package org.globus.gsi.stores;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.gsi.CredentialException;
import org.globus.gsi.X509Credential;
import org.globus.gsi.provider.KeyStoreParametersFactory;
import org.globus.gsi.util.CertificateIOUtil;
import org.globus.util.GlobusPathMatchingResourcePatternResolver;
import org.globus.util.GlobusResource;

/* loaded from: input_file:WEB-INF/lib/ssl-proxies-2.0.5.jar:org/globus/gsi/stores/PEMKeyStore.class */
public class PEMKeyStore extends KeyStoreSpi {
    public static final String DEFAULT_DIRECTORY_KEY = "default_directory";
    public static final String DIRECTORY_LIST_KEY = "directory_list";
    public static final String CERTIFICATE_FILENAME = "certificateFilename";
    public static final String KEY_FILENAME = "keyFilename";
    public static final String PROXY_FILENAME = "proxyFilename";
    private static Log logger = LogFactory.getLog(PEMKeyStore.class.getCanonicalName());
    private File defaultDirectory;
    private Map<String, SecurityObjectWrapper<?>> aliasObjectMap = new Hashtable();
    private Map<Certificate, String> certFilenameMap = new HashMap();
    private ResourceSecurityWrapperStore<ResourceTrustAnchor, TrustAnchor> caDelegate = new ResourceCACertStore();
    private ResourceSecurityWrapperStore<ResourceProxyCredential, X509Credential> proxyDelegate = new ResourceProxyCredentialStore();
    private boolean inMemoryOnly = false;

    public void setCACertStore(ResourceSecurityWrapperStore<ResourceTrustAnchor, TrustAnchor> resourceSecurityWrapperStore) {
        this.caDelegate = resourceSecurityWrapperStore;
    }

    public void setProxyDelegate(ResourceSecurityWrapperStore<ResourceProxyCredential, X509Credential> resourceSecurityWrapperStore) {
        this.proxyDelegate = resourceSecurityWrapperStore;
    }

    private CredentialWrapper getKeyEntry(String str) {
        SecurityObjectWrapper<?> securityObjectWrapper = this.aliasObjectMap.get(str);
        if (securityObjectWrapper == null || !(securityObjectWrapper instanceof CredentialWrapper)) {
            return null;
        }
        return (CredentialWrapper) securityObjectWrapper;
    }

    private ResourceTrustAnchor getCertificateEntry(String str) {
        SecurityObjectWrapper<?> securityObjectWrapper = this.aliasObjectMap.get(str);
        if (securityObjectWrapper == null || !(securityObjectWrapper instanceof ResourceTrustAnchor)) {
            return null;
        }
        return (ResourceTrustAnchor) securityObjectWrapper;
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        CredentialWrapper keyEntry = getKeyEntry(str);
        PrivateKey privateKey = null;
        if (keyEntry != null) {
            String str2 = null;
            if (cArr != null) {
                try {
                    str2 = new String(cArr);
                } catch (CredentialException e) {
                    throw new UnrecoverableKeyException(e.getMessage());
                } catch (ResourceStoreException e2) {
                    throw new UnrecoverableKeyException(e2.getMessage());
                }
            }
            privateKey = keyEntry.getCredential().getPrivateKey(str2);
        }
        return privateKey;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return getKeyEntry(str) != null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        for (SecurityObjectWrapper<?> securityObjectWrapper : this.aliasObjectMap.values()) {
            if (securityObjectWrapper instanceof Storable) {
                try {
                    ((Storable) securityObjectWrapper).store();
                } catch (ResourceStoreException e) {
                    throw new CertificateException(e);
                }
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        try {
            ResourceTrustAnchor certificateEntry = getCertificateEntry(str);
            if (certificateEntry != null) {
                return certificateEntry.getTrustAnchor().getTrustedCert().getNotBefore();
            }
            CredentialWrapper keyEntry = getKeyEntry(str);
            if (keyEntry != null) {
                return keyEntry.getCredential().getNotBefore();
            }
            return null;
        } catch (ResourceStoreException e) {
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        return this.certFilenameMap.get(certificate);
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        CredentialWrapper keyEntry = getKeyEntry(str);
        X509Certificate[] x509CertificateArr = new X509Certificate[0];
        if (keyEntry != null) {
            try {
                x509CertificateArr = keyEntry.getCredential().getCertificateChain();
            } catch (ResourceStoreException e) {
                logger.warn(e.getMessage(), e);
                x509CertificateArr = null;
            }
        }
        return x509CertificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        ResourceTrustAnchor certificateEntry = getCertificateEntry(str);
        if (certificateEntry == null) {
            return null;
        }
        try {
            return certificateEntry.getTrustAnchor().getTrustedCert();
        } catch (ResourceStoreException e) {
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (!(loadStoreParameter instanceof KeyStoreParametersFactory.FileStoreParameters)) {
            throw new IllegalArgumentException("Unable to process parameters: " + loadStoreParameter);
        }
        KeyStoreParametersFactory.FileStoreParameters fileStoreParameters = (KeyStoreParametersFactory.FileStoreParameters) loadStoreParameter;
        initialize((String) fileStoreParameters.getProperty(DEFAULT_DIRECTORY_KEY), (String) fileStoreParameters.getProperty(DIRECTORY_LIST_KEY), (String) fileStoreParameters.getProperty(PROXY_FILENAME), (String) fileStoreParameters.getProperty(CERTIFICATE_FILENAME), (String) fileStoreParameters.getProperty(KEY_FILENAME));
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        try {
            Properties properties = new Properties();
            if (inputStream != null) {
                properties.load(inputStream);
                if (properties.size() == 0) {
                    throw new CertificateException("Properties file for configuration was empty?");
                }
            } else if (cArr == null) {
                this.inMemoryOnly = true;
            }
            initialize(properties.getProperty(DEFAULT_DIRECTORY_KEY), properties.getProperty(DIRECTORY_LIST_KEY), properties.getProperty(PROXY_FILENAME), properties.getProperty(CERTIFICATE_FILENAME), properties.getProperty(KEY_FILENAME));
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e) {
                    logger.info("Error closing inputStream", e);
                }
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e2) {
                    logger.info("Error closing inputStream", e2);
                }
            }
            throw th;
        }
    }

