package org.glite.voms;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.Security;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import java.util.ListIterator;
import java.util.Timer;
import java.util.TimerTask;
import java.util.Vector;
import java.util.concurrent.TimeUnit;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.glite.voms.ac.VOMSTrustStore;

/* loaded from: input_file:org/glite/voms/PKIStore.class */
public class PKIStore implements VOMSTrustStore {
    public static final String TRUST_STORE_REFRESH_PERIOD_PROPERTY = "voms.trust-store-refresh-period";
    public static final int DEFAULT_TRUST_STORE_REFRESH_PERIOD = 10;
    private Hashtable certificates;
    private Hashtable crls;
    private Hashtable signings;
    private Hashtable lscfiles;
    private Hashtable vomscerts;
    private Hashtable namespaces;
    private int instances;
    public static final int TYPE_VOMSDIR = 1;
    public static final int TYPE_CADIR = 2;
    private static final int CERT = 1;
    private static final int CRL = 2;
    private static final int SIGN = 3;
    private static final int LSC = 4;
    private static final int NAMESPACE = 5;
    private static final int HASHCAPACITY = 75;
    private boolean aggressive;
    private Timer theTimer;
    private String certDir;
    private int type;
    private static Logger logger = Logger.getLogger(PKIStore.class.getName());
    public static final String DEFAULT_VOMSDIR = File.separator + "etc" + File.separator + "grid-security" + File.separator + "vomsdir";
    public static final String DEFAULT_CADIR = File.separator + "etc" + File.separator + "grid-security" + File.separator + "certificates";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/glite/voms/PKIStore$Couple.class */
    public static class Couple {
        Object first;
        Object second;

        Couple(Object obj, Object obj2) {
            this.first = obj;
            this.second = obj2;
        }
    }

    /* loaded from: input_file:org/glite/voms/PKIStore$Refreshener.class */
    private class Refreshener extends TimerTask {
        private Refreshener() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            PKIStore.this.refresh();
        }
    }

    public synchronized Hashtable getCAs() {
        return (Hashtable) this.certificates.clone();
    }

    public synchronized Hashtable getCRLs() {
        return this.crls;
    }

    public synchronized Hashtable getSignings() {
        return this.signings;
    }

    public synchronized Hashtable getNamespaces() {
        return this.namespaces;
    }

