package eu.emi.security.authn.x509.helpers.trust;

import eu.emi.security.authn.x509.StoreUpdateListener;
import eu.emi.security.authn.x509.helpers.ObserversHandler;
import eu.emi.security.authn.x509.helpers.ns.EuGridPmaNamespacesParser;
import eu.emi.security.authn.x509.helpers.ns.EuGridPmaNamespacesStore;
import eu.emi.security.authn.x509.helpers.ns.GlobusNamespacesParser;
import eu.emi.security.authn.x509.helpers.ns.GlobusNamespacesStore;
import eu.emi.security.authn.x509.helpers.ns.NamespacePolicy;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Timer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.crypto.digests.MD5Digest;

/* loaded from: input_file:eu/emi/security/authn/x509/helpers/trust/OpensslTrustAnchorStore.class */
public class OpensslTrustAnchorStore extends DirectoryTrustAnchorStore {
    public static final String CERT_WILDCARD = "????????.*";
    public static final String CERT_REGEXP = "^([0-9a-fA-F]{8})\\.[\\d]+$";
    private boolean loadEuGridPmaNs;
    private boolean loadGlobusNs;
    private EuGridPmaNamespacesStore pmaNsStore;
    private GlobusNamespacesStore globusNsStore;

    public OpensslTrustAnchorStore(String str, Timer timer, long j, boolean z, boolean z2, ObserversHandler observersHandler) {
        super(Collections.singletonList(str + File.separator + CERT_WILDCARD), null, 0, timer, j, CertificateUtils.Encoding.PEM, observersHandler, true);
        this.pmaNsStore = new EuGridPmaNamespacesStore();
        this.globusNsStore = new GlobusNamespacesStore();
        this.loadEuGridPmaNs = z2;
        this.loadGlobusNs = z;
        update();
        scheduleUpdate();
    }

    @Override // eu.emi.security.authn.x509.helpers.trust.DirectoryTrustAnchorStore
    protected void reloadCerts(Collection<URL> collection) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        HashSet hashSet = new HashSet();
        HashMap hashMap = new HashMap();
        for (URL url : collection) {
            tryLoadCert(url, hashSet, hashMap);
            if (this.loadEuGridPmaNs) {
                tryLoadEuGridPmaNs(url, arrayList2);
            }
            if (this.loadGlobusNs) {
                tryLoadGlobusNs(url, arrayList);
            }
        }
        synchronized (this) {
            this.anchors.addAll(hashSet);
            this.locations2anchors.putAll(hashMap);
            this.pmaNsStore.setPolicies(arrayList2);
            this.globusNsStore.setPolicies(arrayList);
        }
    }

    protected void tryLoadCert(URL url, Set<TrustAnchorExt> set, Map<URL, TrustAnchorExt> map) {
        String fileHash = getFileHash(url, CERT_REGEXP);
        if (fileHash == null) {
            return;
        }
        try {
            X509Certificate loadCert = loadCert(url);
            String openSSLCAHash = getOpenSSLCAHash(loadCert.getSubjectX500Principal());
            if (!fileHash.equalsIgnoreCase(openSSLCAHash)) {
                this.observers.notifyObservers(url.toExternalForm(), StoreUpdateListener.CA_CERT, StoreUpdateListener.Severity.WARNING, new Exception("The certificate won't be used as its name has incorrect subject's hash value. Should be " + openSSLCAHash + " but is " + fileHash));
                return;
            }
            TrustAnchorExt trustAnchorExt = new TrustAnchorExt(loadCert, null);
            set.add(trustAnchorExt);
            map.put(url, trustAnchorExt);
        } catch (Exception e) {
            this.observers.notifyObservers(url.toExternalForm(), StoreUpdateListener.CA_CERT, StoreUpdateListener.Severity.ERROR, e);
        }
    }

    public EuGridPmaNamespacesStore getPmaNsStore() {
        return this.pmaNsStore;
    }

    public GlobusNamespacesStore getGlobusNsStore() {
        return this.globusNsStore;
    }

    protected void tryLoadGlobusNs(URL url, List<NamespacePolicy> list) {
        String nsFile = getNsFile(url, ".signing_policy");
        if (nsFile == null) {
            return;
        }
        try {
            list.addAll(new GlobusNamespacesParser(nsFile).parse());
            this.observers.notifyObservers(nsFile, StoreUpdateListener.EACL_NAMESPACE, StoreUpdateListener.Severity.NOTIFICATION, null);
        } catch (FileNotFoundException e) {
        } catch (IOException e2) {
            this.observers.notifyObservers(nsFile, StoreUpdateListener.EACL_NAMESPACE, StoreUpdateListener.Severity.ERROR, e2);
        }
    }

    protected void tryLoadEuGridPmaNs(URL url, List<NamespacePolicy> list) {
        String nsFile = getNsFile(url, ".namespaces");
        if (nsFile == null) {
            return;
        }
        try {
            list.addAll(new EuGridPmaNamespacesParser(nsFile).parse());
            this.observers.notifyObservers(nsFile, StoreUpdateListener.EUGRIDPMA_NAMESPACE, StoreUpdateListener.Severity.NOTIFICATION, null);
        } catch (FileNotFoundException e) {
        } catch (IOException e2) {
            this.observers.notifyObservers(nsFile, StoreUpdateListener.EUGRIDPMA_NAMESPACE, StoreUpdateListener.Severity.ERROR, e2);
        }
    }

    private String getNsFile(URL url, String str) {
        String fileHash = getFileHash(url, CERT_REGEXP);
        if (fileHash == null) {
            return null;
        }
        String parent = new File(url.getPath()).getParent();
        if (parent == null) {
            parent = ".";
        }
        return parent + File.separator + fileHash + str;
    }

    public static String getFileHash(URL url, String str) {
        return getFileHash(url.getPath(), str);
    }

    public static String getFileHash(String str, String str2) {
        Matcher matcher = Pattern.compile(str2).matcher(new File(str).getName());
        if (matcher.matches()) {
            return matcher.group(1);
        }
        return null;
    }

    public static String getOpenSSLCAHash(X500Principal x500Principal) {
        byte[] encoded = x500Principal.getEncoded();
        MD5Digest mD5Digest = new MD5Digest();
        mD5Digest.update(encoded, 0, encoded.length);
        byte[] bArr = new byte[16];
        mD5Digest.doFinal(bArr, 0);
        return String.format("%02x%02x%02x%02x", Integer.valueOf(bArr[3] & 255), Integer.valueOf(bArr[2] & 255), Integer.valueOf(bArr[1] & 255), Integer.valueOf(bArr[0] & 255));
    }
}
