package org.glite.voms.contact;

import java.io.ByteArrayInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
import java.util.TimeZone;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEREncodableVector;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.glite.voms.ac.AttributeCertificate;
import org.globus.gsi.GSIConstants;
import org.globus.gsi.X509Credential;
import org.globus.gsi.bc.BouncyCastleCertProcessingFactory;
import org.globus.gsi.gssapi.KeyPairCache;
import org.globus.gsi.proxy.ext.ProxyPolicy;
import org.globus.gsi.util.ProxyCertificateUtil;

/* loaded from: input_file:org/glite/voms/contact/VOMSProxyBuilder.class */
public class VOMSProxyBuilder {
    private static final Logger log = Logger.getLogger(VOMSProxyBuilder.class);
    public static final GSIConstants.CertificateType GT2_PROXY = GSIConstants.CertificateType.GSI_2_PROXY;
    public static final GSIConstants.CertificateType GT3_PROXY = GSIConstants.CertificateType.GSI_3_IMPERSONATION_PROXY;
    public static final GSIConstants.CertificateType GT4_PROXY = GSIConstants.CertificateType.GSI_4_IMPERSONATION_PROXY;
    public static final GSIConstants.CertificateType DEFAULT_PROXY_TYPE = GSIConstants.CertificateType.GSI_2_PROXY;
    public static final GSIConstants.DelegationType DEFAULT_DELEGATION_TYPE = GSIConstants.DelegationType.FULL;
    public static final int DEFAULT_PROXY_LIFETIME = 86400;
    public static final int DEFAULT_PROXY_SIZE = 1024;
    private static final String PROXY_CERT_INFO_V3_OID = "1.3.6.1.4.1.3536.1.222";
    private static final String PROXY_CERT_INFO_V4_OID = "1.3.6.1.5.5.7.1.14";

    public static AttributeCertificate buildAC(byte[] bArr) {
        try {
            return AttributeCertificate.getInstance(new ByteArrayInputStream(bArr));
        } catch (IOException e) {
            log.error("Error parsing attribute certificate:" + e.getMessage());
            if (log.isDebugEnabled()) {
                log.error(e.getMessage(), e);
            }
            throw new VOMSException(e);
        }
    }

    public static X509Credential buildProxy(UserCredentials userCredentials) {
        return buildProxy(userCredentials, 3600, DEFAULT_DELEGATION_TYPE);
    }

    public static X509Credential buildProxy(UserCredentials userCredentials, int i, GSIConstants.DelegationType delegationType) {
        try {
            return BouncyCastleCertProcessingFactory.getDefault().createCredential(userCredentials.getUserChain(), userCredentials.getUserKey(), 512, i, delegationType);
        } catch (GeneralSecurityException e) {
            log.error("Error creating temp proxy: " + e.getMessage());
            if (log.isDebugEnabled()) {
                log.error(e.getMessage(), e);
            }
            throw new VOMSException(e);
        } catch (Throwable th) {
            log.error("Error creating temp proxy: " + th.getMessage());
            if (log.isDebugEnabled()) {
                log.error(th.getMessage(), th);
            }
            throw new VOMSException(th.getMessage(), th.getCause());
        }
    }

    public static X509Credential buildProxy(UserCredentials userCredentials, int i, GSIConstants.CertificateType certificateType) {
        try {
            return BouncyCastleCertProcessingFactory.getDefault().createCredential(userCredentials.getUserChain(), userCredentials.getUserKey(), 512, i, certificateType);
        } catch (GeneralSecurityException e) {
            log.error("Error creating temp proxy: " + e.getMessage());
            if (log.isDebugEnabled()) {
                log.error(e.getMessage(), e);
            }
            throw new VOMSException(e);
        } catch (Throwable th) {
            log.error("Error creating temp proxy: " + th.getMessage());
            if (log.isDebugEnabled()) {
                log.error(th.getMessage(), th);
            }
            throw new VOMSException(th.getMessage(), th.getCause());
        }
    }