    /* JADX WARN: Finally extract failed */
    public synchronized void refresh() {
        PKIStore pKIStore = null;
        logger.info("Starting PKIStore refresh (type: " + this.type + ")");
        try {
            try {
                pKIStore = new PKIStore(this.certDir, this.type, this.aggressive, false);
                if (pKIStore != null) {
                    pKIStore.stopRefresh();
                }
                try {
                    this.certificates.clear();
                    this.certificates = pKIStore.certificates;
                    pKIStore.certificates = null;
                    this.crls.clear();
                    this.crls = pKIStore.crls;
                    pKIStore.crls = null;
                    this.signings.clear();
                    this.signings = pKIStore.signings;
                    pKIStore.signings = null;
                    this.lscfiles.clear();
                    this.lscfiles = pKIStore.lscfiles;
                    pKIStore.lscfiles = null;
                    this.vomscerts.clear();
                    this.vomscerts = pKIStore.vomscerts;
                    pKIStore.vomscerts = null;
                    this.namespaces.clear();
                    this.namespaces = pKIStore.namespaces;
                    pKIStore.namespaces = null;
                } catch (Throwable th) {
                    throw th;
                }
            } catch (Exception e) {
                logger.error("Cannot refresh store: " + e.getMessage());
                if (pKIStore != null) {
                    pKIStore.stopRefresh();
                }
            }
        } catch (Throwable th2) {
            if (pKIStore != null) {
                pKIStore.stopRefresh();
            }
            throw th2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PKIStore(String str, int i, boolean z, boolean z2) throws IOException, CertificateException, CRLException {
        int i2;
        this.certificates = null;
        this.crls = null;
        this.signings = null;
        this.lscfiles = null;
        this.vomscerts = null;
        this.namespaces = null;
        this.instances = 1;
        this.aggressive = false;
        this.theTimer = null;
        this.certDir = null;
        this.type = -1;
        this.aggressive = z;
        this.certificates = new Hashtable(HASHCAPACITY);
        this.crls = new Hashtable(HASHCAPACITY);
        this.signings = new Hashtable(HASHCAPACITY);
        this.lscfiles = new Hashtable(HASHCAPACITY);
        this.vomscerts = new Hashtable(HASHCAPACITY);
        this.namespaces = new Hashtable(HASHCAPACITY);
        if (i != 1 && i != 2) {
            throw new IllegalArgumentException("Unsupported value for type parameter in PKIReader constructor");
        }
        if (str == null || str.equals("")) {
            if (i == 1) {
                str = System.getProperty("VOMSDIR");
                if (str == null) {
                    str = DEFAULT_VOMSDIR;
                }
            } else if (i == 2) {
                str = System.getProperty("CADIR");
                if (str == null) {
                    str = DEFAULT_CADIR;
                }
            }
        }
        logger.info("Initializing " + (i == 1 ? "VOMS" : "CA") + " certificate store from directory: " + str);
        File file = new File(str);
        if (!file.exists()) {
            if (i == 2) {
                throw new FileNotFoundException("Directory " + str + " doesn't exist on this machine! Please specify a value for the cadir directory or set the CADIR system property.");
            }
            logger.warn("Please specify a value for the vomsdir directory or set the VOMSDIR system property.");
        }
        if (file.exists() && !file.isDirectory()) {
            throw new IllegalArgumentException((i == 1 ? "Voms certificate" : "CA certificate") + " directory passed as argument is not a directory! [" + file.getAbsolutePath() + "]");
        }
        if (file.exists() && file.list().length == 0) {
            if (i == 2) {
                throw new IllegalArgumentException("CA certificate directory passed as argument is empty! [" + file.getAbsolutePath() + "]");
            }
            logger.warn("Voms certificate directory passed as argument is empty! [" + file.getAbsolutePath() + "]");
            logger.warn("Validation of VOMS Attribute Certificate will likely fail.");
        }
        this.certDir = str;
        this.type = i;
        if (file.exists()) {
            load();
        }
        String property = System.getProperty(TRUST_STORE_REFRESH_PERIOD_PROPERTY);
        if (property == null) {
            i2 = 10;
        } else {
            try {
                i2 = Integer.parseInt(property);
            } catch (NumberFormatException e) {
                logger.warn("Error parsing voms.trust-store-refresh-period! Using default value: 10 minutes");
                i2 = 10;
            }
        }
        if (z2) {
            this.theTimer = new Timer(true);
            this.theTimer.scheduleAtFixedRate(new Refreshener(), 30000L, TimeUnit.MINUTES.toMillis(i2));
        }
        this.instances = 1;
    }

    public PKIStore(String str, int i, boolean z) throws IOException, CertificateException, CRLException {
        this(str, i, z, true);
    }

    public PKIStore(String str, int i) throws IOException, CertificateException, CRLException {
        this(str, i, true, true);
    }

    public PKIStore(int i) throws IOException, CertificateException, CRLException {
        this(null, i, true, true);
    }

    public PKIStore() {
        this.certificates = null;
        this.crls = null;
        this.signings = null;
        this.lscfiles = null;
        this.vomscerts = null;
        this.namespaces = null;
        this.instances = 1;
        this.aggressive = false;
        this.theTimer = null;
        this.certDir = null;
        this.type = -1;
        this.aggressive = true;
        this.certificates = new Hashtable(HASHCAPACITY);
        this.crls = new Hashtable(HASHCAPACITY);
        this.signings = new Hashtable(HASHCAPACITY);
        this.lscfiles = new Hashtable(HASHCAPACITY);
        this.vomscerts = new Hashtable(HASHCAPACITY);
        this.namespaces = new Hashtable(HASHCAPACITY);
        this.instances = 1;
    }

    public synchronized void rescheduleRefresh(int i) {
        if (this.theTimer != null) {
            this.theTimer.cancel();
        }
        this.theTimer = null;
        logger.info("Rescheduling refresh interval to " + i + " milliseconds");
        this.theTimer = new Timer(true);
        this.theTimer.scheduleAtFixedRate(new Refreshener(), i, i);
    }

    @Override // org.glite.voms.ac.VOMSTrustStore
    public synchronized void stopRefresh() {
        if (this.instances != 0) {
            this.instances--;
        }
        if (this.instances == 0) {
            if (this.theTimer != null) {
                this.theTimer.cancel();
            }
            this.theTimer = null;
        }
    }

    protected synchronized void addInstance() {
        this.instances++;
    }

    public synchronized void setAggressive(boolean z) {
        this.aggressive = z;
    }

