package org.dcache.xrootd.plugins.authn.gsi;

import eu.emi.security.authn.x509.X509CertChainValidator;
import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.helpers.ssl.HostnameToCertificateChecker;
import java.io.File;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.List;
import org.dcache.xrootd.core.XrootdException;
import org.dcache.xrootd.security.XrootdBucket;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/dcache/xrootd/plugins/authn/gsi/BaseGSIAuthenticationHandler.class */
public class BaseGSIAuthenticationHandler {
    public static final String PROTOCOL = "gsi";
    public static final String PROTOCOL_VERSION = "10200";
    public static final String CRYPTO_MODE = "ssl";
    public static final String SUPPORTED_CIPHER_ALGORITHMS = "aes-128-cbc";
    public static final String SUPPORTED_DIGESTS = "sha1:md5";
    protected static final String SERVER_ASYNC_CIPHER_MODE = "RSA/NONE/PKCS1Padding";
    protected static final String SERVER_SYNC_CIPHER_MODE = "AES/CBC/PKCS5Padding";
    protected static final String SERVER_SYNC_CIPHER_NAME = "AES";
    protected static final int SERVER_SYNC_CIPHER_BLOCKSIZE = 16;
    protected static final int CHALLENGE_BYTES = 8;
    protected static final Logger LOGGER = LoggerFactory.getLogger(BaseGSIAuthenticationHandler.class);
    protected static final SecureRandom RANDOM = new SecureRandom();
    protected static final HostnameToCertificateChecker CERT_CHECKER = new HostnameToCertificateChecker();
    protected final X509Credential hostCredential;
    protected final X509CertChainValidator validator;
    protected final File certDir;

    /* loaded from: input_file:org/dcache/xrootd/plugins/authn/gsi/BaseGSIAuthenticationHandler$XrootdBucketContainer.class */
    static class XrootdBucketContainer {
        private final int _size;
        private final List<XrootdBucket> _buckets;

        public XrootdBucketContainer(List<XrootdBucket> list, int i) {
            this._buckets = list;
            this._size = i;
        }

        public int getSize() {
            return this._size;
        }

        public List<XrootdBucket> getBuckets() {
            return this._buckets;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BaseGSIAuthenticationHandler(X509Credential x509Credential, X509CertChainValidator x509CertChainValidator, String str) {
        this.hostCredential = x509Credential;
        this.validator = x509CertChainValidator;
        this.certDir = new File(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String generateChallengeString() {
        byte[] bArr = new byte[CHALLENGE_BYTES];
        for (int i = 0; i < CHALLENGE_BYTES; i++) {
            bArr[i] = (byte) RANDOM.nextInt(127);
        }
        return new String(bArr, StandardCharsets.US_ASCII);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkCaIdentities(String[] strArr) throws XrootdException {
        for (String str : strArr) {
            if (!isValidCaPath(str)) {
                throw new XrootdException(4003, str + " is not a valid ca cert path.");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkVersion(String str) {
    }

    private boolean isValidCaPath(String str) {
        String trim = str.trim();
        if (trim.indexOf(".") < 1) {
            trim = trim + ".0";
        }
        return new File(this.certDir, trim).exists();
    }
}
