package edu.uiuc.ncsa.myproxy;

import edu.uiuc.ncsa.myproxy.oa4mp.server.util.AbstractCLIApprover;
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.core.util.HostUtil;
import edu.uiuc.ncsa.security.core.util.MyLoggingFacade;
import edu.uiuc.ncsa.security.util.pkcs.CertUtil;
import edu.uiuc.ncsa.security.util.pkcs.KeyUtil;
import edu.uiuc.ncsa.security.util.ssl.MyTrustManager;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.ProtocolException;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.security.auth.login.FailedLoginException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.log4j.lf5.util.StreamUtils;

/* loaded from: input_file:WEB-INF/lib/myproxy-logon-3.1.2.jar:edu/uiuc/ncsa/myproxy/MyProxyLogon.class */
public class MyProxyLogon {
    MyLoggingFacade mlf;
    public static final String version = "1.8";
    long socketTimeout;
    private static final int b64linelen = 64;
    private static final String X509_USER_PROXY_FILE = "x509up_u";
    private static final String VERSION = "VERSION=MYPROXYv2";
    private static final String GETCOMMAND = "COMMAND=0";
    private static final String TRUSTROOTS = "TRUSTED_CERTS=";
    private static final String USERNAME = "USERNAME=";
    private static final String PASSPHRASE = "PASSPHRASE=";
    private static final String LIFETIME = "LIFETIME=";
    private static final String CREDNAME = "CRED_NAME=";
    private static final String RESPONSE = "RESPONSE=";
    private static final String ERROR = "ERROR=";
    private static final String DN = "CN=ignore";
    private static final String TRUSTED_CERT_PATH = "/.globus/certificates";
    public final int DEFAULT_KEY_SIZE = 2048;
    protected int keySize;
    protected final int MIN_PASS_PHRASE_LEN = 6;
    protected static final String keyAlg = "RSA";
    protected static final String pkcs10SigAlgName = "SHA1withRSA";
    protected static final String pkcs10Provider = "BC";
    protected State state;
    protected String host;
    protected String username;
    protected String credname;
    protected String passphrase;
    protected int port;
    protected int lifetime;
    protected boolean requestTrustRoots;
    protected SSLSocket socket;
    protected BufferedInputStream socketIn;
    protected BufferedOutputStream socketOut;
    protected KeyPair keypair;
    protected Collection<X509Certificate> certificateChain;
    protected String[] trustrootFilenames;
    protected String[] trustrootData;
    KeyManagerFactory keyManagerFactory;
    String serverDN;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/myproxy-logon-3.1.2.jar:edu/uiuc/ncsa/myproxy/MyProxyLogon$State.class */
    public enum State {
        READY,
        CONNECTED,
        LOGGEDON,
        DONE
    }

    public MyLoggingFacade getMlf() {
        return this.mlf;
    }

    public long getSocketTimeout() {
        return this.socketTimeout;
    }

    public void setSocketTimeout(long j) {
        this.socketTimeout = j;
    }

    public MyProxyLogon(MyLoggingFacade myLoggingFacade) {
        this.mlf = null;
        this.socketTimeout = 0L;
        this.DEFAULT_KEY_SIZE = StreamUtils.DEFAULT_BUFFER_SIZE;
        this.keySize = StreamUtils.DEFAULT_BUFFER_SIZE;
        this.MIN_PASS_PHRASE_LEN = 6;
        this.state = State.READY;
        this.host = "localhost";
        this.port = 7512;
        this.lifetime = 43200;
        this.requestTrustRoots = false;
        this.serverDN = null;
        this.mlf = myLoggingFacade;
    }

    public MyProxyLogon(MyLoggingFacade myLoggingFacade, String str) {
        this.mlf = null;
        this.socketTimeout = 0L;
        this.DEFAULT_KEY_SIZE = StreamUtils.DEFAULT_BUFFER_SIZE;
        this.keySize = StreamUtils.DEFAULT_BUFFER_SIZE;
        this.MIN_PASS_PHRASE_LEN = 6;
        this.state = State.READY;
        this.host = "localhost";
        this.port = 7512;
        this.lifetime = 43200;
        this.requestTrustRoots = false;
        this.serverDN = null;
        this.mlf = myLoggingFacade;
        this.serverDN = str;
    }

