package org.italiangrid.voms.clients.impl;

import eu.emi.security.authn.x509.helpers.proxy.ExtendedProxyType;
import eu.emi.security.authn.x509.helpers.proxy.ProxyHelper;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import eu.emi.security.authn.x509.impl.FormatMode;
import eu.emi.security.authn.x509.impl.PEMCredential;
import eu.emi.security.authn.x509.proxy.ProxyUtils;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAKey;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.italiangrid.voms.VOMSAttribute;
import org.italiangrid.voms.VOMSError;
import org.italiangrid.voms.VOMSValidators;
import org.italiangrid.voms.ac.VOMSACParser;
import org.italiangrid.voms.asn1.VOMSACUtils;
import org.italiangrid.voms.clients.ProxyInfoParams;
import org.italiangrid.voms.clients.ProxyInitParams;
import org.italiangrid.voms.clients.strategies.ProxyInfoStrategy;
import org.italiangrid.voms.clients.util.MessageLogger;
import org.italiangrid.voms.clients.util.OpensslNameUtilities;
import org.italiangrid.voms.clients.util.TimeUtils;
import org.italiangrid.voms.clients.util.VOMSAttributesPrinter;
import org.italiangrid.voms.clients.util.VOMSProxyPathBuilder;

/* loaded from: input_file:org/italiangrid/voms/clients/impl/DefaultVOMSProxyInfoBehaviour.class */
public class DefaultVOMSProxyInfoBehaviour implements ProxyInfoStrategy {
    private PEMCredential proxyCredential;
    private VOMSACParser acParser = null;
    private final String[] keyUsagesValues = {"Digital Signature", "Non Repudiation", "Key Encipherment", "Data Encipherment", "Key Agreement", "Key CertSign", "CRL Sign", "Encipher Only", "Decipher Only"};
    ArrayList<String> proxyKeyUsageList = new ArrayList<>();
    private final MessageLogger logger;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.italiangrid.voms.clients.impl.DefaultVOMSProxyInfoBehaviour$1, reason: invalid class name */
    /* loaded from: input_file:org/italiangrid/voms/clients/impl/DefaultVOMSProxyInfoBehaviour$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$eu$emi$security$authn$x509$helpers$proxy$ExtendedProxyType = new int[ExtendedProxyType.values().length];

        static {
            try {
                $SwitchMap$eu$emi$security$authn$x509$helpers$proxy$ExtendedProxyType[ExtendedProxyType.LEGACY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$eu$emi$security$authn$x509$helpers$proxy$ExtendedProxyType[ExtendedProxyType.DRAFT_RFC.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$eu$emi$security$authn$x509$helpers$proxy$ExtendedProxyType[ExtendedProxyType.RFC3820.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$eu$emi$security$authn$x509$helpers$proxy$ExtendedProxyType[ExtendedProxyType.NOT_A_PROXY.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public DefaultVOMSProxyInfoBehaviour(MessageLogger messageLogger, InitListenerAdapter initListenerAdapter) {
        this.logger = messageLogger;
    }

    @Override // org.italiangrid.voms.clients.strategies.ProxyInfoStrategy
    public void printProxyInfo(ProxyInfoParams proxyInfoParams) {
        new ArrayList();
        String buildProxyPath = VOMSProxyPathBuilder.buildProxyPath();
        String str = System.getenv("X509_USER_PROXY");
        if (str != null) {
            buildProxyPath = str;
        }
        if (proxyInfoParams.getProxyFile() != null) {
            buildProxyPath = proxyInfoParams.getProxyFile();
        }
        try {
            try {
                this.proxyCredential = new PEMCredential(new FileInputStream(buildProxyPath), (char[]) null);
                File file = new File(buildProxyPath);
                X509Certificate[] certificateChain = this.proxyCredential.getCertificateChain();
                this.acParser = VOMSValidators.newParser();
                List<VOMSAttribute> parse = this.acParser.parse(certificateChain);
                resolveProxyKeyUsage();
                if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS) && !proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.CHAIN)) {
                    printProxyStandardInfo(file);
                    printAC(parse);
                    this.logger.printMessage("");
                }
                if (proxyInfoParams.isEmpty()) {
                    printProxyStandardInfo(file);
                }
                checkProxyBasicOptions(proxyInfoParams, parse, file, certificateChain);
                checkVOMSOptions(proxyInfoParams, parse, certificateChain, file);
                checkValidityOptions(proxyInfoParams, certificateChain);
            } catch (Exception e) {
                throw new VOMSError("Proxy not found: " + e.getMessage(), e);
            }
        } catch (FileNotFoundException e2) {
            throw new VOMSError("Proxy not found: " + e2.getMessage(), e2);
        }
    }

