package org.apache.airavata.gfac.bes.utils;

import eu.emi.security.authn.x509.CommonX509TrustManager;
import eu.emi.security.authn.x509.X509CertChainValidator;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.net.ProtocolException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.security.auth.login.FailedLoginException;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:org/apache/airavata/gfac/bes/utils/MyProxyLogon.class */
public class MyProxyLogon {
    public static final String version = "1.1";
    public static final String VERSION = "VERSION=MYPROXYv2";
    private static final String GETCOMMAND = "COMMAND=0";
    private static final String TRUSTROOTS = "TRUSTED_CERTS=";
    private static final String USERNAME = "USERNAME=";
    private static final String PASSPHRASE = "PASSPHRASE=";
    private static final String LIFETIME = "LIFETIME=";
    private static final String CREDNAME = "CRED_NAME=";
    public static final String RESPONSE = "RESPONSE=";
    private static final String ERROR = "ERROR=";
    private static final String DN = "CN=ignore";
    private static final String keyAlg = "RSA";
    private String host;
    private String username;
    private String credname;
    private char[] passphrase;
    private int port;
    private SSLSocket socket;
    private BufferedInputStream socketIn;
    private BufferedOutputStream socketOut;
    private KeyPair keypair;
    private Collection<X509Certificate> certificateChain;
    private String[] trustrootFilenames;
    private String[] trustrootData;
    private KeyManagerFactory keyManagerFactory;
    private TrustManager trustManager;
    static PrivateKey testingPrivateKey;
    public final int DEFAULT_KEY_SIZE = 2048;
    private int keySize = 2048;
    private State state = State.READY;
    private int lifetime = 43200;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/airavata/gfac/bes/utils/MyProxyLogon$State.class */
    public enum State {
        READY,
        CONNECTED,
        LOGGEDON,
        DONE
    }

    public MyProxyLogon() {
        this.host = "localhost";
        this.port = 7512;
        this.host = System.getenv("MYPROXY_SERVER");
        if (this.host == null) {
            this.host = "myproxy.teragrid.org";
        }
        String str = System.getenv("MYPROXY_SERVER_PORT");
        if (str != null) {
            this.port = Integer.parseInt(str);
        }
        this.username = System.getProperty("user.name");
    }

    public void setValidator(X509CertChainValidator x509CertChainValidator) {
        setTrustManager(new CommonX509TrustManager(x509CertChainValidator));
    }

    public void setHost(String str) {
        this.host = str;
    }

    public void setPort(int i) {
        this.port = i;
    }

    public void setKeySize(int i) {
        this.keySize = i;
    }

    public String getUsername() {
        return this.username;
    }

    public void setUsername(String str) {
        this.username = str;
    }

    public void setCredentialName(String str) {
        this.credname = str;
    }

    public void setPassphrase(char[] cArr) {
        this.passphrase = cArr;
    }

    public void setLifetime(int i) {
        this.lifetime = i;
    }

    public Collection<X509Certificate> getCertificates() {
        return this.certificateChain;
    }

    public PrivateKey getPrivateKey() {
        return testingPrivateKey != null ? testingPrivateKey : this.keypair.getPrivate();
    }

    public void connect() throws IOException, GeneralSecurityException {
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        if (this.trustManager == null) {
            throw new IllegalStateException("No trust manager has been set!");
        }
        sSLContext.init(getKeyManagers(), new TrustManager[]{this.trustManager}, new SecureRandom());
        this.socket = (SSLSocket) sSLContext.getSocketFactory().createSocket(this.host, this.port);
        this.socket.startHandshake();
        this.socketIn = new BufferedInputStream(this.socket.getInputStream());
        this.socketOut = new BufferedOutputStream(this.socket.getOutputStream());
        this.state = State.CONNECTED;
    }

    public void setKeyManagerFactory(KeyManagerFactory keyManagerFactory) {
        this.keyManagerFactory = keyManagerFactory;
    }

    public void setTrustManager(TrustManager trustManager) {
        this.trustManager = trustManager;
    }

    public void disconnect() throws IOException {
        this.socket.close();
        this.socket = null;
        this.socketIn = null;
        this.socketOut = null;
        this.state = State.READY;
    }

