package org.glite.security.trustmanager;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Timer;
import java.util.TimerTask;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import org.apache.log4j.Logger;
import org.bouncycastle.openssl.PasswordFinder;
import org.glite.security.SecurityContext;
import org.glite.security.util.CaseInsensitiveProperties;
import org.glite.security.util.DNHandler;
import org.glite.security.util.FileCertReader;
import org.glite.security.util.KeyStoreGenerator;
import org.glite.security.util.Password;

/* loaded from: input_file:org/glite/security/trustmanager/UpdatingKeyManager.class */
public class UpdatingKeyManager extends X509ExtendedKeyManager {
    static final Logger LOGGER = Logger.getLogger(UpdatingKeyManager.class.getName());
    char[] passwd;
    KeyStore keyStore;
    X509KeyManager managerImpl;
    long intervalSecs;
    KeyManagerFactory keyManagerFactory;
    String identityCertFile;
    String identityKeyFile;
    String identityKeyPasswd;
    String identityStoreFile;
    String identityStoreType;
    String identityStorePasswd;
    String proxyFile;
    String proxyIntervalBlob;
    PasswordFinder passwordFinder;
    Timer identityTimer;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/glite/security/trustmanager/UpdatingKeyManager$RefreshIdentity.class */
    public class RefreshIdentity extends TimerTask {
        RefreshIdentity() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            UpdatingKeyManager.LOGGER.debug("refreshing credentials.\n");
            try {
                UpdatingKeyManager.this.loadKeystore();
            } catch (Exception e) {
                UpdatingKeyManager.LOGGER.fatal("Credentials reload failed");
                throw new RuntimeException("Credentials reload failed");
            }
        }

        public String toString() {
            return "UpdatingKeyManager.RefreshIdentity timer task" + super.toString();
        }
    }

    public UpdatingKeyManager(CaseInsensitiveProperties caseInsensitiveProperties, PasswordFinder passwordFinder) throws NoSuchAlgorithmException, CertificateException {
        this.intervalSecs = -1L;
        this.identityTimer = null;
        this.identityCertFile = caseInsensitiveProperties.getProperty(ContextWrapper.CREDENTIALS_CERT_FILE);
        this.identityKeyFile = caseInsensitiveProperties.getProperty(ContextWrapper.CREDENTIALS_KEY_FILE);
        this.identityKeyPasswd = caseInsensitiveProperties.getProperty(ContextWrapper.CREDENTIALS_KEY_PASSWD);
        this.identityStoreFile = caseInsensitiveProperties.getProperty(ContextWrapper.CREDENTIALS_STORE_FILE);
        this.identityStoreType = caseInsensitiveProperties.getProperty(ContextWrapper.CREDENTIALS_STORE_TYPE, ContextWrapper.KEYSTORE_TYPE_DEFAULT);
        this.identityStorePasswd = caseInsensitiveProperties.getProperty(ContextWrapper.CREDENTIALS_STORE_PASSWD);
        this.proxyFile = caseInsensitiveProperties.getProperty(ContextWrapper.CREDENTIALS_PROXY_FILE);
        this.proxyIntervalBlob = caseInsensitiveProperties.getProperty(ContextWrapper.CREDENTIALS_UPDATE_INTERVAL);
        try {
            this.keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            this.passwordFinder = passwordFinder;
            try {
                loadKeystore();
                if (this.proxyIntervalBlob != null) {
                    this.intervalSecs = ContextWrapper.getIntervalSecs(this.proxyIntervalBlob);
                    startUpdateLoop();
                }
            } catch (CertificateException e) {
                LOGGER.fatal("credentials loading failed: " + e.getMessage());
                throw e;
            }
        } catch (NoSuchAlgorithmException e2) {
            LOGGER.fatal("Internal: X509 key manager initialization failed: " + e2.getMessage());
            throw e2;
        }
    }

    public UpdatingKeyManager(KeyStore keyStore, char[] cArr) throws Exception {
        this.intervalSecs = -1L;
        this.identityTimer = null;
        try {
            this.keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            setManager(keyStore, cArr);
        } catch (Exception e) {
            LOGGER.fatal("UpdatingKeymanager: initialization failed because of internal error: " + e.getMessage());
            throw e;
        }
    }

    private void setManager(KeyStore keyStore, char[] cArr) throws CertificateException {
        this.keyStore = keyStore;
        this.passwd = cArr;
        try {
            LOGGER.debug("Setting key manager implementation with keystore: " + keyStore + " containing aliases: " + keyStore.aliases());
            this.keyManagerFactory.init(this.keyStore, cArr);
            this.managerImpl = (X509KeyManager) this.keyManagerFactory.getKeyManagers()[0];
        } catch (Exception e) {
            LOGGER.fatal("Credentials reading failed: " + e.getMessage());
            throw new CertificateException("Credentials reading failed: " + e.getMessage());
        }
    }