    private void initialize(String str, String str2, String str3, String str4, String str5) throws IOException, CertificateException {
        if (str != null) {
            this.defaultDirectory = new GlobusPathMatchingResourcePatternResolver().getResource(str).getFile();
            if (!this.defaultDirectory.exists() && !this.defaultDirectory.mkdirs()) {
                throw new IOException("Unable to create default certificate directory");
            }
            loadDirectories(str);
        }
        if (str2 != null) {
            loadDirectories(str2);
        }
        if (str3 != null) {
            try {
                if (str3.length() > 0) {
                    loadProxyCertificate(str3);
                }
            } catch (CredentialException e) {
                e.printStackTrace();
                throw new CertificateException(e);
            } catch (ResourceStoreException e2) {
                throw new CertificateException(e2);
            }
        }
        if (str4 != null && str4.length() > 0 && str5 != null && str5.length() > 0) {
            loadCertificateKey(str4, str5);
        }
    }

    private void loadProxyCertificate(String str) throws ResourceStoreException {
        if (str == null) {
            return;
        }
        this.proxyDelegate.loadWrappers(str);
        Iterator<ResourceProxyCredential> it = this.proxyDelegate.getWrapperMap().values().iterator();
        while (it.hasNext()) {
            this.aliasObjectMap.put(str, it.next());
        }
    }

    private void loadCertificateKey(String str, String str2) throws CredentialException, ResourceStoreException {
        GlobusPathMatchingResourcePatternResolver globusPathMatchingResourcePatternResolver = new GlobusPathMatchingResourcePatternResolver();
        if (str == null || str2 == null) {
            return;
        }
        this.aliasObjectMap.put(str + ":" + str2, new CertKeyCredential(globusPathMatchingResourcePatternResolver.getResource(str), globusPathMatchingResourcePatternResolver.getResource(str2)));
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void loadDirectories(String str) throws CertificateException {
        try {
            this.caDelegate.loadWrappers(str);
            Map<String, ResourceTrustAnchor> wrapperMap = this.caDelegate.getWrapperMap();
            HashSet hashSet = new HashSet();
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            HashMap hashMap3 = new HashMap();
            for (ResourceTrustAnchor resourceTrustAnchor : wrapperMap.values()) {
                String externalForm = resourceTrustAnchor.getResourceURL().toExternalForm();
                X509Certificate trustedCert = resourceTrustAnchor.getTrustAnchor().getTrustedCert();
                String nameHash = CertificateIOUtil.nameHash(trustedCert.getSubjectDN());
                if (this.aliasObjectMap == null) {
                    System.out.println("Alias Map Null");
                }
                boolean z = !externalForm.contains(nameHash);
                if (!hashSet.contains(nameHash) && z) {
                    hashSet.add(nameHash);
                    this.aliasObjectMap.put(externalForm, resourceTrustAnchor);
                    this.certFilenameMap.put(trustedCert, externalForm);
                } else if (!z) {
                    hashMap.put(nameHash, externalForm);
                    hashMap2.put(nameHash, resourceTrustAnchor);
                    hashMap3.put(nameHash, trustedCert);
                }
            }
            for (String str2 : hashMap.keySet()) {
                if (!hashSet.contains(str2)) {
                    String str3 = (String) hashMap.get(str2);
                    this.aliasObjectMap.put(str3, hashMap2.get(str2));
                    this.certFilenameMap.put(hashMap3.get(str2), str3);
                }
            }
        } catch (ResourceStoreException e) {
            throw new CertificateException("", e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        SecurityObjectWrapper<?> remove = this.aliasObjectMap.remove(str);
        if (remove != null) {
            if (remove instanceof ResourceTrustAnchor) {
                ResourceTrustAnchor resourceTrustAnchor = (ResourceTrustAnchor) remove;
                try {
                    this.certFilenameMap.remove(resourceTrustAnchor.getTrustAnchor().getTrustedCert());
                    if (resourceTrustAnchor.getFile().delete()) {
                        return;
                    }
                    logger.info("Unable to delete certificate");
                    return;
                } catch (ResourceStoreException e) {
                    throw new KeyStoreException(e);
                }
            }
            if (remove instanceof ResourceProxyCredential) {
                ResourceProxyCredential resourceProxyCredential = (ResourceProxyCredential) remove;
                try {
                    resourceProxyCredential.getCredential();
                    if (resourceProxyCredential.getFile().delete()) {
                        return;
                    }
                    logger.info("Unable to delete credential");
                } catch (ResourceStoreException e2) {
                    throw new KeyStoreException(e2);
                }
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        return Collections.enumeration(this.aliasObjectMap.keySet());
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        if (!(key instanceof PrivateKey)) {
            throw new KeyStoreException("PrivateKey expected");
        }
        if (!(certificateArr instanceof X509Certificate[])) {
            throw new KeyStoreException("Certificate chain of X509Certificate expected");
        }
        X509Credential x509Credential = new X509Credential((PrivateKey) key, (X509Certificate[]) certificateArr);
        CredentialWrapper createCertKeyCredential = x509Credential.isEncryptedKey() ? createCertKeyCredential(str, x509Credential) : createProxyCredential(str, x509Credential);
        storeWrapper(createCertKeyCredential);
        this.aliasObjectMap.put(createCertKeyCredential.getAlias(), createCertKeyCredential);
    }

