package fnal.vox.security;

import fnal.vox.log.Log;
import java.io.BufferedReader;
import java.io.File;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.RandomAccessFile;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.StringTokenizer;
import org.globus.gsi.CertificateRevocationLists;
import org.globus.gsi.TrustedCertificates;
import org.globus.gsi.proxy.ProxyPathValidator;

/* loaded from: input_file:fnal/vox/security/ANAMUtil.class */
public class ANAMUtil {
    private CA[] cA;
    private TrustedCertificates trustedCerts;
    private CertificateRevocationLists crls;

    private void loadTrustedCertificates(String str) {
        this.trustedCerts = TrustedCertificates.load(str);
    }

    private void loadCrls(String str) {
        this.crls = CertificateRevocationLists.getCertificateRevocationLists(str);
        System.out.println(new StringBuffer().append("Total number of crls ").append(this.crls.getCrls().length).toString());
        for (X509CRL x509crl : this.crls.getCrls()) {
            System.out.println(new StringBuffer().append("Issuer is ").append(x509crl.getIssuerDN().getName()).toString());
        }
    }

    public void verifyChain(X509Certificate[] x509CertificateArr) throws Exception {
        new ProxyPathValidator().validate(x509CertificateArr, this.trustedCerts.getCertificates());
    }

    public boolean isRevoked(X509Certificate x509Certificate) {
        String name = x509Certificate.getIssuerDN().getName();
        x509Certificate.getSubjectDN().getName();
        for (int i = 0; i < this.cA.length; i++) {
            if (this.cA[i].x509Crl != null && matchDN(name, this.cA[i].x509Crl.getIssuerDN().getName())) {
                return this.cA[i].x509Crl.isRevoked(x509Certificate);
            }
        }
        return true;
    }

    public boolean isNotSigned(X509Certificate x509Certificate) {
        System.out.println("checking signning policy");
        String name = x509Certificate.getIssuerDN().getName();
        String name2 = x509Certificate.getSubjectDN().getName();
        for (int i = 0; i < this.cA.length; i++) {
            if (this.cA[i].x509Crl != null && matchDN(name, this.cA[i].x509Crl.getIssuerDN().getName())) {
                String[] strArr = this.cA[i].policy;
                for (int i2 = 0; i2 < strArr.length; i2++) {
                    System.out.println(new StringBuffer().append("\n\ntrying ..\ncertIssuerDN--->").append(name).append("\npolicy[j]--->").append(strArr[i2]).append("\nuserDN--->").append(name2).toString());
                    if (matchWildCardDN(name2, strArr[i2])) {
                        System.out.println("returnning false ");
                        System.out.println(new StringBuffer().append("policy[j]--->").append(strArr[i2]).append("\nuserDN--->").append(name2).toString());
                        return false;
                    }
                }
                return true;
            }
        }
        return true;
    }

    public void initCA(String str) {
        String[] list = new File(str).list(new CrlFilter());
        X509CRL[] x509crlArr = new X509CRL[list.length];
        CA[] caArr = new CA[list.length];
        for (int i = 0; i < list.length; i++) {
            try {
                RandomAccessFile randomAccessFile = new RandomAccessFile(new StringBuffer().append(str).append("/").append(list[i]).toString(), "r");
                String readLine = randomAccessFile.readLine();
                randomAccessFile.close();
                x509crlArr[i] = initOneCrl(readLine);
                caArr[i] = new CA(x509crlArr[i], initOnePolicy(list[i].replaceAll("crl_url", "signing_policy"), str));
            } catch (Exception e) {
                System.out.println(e.getMessage());
            }
        }
        this.cA = caArr;
        loadTrustedCertificates(str);
    }

    private boolean matchWildCardDN(String str, String str2) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",/");
        StringTokenizer stringTokenizer2 = new StringTokenizer(str2, ",/");
        int countTokens = stringTokenizer.countTokens();
        int countTokens2 = stringTokenizer2.countTokens();
        int i = 0;
        String[] strArr = new String[countTokens];
        String[] strArr2 = new String[countTokens2];
        for (int i2 = 0; i2 < countTokens; i2++) {
            strArr[i2] = stringTokenizer.nextToken().trim();
        }
        for (int i3 = 0; i3 < countTokens2; i3++) {
            String trim = stringTokenizer2.nextToken().trim();
            if (!trim.equals("*") && !trim.equals("")) {
                strArr2[i3] = trim;
                i++;
            }
        }
        for (int i4 = 0; i4 < i; i4++) {
            if (!isPresent(strArr, strArr2[i4])) {
                return false;
            }
        }
        return true;
    }

