensionValue("1.3.6.1.4.1.3536.1.222") == null) {
                return certificateChain[i];
            }
        }
        return null;
    }

    public String getHomespaceLocationAsString() {
        Iterator it = this.subject.getPrincipals(HomespaceLocation.class).iterator();
        if (it.hasNext()) {
            return ((HomespaceLocation) it.next()).getName();
        }
        return null;
    }

    public URI getHomespaceLocation() {
        Iterator it = this.subject.getPrincipals(HomespaceLocation.class).iterator();
        if (it.hasNext()) {
            return ((HomespaceLocation) it.next()).getUri();
        }
        return null;
    }

    public void setHomespaceLocation(String str) {
        this.subject.getPrincipals().add(new HomespaceLocation(str));
    }

    public AccountIvorn getAccountIvorn() {
        return (AccountIvorn) getFirstPrincipal(AccountIvorn.class);
    }

    public Object getFirstPrincipal(Class cls) {
        Object[] array = this.subject.getPrincipals(cls).toArray();
        if (array.length > 0) {
            return array[0];
        }
        return null;
    }

    public Object getFirstPrivateCredential(Class cls) {
        Object[] array = this.subject.getPrivateCredentials(cls).toArray();
        if (array.length > 0) {
            return array[0];
        }
        return null;
    }

    public void setAccessPolicy(AccessPolicy accessPolicy) {
        this.accessPolicy = accessPolicy;
    }

    public Map decide(Map map) throws SecurityException, GeneralSecurityException, Exception {
        if (this.accessPolicy == null) {
            throw new GeneralSecurityException("No access policy is loaded");
        }
        return this.accessPolicy.decide(this, map);
    }

    public void signOn(String str, String str2, int i) throws URISyntaxException, IOException, GeneralSecurityException, RegistryException {
        AccountIvorn accountIvorn = new AccountIvorn(str);
        SignOnClient signOnClient = getSignOnClient(accountIvorn.getCommunityIvorn());
        signOnClient.authenticate(accountIvorn.getUserName(), str2, i, this);
        signOnClient.home(accountIvorn.getUserName(), this);
        this.subject.getPrincipals().add(accountIvorn);
    }

    public void signOn(String str, String str2, int i, URI uri) throws URISyntaxException, IOException, GeneralSecurityException, RegistryException {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && str2 == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && i <= 0) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && uri == null) {
            throw new AssertionError();
        }
        SignOnClient signOnClient = getSignOnClient(uri);
        try {
            signOnClient.authenticate(str, str2, i, this);
            signOnClient.home(str, this);
            if (uri.getScheme().equals("ivo")) {
                this.subject.getPrincipals().add(new AccountIvorn("ivo://" + str + '@' + uri.getAuthority() + uri.getPath()));
            }
        } catch (IOException e) {
            throw new GeneralSecurityException("Authentication failed", e);
        }
    }

    public void changePassword(String str, String str2, String str3, URI uri) throws URISyntaxException, IOException, GeneralSecurityException, RegistryException {
        try {
            getSignOnClient(uri).changePassword(str, str2, str3, this);
        } catch (Exception e) {
            throw new GeneralSecurityException("Failed to change the password", e);
        }
    }

    public void configureHttps(HttpURLConnection httpURLConnection) {
        if (!$assertionsDisabled && httpURLConnection == null) {
            throw new AssertionError();
        }
        if (httpURLConnection instanceof HttpsURLConnection) {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(new KeyManager[]{this}, new TrustManager[]{new GullibleX509TrustManager()}, null);
                httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
            } catch (Exception e) {
                throw new RuntimeException("Failed to configure HTTPS", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject cloneSubject(Subject subject) {
        if (subject == null) {
            return null;
        }
        return new Subject(false, new HashSet(subject.getPrincipals()), new HashSet(subject.getPublicCredentials()), new HashSet(subject.getPrivateCredentials()));
    }

    public void loadKeyStoreEntry(String str, String str2, KeyStore keyStore) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && str2 == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && keyStore == null) {
            throw new AssertionError();
        }
        Certificate[] certificateChain = keyStore.getCertificateChain(str);
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
        for (int i = 0; i < certificateChain.length; i++) {
            x509CertificateArr[i] = (X509Certificate) certificateChain[i];
        }
        setCertificateChain(x509CertificateArr);
        setPrivateKey((PrivateKey) keyStore.getKey(str, str2.toCharArray()));
        setX500PrincipalFromCertificateChain();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return getX500Principal() == null ? new String[0] : new String[]{"default"};
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        if (getX500Principal() == null) {
            return null;
        }
        return "default";
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return new String[0];
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        if (str.equals("default")) {
            return getCertificateChain();
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        if (str.equals("default")) {
            return getPrivateKey();
        }
        return null;
    }

    private SignOnClient getSignOnClient(URI uri) throws RegistryException {
        if (this.registry == null) {
            this.registry = new RegistryClient();
        }
        String scheme = uri.getScheme();
        if (scheme.equals("myproxy")) {
            return new MyProxyClient(uri);
        }
        if (scheme.equals(HttpMessage.__SSL_SCHEME)) {
            return new SsoClient(uri.toString());
        }
        if (!scheme.equals("ivo")) {
            return new KeyStoreClient(uri);
        }
        URI accountsEndpoint = this.registry.getAccountsEndpoint(uri);
        if (accountsEndpoint != null) {
            return new SsoClient(accountsEndpoint.toString());
        }
        URI myProxyEndpoint = this.registry.getMyProxyEndpoint(uri);
        if (myProxyEndpoint == null) {
            throw new RegistryException(uri.toString() + " is not a recognized sign-on service.");
        }
        return new MyProxyClient(myProxyEndpoint);
    }

    static {
        $assertionsDisabled = !SecurityGuard.class.desiredAssertionStatus();
    }
}