    public MyProxyLogon() {
        this.mlf = null;
        this.socketTimeout = 0L;
        this.DEFAULT_KEY_SIZE = StreamUtils.DEFAULT_BUFFER_SIZE;
        this.keySize = StreamUtils.DEFAULT_BUFFER_SIZE;
        this.MIN_PASS_PHRASE_LEN = 6;
        this.state = State.READY;
        this.host = "localhost";
        this.port = 7512;
        this.lifetime = 43200;
        this.requestTrustRoots = false;
        this.serverDN = null;
        Logger logger = Logger.getLogger(MyProxyLogon.class.getName());
        logger.setUseParentHandlers(false);
        this.mlf = new MyLoggingFacade(logger);
        this.host = System.getenv("MYPROXY_SERVER");
        if (this.host == null) {
            this.host = "localhost";
        }
        String str = System.getenv("MYPROXY_SERVER_PORT");
        if (str != null) {
            this.port = Integer.parseInt(str);
        }
        this.username = System.getProperty("user.name");
    }

    public String getHost() {
        return this.host;
    }

    protected String hostLookup() throws UnknownHostException {
        return HostUtil.canonicalName(getHost());
    }

    public void setHost(String str) {
        this.host = str;
    }

    public int getPort() {
        return this.port;
    }

    public void setPort(int i) {
        this.port = i;
    }

    public int getKeySize() {
        return this.keySize;
    }

    public void setKeySize(int i) {
        this.keySize = i;
    }

    public String getUsername() {
        return this.username;
    }

    public void setUsername(String str) {
        this.username = str;
    }

    public String getCredentialName() {
        return this.credname;
    }

    public void setCredentialName(String str) {
        this.credname = str;
    }

    public void setPassphrase(String str) {
        this.passphrase = str;
    }

    public int getLifetime() {
        return this.lifetime;
    }

    public void setLifetime(int i) {
        this.lifetime = i;
    }

    public Collection<X509Certificate> getCertificates() {
        return this.certificateChain;
    }

    public PrivateKey getPrivateKey() {
        return this.keypair.getPrivate();
    }

    public void requestTrustRoots(boolean z) {
        this.requestTrustRoots = z;
    }

    public String[] getTrustRootFilenames() {
        return this.trustrootFilenames;
    }

    public String[] getTrustRootData() {
        return this.trustrootData;
    }

    public String getServerDN() {
        return this.serverDN;
    }

    public void setServerDN(String str) {
        this.serverDN = str;
    }

    public void connect() throws IOException, GeneralSecurityException {
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            MyTrustManager myTrustManager = new MyTrustManager(getMlf(), getExistingTrustRootPath(), getServerDN());
            myTrustManager.setHost(hostLookup());
            sSLContext.init(getKeyManagers(), new TrustManager[]{myTrustManager}, new SecureRandom());
            this.socket = (SSLSocket) sSLContext.getSocketFactory().createSocket(hostLookup(), this.port);
            if (0 < getSocketTimeout()) {
                this.socket.setSoTimeout((int) getSocketTimeout());
            }
            this.socket.startHandshake();
            this.socketIn = new BufferedInputStream(this.socket.getInputStream());
            this.socketOut = new BufferedOutputStream(this.socket.getOutputStream());
            this.state = State.CONNECTED;
        } catch (Throwable th) {
            handleException(th, getClass().getSimpleName() + " could not connect to the server, socket " + (this.socket == null ? "" : "not") + " created.");
        }
    }

    protected void handleException(Throwable th, String str) throws IOException, GeneralSecurityException {
        if (th instanceof SSLHandshakeException) {
            throw new GeneralException("Error connecting to server:" + th.getMessage(), th);
        }
        if (th instanceof IOException) {
            throw ((IOException) th);
        }
        if (!(th instanceof GeneralSecurityException)) {
            throw new GeneralSecurityException("Error: " + str, th);
        }
        throw ((GeneralSecurityException) th);
    }

    public KeyManagerFactory getKeyManagerFactory() {
        return this.keyManagerFactory;
    }

    public void setKeyManagerFactory(KeyManagerFactory keyManagerFactory) {
        this.keyManagerFactory = keyManagerFactory;
    }

