package org.italiangrid.voms.store.impl;

import eu.emi.security.authn.x509.helpers.trust.OpensslTruststoreHelper;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.FilenameFilter;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.italiangrid.voms.VOMSError;
import org.italiangrid.voms.store.LSCInfo;
import org.italiangrid.voms.store.VOMSTrustStore;
import org.italiangrid.voms.store.VOMSTrustStoreStatusListener;
import org.italiangrid.voms.util.NullListener;

/* loaded from: input_file:org/italiangrid/voms/store/impl/DefaultVOMSTrustStore.class */
public class DefaultVOMSTrustStore implements VOMSTrustStore {
    public static final String DEFAULT_VOMS_DIR = "/etc/grid-security/vomsdir";
    public static final String CERTIFICATE_FILENAME_SUFFIX = ".pem";
    public static final String LSC_FILENAME_SUFFIX = ".lsc";
    private List<String> localTrustedDirs;
    private Map<String, X509Certificate> localAACertificatesByHash;
    private Map<String, Set<LSCInfo>> localLSCInfo;
    private VOMSTrustStoreStatusListener listener;

    /* JADX INFO: Access modifiers changed from: protected */
    public static List<String> buildDefaultTrustedDirs() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(DEFAULT_VOMS_DIR);
        return arrayList;
    }

    public DefaultVOMSTrustStore(List<String> list, VOMSTrustStoreStatusListener vOMSTrustStoreStatusListener) {
        this.localAACertificatesByHash = new HashMap();
        this.localLSCInfo = new HashMap();
        if (list == null) {
            throw new IllegalArgumentException("Please provide a non-null list of local trust directories!");
        }
        this.localTrustedDirs = list;
        this.listener = vOMSTrustStoreStatusListener;
        loadTrustInformation();
    }

    public DefaultVOMSTrustStore(VOMSTrustStoreStatusListener vOMSTrustStoreStatusListener) {
        this(buildDefaultTrustedDirs(), vOMSTrustStoreStatusListener);
    }

    public DefaultVOMSTrustStore(List<String> list) {
        this(list, NullListener.INSTANCE);
    }

    public DefaultVOMSTrustStore() {
        this(buildDefaultTrustedDirs());
    }

    @Override // org.italiangrid.voms.store.VOMSTrustStore
    public synchronized List<String> getLocalTrustedDirectories() {
        return this.localTrustedDirs;
    }

    @Override // org.italiangrid.voms.store.VOMSTrustStore
    public synchronized List<X509Certificate> getLocalAACertificates() {
        return Collections.unmodifiableList(new ArrayList(this.localAACertificatesByHash.values()));
    }

    @Override // org.italiangrid.voms.store.VOMSTrustStore
    public synchronized LSCInfo getLSC(String str, String str2) {
        Set<LSCInfo> set = this.localLSCInfo.get(str);
        if (set == null) {
            return null;
        }
        for (LSCInfo lSCInfo : set) {
            if (lSCInfo.getHostname().equals(str2)) {
                return lSCInfo;
            }
        }
        return null;
    }

    private void loadCertificatesFromDirectory(File file) {
        directorySanityChecks(file);
        this.listener.notifyCertficateLookupEvent(file.getAbsolutePath());
        for (File file2 : file.listFiles(new FilenameFilter() { // from class: org.italiangrid.voms.store.impl.DefaultVOMSTrustStore.1
            @Override // java.io.FilenameFilter
            public boolean accept(File file3, String str) {
                return str.endsWith(DefaultVOMSTrustStore.CERTIFICATE_FILENAME_SUFFIX);
            }
        })) {
            loadCertificateFromFile(file2);
        }
    }

    private void loadCertificateFromFile(File file) {
        certificateFileSanityChecks(file);
        try {
            X509Certificate loadCertificate = CertificateUtils.loadCertificate(new FileInputStream(file), CertificateUtils.Encoding.PEM);
            this.localAACertificatesByHash.put(getOpensslCAHash(loadCertificate.getSubjectX500Principal()), loadCertificate);
            this.listener.notifyCertificateLoadEvent(loadCertificate, file);
        } catch (IOException e) {
            throw new VOMSError(String.format("Error parsing VOMS trusted certificate from %s. Reason: %s", file.getAbsolutePath(), e.getMessage()), e);
        }
    }

