package org.glite.security.util.namespace;

import java.io.IOException;
import java.security.cert.CertPathValidatorException;
import java.text.ParseException;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.log4j.Logger;
import org.glite.security.util.DN;

/* loaded from: input_file:org/glite/security/util/namespace/DNCheckerImpl.class */
public class DNCheckerImpl implements DNChecker {
    private static final Logger LOGGER = Logger.getLogger(DNCheckerImpl.class);
    private NamespaceFormat namespaceFormat;

    public DNCheckerImpl() {
        this(false);
    }

    public DNCheckerImpl(boolean z) {
        this.namespaceFormat = null;
        if (z) {
            this.namespaceFormat = new LegacyNamespaceFormat();
        } else {
            this.namespaceFormat = new EUGridNamespaceFormat();
        }
    }

    public DNCheckerImpl(NamespaceFormat namespaceFormat) {
        this.namespaceFormat = null;
        this.namespaceFormat = namespaceFormat;
    }

    @Override // org.glite.security.util.namespace.DNChecker
    public void read(String str) throws IOException, ParseException {
        this.namespaceFormat.parse(str);
    }

    @Override // org.glite.security.util.namespace.DNChecker
    public void check(DN dn, DN dn2, List<NamespacePolicy> list) throws CertPathValidatorException {
        List<NamespacePolicy> polices = this.namespaceFormat.getPolices();
        if (list != null) {
            Iterator<NamespacePolicy> it = list.iterator();
            while (it.hasNext()) {
                polices.add(it.next());
            }
        }
        boolean z = false;
        NamespacePolicy namespacePolicy = null;
        boolean z2 = false;
        Iterator<NamespacePolicy> it2 = polices.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            NamespacePolicy next = it2.next();
            LOGGER.debug("Checking against policy: " + next);
            String subjectDN = next.getSubjectDN();
            DN issuerDN = next.getIssuerDN();
            String cleanupDN = cleanupDN(subjectDN);
            if (issuerDN.equals(dn2)) {
                LOGGER.debug("Issuer matches " + issuerDN);
                z2 = true;
                if (Pattern.matches(cleanupDN, cleanupDN(dn.getX500().toLowerCase()))) {
                    LOGGER.debug("Subject matches " + cleanupDN);
                    if (!next.isSubjectDNPermitted()) {
                        LOGGER.debug("Policy is deny, rejecting the DN.");
                        namespacePolicy = next;
                        break;
                    }
                    z = true;
                } else {
                    LOGGER.debug("Subject doesn't match " + cleanupDN);
                }
            } else {
                LOGGER.debug("Issuer doesn't match " + issuerDN);
            }
        }
        if (namespacePolicy != null) {
            throw new CertPathValidatorException(dn.getX500() + " is denied in the namespace policy line: " + namespacePolicy.getPolicyStatement() + " from file: " + namespacePolicy.getFilename());
        }
        if (z) {
            LOGGER.debug("DN is allowed.");
        }
        if (z || polices.isEmpty()) {
            return;
        }
        if (!z2) {
            throw new CertPathValidatorException("Namespace policy defined, but issuer \"" + dn2.getX500() + "\" is not in it.");
        }
        throw new CertPathValidatorException("User: " + dn.getX500() + " is not listed as allowed for issuer: " + dn2.getX500());
    }

    private String cleanupDN(String str) {
        String str2 = str;
        if (!str2.contains(".*") && str2.contains("*")) {
            str2 = str2.replace("*", ".*");
        }
        if (str2.contains("(")) {
            str2 = str2.replace("(", "");
        }
        if (str.contains(")")) {
            str2 = str2.replace(")", "");
        }
        return str2;
    }
}