    public static X509Credential buildProxy(UserCredentials userCredentials, List list, int i) {
        try {
            return buildProxy(userCredentials, list, i, 1024, DEFAULT_PROXY_TYPE, DEFAULT_DELEGATION_TYPE, null);
        } catch (Throwable th) {
            log.error("Error creating proxy: " + th.getMessage());
            if (log.isDebugEnabled()) {
                log.error(th.getMessage(), th);
            }
            throw new VOMSException(th.getMessage(), th.getCause());
        }
    }

    public static X509Credential buildProxy(UserCredentials userCredentials, List list, int i, int i2, GSIConstants.CertificateType certificateType, GSIConstants.DelegationType delegationType, String str) {
        if (list.isEmpty()) {
            throw new VOMSException("Please specify a non-empty list of attribute certificate to build a voms-proxy.");
        }
        Iterator it = list.iterator();
        DEREncodableVector dEREncodableVector = new DEREncodableVector();
        while (it.hasNext()) {
            dEREncodableVector.add((ASN1Encodable) it.next());
        }
        HashMap hashMap = new HashMap();
        if (list.size() != 0) {
            hashMap.put("1.3.6.1.4.1.8005.100.100.5", ExtensionData.creator("1.3.6.1.4.1.8005.100.100.5", new DERSequence(new DERSequence(dEREncodableVector))));
        }
        hashMap.put("2.5.29.15", ExtensionData.creator("2.5.29.15", new KeyUsage(176).toASN1Primitive()));
        return myCreateCredential(userCredentials.getUserChain(), userCredentials.getUserKey(), i, i2, delegationType, certificateType, hashMap, str);
    }

    private static X509Credential myCreateCredential(X509Certificate[] x509CertificateArr, PrivateKey privateKey, int i, int i2, GSIConstants.DelegationType delegationType, GSIConstants.CertificateType certificateType, HashMap hashMap, String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KeyPairCache.DEFAULT_ALGORITHM, KeyPairCache.DEFAULT_PROVIDER);
            keyPairGenerator.initialize(i);
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            X509Certificate myCreateProxyCertificate = myCreateProxyCertificate(x509CertificateArr[0], privateKey, genKeyPair.getPublic(), i2, delegationType, certificateType, hashMap, str);
            X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + 1];
            x509CertificateArr2[0] = myCreateProxyCertificate;
            System.arraycopy(x509CertificateArr, 0, x509CertificateArr2, 1, x509CertificateArr.length);
            return new X509Credential(genKeyPair.getPrivate(), x509CertificateArr2);
        } catch (NoSuchAlgorithmException e) {
            throw new VOMSException(e.getMessage(), e.getCause());
        } catch (NoSuchProviderException e2) {
            throw new VOMSException(e2.getMessage(), e2.getCause());
        }
    }

