package de.fzj.unicore.wsrflite.security;

import de.fzj.unicore.wsrflite.Kernel;
import eu.unicore.security.util.KeystoreChecker;
import eu.unicore.security.util.Log;
import eu.unicore.security.util.client.ETDClientSettings;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import javax.net.ssl.SSLContext;
import org.apache.log4j.Logger;

/* loaded from: input_file:de/fzj/unicore/wsrflite/security/UASSecurityProperties.class */
public class UASSecurityProperties implements ISecurityProperties, Cloneable {
    private static final Logger logger = Log.getLogger("unicore.security", UASSecurityProperties.class);
    private Properties properties;
    private ETDClientSettings etdSettings;
    private X509Certificate[] certChain;
    private volatile PrivateKey privateKey;
    private boolean signMessage;
    private Map<String, Object> extraSecurityTokens;
    private volatile X509Certificate gatewayCertificate;
    private ClassLoader classLoader;

    public UASSecurityProperties() {
        this.etdSettings = new ETDClientSettings();
        this.signMessage = true;
        this.properties = new Properties();
    }

    public UASSecurityProperties(InputStream inputStream) {
        this();
        try {
            this.properties.load(inputStream);
        } catch (Exception e) {
            logger.fatal("Could not read properties.", e);
        }
    }

    public UASSecurityProperties(String str) throws IOException {
        this(new FileInputStream(str));
    }

    @Override // de.fzj.unicore.wsrflite.security.ISecurityProperties
    /* renamed from: clone, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] and merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
    public ISecurityProperties m23clone() {
        if (logger.isTraceEnabled()) {
            logger.trace("Copying security props: " + toString());
        }
        UASSecurityProperties uASSecurityProperties = new UASSecurityProperties();
        uASSecurityProperties.properties = (Properties) this.properties.clone();
        uASSecurityProperties.etdSettings = this.etdSettings.clone();
        if (this.extraSecurityTokens != null) {
            uASSecurityProperties.extraSecurityTokens = new HashMap();
            uASSecurityProperties.extraSecurityTokens.putAll(this.extraSecurityTokens);
        }
        return uASSecurityProperties;
    }

    public String getInHandlerClassNames() {
        return doGetProperty(ISecurityProperties.UAS_INHANDLER_NAME);
    }

    public String getOutHandlerClassNames() {
        return doGetProperty(ISecurityProperties.UAS_OUTHANDLER_NAME);
    }

    protected String doGetProperty(String str) {
        String str2 = (String) this.properties.get(str);
        if (str2 == null) {
            str2 = Kernel.getKernel().getProperty(str);
        }
        return str2;
    }

    @Override // de.fzj.unicore.wsrflite.security.ISecurityProperties
    public String getProperty(String str) {
        return doGetProperty(str);
    }

    @Override // de.fzj.unicore.wsrflite.security.ISecurityProperties
    public void setProperty(String str, String str2) {
        this.properties.put(str, str2);
    }

    public boolean isSslEnabled() {
        return "true".equalsIgnoreCase(doGetProperty(ISecurityProperties.WSRF_SSL));
    }

    public boolean doSSLAuthn() {
        return isSslEnabled();
    }

    @Override // de.fzj.unicore.wsrflite.security.ISecurityProperties
    public boolean requireClientAuthentication() {
        return "true".equalsIgnoreCase(doGetProperty(ISecurityProperties.WSRF_SSL_CLIENTAUTH));
    }

    @Override // de.fzj.unicore.wsrflite.security.ISecurityProperties
    public synchronized X509Certificate[] getCertificateChain() {
        if (this.certChain == null) {
            readKeystore();
        }
        return this.certChain;
    }

    public X509Certificate getPublicKey() {
        return getCertificateChain()[0];
    }

    private synchronized void readKeystore() {
        String keystore = getKeystore();
        String keystoreType = getKeystoreType();
        if (keystoreType == null) {
            keystoreType = "jks";
        }
        String keystorePassword = getKeystorePassword();
        String keystoreKeyPassword = getKeystoreKeyPassword();
        String keystoreAlias = getKeystoreAlias();
        try {
            logger.debug("Reading from keystore: " + keystore);
            KeyStore keyStore = KeyStore.getInstance(keystoreType);
            keyStore.load(new FileInputStream(new File(keystore)), keystorePassword.toCharArray());
            logger.debug("Keystore: " + keystore + " successfully loaded");
            if (keystoreAlias == null) {
                keystoreAlias = KeystoreChecker.findAlias(keyStore);
                if (keystoreAlias == null) {
                    throw new IllegalArgumentException("Keystore " + keystore + " does not contain any key entries!");
                }
                logger.debug("No alias supplied, loading  <" + keystoreAlias + ">");
            } else {
                logger.debug("Loading  <" + keystoreAlias + ">");
            }
            Certificate[] certificateChain = keyStore.getCertificateChain(keystoreAlias);
            if (certificateChain == null) {
                throw new IllegalArgumentException("Alias <" + keystoreAlias + "> cannot be found in keystore. Please check your configuration.");
            }
            this.privateKey = (PrivateKey) keyStore.getKey(keystoreAlias, keystoreKeyPassword.toCharArray());
            if (this.privateKey == null) {
                throw new IllegalArgumentException("Alias <" + keystoreAlias + "> does not denote a key entry. Please check your configuration.");
            }
            this.certChain = new X509Certificate[certificateChain.length];
            for (int i = 0; i < certificateChain.length; i++) {
                this.certChain[i] = (X509Certificate) certificateChain[i];
            }
            this.etdSettings.setIssuerCertificateChain(this.certChain);
            String property = getProperty(ISecurityProperties.UAS_GATEWAY_ALIAS);
            if (property != null) {
                loadGWCert(property);
            }
        } catch (Exception e) {
            logger.fatal("Could not load certificate(s) from keystore.", e);
            throw new RuntimeException(e);
        }
    }

