package org.globus.gsi;

import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.Reader;
import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.Vector;
import java.util.regex.Pattern;
import javax.security.auth.x500.X500Principal;
import net.sf.json.util.JSONUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.gsi.util.CertificateUtil;

/* loaded from: input_file:WEB-INF/lib/JGlobus-Core-2.0.4.jar:org/globus/gsi/SigningPolicyParser.class */
public class SigningPolicyParser {
    public static final String ACCESS_ID_CA = "access_id_CA";
    public static final String DEF_AUTH_X509 = "X509";
    public static final String DEF_AUTH_GLOBUS = "globus";
    public static final String CONDITION_SUBJECT = "cond_subjects";
    public static final String VALUE_CA_SIGN = "CA:sign";
    public static final String SINGLE_CHAR = "?";
    public static final String WILDCARD = "*";
    public static final String SINGLE_PATTERN = "[\\p{Print}\\p{Blank}]";
    public static final String WILDCARD_PATTERN = "[\\p{Print}\\p{Blank}]*";
    private static final int MIN_TOKENS_PER_LINE = 3;
    private Log logger = LogFactory.getLog(SigningPolicyParser.class.getName());
    public static final String ACCESS_ID_PREFIX = "access_id_";
    public static final String POS_RIGHTS = "pos_rights";
    public static final String NEG_RIGHTS = "neg_rights";
    public static final String CONDITION_PREFIX = "cond_";
    static final String[] ALLOWED_LINE_START = {ACCESS_ID_PREFIX, POS_RIGHTS, NEG_RIGHTS, CONDITION_PREFIX};

    public Map<X500Principal, SigningPolicy> parse(String str) throws FileNotFoundException, SigningPolicyException {
        if (str == null || str.trim().equals("")) {
            throw new IllegalArgumentException();
        }
        this.logger.debug("Signing policy file name " + str);
        FileReader fileReader = null;
        try {
            try {
                fileReader = new FileReader(str);
                Map<X500Principal, SigningPolicy> parse = parse(fileReader);
                if (fileReader != null) {
                    try {
                        fileReader.close();
                    } catch (Exception e) {
                        this.logger.debug("Error closing file reader", e);
                    }
                }
                return parse;
            } catch (Exception e2) {
                throw new SigningPolicyException(e2);
            }
        } catch (Throwable th) {
            if (fileReader != null) {
                try {
                    fileReader.close();
                } catch (Exception e3) {
                    this.logger.debug("Error closing file reader", e3);
                }
            }
            throw th;
        }
    }

    public Map<X500Principal, SigningPolicy> parse(Reader reader) throws SigningPolicyException {
        HashMap hashMap = new HashMap();
        BufferedReader bufferedReader = new BufferedReader(reader);
        while (true) {
            try {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        return hashMap;
                    }
                    String trim = readLine.trim();
                    if (isValidLine(trim)) {
                        this.logger.debug("Line to parse: " + trim);
                        if (trim.startsWith(ACCESS_ID_PREFIX)) {
                            this.logger.debug("Check if it is CA and get the DN " + trim);
                            checkRights(hashMap, bufferedReader, getCaDN(trim, null), true, null);
                        }
                    }
                } catch (IOException e) {
                    throw new SigningPolicyException("", e);
                }
            } finally {
                cleanupReaders(reader, bufferedReader);
            }
        }
    }

    private void checkRights(Map<X500Principal, SigningPolicy> map, BufferedReader bufferedReader, String str, boolean z, Boolean bool) throws IOException, SigningPolicyException {
        boolean z2 = z;
        Boolean bool2 = bool;
        String readLine = bufferedReader.readLine();
        while (true) {
            String str2 = readLine;
            if (str2 == null) {
                return;
            }
            if (isValidLine(str2)) {
                String trim = str2.trim();
                this.logger.debug("Line is " + trim);
                if (trim.startsWith(POS_RIGHTS)) {
                    validatePositiveRights(bool2);
                    if (z2) {
                        z2 = isUsefulEntry(trim);
                    }
                    bool2 = Boolean.TRUE;
                } else if (trim.startsWith(NEG_RIGHTS)) {
                    bool2 = handleNegativeRights(bool2);
                } else {
                    if (!trim.startsWith(CONDITION_PREFIX)) {
                        throw new SigningPolicyException("invalidLine" + trim);
                    }
                    if (handleConditionalLine(map, trim, str, z2, bool2)) {
                        return;
                    }
                }
                readLine = bufferedReader.readLine();
            } else {
                readLine = bufferedReader.readLine();
            }
        }
    }

