package fnal.vox.security;

import fnal.vox.log.Log;
import java.net.Socket;
import java.security.cert.X509Certificate;
import org.globus.gsi.GSIConstants;
import org.globus.gsi.GlobusCredential;
import org.globus.gsi.GlobusCredentialException;
import org.globus.gsi.TrustedCertificates;
import org.globus.gsi.gssapi.GSSConstants;
import org.globus.gsi.gssapi.GlobusGSSCredentialImpl;
import org.globus.gsi.gssapi.GlobusGSSManagerImpl;
import org.globus.gsi.gssapi.auth.NoAuthorization;
import org.globus.gsi.gssapi.net.GssSocket;
import org.globus.gsi.gssapi.net.GssSocketFactory;
import org.gridforum.jgss.ExtendedGSSContext;
import org.gridforum.jgss.ExtendedGSSManager;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:fnal/vox/security/ANAM.class */
public abstract class ANAM {
    protected String[] dn = null;
    protected String[] ca = null;
    protected String prin = null;
    protected int lifeTime = 0;

    public boolean gsiAuthenticate(Socket socket, ExtendedGSSContext extendedGSSContext) throws Exception {
        try {
            socket.getInputStream();
            ReadWriteSocket readWriteSocket = new ReadWriteSocket(socket);
            while (!extendedGSSContext.isEstablished()) {
                byte[] readToken = readWriteSocket.readToken();
                byte[] acceptSecContext = extendedGSSContext.acceptSecContext(readToken, 0, readToken.length);
                if (acceptSecContext != null) {
                    readWriteSocket.writeToken(acceptSecContext);
                }
            }
            Log.write("Context established.");
            X509Certificate[] x509CertificateArr = (X509Certificate[]) extendedGSSContext.inquireByOid(GSSConstants.X509_CERT_CHAIN);
            if (x509CertificateArr != null) {
                int length = x509CertificateArr.length;
                this.dn = new String[length];
                this.ca = new String[length];
                for (int i = 0; i < length; i++) {
                    if (x509CertificateArr[i] != null) {
                        this.dn[i] = x509CertificateArr[i].getSubjectDN().getName();
                        this.ca[i] = x509CertificateArr[i].getIssuerDN().getName();
                        Log.write(new StringBuffer().append("Initiator DN[").append(i).append("]-->").append(this.dn[i]).toString());
                        Log.write(new StringBuffer().append("Initiator CA[").append(i).append("]-->").append(this.ca[i]).toString());
                    }
                }
            }
            this.lifeTime = extendedGSSContext.getLifetime();
            Log.write(new StringBuffer().append("Acceptor  : ").append(extendedGSSContext.getTargName()).toString());
            Log.write(new StringBuffer().append("Lifetime  : ").append(this.lifeTime).toString());
            Log.write(new StringBuffer().append("Privacy   : ").append(extendedGSSContext.getConfState()).toString());
            GlobusGSSCredentialImpl delegCred = extendedGSSContext.getDelegCred();
            Log.write("Delegated credential :");
            if (delegCred != null) {
                Log.write(delegCred.getGlobusCredential().toString());
            } else {
                Log.write("None");
            }
            return true;
        } finally {
            try {
                extendedGSSContext.dispose();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    public abstract boolean authorize();

    public boolean sendGsiRequest(Socket socket, ExtendedGSSContext extendedGSSContext) throws Exception {
        try {
            socket.getInputStream();
            ReadWriteSocket readWriteSocket = new ReadWriteSocket(socket);
            byte[] bArr = new byte[0];
            while (!extendedGSSContext.isEstablished()) {
                byte[] initSecContext = extendedGSSContext.initSecContext(bArr, 0, bArr.length);
                if (initSecContext != null) {
                    readWriteSocket.writeToken(initSecContext);
                }
                if (!extendedGSSContext.isEstablished()) {
                    bArr = readWriteSocket.readToken();
                }
            }
            return true;
        } finally {
            try {
                extendedGSSContext.dispose();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    /* JADX WARN: Finally extract failed */
    public ExtendedGSSContext getGsiServerContext(String str, String str2) throws GSSException {
        ExtendedGSSContext extendedGSSContext = null;
        if (str == null) {
            str = "/etc/grid-security/hostcert.pem";
        }
        if (str2 == null) {
            str2 = "/etc/grid-security/hostkey.pem";
        }
        if (str.length() == 0) {
            str = "/etc/grid-security/hostcert.pem";
        }
        if (str2.length() == 0) {
            str2 = "/etc/grid-security/hostkey.pem";
        }
        try {
            GlobusCredential globusCredential = new GlobusCredential(str, str2);
            globusCredential.verify();
            try {
                GlobusGSSCredentialImpl globusGSSCredentialImpl = new GlobusGSSCredentialImpl(globusCredential, 0);
                TrustedCertificates load = TrustedCertificates.load("/etc/grid-security/certificates");
                extendedGSSContext = (ExtendedGSSContext) ExtendedGSSManager.getInstance().createContext(globusGSSCredentialImpl);
                extendedGSSContext.setOption(GSSConstants.GSS_MODE, GSIConstants.MODE_GSI);
                extendedGSSContext.setOption(GSSConstants.TRUSTED_CERTIFICATES, load);
                try {
                    extendedGSSContext.dispose();
                } catch (Exception e) {
                    e.printStackTrace();
                }
                return extendedGSSContext;
            } catch (Throwable th) {
                try {
                    extendedGSSContext.dispose();
                } catch (Exception e2) {
                    e2.printStackTrace();
                }
                throw th;
            }
        } catch (GlobusCredentialException e3) {
            System.out.println(e3);
            Log.write(e3.getMessage());
            throw new GSSException(13, 0, new StringBuffer().append("could not load host globus credentials ").append(e3.toString()).toString());
        }
    }