    private CredentialWrapper createProxyCredential(String str, X509Credential x509Credential) throws KeyStoreException {
        Storable keyEntry = getKeyEntry(str);
        try {
            return new ResourceProxyCredential(this.inMemoryOnly, new GlobusResource(((keyEntry == null || !(keyEntry instanceof AbstractResourceSecurityWrapper)) ? new File(this.defaultDirectory, str + "-key.pem") : ((AbstractResourceSecurityWrapper) keyEntry).getFile()).getAbsolutePath()), x509Credential);
        } catch (ResourceStoreException e) {
            throw new KeyStoreException(e);
        }
    }

    private CredentialWrapper createCertKeyCredential(String str, X509Credential x509Credential) throws KeyStoreException {
        GlobusResource globusResource;
        GlobusResource globusResource2;
        CredentialWrapper keyEntry = getKeyEntry(str);
        if (keyEntry == null || !(keyEntry instanceof CertKeyCredential)) {
            globusResource = new GlobusResource(new File(this.defaultDirectory, str + ".0").getAbsolutePath());
            globusResource2 = new GlobusResource(new File(this.defaultDirectory, str + "-key.pem").getAbsolutePath());
        } else {
            CertKeyCredential certKeyCredential = (CertKeyCredential) keyEntry;
            globusResource = certKeyCredential.getCertificateFile();
            globusResource2 = certKeyCredential.getKeyFile();
        }
        try {
            return new CertKeyCredential(globusResource, globusResource2, x509Credential);
        } catch (ResourceStoreException e) {
            throw new KeyStoreException(e);
        }
    }

    private void storeWrapper(CredentialWrapper credentialWrapper) throws KeyStoreException {
        if (this.inMemoryOnly) {
            return;
        }
        try {
            credentialWrapper.store();
        } catch (ResourceStoreException e) {
            throw new KeyStoreException("Error storing credential", e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return this.aliasObjectMap.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.aliasObjectMap.size();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return getCertificateEntry(str) != null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        if (!(certificate instanceof X509Certificate)) {
            throw new KeyStoreException("Certificate must be instance of X509Certificate");
        }
        ResourceTrustAnchor certificateEntry = getCertificateEntry(str);
        File file = certificateEntry != null ? certificateEntry.getFile() : new File(this.defaultDirectory, str);
        X509Certificate x509Certificate = (X509Certificate) certificate;
        try {
            if (!this.inMemoryOnly) {
                CertificateIOUtil.writeCertificate(x509Certificate, file);
            }
            this.aliasObjectMap.put(str, new ResourceTrustAnchor(this.inMemoryOnly, new GlobusResource(file.getAbsolutePath()), new TrustAnchor(x509Certificate, null)));
            this.certFilenameMap.put(x509Certificate, str);
        } catch (IOException e) {
            throw new KeyStoreException(e);
        } catch (CertificateEncodingException e2) {
            throw new KeyStoreException(e2);
        } catch (ResourceStoreException e3) {
            throw new KeyStoreException(e3);
        }
    }
}
