package org.apache.airavata.gfac.bes.security;

import de.fzj.unicore.uas.security.ProxyCertOutHandler;
import eu.emi.security.authn.x509.impl.X500NameUtils;
import eu.unicore.util.httpclient.DefaultClientConfiguration;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Properties;
import org.apache.airavata.common.exception.ApplicationSettingsException;
import org.apache.airavata.common.utils.ServerSettings;
import org.apache.airavata.credential.store.store.CredentialReader;
import org.apache.airavata.gfac.GFacException;
import org.apache.airavata.gfac.RequestData;
import org.apache.airavata.gfac.bes.utils.BESConstants;
import org.apache.airavata.gfac.bes.utils.SecurityUtils;
import org.apache.airavata.gfac.core.provider.GFacProviderException;
import org.apache.airavata.model.workspace.experiment.UserConfigurationData;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/airavata/gfac/bes/security/UNICORESecurityContext.class */
public class UNICORESecurityContext extends X509SecurityContext {
    private static final long serialVersionUID = 1;
    protected static final Logger log = LoggerFactory.getLogger(UNICORESecurityContext.class);
    private DefaultClientConfiguration secProperties;

    public UNICORESecurityContext(CredentialReader credentialReader, RequestData requestData) {
        super(credentialReader, requestData);
    }

    public DefaultClientConfiguration getDefaultConfiguration(Boolean bool) throws GFacException, ApplicationSettingsException {
        try {
            this.secProperties = new DefaultClientConfiguration(dcValidator, getX509Credentials());
            setExtraSettings();
            if (bool.booleanValue()) {
                this.secProperties.setMessageLogging(true);
            }
            return this.secProperties;
        } catch (Exception e) {
            throw new GFacException(e.getMessage(), e);
        }
    }

    public DefaultClientConfiguration getDefaultConfiguration(Boolean bool, UserConfigurationData userConfigurationData) throws GFacException, ApplicationSettingsException {
        try {
            if (!userConfigurationData.isGenerateCert()) {
                return getDefaultConfiguration(bool);
            }
            String userDN = userConfigurationData.getUserDN();
            if (userDN == null || "".equals(userDN)) {
                log.warn("Cannot generate cert, falling back to GFAC configured MyProxy credentials");
                return getDefaultConfiguration(bool);
            }
            log.info("Generating X.509 certificate for: " + userDN);
            try {
                String setting = ServerSettings.getSetting(BESConstants.PROP_CA_CERT_PATH, "");
                String setting2 = ServerSettings.getSetting(BESConstants.PROP_CA_KEY_PATH, "");
                String setting3 = ServerSettings.getSetting(BESConstants.PROP_CA_KEY_PASS, "");
                if (setting.equals("") || setting2.equals("")) {
                    throw new Exception("CA certificate or key file path missing in the properties file. Please make sure bes.ca.cert.path or bes.ca.key.path are not empty.");
                }
                if ("".equals(setting3)) {
                    log.warn("Caution: CA key has no password. For security reasons it is highly recommended to set a CA key password");
                }
                this.secProperties = new DefaultClientConfiguration(dcValidator, generateShortLivedCredential(userDN, setting, setting2, setting3));
                setExtraSettings();
                this.secProperties.getETDSettings().setExtendTrustDelegation(true);
                if (bool.booleanValue()) {
                    this.secProperties.setMessageLogging(true);
                }
                this.secProperties.getETDSettings().setIssuerCertificateChain(this.secProperties.getCredential().getCertificateChain());
                return this.secProperties;
            } catch (Exception e) {
                throw new GFacProviderException("Error occured while generating a short lived credential for user:" + userDN, e);
            }
        } catch (Exception e2) {
            throw new GFacException(e2.getMessage(), e2);
        }
    }

    public DefaultClientConfiguration getServerSignedConfiguration(String str, String str2, String str3, String str4, String str5) throws GFacException {
        try {
            this.secProperties = new DefaultClientConfiguration(dcValidator, SecurityUtils.generateShortLivedCertificate(str2, str3, str4, str5));
            setExtraSettings();
            return this.secProperties;
        } catch (Exception e) {
            throw new GFacException(e.getMessage(), e);
        }
    }

    private void setExtraSettings() {
        this.secProperties.getETDSettings().setExtendTrustDelegation(true);
        this.secProperties.setDoSignMessage(true);
        String[] outHandlerClassNames = this.secProperties.getOutHandlerClassNames();
        Properties extraSettings = this.secProperties.getExtraSettings();
        if (extraSettings == null) {
            extraSettings = new Properties();
        }
        extraSettings.setProperty("http.connection.timeout", "5000");
        extraSettings.setProperty("http.socket.timeout", "5000");
        HashSet hashSet = outHandlerClassNames == null ? new HashSet() : new HashSet(Arrays.asList(outHandlerClassNames));
        hashSet.add(ProxyCertOutHandler.class.getName());
        this.secProperties.setOutHandlerClassNames((String[]) hashSet.toArray(new String[hashSet.size()]));
        this.secProperties.getETDSettings().setExtendTrustDelegation(true);
    }

    private String getCNFromUserDN(String str) {
        return X500NameUtils.getAttributeValues(str, BCStyle.CN)[0];
    }
}
