package org.astrogrid.security.delegation;

import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.AccessControlException;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import org.astrogrid.security.SecurityGuard;
import org.astrogrid.security.rfc3820.ProxyCertificateFactory;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.openssl.PEMWriter;

/* loaded from: input_file:org/astrogrid/security/delegation/DelegationClient.class */
public class DelegationClient {
    private URI endpoint;
    private SecurityGuard guard;

    public DelegationClient(URI uri, SecurityGuard securityGuard) {
        this.endpoint = uri;
        this.guard = securityGuard;
    }

    public void delegate() throws MalformedURLException, IOException, GeneralSecurityException, URISyntaxException {
        X509Certificate identityCertificate = this.guard.getIdentityCertificate();
        if (identityCertificate == null) {
            throw new AccessControlException("No identity certificate was provided.");
        }
        String name = identityCertificate.getSubjectX500Principal().getName("CANONICAL");
        WebResource webResource = new WebResource(this.endpoint, this.guard);
        HashMap hashMap = new HashMap();
        hashMap.put("DN", name);
        webResource.post(hashMap);
        if (webResource.getResponseCode() != 201) {
            throw new IOException("Server returned HTTP code " + webResource.getResponseCode() + " when asked to register a new identity.");
        }
        WebResource redirectionWebResource = webResource.getRedirectionWebResource();
        System.out.println(redirectionWebResource.getUri());
        WebResource subordinateWebResource = redirectionWebResource.getSubordinateWebResource("CSR");
        subordinateWebResource.get();
        if (subordinateWebResource.getResponseCode() != 200) {
            throw new IOException("Server returned HTTP code " + subordinateWebResource.getResponseCode() + " when asked for the CSR.");
        }
        X509Certificate createProxyCertificate = new ProxyCertificateFactory().createProxyCertificate(this.guard.getCertificateChain()[0], this.guard.getPrivateKey(), ((PKCS10CertificationRequest) new PEMReader(new InputStreamReader(subordinateWebResource.getInputStream())).readObject()).getPublicKey(), 36000, false);
        WebResource subordinateWebResource2 = redirectionWebResource.getSubordinateWebResource("certificate");
        PEMWriter pEMWriter = new PEMWriter(new OutputStreamWriter(subordinateWebResource2.put()));
        pEMWriter.writeObject(createProxyCertificate);
        pEMWriter.close();
        if (subordinateWebResource2.getResponseCode() != 200) {
            throw new IOException("Server returned HTTP code " + subordinateWebResource2.getResponseCode() + " when given the certificate.");
        }
    }
}