    private boolean handleConditionalLine(Map<X500Principal, SigningPolicy> map, String str, String str2, boolean z, Boolean bool) throws SigningPolicyException {
        if (!Boolean.TRUE.equals(bool)) {
            throw new SigningPolicyException("invalidRestrictions");
        }
        if (!z || !str.startsWith(CONDITION_SUBJECT)) {
            return false;
        }
        this.logger.debug("Read in subject condition.");
        Vector<Pattern> allowedDNs = getAllowedDNs(str.substring(CONDITION_SUBJECT.length(), str.length()));
        X500Principal principal = CertificateUtil.toPrincipal(str2);
        map.put(principal, new SigningPolicy(principal, allowedDNs));
        return true;
    }

    private String getCaDN(String str, String str2) throws SigningPolicyException {
        String str3 = str2;
        if (str.startsWith(ACCESS_ID_CA)) {
            str3 = getCA(str.substring(ACCESS_ID_CA.length(), str.length()));
            this.logger.debug("CA DN is " + str2);
        }
        return str3;
    }

    private void validatePositiveRights(Boolean bool) throws SigningPolicyException {
        if (Boolean.FALSE.equals(bool)) {
            throw new SigningPolicyException("invalidPosRights");
        }
    }

    private boolean isUsefulEntry(String str) throws SigningPolicyException {
        this.logger.debug("Parse pos_rights here");
        return isCASignRight(str.substring(POS_RIGHTS.length(), str.length()));
    }

    private Boolean handleNegativeRights(Boolean bool) throws SigningPolicyException {
        if (Boolean.TRUE.equals(bool)) {
            throw new SigningPolicyException("invalidNegRights");
        }
        this.logger.debug("Ignore neg_rights");
        return Boolean.FALSE;
    }

    private void cleanupReaders(Reader reader, BufferedReader bufferedReader) {
        if (bufferedReader != null) {
            try {
                bufferedReader.close();
            } catch (Exception e) {
                this.logger.debug("Unable to close bufferedReader", e);
            }
        }
        if (reader != null) {
            try {
                reader.close();
            } catch (Exception e2) {
                this.logger.debug("Unable to close reader", e2);
            }
        }
    }

    private boolean isValidLine(String str) throws SigningPolicyException {
        String trim = str.trim();
        if (trim.equals("") || trim.startsWith("#")) {
            return false;
        }
        if (new StringTokenizer(trim).countTokens() < 3) {
            throw new SigningPolicyException("invalidTokens on line \"" + trim + JSONUtils.DOUBLE_QUOTE);
        }
        for (String str2 : ALLOWED_LINE_START) {
            if (trim.startsWith(str2)) {
                return true;
            }
        }
        throw new SigningPolicyException("Line starts incorrectly");
    }

    private Vector<Pattern> getAllowedDNs(String str) throws SigningPolicyException {
        String trim = str.trim();
        int findIndex = findIndex(trim);
        if (findIndex == -1) {
            throw new SigningPolicyException("invalid tokens");
        }
        if (!"globus".equals(trim.substring(0, findIndex))) {
            return null;
        }
        String trim2 = trim.substring(findIndex + 1, trim.length()).trim();
        int i = 0;
        int length = trim2.length();
        if (trim2.charAt(0) == '\'') {
            i = 0 + 1;
            int indexOf = trim2.indexOf(39, i);
            if (indexOf == -1) {
                throw new SigningPolicyException("invlaid subjects");
            }
            length = indexOf;
        }
        String trim3 = trim2.substring(i, length).trim();
        if (trim3.equals("")) {
            throw new SigningPolicyException("empty subjects");
        }
        Vector<Pattern> vector = new Vector<>();
        int i2 = 0;
        int length2 = trim3.length();
        if (trim3.indexOf(JSONUtils.DOUBLE_QUOTE) == -1) {
            vector.add(getPattern(trim3));
        } else {
            while (i2 < length2) {
                int indexOf2 = trim3.indexOf(JSONUtils.DOUBLE_QUOTE, i2);
                int indexOf3 = trim3.indexOf(JSONUtils.DOUBLE_QUOTE, indexOf2 + 1);
                if (indexOf3 == -1) {
                    throw new SigningPolicyException("unmatched quotes");
                }
                vector.add(getPattern(trim3.substring(indexOf2 + 1, indexOf3)));
                i2 = indexOf3 + 1;
            }
        }
        return vector;
    }