    private void checkValidityOptions(ProxyInfoParams proxyInfoParams, X509Certificate[] x509CertificateArr) {
        if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.PROXY_STRENGTH_VALIDITY) && !proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS) && !getKeySize(x509CertificateArr[0]).equals(proxyInfoParams.getKeyLength())) {
            throw new VOMSError("Proxy key size is not valid");
        }
        try {
            if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.PROXY_EXISTS)) {
                try {
                    x509CertificateArr[0].checkValidity();
                } catch (CertificateNotYetValidException e) {
                    throw new VOMSError("Proxy not found: " + e.getMessage(), e);
                }
            }
            if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.PROXY_TIME_VALIDITY)) {
                try {
                    if (!checkTimeValidity(TimeUtils.getTimeLeft(x509CertificateArr[0].getNotAfter()), TimeUtils.parseLifetimeInHoursAndMinutes(proxyInfoParams.getValidTime()))) {
                        throw new VOMSError("Proxy not valid for the specified period");
                    }
                } catch (ParseException e2) {
                    throw new VOMSError("Wrong validity format, required 'hh:mm': " + e2.getMessage(), e2);
                }
            }
            if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.PROXY_HOURS_VALIDITY)) {
                try {
                    if (!checkTimeValidity(TimeUtils.getTimeLeft(x509CertificateArr[0].getNotAfter()), TimeUtils.parseLifetimeInHours(proxyInfoParams.getValidHours()))) {
                        throw new VOMSError("Proxy not valid for the specified period");
                    }
                } catch (ParseException e3) {
                    throw new VOMSError("Wrong validity format, required 'hh': " + e3.getMessage(), e3);
                }
            }
        } catch (CertificateExpiredException e4) {
            throw new VOMSError("The current proxy is not valid: " + e4.getMessage(), e4);
        }
    }

    private void printProxyChain(X509Certificate[] x509CertificateArr) {
        this.logger.printMessage("=== Proxy Chain Information ===");
        for (X509Certificate x509Certificate : x509CertificateArr) {
            this.logger.printMessage(CertificateUtils.format(x509Certificate, FormatMode.FULL));
            try {
                if (ProxyUtils.isProxy(x509Certificate)) {
                    if (VOMSACUtils.getACsFromCertificate(x509Certificate).isEmpty()) {
                        this.logger.printMessage("VOMS extensions: no.");
                    } else {
                        this.logger.printMessage("VOMS extensions: yes.");
                    }
                }
            } catch (IOException e) {
            }
            this.logger.printMessage("");
        }
    }