    private static X509Certificate myCreateProxyCertificate(X509Certificate x509Certificate, PrivateKey privateKey, PublicKey publicKey, int i, GSIConstants.DelegationType delegationType, GSIConstants.CertificateType certificateType, HashMap hashMap, String str) {
        ProxyPolicy proxyPolicy;
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        String str2 = null;
        BigInteger bigInteger = null;
        switch (delegationType) {
            case LIMITED:
                str2 = "limited proxy";
                break;
            case FULL:
                str2 = "proxy";
                break;
        }
        switch (certificateType) {
            case GSI_3_LIMITED_PROXY:
            case GSI_4_LIMITED_PROXY:
            case GSI_3_IMPERSONATION_PROXY:
            case GSI_4_IMPERSONATION_PROXY:
            case GSI_3_INDEPENDENT_PROXY:
            case GSI_4_INDEPENDENT_PROXY:
            case GSI_3_RESTRICTED_PROXY:
            case GSI_4_RESTRICTED_PROXY:
                long abs = Math.abs(new Random().nextLong());
                str2 = String.valueOf(abs);
                bigInteger = new BigInteger(String.valueOf(abs));
                if (((ExtensionData) hashMap.get("1.3.6.1.4.1.3536.1.222")) == null) {
                    if (str == null) {
                        switch (certificateType) {
                            case GSI_3_LIMITED_PROXY:
                            case GSI_4_LIMITED_PROXY:
                                proxyPolicy = new ProxyPolicy(ProxyPolicy.LIMITED);
                                break;
                            case GSI_3_IMPERSONATION_PROXY:
                            case GSI_4_IMPERSONATION_PROXY:
                                proxyPolicy = new ProxyPolicy(ProxyPolicy.IMPERSONATION);
                                break;
                            case GSI_3_INDEPENDENT_PROXY:
                            case GSI_4_INDEPENDENT_PROXY:
                                proxyPolicy = new ProxyPolicy(ProxyPolicy.INDEPENDENT);
                                break;
                            default:
                                throw new IllegalArgumentException("Invalid proxyType " + certificateType);
                        }
                    } else {
                        try {
                            proxyPolicy = new ProxyPolicy(new ASN1ObjectIdentifier(str));
                        } catch (IllegalArgumentException e) {
                            throw new VOMSException("OID required as policyType");
                        }
                    }
                    if (ProxyCertificateUtil.isGsi3Proxy(certificateType)) {
                        hashMap.put("1.3.6.1.4.1.3536.1.222", ExtensionData.creator("1.3.6.1.4.1.3536.1.222", new MyProxyCertInfo(proxyPolicy, certificateType).toASN1Primitive()));
                        break;
                    } else if (ProxyCertificateUtil.isGsi4Proxy(certificateType)) {
                        hashMap.put("1.3.6.1.5.5.7.1.14", ExtensionData.creator("1.3.6.1.5.5.7.1.14", true, new MyProxyCertInfo(proxyPolicy, certificateType).toASN1Primitive()));
                        break;
                    }
                }
                break;
            case GSI_2_PROXY:
                new ProxyPolicy(ProxyPolicy.IMPERSONATION);
                bigInteger = x509Certificate.getSerialNumber();
                break;
            case GSI_2_LIMITED_PROXY:
                new ProxyPolicy(ProxyPolicy.LIMITED);
                bigInteger = x509Certificate.getSerialNumber();
                break;
        }
        ExtensionData[] extensionDataArr = (ExtensionData[]) hashMap.values().toArray(new ExtensionData[0]);
        for (int i2 = 0; i2 < extensionDataArr.length; i2++) {
            x509V3CertificateGenerator.addExtension(extensionDataArr[i2].getOID(), extensionDataArr[i2].getCritical(), extensionDataArr[i2].getObj());
        }
        X509Name subjectDN = x509Certificate.getSubjectDN();
        X509NameHelper x509NameHelper = new X509NameHelper(subjectDN);
        x509NameHelper.add(RFC4519Style.cn, str2);
        x509V3CertificateGenerator.setSubjectDN(x509NameHelper.getAsName());
        x509V3CertificateGenerator.setIssuerDN(subjectDN);
        x509V3CertificateGenerator.setSerialNumber(bigInteger);
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setSignatureAlgorithm(x509Certificate.getSigAlgName());
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("GMT"));
        gregorianCalendar.add(12, -5);
        x509V3CertificateGenerator.setNotBefore(gregorianCalendar.getTime());
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar(TimeZone.getTimeZone("GMT"));
        gregorianCalendar2.add(13, i);
        x509V3CertificateGenerator.setNotAfter(gregorianCalendar2.getTime());
        try {
            return x509V3CertificateGenerator.generate(privateKey);
        } catch (IllegalStateException e2) {
            throw new VOMSException(e2);
        } catch (InvalidKeyException e3) {
            throw new VOMSException(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new VOMSException(e4);
        } catch (SignatureException e5) {
            throw new VOMSException(e5);
        } catch (CertificateEncodingException e6) {
            throw new VOMSException(e6);
        }
    }

    public static void saveProxy(X509Credential x509Credential, OutputStream outputStream) {
        try {
            x509Credential.save(outputStream);
        } catch (IOException e) {
            throw new VOMSException("Error saving generated proxy: " + e.getMessage(), e);
        } catch (CertificateEncodingException e2) {
            throw new VOMSException("Error saving generated proxy: " + e2.getMessage(), e2);
        }
    }

    public static void saveProxy(X509Credential x509Credential, String str) throws FileNotFoundException {
        saveProxy(x509Credential, new FileOutputStream(str));
    }
}