    KeyManager[] getKeyManagers() {
        if (getKeyManagerFactory() == null) {
            return null;
        }
        return getKeyManagerFactory().getKeyManagers();
    }

    public void disconnect() throws IOException, GeneralSecurityException {
        try {
            this.socket.close();
            this.socket = null;
            this.socketIn = null;
            this.socketOut = null;
            this.state = State.READY;
        } catch (Throwable th) {
            handleException(th, getClass().getSimpleName() + " could not disconnect from the server, socket " + (this.socket == null ? "" : "not") + " created");
        }
    }

    public void logon() throws IOException, GeneralSecurityException {
        if (this.state != State.CONNECTED) {
            connect();
        }
        try {
            this.socketOut.write(48);
            this.socketOut.flush();
            this.socketOut.write(VERSION.getBytes());
            this.socketOut.write(10);
            this.socketOut.write(GETCOMMAND.getBytes());
            this.socketOut.write(10);
            this.socketOut.write(USERNAME.getBytes());
            this.socketOut.write(this.username.getBytes());
            this.socketOut.write(10);
            this.socketOut.write(PASSPHRASE.getBytes());
            this.socketOut.write(this.passphrase.getBytes());
            this.socketOut.write(10);
            this.socketOut.write(LIFETIME.getBytes());
            this.socketOut.write(Integer.toString(this.lifetime).getBytes());
            this.socketOut.write(10);
            if (this.credname != null) {
                this.socketOut.write(CREDNAME.getBytes());
                this.socketOut.write(this.credname.getBytes());
                this.socketOut.write(10);
            }
            if (this.requestTrustRoots) {
                this.socketOut.write(TRUSTROOTS.getBytes());
                this.socketOut.write("1\n".getBytes());
            }
            this.socketOut.flush();
            String readLine = readLine(this.socketIn);
            if (readLine == null) {
                throw new EOFException();
            }
            if (!readLine.equals(VERSION)) {
                throw new ProtocolException("bad MyProxy protocol VERSION string: " + readLine);
            }
            String readLine2 = readLine(this.socketIn);
            if (readLine2 == null) {
                throw new EOFException();
            }
            if (!readLine2.startsWith(RESPONSE) || readLine2.length() != RESPONSE.length() + 1) {
                throw new ProtocolException("bad MyProxy protocol RESPONSE string: " + readLine2);
            }
            char charAt = readLine2.charAt(RESPONSE.length());
            if (charAt == '1') {
                StringBuffer stringBuffer = new StringBuffer("MyProxy logon failed");
                while (true) {
                    String readLine3 = readLine(this.socketIn);
                    if (readLine3 == null) {
                        break;
                    } else if (readLine3.startsWith(ERROR)) {
                        stringBuffer.append('\n');
                        stringBuffer.append(readLine3.substring(ERROR.length()));
                    }
                }
                throw new FailedLoginException(stringBuffer.toString());
            }
            if (charAt == '2') {
                throw new ProtocolException("MyProxy authorization RESPONSE not implemented");
            }
            if (charAt != '0') {
                throw new ProtocolException("unknown MyProxy protocol RESPONSE string: " + readLine2);
            }
            while (true) {
                String readLine4 = readLine(this.socketIn);
                if (readLine4 == null) {
                    this.state = State.LOGGEDON;
                    return;
                }
                if (readLine4.startsWith(TRUSTROOTS)) {
                    this.trustrootFilenames = readLine4.substring(TRUSTROOTS.length()).split(",");
                    this.trustrootData = new String[this.trustrootFilenames.length];
                    for (int i = 0; i < this.trustrootFilenames.length; i++) {
                        String str = "FILEDATA_" + this.trustrootFilenames[i] + "=";
                        String readLine5 = readLine(this.socketIn);
                        if (readLine5 == null) {
                            throw new EOFException();
                        }
                        if (!readLine5.startsWith(str)) {
                            throw new ProtocolException("bad MyProxy protocol RESPONSE: expecting " + str + " but received " + readLine5);
                        }
                        this.trustrootData[i] = new String(Base64.decodeBase64(readLine5.substring(str.length())));
                    }
                }
            }
        } catch (Throwable th) {
            handleException(th, getClass().getSimpleName() + " logon failed.");
        }
    }