    private void checkProxyBasicOptions(ProxyInfoParams proxyInfoParams, List<VOMSAttribute> list, File file, X509Certificate[] x509CertificateArr) {
        if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.TYPE) && !proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS)) {
            this.logger.printMessage(proxyTypeAsString(x509CertificateArr[0]));
        }
        if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.SUBJECT) && !proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS)) {
            this.logger.printMessage(OpensslNameUtilities.getOpensslSubjectString(x509CertificateArr[0].getSubjectX500Principal()));
        }
        if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ISSUER) || (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.IDENTITY) && !proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS))) {
            this.logger.printMessage(OpensslNameUtilities.getOpensslSubjectString(x509CertificateArr[0].getIssuerX500Principal()));
        }
        if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.PROXY_PATH) && !proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS)) {
            this.logger.printMessage(file.getAbsolutePath());
        }
        if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.CHAIN)) {
            printProxyChain(x509CertificateArr);
            this.logger.printMessage("=== Proxy Information ===");
            printProxyStandardInfo(file);
            if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS)) {
                printAC(list);
            }
            this.logger.printMessage("");
        }
        if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.TEXT)) {
            if (!proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS) && !proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.CHAIN)) {
                printProxyStandardInfo(file);
                this.logger.printMessage("");
            }
            int length = proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.CHAIN) ? x509CertificateArr.length : 1;
            for (int i = length - 1; i >= 0; i--) {
                this.logger.printMessage("Certificate:");
                this.logger.printMessage(CertificateUtils.format(x509CertificateArr[i], FormatMode.FULL));
                this.logger.printMessage("");
            }
        }
        if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.KEYSIZE) && !proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS)) {
            this.logger.printMessage(getKeySize(x509CertificateArr[0]));
        }
        if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.KEYUSAGE) && !proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS)) {
            tabularFormatted("key usage", getProxyKeyUsages());
        }
        if (!proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.TIMELEFT) || proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS)) {
            return;
        }
        this.logger.printMessage(String.valueOf(TimeUnit.MILLISECONDS.toSeconds(TimeUtils.getTimeLeft(this.proxyCredential.getCertificate().getNotAfter()))));
    }

    private void checkVOMSOptions(ProxyInfoParams proxyInfoParams, List<VOMSAttribute> list, X509Certificate[] x509CertificateArr, File file) {
        if (proxyInfoParams.hasACOptions() && list.isEmpty()) {
            throw new VOMSError("No VOMS attributes found!");
        }
        if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ACSUBJECT) && !proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS)) {
            Iterator<VOMSAttribute> it = list.iterator();
            while (it.hasNext()) {
                this.logger.printMessage(OpensslNameUtilities.getOpensslSubjectString(it.next().getHolder()));
            }
        }
        if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ACTIMELEFT) && !proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS)) {
            Iterator<VOMSAttribute> it2 = list.iterator();
            while (it2.hasNext()) {
                this.logger.printMessage(String.valueOf(TimeUnit.MILLISECONDS.toSeconds(TimeUtils.getTimeLeft(it2.next().getVOMSAC().getNotAfter()))));
            }
        }
        if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ACISSUER) && !proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS)) {
            Iterator<VOMSAttribute> it3 = list.iterator();
            while (it3.hasNext()) {
                this.logger.printMessage(OpensslNameUtilities.getOpensslSubjectString(it3.next().getAACertificates()[0].getSubjectX500Principal()));
            }
        }
        if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ACSERIAL) && !proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS)) {
            Iterator<VOMSAttribute> it4 = list.iterator();
            while (it4.hasNext()) {
                this.logger.printMessage(it4.next().getVOMSAC().getSerialNumber().toString());
            }
        }
        if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.AC_EXISTS)) {
            boolean z = false;
            Iterator<VOMSAttribute> it5 = list.iterator();
            while (true) {
                if (it5.hasNext()) {
                    if (proxyInfoParams.getACVO().equals(it5.next().getVO())) {
                        z = true;
                        break;
                    }
                } else {
                    break;
                }
            }
            if (!z) {
                throw new VOMSError("AC not found for VO " + proxyInfoParams.getACVO());
            }
        }
        if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.VONAME) && !proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS)) {
            Iterator<VOMSAttribute> it6 = list.iterator();
            while (it6.hasNext()) {
                this.logger.printMessage(it6.next().getVO());
            }
        }
        if (proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.FQAN) && !proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS)) {
            Iterator<VOMSAttribute> it7 = list.iterator();
            while (it7.hasNext()) {
                Iterator it8 = it7.next().getFQANs().iterator();
                while (it8.hasNext()) {
                    this.logger.printMessage((String) it8.next());
                }
            }
        }
        if (!proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.SERVER_URI) || proxyInfoParams.containsOption(ProxyInfoParams.PrintOption.ALL_OPTIONS)) {
            return;
        }
        for (VOMSAttribute vOMSAttribute : list) {
            this.logger.formatMessage("%s:%s\n", vOMSAttribute.getHost(), Integer.valueOf(vOMSAttribute.getPort()));
        }
    }