    private synchronized void loadGWCert(String str) {
        String truststore = getTruststore();
        String truststoreType = getTruststoreType();
        if (truststoreType == null) {
            truststoreType = "jks";
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(truststoreType);
            keyStore.load(new FileInputStream(new File(truststore)), getTruststorePassword().toCharArray());
            logger.debug("Truststore: " + truststore + " successfully loaded");
            this.gatewayCertificate = (X509Certificate) keyStore.getCertificate(str);
            if (this.gatewayCertificate == null) {
                throw new IllegalArgumentException("Alias <" + str + "> cannot be found in truststore. Please check your configuration.");
            }
            logger.debug("Using gateway certificate <" + this.gatewayCertificate.getSubjectX500Principal().getName() + ">");
        } catch (Exception e) {
            throw new IllegalArgumentException("Gateway alias is defined, but I could not load a gateway certificate from the truststore at " + truststore, e);
        }
    }

    public synchronized PrivateKey getPrivateKey() {
        if (this.privateKey == null) {
            readKeystore();
        }
        return this.privateKey;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(getClass().getName() + "\n");
        stringBuffer.append("Keystore <" + doGetProperty(ISecurityProperties.WSRF_SSL_KEYSTORE) + ">\n");
        stringBuffer.append("Truststore <" + doGetProperty(ISecurityProperties.WSRF_SSL_TRUSTSTORE) + ">\n");
        try {
            stringBuffer.append("Identity: " + getCertificateChain()[0].getSubjectX500Principal().getName() + "\n");
        } catch (Exception e) {
            stringBuffer.append("User not set.\n");
        }
        if (getGatewayCertificate() != null) {
            stringBuffer.append("Gateway identity: " + getGatewayCertificate().getSubjectX500Principal().getName() + "\n");
        }
        stringBuffer.append("Signing messages: " + doSignMessage() + "\n");
        stringBuffer.append("Extend trust delegation: " + this.etdSettings.isExtendTrustDelegation() + "\n");
        return stringBuffer.toString();
    }

    public boolean doSignMessage() {
        return this.signMessage;
    }

    @Override // de.fzj.unicore.wsrflite.security.ISecurityProperties
    public void setSignMessage(boolean z) {
        this.signMessage = z;
    }

    @Override // de.fzj.unicore.wsrflite.security.ISecurityProperties
    public synchronized X509Certificate getGatewayCertificate() {
        if (this.gatewayCertificate != null) {
            return this.gatewayCertificate;
        }
        readKeystore();
        return this.gatewayCertificate;
    }

    public Map<String, Object> getExtraSecurityTokens() {
        return this.extraSecurityTokens;
    }

    @Override // de.fzj.unicore.wsrflite.security.ISecurityProperties
    public void setExtraSecurityTokens(Map<String, Object> map) {
        this.extraSecurityTokens = map;
    }

    public ClassLoader getClassLoader() {
        return this.classLoader;
    }

    @Override // de.fzj.unicore.wsrflite.security.ISecurityProperties
    public void setClassLoader(ClassLoader classLoader) {
        this.classLoader = classLoader;
    }

    public boolean doHttpAuthn() {
        return false;
    }

    public String getHttpUser() {
        return null;
    }

    public String getHttpPassword() {
        return null;
    }

    public SSLContext getSSLContext() {
        return null;
    }

    public String getKeystorePassword() {
        return doGetProperty(ISecurityProperties.WSRF_SSL_KEYPASS);
    }

    public String getKeystoreKeyPassword() {
        return doGetProperty(ISecurityProperties.WSRF_SSL_KEYPASS);
    }

    public String getKeystore() {
        return doGetProperty(ISecurityProperties.WSRF_SSL_KEYSTORE);
    }

    public String getKeystoreType() {
        return doGetProperty(ISecurityProperties.WSRF_SSL_KEYTYPE);
    }

    public String getKeystoreAlias() {
        return doGetProperty(ISecurityProperties.WSRF_SSL_KEYALIAS);
    }

    public String getTruststore() {
        return doGetProperty(ISecurityProperties.WSRF_SSL_TRUSTSTORE);
    }

    public String getTruststoreType() {
        return doGetProperty(ISecurityProperties.WSRF_SSL_TRUSTTYPE);
    }

    public String getTruststorePassword() {
        return doGetProperty(ISecurityProperties.WSRF_SSL_TRUSTPASS);
    }

    public Properties getExtraSettings() {
        return this.properties;
    }

    public ETDClientSettings getETDSettings() {
        return this.etdSettings;
    }
}