    private void loadLSCFromDirectory(File file) {
        directorySanityChecks(file);
        this.listener.notifyLSCLookupEvent(file.getAbsolutePath());
        File[] listFiles = file.listFiles(new FilenameFilter() { // from class: org.italiangrid.voms.store.impl.DefaultVOMSTrustStore.2
            @Override // java.io.FilenameFilter
            public boolean accept(File file2, String str) {
                return str.endsWith(DefaultVOMSTrustStore.LSC_FILENAME_SUFFIX);
            }
        });
        if (listFiles.length == 0) {
            return;
        }
        DefaultLSCFileParser defaultLSCFileParser = new DefaultLSCFileParser();
        String name = file.getName();
        for (File file2 : listFiles) {
            String name2 = file2.getName();
            LSCFile parse = defaultLSCFileParser.parse(name, name2.substring(0, name2.indexOf(LSC_FILENAME_SUFFIX)), file2);
            Set<LSCInfo> set = this.localLSCInfo.get(name);
            if (set == null) {
                set = new HashSet();
                this.localLSCInfo.put(name, set);
            }
            set.add(parse);
            this.listener.notifyLSCLoadEvent(parse, file2);
        }
    }

    private void certificateFileSanityChecks(File file) {
        if (!file.exists()) {
            throw new VOMSError("Local VOMS trusted certificate does not exist:" + file.getAbsolutePath());
        }
        if (!file.canRead()) {
            throw new VOMSError("Local VOMS trusted certificate is not readable:" + file.getAbsolutePath());
        }
    }

    private void directorySanityChecks(File file) {
        if (!file.exists()) {
            throw new VOMSError("Local trust directory does not exists:" + file.getAbsolutePath());
        }
        if (!file.isDirectory()) {
            throw new VOMSError("Local trust directory is not a directory:" + file.getAbsolutePath());
        }
        if (!file.canRead()) {
            throw new VOMSError("Local trust directory is not readable:" + file.getAbsolutePath());
        }
        if (!file.canExecute()) {
            throw new VOMSError("Local trust directory is not traversable:" + file.getAbsolutePath());
        }
    }

    private void checkStoreIsNotEmpty() {
        if (this.localAACertificatesByHash.values().isEmpty() && this.localLSCInfo.values().isEmpty()) {
            throw new VOMSError("No VOMS trust information loaded from the given trust dirs: " + this.localTrustedDirs);
        }
    }

    private void cleanupStores() {
        this.localAACertificatesByHash.clear();
        this.localLSCInfo.clear();
    }

    @Override // org.italiangrid.voms.store.VOMSTrustStore
    public synchronized void loadTrustInformation() {
        if (this.localTrustedDirs.isEmpty()) {
            throw new VOMSError("No local trust directory was specified for this trust store. Please provide at least one path where LSC and VOMS service certificates will be searched for.");
        }
        cleanupStores();
        Iterator<String> it = this.localTrustedDirs.iterator();
        while (it.hasNext()) {
            File file = new File(it.next());
            loadCertificatesFromDirectory(file);
            for (File file2 : file.listFiles(new FileFilter() { // from class: org.italiangrid.voms.store.impl.DefaultVOMSTrustStore.3
                @Override // java.io.FileFilter
                public boolean accept(File file3) {
                    return file3.isDirectory();
                }
            })) {
                loadLSCFromDirectory(file2);
                loadCertificatesFromDirectory(file2);
            }
        }
        checkStoreIsNotEmpty();
    }

    private String getOpensslCAHash(X500Principal x500Principal) {
        return OpensslTruststoreHelper.getOpenSSLCAHash(x500Principal, false);
    }

    @Override // org.italiangrid.voms.store.VOMSTrustStore
    public synchronized X509Certificate getAACertificateBySubject(X500Principal x500Principal) {
        return this.localAACertificatesByHash.get(getOpensslCAHash(x500Principal));
    }

    @Override // org.italiangrid.voms.store.VOMSTrustStore
    public synchronized Map<String, Set<LSCInfo>> getAllLSCInfo() {
        return Collections.unmodifiableMap(this.localLSCInfo);
    }

    @Override // org.italiangrid.voms.store.VOMSTrustStore
    public synchronized void setStatusListener(VOMSTrustStoreStatusListener vOMSTrustStoreStatusListener) {
        this.listener = vOMSTrustStoreStatusListener;
    }
}