    private void resolveProxyKeyUsage() {
        boolean[] keyUsage = this.proxyCredential.getCertificate().getKeyUsage();
        if (keyUsage != null) {
            int i = 0;
            for (boolean z : keyUsage) {
                if (z) {
                    this.proxyKeyUsageList.add(this.keyUsagesValues[i]);
                }
                i++;
            }
        }
    }

    private String getProxyKeyUsages() {
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = this.proxyKeyUsageList.iterator();
        if (it.hasNext()) {
            sb.append(it.next());
        }
        while (it.hasNext()) {
            sb.append(", " + it.next());
        }
        return sb.toString();
    }

    private void printAC(List<VOMSAttribute> list) {
        Iterator<VOMSAttribute> it = list.iterator();
        while (it.hasNext()) {
            VOMSAttributesPrinter.printVOMSAttributes(this.logger, MessageLogger.MessageLevel.INFO, it.next());
        }
    }

    private void printProxyStandardInfo(File file) {
        String opensslSubjectString = OpensslNameUtilities.getOpensslSubjectString(this.proxyCredential.getCertificate().getSubjectX500Principal());
        String opensslSubjectString2 = OpensslNameUtilities.getOpensslSubjectString(this.proxyCredential.getCertificate().getIssuerX500Principal());
        String opensslSubjectString3 = OpensslNameUtilities.getOpensslSubjectString(ProxyUtils.getOriginalUserDN(this.proxyCredential.getCertificateChain()));
        tabularFormatted("subject", opensslSubjectString);
        tabularFormatted("issuer", opensslSubjectString2);
        tabularFormatted("identity", opensslSubjectString3);
        tabularFormatted("type", proxyTypeAsString(this.proxyCredential.getCertificate()));
        tabularFormatted("strength", getKeySize(this.proxyCredential.getCertificate()));
        tabularFormatted("path", file.getAbsolutePath());
        tabularFormatted("timeleft", TimeUtils.getValidityAsString(this.proxyCredential.getCertificate().getNotAfter()));
        tabularFormatted("key usage", getProxyKeyUsages());
    }

    private String proxyTypeAsString(X509Certificate x509Certificate) {
        ExtendedProxyType proxyType = ProxyHelper.getProxyType(x509Certificate);
        try {
            boolean isLimited = ProxyHelper.isLimited(x509Certificate);
            String str = null;
            switch (AnonymousClass1.$SwitchMap$eu$emi$security$authn$x509$helpers$proxy$ExtendedProxyType[proxyType.ordinal()]) {
                case 1:
                    Object[] objArr = new Object[1];
                    objArr[0] = isLimited ? "limited" : "full";
                    str = String.format("%s legacy globus proxy", objArr);
                    break;
                case ProxyInitParams.DEFAULT_CONNECT_TIMEOUT_IN_SECONDS /* 2 */:
                    Object[] objArr2 = new Object[1];
                    objArr2[0] = isLimited ? "limited" : "impersonation";
                    str = String.format("Proxy draft (pre-RFC) %s proxy", objArr2);
                    break;
                case 3:
                    Object[] objArr3 = new Object[1];
                    objArr3[0] = isLimited ? "limited" : "impersonation";
                    str = String.format("RFC3820 compliant %s proxy", objArr3);
                    break;
                case 4:
                    str = "EEC";
                    break;
            }
            return str;
        } catch (IOException e) {
            throw new VOMSError("Error checking proxy policy:" + e.getMessage(), e);
        }
    }

    private boolean checkTimeValidity(long j, int i) {
        return j >= TimeUnit.SECONDS.toMillis((long) i);
    }

    private String getKeySize(X509Certificate x509Certificate) {
        return Integer.toString(((RSAKey) x509Certificate.getPublicKey()).getModulus().bitLength());
    }

    private void tabularFormatted(String str, String str2) {
        this.logger.printMessage(String.format("%-9s %s %s", str, DefaultVOMSCommandsParser.COMMAND_SEPARATOR, str2));
    }
}
