package org.globus.gsi;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.CertStore;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.common.ChainedIOException;
import org.globus.common.CoGProperties;
import org.globus.gsi.provider.GlobusProvider;
import org.globus.gsi.provider.KeyStoreParametersFactory;
import org.globus.gsi.stores.ResourceCertStoreParameters;
import org.globus.gsi.stores.ResourceSigningPolicyStore;
import org.globus.gsi.stores.ResourceSigningPolicyStoreParameters;
import org.globus.gsi.trustmanager.X509ProxyCertPathValidator;
import org.globus.gsi.util.CertificateUtil;

/* loaded from: input_file:WEB-INF/lib/ssl-proxies-2.0.5.jar:org/globus/gsi/GlobusCredential.class */
public class GlobusCredential implements Serializable {
    private Log logger = LogFactory.getLog(getClass());
    private X509Credential cred;
    private static GlobusCredential defaultCred;
    private static transient long credentialLastModified = -1;
    private static transient boolean credentialSet = false;
    private static transient File credentialFile = null;

    public GlobusCredential(PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
        this.cred = new X509Credential(privateKey, x509CertificateArr);
    }

    public GlobusCredential(String str) throws GlobusCredentialException {
        try {
            this.cred = new X509Credential(str);
        } catch (Exception e) {
            throw new GlobusCredentialException(-1, e.getMessage(), e);
        }
    }

    public GlobusCredential(String str, String str2) throws GlobusCredentialException {
        if (str == null || str2 == null) {
            throw new IllegalArgumentException();
        }
        try {
            this.cred = new X509Credential(str, str2);
        } catch (Exception e) {
            throw new GlobusCredentialException(-1, e.getMessage(), e);
        }
    }

    public GlobusCredential(InputStream inputStream) throws GlobusCredentialException {
        try {
            this.cred = new X509Credential(inputStream);
        } catch (Exception e) {
            throw new GlobusCredentialException(-1, e.getMessage(), e);
        }
    }

    public void save(OutputStream outputStream) throws IOException {
        try {
            this.cred.save(outputStream);
        } catch (CertificateEncodingException e) {
            throw new ChainedIOException(e.getMessage(), e);
        }
    }

    public void verify() throws GlobusCredentialException {
        try {
            String str = "file:" + CoGProperties.getDefault().getCaCertLocations();
            String str2 = str + "/*.r*";
            String str3 = str + "/*.signing_policy";
            KeyStore keyStore = KeyStore.getInstance(GlobusProvider.KEYSTORE_TYPE, GlobusProvider.PROVIDER_NAME);
            CertStore certStore = CertStore.getInstance(GlobusProvider.CERTSTORE_TYPE, new ResourceCertStoreParameters(null, str2));
            ResourceSigningPolicyStore resourceSigningPolicyStore = new ResourceSigningPolicyStore(new ResourceSigningPolicyStoreParameters(str3));
            keyStore.load(KeyStoreParametersFactory.createTrustStoreParameters(str));
            new X509ProxyCertPathValidator().engineValidate(CertificateUtil.getCertPath(this.cred.getCertificateChain()), new X509ProxyCertPathParameters(keyStore, certStore, resourceSigningPolicyStore, false));
        } catch (Exception e) {
            e.printStackTrace();
            throw new GlobusCredentialException(-1, e.getMessage(), e);
        }
    }

    public X509Certificate getIdentityCertificate() {
        return this.cred.getIdentityCertificate();
    }

    public int getPathConstraint() {
        return this.cred.getPathConstraint();
    }

    public String getIdentity() {
        return this.cred.getIdentity();
    }

    public PrivateKey getPrivateKey() {
        try {
            return this.cred.getPrivateKey();
        } catch (Exception e) {
            return null;
        }
    }

    public X509Certificate[] getCertificateChain() {
        return this.cred.getCertificateChain();
    }

    public int getCertNum() {
        return this.cred.getCertNum();
    }

    public int getStrength() {
        try {
            return this.cred.getStrength();
        } catch (Exception e) {
            return -1;
        }
    }

    public String getSubject() {
        return this.cred.getSubject();
    }

    public String getIssuer() {
        return this.cred.getIssuer();
    }

    public int getProxyType() {
        return this.cred.getProxyType().getCode();
    }

    public long getTimeLeft() {
        return this.cred.getTimeLeft();
    }

    public static synchronized GlobusCredential getDefaultCredential() throws GlobusCredentialException {
        if (defaultCred == null) {
            reloadDefaultCredential();
        } else if (!credentialSet) {
            if (credentialFile.lastModified() == credentialLastModified) {
                defaultCred.verify();
            } else {
                defaultCred = null;
                reloadDefaultCredential();
            }
        }
        return defaultCred;
    }

    private static void reloadDefaultCredential() throws GlobusCredentialException {
        String proxyFile = CoGProperties.getDefault().getProxyFile();
        defaultCred = new GlobusCredential(proxyFile);
        credentialFile = new File(proxyFile);
        credentialLastModified = credentialFile.lastModified();
        defaultCred.verify();
    }

    public static synchronized void setDefaultCredential(GlobusCredential globusCredential) {
        credentialSet = globusCredential != null;
    }

    public String toString() {
        return this.cred.toString();
    }

    static {
        new ProviderLoader();
    }
}