    private boolean isCASignRight(String str) throws SigningPolicyException {
        String trim = str.trim();
        int findIndex = findIndex(trim);
        if (findIndex == -1) {
            throw new SigningPolicyException("invalid tokens");
        }
        if (!"globus".equals(trim.substring(0, findIndex))) {
            return false;
        }
        String trim2 = trim.substring(findIndex + 1, trim.length()).trim();
        return VALUE_CA_SIGN.equals(trim2.substring(0, trim2.length()));
    }

    private String getCA(String str) throws SigningPolicyException {
        String substring;
        String trim = str.trim();
        int findIndex = findIndex(trim);
        if (findIndex == -1) {
            throw new SigningPolicyException("invalid tokens");
        }
        if (!DEF_AUTH_X509.equals(trim.substring(0, findIndex))) {
            return null;
        }
        String trim2 = trim.substring(findIndex + 1, trim.length()).trim();
        if (trim2.charAt(0) == '\'') {
            int i = 0 + 1;
            int indexOf = trim2.indexOf(39, i + 1);
            if (indexOf == -1) {
                throw new SigningPolicyException("invalid ca dn");
            }
            substring = trim2.substring(i, indexOf);
        } else {
            substring = trim2.substring(0, trim2.length() - 1);
        }
        return substring.trim();
    }

    public static Pattern getPattern(String str) {
        StringBuffer append;
        StringBuffer append2;
        if (str == null) {
            throw new IllegalArgumentException();
        }
        int i = 0;
        int length = str.length();
        StringBuffer stringBuffer = new StringBuffer("");
        while (i < length) {
            int indexOf = str.indexOf(WILDCARD, i);
            if (indexOf == -1) {
                indexOf = length;
                append2 = stringBuffer.append(str.substring(i, indexOf));
            } else {
                append2 = stringBuffer.append(str.substring(i, indexOf)).append(WILDCARD_PATTERN);
            }
            stringBuffer = append2;
            i = indexOf + 1;
        }
        String stringBuffer2 = stringBuffer.toString();
        int i2 = 0;
        int length2 = stringBuffer2.length();
        StringBuffer stringBuffer3 = new StringBuffer("");
        while (i2 < length2) {
            int indexOf2 = stringBuffer2.indexOf("?", i2);
            if (indexOf2 == -1) {
                indexOf2 = length2;
                append = stringBuffer3.append(stringBuffer2.substring(i2, indexOf2));
            } else {
                append = stringBuffer3.append(stringBuffer2.substring(i2, indexOf2)).append(SINGLE_PATTERN);
            }
            stringBuffer3 = append;
            i2 = indexOf2 + 1;
        }
        String stringBuffer4 = stringBuffer3.toString();
        LogFactory.getLog(SigningPolicyParser.class.getCanonicalName()).debug("String with replaced pattern is " + stringBuffer4);
        return Pattern.compile(stringBuffer4, 2);
    }

    private int findIndex(String str) {
        if (str == null) {
            return -1;
        }
        String trim = str.trim();
        int indexOf = trim.indexOf(" ");
        int indexOf2 = trim.indexOf("\t");
        return indexOf != -1 ? indexOf2 != -1 ? indexOf < indexOf2 ? indexOf : indexOf2 : indexOf : indexOf2;
    }
}