    @Override // org.glite.voms.ac.VOMSTrustStore
    public synchronized LSCFile getLSC(String str, String str2) {
        Hashtable hashtable = (Hashtable) this.lscfiles.get(str);
        if (hashtable != null) {
            return (LSCFile) hashtable.get(str2);
        }
        return null;
    }

    @Override // org.glite.voms.ac.VOMSTrustStore
    public synchronized X509Certificate[] getAACandidate(X500Principal x500Principal, String str) {
        Hashtable hashtable = (Hashtable) this.vomscerts.get(PKIUtils.getHash(x500Principal));
        if (logger.isDebugEnabled()) {
            logger.debug("listcerts content: " + hashtable);
        }
        if (hashtable == null) {
            return null;
        }
        HashSet hashSet = (HashSet) hashtable.get(str);
        if (hashSet == null) {
            hashSet = (HashSet) hashtable.get("");
        }
        if (hashSet != null) {
            return (X509Certificate[]) hashSet.toArray(new X509Certificate[0]);
        }
        return null;
    }

    public synchronized void load() throws IOException, CertificateException, CRLException {
        switch (this.type) {
            case 1:
                getForVOMS(new File(this.certDir), null);
                return;
            case 2:
                getForCA(new File(this.certDir));
                return;
            default:
                return;
        }
    }

    private void load(X509Certificate x509Certificate, String str) {
        if (x509Certificate == null) {
            return;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("CERT = " + x509Certificate + " , vo = " + str);
        }
        String hash = PKIUtils.getHash(x509Certificate);
        if (logger.isDebugEnabled()) {
            logger.debug("Registered HASH: " + hash + " for " + x509Certificate.getSubjectDN().getName() + " for vo: " + str);
            logger.debug("Class of getSubjectDN: " + x509Certificate.getSubjectDN().getClass());
            logger.debug("KNOWN HASH ? " + this.vomscerts.containsKey(hash));
            logger.debug("VOMSCERTS = " + this.vomscerts);
        }
        if (this.vomscerts.containsKey(hash)) {
            logger.debug("Already exixtsing HASH");
            Hashtable hashtable = (Hashtable) this.vomscerts.get(hash);
            HashSet hashSet = (HashSet) hashtable.get(str);
            if (hashSet != null) {
                hashSet.add(x509Certificate);
                return;
            }
            HashSet hashSet2 = new HashSet();
            hashSet2.add(x509Certificate);
            hashtable.put(str, hashSet2);
            return;
        }
        logger.debug("Originally EMPTY table");
        Hashtable hashtable2 = new Hashtable(HASHCAPACITY);
        HashSet hashSet3 = new HashSet();
        hashSet3.add(x509Certificate);
        hashtable2.put(str, hashSet3);
        this.vomscerts.put(hash, hashtable2);
        if (logger.isDebugEnabled()) {
            logger.debug("Inserted HASH: " + hash);
            logger.debug("NEW VOMSCERTS = " + this.vomscerts);
        }
    }

    private void load(X509Certificate[] x509CertificateArr, String str) {
        int length = x509CertificateArr.length;
        logger.debug("LEN = " + length);
        for (int i = 0; i < length; i++) {
            if (logger.isDebugEnabled()) {
                logger.debug("PARSING: " + i + " value: " + x509CertificateArr[i]);
            }
            load(x509CertificateArr[i], str);
        }
    }

    private void load(X509Certificate x509Certificate) {
        String hash = PKIUtils.getHash(x509Certificate);
        if (this.certificates.containsKey(hash)) {
            if (((Vector) this.certificates.get(hash)).contains(x509Certificate)) {
                return;
            }
            ((Vector) this.certificates.get(hash)).add(x509Certificate);
        } else {
            Vector vector = new Vector();
            vector.add(x509Certificate);
            this.certificates.put(hash, vector);
        }
    }

    private void load(X509Certificate[] x509CertificateArr) {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            load(x509Certificate);
        }
    }

    private void load(X509CRL x509crl) {
        String hash = PKIUtils.getHash(x509crl);
        if (this.crls.containsKey(hash)) {
            ((Vector) this.crls.get(hash)).add(x509crl);
            return;
        }
        Vector vector = new Vector();
        vector.add(x509crl);
        this.crls.put(hash, vector);
    }