    private boolean matchDN(String str, String str2) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",/");
        StringTokenizer stringTokenizer2 = new StringTokenizer(str2, ",/");
        int countTokens = stringTokenizer.countTokens();
        int countTokens2 = stringTokenizer2.countTokens();
        if (countTokens != countTokens2) {
            return false;
        }
        String[] strArr = new String[countTokens];
        String[] strArr2 = new String[countTokens2];
        for (int i = 0; i < countTokens; i++) {
            strArr[i] = stringTokenizer.nextToken().trim();
            strArr2[i] = stringTokenizer2.nextToken().trim();
        }
        for (int i2 = 0; i2 < countTokens; i2++) {
            if (!isPresent(strArr2, strArr[i2])) {
                return false;
            }
        }
        return true;
    }

    private boolean isPresent(String[] strArr, String str) {
        for (String str2 : strArr) {
            if (str.equals(str2)) {
                return true;
            }
        }
        return false;
    }

    private X509CRL initOneCrl(String str) {
        X509CRL x509crl = null;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            InputStream inputStream = new Http(str).getInputStream();
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
            boolean z = false;
            String str2 = "";
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                if (readLine.equals("-----BEGIN X509 CRL-----")) {
                    z = true;
                }
                if (z) {
                    str2 = new StringBuffer().append(str2).append(readLine).append("\n").toString();
                }
            }
            if (str2.length() > 0) {
                CertInputStream certInputStream = new CertInputStream(str2);
                x509crl = (X509CRL) certificateFactory.generateCRL(certInputStream);
                certInputStream.close();
            }
            inputStream.close();
        } catch (Exception e) {
            Log.write(e.getMessage());
        }
        return x509crl;
    }

    public String getOneCert(String str) {
        String readLine;
        String str2 = "";
        try {
            CertificateFactory.getInstance("X.509");
            RandomAccessFile randomAccessFile = new RandomAccessFile(str, "r");
            boolean z = false;
            do {
                readLine = randomAccessFile.readLine();
                if (readLine == null) {
                    break;
                }
                if (readLine.equals("-----BEGIN CERTIFICATE-----")) {
                    z = true;
                }
                if (z) {
                    str2 = new StringBuffer().append(str2).append(readLine).append("\n").toString();
                }
            } while (!readLine.equals("-----END CERTIFICATE-----"));
            randomAccessFile.close();
        } catch (Exception e) {
            Log.write(e.getMessage());
        }
        return str2;
    }

    private String[] initOnePolicy(String str, String str2) {
        String trim;
        String[] strArr = new String[1];
        RandomAccessFile randomAccessFile = null;
        try {
            try {
                strArr[0] = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
                randomAccessFile = new RandomAccessFile(new StringBuffer().append(str2).append("/").append(str).toString(), "r");
            } catch (Exception e) {
                Log.write(e.getMessage());
                try {
                    randomAccessFile.close();
                } catch (Exception e2) {
                    Log.write(e2.getMessage());
                }
            }
            do {
                String readLine = randomAccessFile.readLine();
                if (readLine == null) {
                    try {
                        randomAccessFile.close();
                    } catch (Exception e3) {
                        Log.write(e3.getMessage());
                    }
                    return strArr;
                }
                trim = readLine.trim();
            } while (!trim.startsWith("cond_subjects"));
            Log.write(new StringBuffer().append("Signning policy subjects ").append(trim).toString());
            StringTokenizer stringTokenizer = new StringTokenizer(trim, "'");
            if (stringTokenizer.countTokens() != 2) {
                try {
                    randomAccessFile.close();
                } catch (Exception e4) {
                    Log.write(e4.getMessage());
                }
                return strArr;
            }
            stringTokenizer.nextToken();
            int i = 0;
            String nextToken = stringTokenizer.nextToken();
            StringTokenizer stringTokenizer2 = new StringTokenizer(nextToken, "\"");
            int countTokens = stringTokenizer2.countTokens();
            for (int i2 = 0; i2 < countTokens; i2++) {
                if (stringTokenizer2.nextToken().trim().length() > 0) {
                    i++;
                }
            }
            strArr = new String[i];
            int i3 = 0;
            StringTokenizer stringTokenizer3 = new StringTokenizer(nextToken, "\"");
            int countTokens2 = stringTokenizer3.countTokens();
            for (int i4 = 0; i4 < countTokens2; i4++) {
                String trim2 = stringTokenizer3.nextToken().trim();
                if (trim2.length() > 0) {
                    strArr[i3] = trim2;
                    i3++;
                }
            }
            try {
                randomAccessFile.close();
            } catch (Exception e5) {
                Log.write(e5.getMessage());
            }
            return strArr;
        } catch (Throwable th) {
            try {
                randomAccessFile.close();
            } catch (Exception e6) {
                Log.write(e6.getMessage());
            }
            throw th;
        }
    }
}