    public void logon() throws IOException, GeneralSecurityException {
        if (this.state != State.CONNECTED) {
            connect();
        }
        this.socketOut.write(48);
        this.socketOut.flush();
        this.socketOut.write(VERSION.getBytes());
        this.socketOut.write(10);
        this.socketOut.write(GETCOMMAND.getBytes());
        this.socketOut.write(10);
        this.socketOut.write(USERNAME.getBytes());
        this.socketOut.write(this.username.getBytes());
        this.socketOut.write(10);
        this.socketOut.write(PASSPHRASE.getBytes());
        this.socketOut.write(new String(this.passphrase).getBytes());
        this.socketOut.write(10);
        this.socketOut.write(LIFETIME.getBytes());
        this.socketOut.write(Integer.toString(this.lifetime).getBytes());
        this.socketOut.write(10);
        if (this.credname != null) {
            this.socketOut.write(CREDNAME.getBytes());
            this.socketOut.write(this.credname.getBytes());
            this.socketOut.write(10);
        }
        this.socketOut.flush();
        String readLine = readLine(this.socketIn);
        if (readLine == null) {
            throw new EOFException();
        }
        if (!readLine.equals(VERSION)) {
            throw new ProtocolException("bad MyProxy protocol VERSION string: " + readLine);
        }
        String readLine2 = readLine(this.socketIn);
        if (readLine2 == null) {
            throw new EOFException();
        }
        if (!readLine2.startsWith(RESPONSE) || readLine2.length() != RESPONSE.length() + 1) {
            throw new ProtocolException("bad MyProxy protocol RESPONSE string: " + readLine2);
        }
        char charAt = readLine2.charAt(RESPONSE.length());
        if (charAt == '1') {
            StringBuffer stringBuffer = new StringBuffer("MyProxy logon failed");
            while (true) {
                String readLine3 = readLine(this.socketIn);
                if (readLine3 == null) {
                    break;
                } else if (readLine3.startsWith(ERROR)) {
                    stringBuffer.append('\n');
                    stringBuffer.append(readLine3.substring(ERROR.length()));
                }
            }
            throw new FailedLoginException(stringBuffer.toString());
        }
        if (charAt == '2') {
            throw new ProtocolException("MyProxy authorization RESPONSE not implemented");
        }
        if (charAt != '0') {
            throw new ProtocolException("unknown MyProxy protocol RESPONSE string: " + readLine2);
        }
        while (true) {
            String readLine4 = readLine(this.socketIn);
            if (readLine4 == null) {
                this.state = State.LOGGEDON;
                return;
            }
            if (readLine4.startsWith(TRUSTROOTS)) {
                this.trustrootFilenames = readLine4.substring(TRUSTROOTS.length()).split(",");
                this.trustrootData = new String[this.trustrootFilenames.length];
                for (int i = 0; i < this.trustrootFilenames.length; i++) {
                    String str = "FILEDATA_" + this.trustrootFilenames[i] + "=";
                    String readLine5 = readLine(this.socketIn);
                    if (readLine5 == null) {
                        throw new EOFException();
                    }
                    if (!readLine5.startsWith(str)) {
                        throw new ProtocolException("bad MyProxy protocol RESPONSE: expecting " + str + " but received " + readLine5);
                    }
                    this.trustrootData[i] = new String(Base64.decode(readLine5.substring(str.length())));
                }
            }
        }
    }

    public void getCredentials() throws IOException, GeneralSecurityException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlg);
        keyPairGenerator.initialize(this.keySize);
        this.keypair = keyPairGenerator.genKeyPair();
        Security.addProvider(new BouncyCastleProvider());
        try {
            getCredentials(generateCertificationRequest(DN, this.keypair).getEncoded());
        } catch (Exception e) {
            throw new GeneralSecurityException(e);
        }
    }

    public X509Certificate getCertificate() {
        if (this.certificateChain == null) {
            return null;
        }
        return this.certificateChain.iterator().next();
    }

    private KeyManager[] getKeyManagers() {
        if (this.keyManagerFactory != null) {
            return this.keyManagerFactory.getKeyManagers();
        }
        return null;
    }

    private void getCredentials(byte[] bArr) throws IOException, GeneralSecurityException {
        if (this.state != State.LOGGEDON) {
            logon();
        }
        this.socketOut.write(bArr);
        this.socketOut.flush();
        int read = this.socketIn.read();
        if (read == -1) {
            throw new IOException("Error: connection aborted");
        }
        if (read == 0 || read < 0) {
            throw new GeneralSecurityException("Error: bad number of certificates sent by server");
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        this.certificateChain = new ArrayList();
        for (int i = 0; i < read; i++) {
            this.certificateChain.add((X509Certificate) certificateFactory.generateCertificate(this.socketIn));
        }
        this.state = State.DONE;
    }

    private String readLine(InputStream inputStream) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        int read = inputStream.read();
        while (true) {
            int i = read;
            if (i <= 0 || i == 10) {
                break;
            }
            stringBuffer.append((char) i);
            read = inputStream.read();
        }
        if (stringBuffer.length() > 0) {
            return new String(stringBuffer);
        }
        return null;
    }

    private PKCS10CertificationRequest generateCertificationRequest(String str, KeyPair keyPair) throws Exception {
        return new PKCS10CertificationRequestBuilder(new X500Name(str), SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(PublicKeyFactory.createKey(keyPair.getPublic().getEncoded()))).build(new BcRSAContentSignerBuilder(new AlgorithmIdentifier(OIWObjectIdentifiers.sha1WithRSA), AlgorithmIdentifier.getInstance(OIWObjectIdentifiers.idSHA1)).build(PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded())));
    }
}