    private void load(SigningPolicy signingPolicy) {
        this.signings.put(signingPolicy.getName(), signingPolicy);
    }

    private void load(Namespace namespace) {
        this.namespaces.put(namespace.getName(), namespace);
    }

    private void load(LSCFile lSCFile, String str) {
        String name = lSCFile.getName();
        Hashtable hashtable = null;
        if (!this.lscfiles.containsKey(str)) {
            hashtable = new Hashtable();
            this.lscfiles.put(str, hashtable);
        }
        if (hashtable == null) {
            hashtable = (Hashtable) this.lscfiles.get(str);
        }
        hashtable.put(name, lSCFile);
    }

    private void getForCA(File file) throws IOException, CertificateException, CRLException {
        for (File file2 : Arrays.asList(file.listFiles())) {
            logger.debug("filename: " + file2.getName());
            try {
                Couple object = getObject(file2);
                if (object != null) {
                    int intValue = ((Integer) object.second).intValue();
                    logger.debug("TYPE: " + intValue);
                    if (intValue == 2) {
                        load((X509CRL) object.first);
                    } else if (intValue == 1) {
                        load((X509Certificate[]) ((List) object.first).toArray(new X509Certificate[0]));
                    } else if (intValue == 3) {
                        load((SigningPolicy) object.first);
                    } else if (intValue == 5) {
                        load((Namespace) object.first);
                    }
                }
            } catch (IOException e) {
                logger.error(e.getMessage(), e);
                if (!this.aggressive) {
                    throw e;
                }
            } catch (CRLException e2) {
                logger.error(e2.getMessage(), e2);
                if (!this.aggressive) {
                    throw e2;
                }
            } catch (CertificateException e3) {
                logger.error(e3.getMessage(), e3);
                if (!this.aggressive) {
                    throw e3;
                }
            }
        }
    }

    private void getForVOMS(File file, String str) throws IOException, CertificateException, CRLException {
        if (str == null) {
            str = "";
        }
        logger.debug("For VO: " + str);
        for (File file2 : Arrays.asList(file.listFiles())) {
            try {
                logger.debug("NAME: " + file2.getName());
                if (!file2.isDirectory()) {
                    Couple object = getObject(file2);
                    if (object != null) {
                        int intValue = ((Integer) object.second).intValue();
                        logger.debug("TYPE: " + intValue);
                        if (intValue == 1) {
                            load((X509Certificate[]) ((List) object.first).toArray(new X509Certificate[0]), str);
                        } else if (intValue == 4) {
                            load((LSCFile) object.first, str);
                            if (logger.isDebugEnabled()) {
                                ListIterator listIterator = ((LSCFile) object.first).getDNLists().listIterator();
                                while (listIterator.hasNext()) {
                                    logger.debug("Sequence: 0");
                                    ListIterator listIterator2 = ((Vector) listIterator.next()).listIterator();
                                    while (listIterator2.hasNext()) {
                                        logger.debug("DN: " + ((String) listIterator2.next()));
                                    }
                                }
                            }
                        }
                    }
                } else if (str.equals("")) {
                    getForVOMS(file2, file2.getName());
                }
            } catch (IOException e) {
                logger.error(e.getMessage(), e);
                if (!this.aggressive) {
                    throw e;
                }
            } catch (CRLException e2) {
                logger.error(e2.getMessage(), e2);
                if (!this.aggressive) {
                    throw e2;
                }
            } catch (CertificateException e3) {
                logger.error(e3.getMessage(), e3);
                if (!this.aggressive) {
                    throw e3;
                }
            }
        }
    }

    private Couple getObject(File file) throws IOException, CertificateException, CRLException {
        if (file.getName().matches(".*\\.lsc")) {
            return new Couple(new LSCFile(file), 4);
        }
        if (file.getName().matches(".*\\.signing_policy")) {
            return new Couple(new SigningPolicy(file), 3);
        }
        if (file.getName().matches(".*\\.namespace")) {
            return new Couple(new Namespace(file), 5);
        }
        try {
            Object readObject = PKIUtils.readObject(file);
            if (readObject instanceof X509CRL) {
                return new Couple(readObject, 2);
            }
            if (readObject instanceof List) {
                return new Couple(readObject, 1);
            }
            return null;
        } catch (FileNotFoundException e) {
            logger.error("Problem reading file " + file.getName() + ": " + e.getMessage());
            return null;
        }
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