    public void getCredentials(byte[] bArr) throws IOException, GeneralSecurityException {
        try {
            if (this.state != State.LOGGEDON) {
                logon();
            }
            this.socketOut.write(bArr);
            this.socketOut.flush();
            int read = this.socketIn.read();
            if (read == -1) {
                System.err.println("connection aborted");
                throw new IOException("Error: connection aborted");
            }
            if (read == 0 || read < 0) {
                System.err.print("bad number of certificates sent by server: ");
                System.err.println(Integer.toString(read));
                throw new GeneralSecurityException("Error: bad number of certificates sent by server");
            }
            this.certificateChain = CertificateFactory.getInstance("X.509").generateCertificates(this.socketIn);
            this.state = State.DONE;
        } catch (Throwable th) {
            handleException(th, getClass().getSimpleName() + " failure getting the credential.");
        }
    }

    public void getCredentials() throws IOException, GeneralSecurityException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlg);
        keyPairGenerator.initialize(getKeySize());
        this.keypair = keyPairGenerator.genKeyPair();
        getCredentials(CertUtil.createCertRequest(this.keypair, "SHA1withRSA", "CN=ignore", pkcs10Provider).getEncoded());
    }

    public void writeProxyFile() throws IOException, GeneralSecurityException {
        saveCredentialsToFile(getProxyLocation());
    }

    public void saveCredentials(OutputStream outputStream) throws IOException, GeneralSecurityException {
        CertUtil.toPEM(this.certificateChain, outputStream);
        outputStream.write(10);
        KeyUtil.toPKCS1PEM(this.keypair.getPrivate(), outputStream);
    }

    public X509Certificate getCertificate() {
        if (this.certificateChain == null) {
            return null;
        }
        return this.certificateChain.iterator().next();
    }

    public void saveCredentialsToFile(String str) throws IOException, GeneralSecurityException {
        File file = new File(str);
        file.delete();
        file.createNewFile();
        setFilePermissions(str, "0600");
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        saveCredentials(fileOutputStream);
        fileOutputStream.flush();
        fileOutputStream.close();
    }

    public boolean writeTrustRoots() throws IOException {
        return writeTrustRoots(getTrustRootPath());
    }

    public boolean writeTrustRoots(String str) throws IOException {
        if (this.trustrootFilenames == null || this.trustrootData == null) {
            return false;
        }
        File file = new File(str);
        if (!file.exists()) {
            file.mkdirs();
        }
        for (int i = 0; i < this.trustrootFilenames.length; i++) {
            FileOutputStream fileOutputStream = new FileOutputStream(str + File.separator + this.trustrootFilenames[i]);
            fileOutputStream.write(this.trustrootData[i].getBytes());
            fileOutputStream.close();
        }
        return true;
    }

    public X509Certificate[] getTrustedCAs() throws CertificateException {
        if (this.trustrootData == null) {
            return null;
        }
        return CertUtil.getX509CertsFromStringList(this.trustrootData, this.trustrootFilenames);
    }

    public X509CRL[] getCRLs() throws CertificateException {
        if (this.trustrootData == null) {
            return null;
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ArrayList arrayList = new ArrayList(this.trustrootData.length);
        for (int i = 0; i < this.trustrootData.length; i++) {
            String str = this.trustrootData[i];
            int indexOf = str.indexOf("-----BEGIN X509 CRL-----");
            if (indexOf >= 0) {
                try {
                    arrayList.add((X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(str.substring(indexOf).getBytes())));
                } catch (Exception e) {
                    getMlf().warn(this.trustrootFilenames[i] + " can not be parsed as an X509CRL.");
                }
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return (X509CRL[]) arrayList.toArray(new X509CRL[0]);
    }