    public ExtendedGSSContext getGsiClientContext() throws GSSException {
        ExtendedGSSContext createContext = new GlobusGSSManagerImpl().createContext((GSSName) null, GSSConstants.MECH_OID, (GSSCredential) null, 0);
        createContext.setOption(GSSConstants.GSS_MODE, GSIConstants.MODE_GSI);
        createContext.requestCredDeleg(false);
        return createContext;
    }

    public GSSContext getKerberosClientContext(String str) throws GSSException {
        Oid oid = new Oid("1.2.840.113554.1.2.2");
        GSSManager gSSManager = GSSManager.getInstance();
        return gSSManager.createContext(gSSManager.createName(new StringBuffer().append("host/").append(str).toString(), (Oid) null), oid, (GSSCredential) null, 0);
    }

    public GSSContext getKerberosServerContext() throws Exception {
        new Oid("1.2.840.113554.1.2.2");
        return GSSManager.getInstance().createContext((GSSCredential) null);
    }

    public boolean kerberosAuthenticate(Socket socket, GSSContext gSSContext) throws Exception {
        ReadWriteSocket readWriteSocket = new ReadWriteSocket(socket);
        while (!gSSContext.isEstablished()) {
            byte[] readKerberosToken = readWriteSocket.readKerberosToken();
            byte[] acceptSecContext = gSSContext.acceptSecContext(readKerberosToken, 0, readKerberosToken.length);
            if (acceptSecContext != null) {
                readWriteSocket.writeKerberosToken(acceptSecContext);
            }
        }
        this.prin = gSSContext.getSrcName().toString();
        Log.write(new StringBuffer().append("Client is ").append(this.prin).toString());
        Log.write(new StringBuffer().append("Server is ").append(gSSContext.getTargName()).toString());
        return true;
    }

    public boolean sendKerberosRequest(Socket socket, GSSContext gSSContext) throws Exception {
        ReadWriteSocket readWriteSocket = new ReadWriteSocket(socket);
        gSSContext.requestMutualAuth(true);
        gSSContext.requestConf(true);
        gSSContext.requestInteg(true);
        byte[] bArr = new byte[1];
        while (!gSSContext.isEstablished()) {
            bArr = gSSContext.initSecContext(bArr, 0, bArr.length);
            if (bArr != null) {
                readWriteSocket.writeKerberosToken(bArr);
            }
            if (!gSSContext.isEstablished()) {
                bArr = readWriteSocket.readKerberosToken();
            }
        }
        return true;
    }

    public Socket getGsiServerSocket(Socket socket, ExtendedGSSContext extendedGSSContext) throws Exception {
        GssSocket createSocket = GssSocketFactory.getDefault().createSocket(socket, (String) null, 0, extendedGSSContext);
        createSocket.setUseClientMode(false);
        createSocket.setWrapMode(2);
        createSocket.setAuthorization(NoAuthorization.getInstance());
        return createSocket;
    }

    public Socket getGsiClientSocket(String str, int i, ExtendedGSSContext extendedGSSContext) throws Exception {
        GssSocket createSocket = GssSocketFactory.getDefault().createSocket(str, i, extendedGSSContext);
        createSocket.setWrapMode(2);
        createSocket.setAuthorization(NoAuthorization.getInstance());
        return createSocket;
    }
}
