package org.dcache.srm.client;

import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.proxy.ProxyGenerator;
import eu.emi.security.authn.x509.proxy.ProxyRequestOptions;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateParsingException;
import org.apache.http.HttpHost;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.protocol.HttpContext;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.dcache.srm.client.HttpClientTransport;

/* loaded from: input_file:org/dcache/srm/client/GsiConnectionSocketFactory.class */
public class GsiConnectionSocketFactory implements LayeredConnectionSocketFactory {
    private final LayeredConnectionSocketFactory socketFactory;

    public GsiConnectionSocketFactory(LayeredConnectionSocketFactory layeredConnectionSocketFactory) {
        this.socketFactory = layeredConnectionSocketFactory;
    }

    public Socket createLayeredSocket(Socket socket, String str, int i, HttpContext httpContext) throws IOException {
        Socket createLayeredSocket = this.socketFactory.createLayeredSocket(socket, str, i, httpContext);
        delegate(createLayeredSocket, (HttpClientTransport.Delegation) httpContext.getAttribute(HttpClientTransport.TRANSPORT_HTTP_DELEGATION), (X509Credential) httpContext.getAttribute(HttpClientTransport.TRANSPORT_HTTP_CREDENTIALS));
        return createLayeredSocket;
    }

    public Socket createSocket(HttpContext httpContext) throws IOException {
        return this.socketFactory.createSocket(httpContext);
    }

    public Socket connectSocket(int i, Socket socket, HttpHost httpHost, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, HttpContext httpContext) throws IOException {
        Socket connectSocket = this.socketFactory.connectSocket(i, socket, httpHost, inetSocketAddress, inetSocketAddress2, httpContext);
        delegate(connectSocket, (HttpClientTransport.Delegation) httpContext.getAttribute(HttpClientTransport.TRANSPORT_HTTP_DELEGATION), (X509Credential) httpContext.getAttribute(HttpClientTransport.TRANSPORT_HTTP_CREDENTIALS));
        return connectSocket;
    }

    private void delegate(Socket socket, HttpClientTransport.Delegation delegation, X509Credential x509Credential) throws IOException {
        if (delegation != null) {
            switch (delegation) {
                case SKIP:
                default:
                    return;
                case NONE:
                    socket.getOutputStream().write(48);
                    socket.getOutputStream().flush();
                    return;
                case LIMITED:
                case FULL:
                    socket.getOutputStream().write(68);
                    socket.getOutputStream().flush();
                    try {
                        ProxyRequestOptions proxyRequestOptions = new ProxyRequestOptions(x509Credential.getCertificateChain(), new PKCS10CertificationRequest(new ASN1InputStream(socket.getInputStream()).readObject()));
                        proxyRequestOptions.setLimited(delegation == HttpClientTransport.Delegation.LIMITED);
                        socket.getOutputStream().write(ProxyGenerator.generate(proxyRequestOptions, x509Credential.getKey())[0].getEncoded());
                        socket.getOutputStream().flush();
                        return;
                    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateEncodingException | CertificateParsingException e) {
                        throw new IOException("Failed to signed CSR during delegation: " + e.getMessage(), e);
                    }
            }
        }
    }
}