    void loadKeystore() throws CertificateException {
        FileInputStream fileInputStream = null;
        ByteArrayInputStream byteArrayInputStream = null;
        BufferedInputStream bufferedInputStream = null;
        try {
            try {
                if (this.identityStoreFile != null) {
                    LOGGER.debug("using credentials from keystore: " + this.identityStoreFile);
                    KeyStore keyStore = KeyStore.getInstance(this.identityStoreType);
                    fileInputStream = new FileInputStream(this.identityStoreFile);
                    keyStore.load(fileInputStream, this.identityStorePasswd.toCharArray());
                    setManager(keyStore, this.identityStorePasswd.toCharArray());
                } else if (this.identityCertFile == null || this.identityKeyFile == null) {
                    LOGGER.debug("proxyfile given: " + this.proxyFile);
                    if (this.proxyFile == null) {
                        String property = System.getProperty(ContextWrapper.GRID_PROXY_STREAM);
                        if (property == null || property.length() <= 0) {
                            try {
                                LOGGER.debug("no proxyfile given, using default");
                                this.proxyFile = findProxy();
                                LOGGER.debug("read proxy: " + this.proxyFile);
                                bufferedInputStream = new BufferedInputStream(new FileInputStream(this.proxyFile));
                            } catch (Exception e) {
                                LOGGER.fatal("Credetials loading failed, no credentials defined and default credentials couldn't be found");
                                throw new CertificateException("Credetials loading failed, no credentials defined and default credentials couldn't be found");
                            }
                        } else {
                            LOGGER.debug("Loading proxy from a stream");
                            try {
                                byteArrayInputStream = new ByteArrayInputStream(property.getBytes());
                                bufferedInputStream = new BufferedInputStream(byteArrayInputStream);
                            } catch (Exception e2) {
                                LOGGER.debug("Unable to load Proxy from Stream");
                            }
                        }
                    } else {
                        bufferedInputStream = new BufferedInputStream(new FileInputStream(this.proxyFile));
                    }
                    setManager(new FileCertReader().readProxy(bufferedInputStream, ContextWrapper.INT_KEYSTORE_PASSWD), ContextWrapper.INT_KEYSTORE_PASSWD.toCharArray());
                } else {
                    LOGGER.debug("using credential cert file: " + this.identityCertFile + " and credential key file: " + this.identityKeyFile);
                    if (this.passwordFinder == null && this.identityKeyPasswd != null) {
                        this.passwordFinder = new Password(this.identityKeyPasswd.toCharArray());
                    }
                    setManager(KeyStoreGenerator.generate(this.identityCertFile, this.identityKeyFile, this.passwordFinder, ContextWrapper.INT_KEYSTORE_PASSWD), ContextWrapper.INT_KEYSTORE_PASSWD.toCharArray());
                }
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e3) {
                    }
                }
                if (byteArrayInputStream != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (IOException e4) {
                    }
                }
            } catch (Exception e5) {
                LOGGER.fatal("Identity reading failed: " + e5.getMessage());
                throw new CertificateException("Identity reading failed: " + e5.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (IOException e6) {
                }
            }
            if (0 != 0) {
                try {
                    byteArrayInputStream.close();
                } catch (IOException e7) {
                }
            }
            throw th;
        }
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        SecurityContext currentContext = SecurityContext.getCurrentContext();
        if (currentContext == null) {
            currentContext = new SecurityContext();
            SecurityContext.setCurrentContext(currentContext);
        }
        if (principalArr != null) {
            currentContext.setPeerCas(principalArr);
        }
        String chooseClientAlias = this.managerImpl.chooseClientAlias(strArr, principalArr, null);
        LOGGER.debug("UpdatingKeyManager.chooseEngineClientAlias: alias is=" + chooseClientAlias);
        return chooseClientAlias;
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        SecurityContext currentContext = SecurityContext.getCurrentContext();
        if (currentContext == null) {
            currentContext = new SecurityContext();
            SecurityContext.setCurrentContext(currentContext);
        }
        if (principalArr != null) {
            currentContext.setPeerCas(principalArr);
        }
        String chooseServerAlias = this.managerImpl.chooseServerAlias(str, principalArr, null);
        LOGGER.debug("UpdatingKeyManager.chooseEngineServerAlias: alias is=" + chooseServerAlias);
        return chooseServerAlias;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        SecurityContext currentContext = SecurityContext.getCurrentContext();
        if (currentContext == null) {
            currentContext = new SecurityContext();
            SecurityContext.setCurrentContext(currentContext);
        }
        if (principalArr != null) {
            currentContext.setPeerCas(principalArr);
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("types are:");
            for (String str : strArr) {
                LOGGER.debug(str);
            }
            if (principalArr != null) {
                LOGGER.debug("principals are:");
                for (Principal principal : principalArr) {
                    LOGGER.debug(DNHandler.getDN(principal));
                }
            } else {
                LOGGER.debug("no principals received");
            }
            LOGGER.debug("socket is: " + socket);
            LOGGER.debug("UpdatingKeyManager.chooseClientAlias: ks=" + this.managerImpl);
        }
        String chooseClientAlias = this.managerImpl.chooseClientAlias(strArr, principalArr, socket);
        LOGGER.debug("UpdatingKeyManager.chooseClientAlias: alias is=" + chooseClientAlias);
        return chooseClientAlias;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        SecurityContext currentContext = SecurityContext.getCurrentContext();
        if (currentContext == null) {
            currentContext = new SecurityContext();
            SecurityContext.setCurrentContext(currentContext);
        }
        if (principalArr != null) {
            currentContext.setPeerCas(principalArr);
        }
        String chooseServerAlias = this.managerImpl.chooseServerAlias(str, principalArr, socket);
        LOGGER.debug("UpdatingKeyManager.chooseServerAlias: type=" + str + " issuers=" + principalArr + " socket=" + socket + " alias is=" + chooseServerAlias);
        return chooseServerAlias;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        X509Certificate[] certificateChain = this.managerImpl.getCertificateChain(str);
        LOGGER.debug("alias=" + str + " DN is = " + (certificateChain == null ? null : certificateChain[0].getSubjectDN()));
        return certificateChain;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        String[] clientAliases = this.managerImpl.getClientAliases(str, principalArr);
        if (LOGGER.isDebugEnabled()) {
            String str2 = "";
            if (clientAliases != null) {
                for (String str3 : clientAliases) {
                    str2 = (str2 + str3) + ", ";
                }
            } else {
                str2 = "none";
            }
            LOGGER.debug("UpdatingKeyManager.getClientAliases: type=" + str + " issuers=" + principalArr + " aliases are=" + str2);
        }
        return clientAliases;
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        PrivateKey privateKey = this.managerImpl.getPrivateKey(str);
        LOGGER.debug(new StringBuilder().append("UpdatingKeyManager.getPrivateKey: alias= ").append(str).append(" key ").append(privateKey).toString() == null ? "not found." : "found.");
        return privateKey;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        String[] serverAliases = this.managerImpl.getServerAliases(str, principalArr);
        if (LOGGER.isDebugEnabled()) {
            String str2 = "";
            if (serverAliases != null) {
                for (String str3 : serverAliases) {
                    str2 = (str2 + str3) + ", ";
                }
            } else {
                str2 = "none";
            }
            LOGGER.debug("UpdatingKeyManager.getServerAliases: type=" + str + " issuers=" + principalArr + " aliases are=" + str2);
        }
        return serverAliases;
    }

