package org.apache.airavata.gfac.bes.utils;

import eu.emi.security.authn.x509.helpers.CertificateHelpers;
import eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import eu.emi.security.authn.x509.impl.KeyAndCertCredential;
import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Random;
import javax.security.auth.x500.X500Principal;
import org.apache.airavata.common.exception.ApplicationSettingsException;
import org.apache.airavata.common.utils.ServerSettings;
import org.apache.airavata.credential.store.store.CredentialReader;
import org.apache.airavata.gfac.GFacException;
import org.apache.airavata.gfac.RequestData;
import org.apache.airavata.gfac.bes.security.UNICORESecurityContext;
import org.apache.airavata.gfac.bes.security.X509SecurityContext;
import org.apache.airavata.gfac.core.context.JobExecutionContext;
import org.apache.airavata.gfac.core.utils.GFacUtils;
import org.apache.airavata.model.appcatalog.computeresource.JobSubmissionProtocol;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/airavata/gfac/bes/utils/SecurityUtils.class */
public class SecurityUtils {
    private static final Logger logger = LoggerFactory.getLogger(SecurityUtils.class);

    public static void addSecurityContext(JobExecutionContext jobExecutionContext) throws GFacException {
        if (!jobExecutionContext.getPreferredJobSubmissionProtocol().equals(JobSubmissionProtocol.UNICORE)) {
            logger.error("This is a wrong method to invoke for UNICORE host types,please check your gfac-config.xml");
            return;
        }
        String credentialStoreToken = jobExecutionContext.getCredentialStoreToken();
        try {
            RequestData requestData = new RequestData(ServerSettings.getDefaultUserGateway());
            requestData.setTokenId(credentialStoreToken);
            CredentialReader credentialReader = null;
            try {
                credentialReader = GFacUtils.getCredentialReader();
            } catch (Exception e) {
                logger.warn("Cannot get credential reader instance");
            }
            jobExecutionContext.addSecurityContext(X509SecurityContext.X509_SECURITY_CONTEXT, new UNICORESecurityContext(credentialReader, requestData));
        } catch (ApplicationSettingsException e2) {
            throw new GFacException(e2);
        }
    }

    public static final KeyAndCertCredential generateShortLivedCertificate(String str, String str2, String str3, String str4) throws Exception {
        long currentTimeMillis = System.currentTimeMillis() - 900000;
        long j = currentTimeMillis + 108000000;
        int parseInt = Integer.parseInt("1024");
        KeyAndCertCredential cACredential = getCACredential(str2, str3, str4);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(cACredential.getKey().getAlgorithm());
        keyPairGenerator.initialize(parseInt);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X500Principal x500Principal = new X500Principal(str);
        Random random = new Random();
        try {
            X509Certificate build = new X509v3CertificateBuilder(CertificateHelpers.toX500Name(cACredential.getCertificate().getSubjectX500Principal()), new BigInteger(20, random), new Date(currentTimeMillis), new Date(j), CertificateHelpers.toX500Name(x500Principal), SubjectPublicKeyInfo.getInstance(new ASN1InputStream(generateKeyPair.getPublic().getEncoded()).readObject())).build(cACredential.getKey(), X509v3CertificateBuilder.extractAlgorithmId(cACredential.getCertificate()), "SHA1withRSA", (String) null, (SecureRandom) null);
            build.checkValidity(new Date());
            build.verify(cACredential.getCertificate().getPublicKey());
            return new KeyAndCertCredential(generateKeyPair.getPrivate(), new X509Certificate[]{build, cACredential.getCertificate()});
        } catch (IOException e) {
            throw new InvalidKeyException("Can not parse the public keybeing included in the short lived certificate", e);
        }
    }

    public static KeyAndCertCredential getCACredential(String str, String str2, String str3) throws Exception {
        FileInputStream fileInputStream = new FileInputStream(str2);
        PrivateKey loadPrivateKey = CertificateUtils.loadPrivateKey(fileInputStream, CertificateUtils.Encoding.PEM, str3.toCharArray());
        FileInputStream fileInputStream2 = new FileInputStream(str);
        X509Certificate loadCertificate = CertificateUtils.loadCertificate(fileInputStream2, CertificateUtils.Encoding.PEM);
        if (fileInputStream != null) {
            fileInputStream.close();
        }
        if (fileInputStream2 != null) {
            fileInputStream2.close();
        }
        return new KeyAndCertCredential(loadPrivateKey, new X509Certificate[]{loadCertificate});
    }
}
