package org.apache.airavata.gfac.context.security;

import java.io.File;
import java.security.Security;
import org.apache.airavata.common.utils.ServerSettings;
import org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential;
import org.apache.airavata.credential.store.store.CredentialReader;
import org.apache.airavata.gfac.AbstractSecurityContext;
import org.apache.airavata.gfac.Constants;
import org.apache.airavata.gfac.GFacException;
import org.apache.airavata.gfac.RequestData;
import org.globus.gsi.X509Credential;
import org.globus.gsi.gssapi.GlobusGSSCredentialImpl;
import org.globus.gsi.provider.GlobusProvider;
import org.globus.myproxy.GetParams;
import org.globus.myproxy.MyProxy;
import org.globus.myproxy.MyProxyException;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/airavata/gfac/context/security/GSISecurityContext.class */
public class GSISecurityContext extends AbstractSecurityContext {
    public static final String GSI_SECURITY_CONTEXT = "gsi";
    private GSSCredential gssCredentials;
    protected static final Logger log = LoggerFactory.getLogger(GSISecurityContext.class);
    public static int CREDENTIAL_RENEWING_THRESH_HOLD = 900;

    public static void setUpTrustedCertificatePath(String str) {
        File file = new File(str);
        if (file.exists() && file.canRead()) {
            System.setProperty(Constants.TRUSTED_CERTIFICATE_SYSTEM_PROPERTY, file.getAbsolutePath());
        } else {
            log.info("Current directory " + new File(".").getAbsolutePath());
            throw new RuntimeException("Cannot read trusted certificate path " + str);
        }
    }

    private static void setUpTrustedCertificatePath() {
        setUpTrustedCertificatePath(ServerSettings.getProperties().getProperty(Constants.TRUSTED_CERT_LOCATION));
    }

    public static String getTrustedCertificatePath() {
        return System.getProperty(Constants.TRUSTED_CERTIFICATE_SYSTEM_PROPERTY);
    }

    public GSISecurityContext(CredentialReader credentialReader, RequestData requestData) {
        super(credentialReader, requestData);
        this.gssCredentials = null;
    }

    public GSSCredential getGssCredentials() throws GFacException {
        if (this.gssCredentials == null) {
            try {
                this.gssCredentials = getCredentialsFromStore();
            } catch (Exception e) {
                log.error("An exception occurred while retrieving credentials from the credential store. Will continue with my proxy user name and password.", e);
            }
            if (this.gssCredentials == null) {
                this.gssCredentials = getDefaultCredentials();
            }
            if (this.gssCredentials == null) {
                throw new GFacException("Unable to retrieve my proxy credentials to continue operation.");
            }
        } else {
            try {
                if (this.gssCredentials.getRemainingLifetime() < CREDENTIAL_RENEWING_THRESH_HOLD) {
                    return renewCredentials();
                }
            } catch (GSSException e2) {
                throw new GFacException("Unable to retrieve remaining life time from credentials.", e2);
            }
        }
        return this.gssCredentials;
    }

    public GSSCredential renewCredentials() throws GFacException {
        try {
            this.gssCredentials = renewCredentialsAsATrustedHost();
        } catch (Exception e) {
            log.warn("Renewing credentials as a trusted renewer failed", e);
            this.gssCredentials = getProxyCredentials();
        }
        return this.gssCredentials;
    }

    public GSSCredential getCredentialsFromStore() throws Exception {
        if (getCredentialReader() == null) {
            return null;
        }
        CertificateCredential credential = getCredentialReader().getCredential(getRequestData().getGatewayId(), getRequestData().getTokenId());
        if (credential == null) {
            log.info("Could not find credentials for token - " + getRequestData().getTokenId() + " and gateway id - " + getRequestData().getGatewayId());
            return null;
        }
        if (!(credential instanceof CertificateCredential)) {
            log.info("Credential type is not CertificateCredential. Cannot create mapping globus credentials. Credential type - " + credential.getClass().getName());
            return null;
        }
        log.info("Successfully found credentials for token id - " + getRequestData().getTokenId() + " gateway id - " + getRequestData().getGatewayId());
        CertificateCredential certificateCredential = credential;
        GlobusGSSCredentialImpl globusGSSCredentialImpl = new GlobusGSSCredentialImpl(new X509Credential(certificateCredential.getPrivateKey(), certificateCredential.getCertificates()), 0);
        System.out.print(globusGSSCredentialImpl.export(0));
        return globusGSSCredentialImpl;
    }

    public GSSCredential getDefaultCredentials() throws GFacException {
        try {
            return new MyProxy(getRequestData().getMyProxyServerUrl(), getRequestData().getMyProxyPort()).get(getRequestData().getMyProxyUserName(), getRequestData().getMyProxyPassword(), getRequestData().getMyProxyLifeTime());
        } catch (MyProxyException e) {
            throw new GFacException("An error occurred while retrieving default security credentials.", e);
        }
    }

    public GSSCredential getProxyCredentials() throws GFacException {
        try {
            return new MyProxy(getRequestData().getMyProxyServerUrl(), getRequestData().getMyProxyPort()).get(this.gssCredentials, getRequestData().getMyProxyUserName(), getRequestData().getMyProxyPassword(), getRequestData().getMyProxyLifeTime());
        } catch (MyProxyException e) {
            throw new GFacException("An error occurred while renewing security credentials using user/password.", e);
        }
    }

    public GSSCredential renewCredentialsAsATrustedHost() throws GFacException {
        MyProxy myProxy = new MyProxy(getRequestData().getMyProxyServerUrl(), getRequestData().getMyProxyPort());
        GetParams getParams = new GetParams();
        getParams.setAuthzCreds(this.gssCredentials);
        getParams.setUserName(getRequestData().getMyProxyUserName());
        getParams.setLifetime(getRequestData().getMyProxyLifeTime());
        try {
            return myProxy.get(this.gssCredentials, getParams);
        } catch (MyProxyException e) {
            throw new GFacException("An error occurred while renewing security credentials.", e);
        }
    }

    static {
        Security.addProvider(new GlobusProvider());
        setUpTrustedCertificatePath();
    }
}