    void startUpdateLoop() {
        if (this.intervalSecs > 0) {
            this.identityTimer = new Timer(true);
            this.identityTimer.schedule(new RefreshIdentity(), 0L, this.intervalSecs * 1000);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void stop() {
        if (this.identityTimer != null) {
            this.identityTimer.cancel();
            this.identityTimer = null;
        }
    }

    public String findProxy() throws IOException {
        try {
            String property = System.getProperty("X509_USER_PROXY");
            if (property != null) {
                return property;
            }
            String property2 = System.getProperty("X509_PROXY_FILE");
            if (property2 != null) {
                return property2;
            }
            File file = new File(System.getProperty("java.io.tmpdir"));
            if (!file.exists() || !file.isDirectory()) {
                LOGGER.fatal("directory " + file + " not found for default proxy loading");
                throw new IOException("directory " + file + " not found for default proxy loading");
            }
            String property3 = System.getProperty("UID");
            if (property3 != null) {
                return file.getAbsolutePath() + File.separator + "x509up_u" + property3;
            }
            LOGGER.fatal("No credentials defined and couldn't discover user uid for the proxy loading");
            throw new NoSuchFieldError("No credentials defined and couldn't discover user uid for the proxy loading");
        } catch (IOException e) {
            LOGGER.fatal("Proxy file finding failed: " + e.getMessage());
            throw new IOException("Proxy file finding failed: " + e.getMessage());
        }
    }

    public String toString() {
        return this.managerImpl == null ? "UpdatingKeyManager (uninitialized) [" + super.toString() + "]" : "UpdatingKeyManager [" + this.managerImpl.getCertificateChain(null)[0].toString() + "]";
    }
}
