package org.globus.gsi.proxy;

import java.security.KeyStore;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Hashtable;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.gsi.CertificateRevocationLists;
import org.globus.gsi.SigningPolicy;
import org.globus.gsi.TrustedCertificates;
import org.globus.gsi.X509ProxyCertPathParameters;
import org.globus.gsi.bc.BouncyCastleUtil;
import org.globus.gsi.provider.simple.SimpleMemoryCertStoreParams;
import org.globus.gsi.provider.simple.SimpleMemoryKeyStoreLoadStoreParameter;
import org.globus.gsi.provider.simple.SimpleMemoryProvider;
import org.globus.gsi.provider.simple.SimpleMemorySigningPolicyStore;
import org.globus.gsi.trustmanager.X509ProxyCertPathValidator;
import org.globus.gsi.util.CertificateUtil;
import org.globus.util.I18n;

/* loaded from: input_file:org/globus/gsi/proxy/ProxyPathValidator.class */
public class ProxyPathValidator {
    private static I18n i18n;
    private static Log logger;
    private X509ProxyCertPathValidator validator = new X509ProxyCertPathValidator();
    private boolean rejectLimitedProxyCheck = false;
    private boolean limited = false;
    private X509Certificate identityCert = null;
    private Hashtable proxyPolicyHandlers = null;

    public boolean isLimited() {
        return this.limited;
    }

    public X509Certificate getIdentityCertificate() {
        return this.identityCert;
    }

    public String getIdentity() {
        return BouncyCastleUtil.getIdentity(this.identityCert);
    }

    public ProxyPolicyHandler removeProxyPolicyHandler(String str) {
        if (str == null || this.proxyPolicyHandlers == null) {
            return null;
        }
        return (ProxyPolicyHandler) this.proxyPolicyHandlers.remove(str);
    }

    public ProxyPolicyHandler setProxyPolicyHandler(String str, ProxyPolicyHandler proxyPolicyHandler) {
        if (str == null) {
            throw new IllegalArgumentException(i18n.getMessage("proxyPolicyId"));
        }
        if (proxyPolicyHandler == null) {
            throw new IllegalArgumentException(i18n.getMessage("proxyPolicyHandler"));
        }
        if (this.proxyPolicyHandlers == null) {
            this.proxyPolicyHandlers = new Hashtable();
        }
        return (ProxyPolicyHandler) this.proxyPolicyHandlers.put(str, proxyPolicyHandler);
    }

    public ProxyPolicyHandler getProxyPolicyHandler(String str) {
        if (str == null || this.proxyPolicyHandlers == null) {
            return null;
        }
        return (ProxyPolicyHandler) this.proxyPolicyHandlers.get(str);
    }

    public void reset() {
        this.rejectLimitedProxyCheck = false;
        this.limited = false;
        this.identityCert = null;
    }

    public void setRejectLimitedProxyCheck(boolean z) {
        this.rejectLimitedProxyCheck = z;
    }

    public void validate(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2) throws ProxyPathValidatorException {
        validate(x509CertificateArr, x509CertificateArr2, (CertificateRevocationLists) null);
    }

    public void validate(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2, CertificateRevocationLists certificateRevocationLists) throws ProxyPathValidatorException {
        validate(x509CertificateArr, x509CertificateArr2, certificateRevocationLists, (SigningPolicy[]) null);
    }

    public void validate(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2, CertificateRevocationLists certificateRevocationLists, SigningPolicy[] signingPolicyArr) throws ProxyPathValidatorException {
        validate(x509CertificateArr, x509CertificateArr2, certificateRevocationLists, signingPolicyArr, null);
    }

    public void validate(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2, CertificateRevocationLists certificateRevocationLists, SigningPolicy[] signingPolicyArr, Boolean bool) throws ProxyPathValidatorException {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException(i18n.getMessage("certsNull"));
        }
        TrustedCertificates trustedCertificates = null;
        if (x509CertificateArr2 != null) {
            trustedCertificates = new TrustedCertificates(x509CertificateArr2, signingPolicyArr);
        }
        validate(x509CertificateArr, trustedCertificates, certificateRevocationLists, bool);
    }

    protected void validate(X509Certificate[] x509CertificateArr) throws ProxyPathValidatorException {
        validate(x509CertificateArr, (TrustedCertificates) null, (CertificateRevocationLists) null);
    }

    protected void validate(X509Certificate[] x509CertificateArr, TrustedCertificates trustedCertificates) throws ProxyPathValidatorException {
        validate(x509CertificateArr, trustedCertificates, (CertificateRevocationLists) null);
    }

    protected void validate(X509Certificate[] x509CertificateArr, TrustedCertificates trustedCertificates, CertificateRevocationLists certificateRevocationLists) throws ProxyPathValidatorException {
        validate(x509CertificateArr, trustedCertificates, certificateRevocationLists, (Boolean) null);
    }

    protected synchronized void validate(X509Certificate[] x509CertificateArr, TrustedCertificates trustedCertificates, CertificateRevocationLists certificateRevocationLists, Boolean bool) throws ProxyPathValidatorException {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException(i18n.getMessage("certsNull"));
        }
        if (certificateRevocationLists == null) {
            certificateRevocationLists = CertificateRevocationLists.getDefaultCertificateRevocationLists();
        }
        if (trustedCertificates == null) {
            trustedCertificates = TrustedCertificates.getDefault();
        }
        try {
            SimpleMemoryKeyStoreLoadStoreParameter simpleMemoryKeyStoreLoadStoreParameter = new SimpleMemoryKeyStoreLoadStoreParameter();
            SimpleMemoryCertStoreParams simpleMemoryCertStoreParams = new SimpleMemoryCertStoreParams(null, certificateRevocationLists.getCrls());
            simpleMemoryKeyStoreLoadStoreParameter.setCerts(trustedCertificates.getCertificates());
            HashMap hashMap = new HashMap();
            if (this.proxyPolicyHandlers != null) {
                hashMap.putAll(this.proxyPolicyHandlers);
            }
            KeyStore keyStore = KeyStore.getInstance(SimpleMemoryProvider.KEYSTORE_TYPE, SimpleMemoryProvider.PROVIDER_NAME);
            CertStore certStore = CertStore.getInstance(SimpleMemoryProvider.CERTSTORE_TYPE, simpleMemoryCertStoreParams, SimpleMemoryProvider.PROVIDER_NAME);
            SimpleMemorySigningPolicyStore simpleMemorySigningPolicyStore = new SimpleMemorySigningPolicyStore(trustedCertificates.getSigningPolicies());
            keyStore.load(simpleMemoryKeyStoreLoadStoreParameter);
            this.validator.engineValidate(CertificateUtil.getCertPath(x509CertificateArr), new X509ProxyCertPathParameters(keyStore, certStore, simpleMemorySigningPolicyStore, this.rejectLimitedProxyCheck, hashMap));
            this.identityCert = this.validator.getIdentityCertificate();
            this.limited = this.validator.isLimited();
        } catch (Exception e) {
            throw new ProxyPathValidatorException(-1, e);
        }
    }

    protected synchronized void setValidator(X509ProxyCertPathValidator x509ProxyCertPathValidator) {
        this.validator = x509ProxyCertPathValidator;
    }

    static {
        Security.addProvider(new SimpleMemoryProvider());
        i18n = I18n.getI18n("org.globus.gsi.proxy.errors", ProxyPathValidator.class.getClassLoader());
        logger = LogFactory.getLog(ProxyPathValidator.class.getName());
    }
}