    public static String getTrustRootPath() {
        String str = System.getenv("X509_CERT_DIR");
        if (str == null) {
            str = System.getProperty("X509_CERT_DIR");
        }
        if (str == null) {
            str = System.getProperty("user.home") + TRUSTED_CERT_PATH;
        }
        return str;
    }

    public static String getExistingTrustRootPath() {
        String str = System.getenv("GLOBUS_LOCATION");
        if (str == null) {
            str = System.getProperty("GLOBUS_LOCATION");
        }
        String str2 = System.getenv("X509_CERT_DIR");
        if (str2 == null) {
            str2 = System.getProperty("X509_CERT_DIR");
        }
        if (str2 == null) {
            str2 = getDir(System.getProperty("user.home") + TRUSTED_CERT_PATH);
        }
        if (str2 == null) {
            str2 = getDir("/etc/grid-security/certificates");
        }
        if (str2 == null) {
            str2 = getDir(str + File.separator + "share" + File.separator + "certificates");
        }
        return str2;
    }

    public static String getProxyLocation() throws IOException {
        String str = null;
        String str2 = System.getenv("X509_USER_PROXY");
        if (str2 == null) {
            str2 = System.getProperty("X509_USER_PROXY");
        }
        if (str2 != null) {
            return str2;
        }
        try {
            str = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec("id -u").getInputStream())).readLine();
        } catch (IOException e) {
        }
        if (str == null) {
            String property = System.getProperty("user.name");
            str = property != null ? property.toLowerCase() : "nousername";
        }
        return File.separator.equals(AbstractCLIApprover.ID_DELIMITER) ? "/tmp/x509up_u" + str : System.getProperty("java.io.tmpdir") + File.separator + X509_USER_PROXY_FILE + str;
    }

    public static void main(String[] strArr) {
        try {
            Logger logger = Logger.getLogger(MyProxyLogon.class.getName());
            logger.setUseParentHandlers(false);
            MyProxyLogon myProxyLogon = new MyProxyLogon(new MyLoggingFacade(logger));
            System.out.println("Warning: terminal will echo passphrase as you type.");
            System.out.print("MyProxy Passphrase: ");
            String readLine = myProxyLogon.readLine(System.in);
            if (readLine == null) {
                System.err.println("Error reading passphrase.");
                System.exit(1);
            }
            myProxyLogon.setPassphrase(readLine);
            myProxyLogon.requestTrustRoots(true);
            myProxyLogon.getCredentials();
            myProxyLogon.writeProxyFile();
            System.out.println("Credential written successfully.");
            X509Certificate[] trustedCAs = myProxyLogon.getTrustedCAs();
            if (trustedCAs != null) {
                System.out.println(Integer.toString(trustedCAs.length) + " CA certificates received.");
            }
            X509CRL[] cRLs = myProxyLogon.getCRLs();
            if (cRLs != null) {
                System.out.println(Integer.toString(cRLs.length) + " CRLs received.");
            }
            if (myProxyLogon.writeTrustRoots()) {
                System.out.println("Wrote trust roots to " + getTrustRootPath() + DefaultExpressionEngine.DEFAULT_PROPERTY_DELIMITER);
            } else {
                System.out.println("Received no trust roots from MyProxy server.");
            }
        } catch (Exception e) {
            e.printStackTrace(System.err);
        }
    }

    private void setFilePermissions(String str, String str2) {
        String str3 = "chmod " + str2 + " " + str;
        try {
            Runtime.getRuntime().exec(str3);
        } catch (IOException e) {
            getMlf().warn("Failed to run: " + str3);
        }
    }

    private String readLine(InputStream inputStream) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        int read = inputStream.read();
        while (true) {
            int i = read;
            if (i <= 0 || i == 10) {
                break;
            }
            stringBuffer.append((char) i);
            read = inputStream.read();
        }
        if (stringBuffer.length() > 0) {
            return new String(stringBuffer);
        }
        return null;
    }

    private static String getDir(String str) {
        if (str == null) {
            return null;
        }
        File file = new File(str);
        if (file.isDirectory() && file.canRead()) {
            return file.getAbsolutePath();
        }
        return null;
    }
}
