package edu.sdsc.grid.io.irods;

import edu.sdsc.grid.io.FileFactory;
import edu.sdsc.grid.io.GeneralRandomAccessFile;
import edu.sdsc.grid.io.local.LocalFile;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import org.globus.common.CoGProperties;
import org.globus.gsi.gssapi.net.impl.GSIGssInputStream;
import org.globus.gsi.gssapi.net.impl.GSIGssOutputStream;
import org.globus.gsi.gssapi.net.impl.GSIGssSocket;
import org.gridforum.jgss.ExtendedGSSManager;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:edu/sdsc/grid/io/irods/GSIAuth.class */
public class GSIAuth {
    /* JADX INFO: Access modifiers changed from: package-private */
    public GSIAuth(IRODSAccount iRODSAccount, Socket socket, OutputStream outputStream, InputStream inputStream) throws IOException {
        sendGSIAuth(iRODSAccount, socket, outputStream, inputStream);
    }

    void sendGSIAuth(IRODSAccount iRODSAccount, Socket socket, OutputStream outputStream, InputStream inputStream) throws IOException {
        SecurityException securityException;
        CoGProperties coGProperties = null;
        String str = null;
        String certificateAuthority = iRODSAccount.getCertificateAuthority();
        ExtendedGSSManager extendedGSSManager = ExtendedGSSManager.getInstance();
        try {
            try {
                GSSCredential credential = getCredential(iRODSAccount);
                if (certificateAuthority != null) {
                    coGProperties = CoGProperties.getDefault();
                    str = coGProperties.getCaCertLocations();
                    coGProperties.setCaCertLocations(certificateAuthority);
                }
                GSSContext createContext = extendedGSSManager.createContext((GSSName) null, (Oid) null, credential, 0);
                createContext.requestCredDeleg(false);
                createContext.requestMutualAuth(true);
                new GSIGssSocket(socket, createContext);
                GSIGssOutputStream gSIGssOutputStream = new GSIGssOutputStream(outputStream, createContext);
                GSIGssInputStream gSIGssInputStream = new GSIGssInputStream(inputStream, createContext);
                byte[] bArr = new byte[0];
                while (!createContext.isEstablished()) {
                    byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
                    if (initSecContext != null) {
                        gSIGssOutputStream.writeToken(initSecContext);
                    }
                    if (!createContext.isEstablished()) {
                        bArr = gSIGssInputStream.readHandshakeToken();
                    }
                }
            } catch (GSSException e) {
                String message = e.getMessage();
                if (message.indexOf("Invalid buffer") >= 0) {
                    securityException = new SecurityException("GSI Authentication Failed - Invalid Proxy File");
                    securityException.initCause(e);
                } else if (message.indexOf("Unknown CA") >= 0) {
                    securityException = new SecurityException("GSI Authentication Failed - Cannot find Certificate Authority (CA)");
                    securityException.initCause(e);
                } else {
                    securityException = new SecurityException("GSI Authentication Failed");
                    securityException.initCause(e);
                }
                throw securityException;
            } catch (Throwable th) {
                SecurityException securityException2 = new SecurityException("GSI Authentication Failed");
                securityException2.initCause(th);
                throw securityException2;
            }
        } finally {
            if (str != null) {
                coGProperties.setCaCertLocations(str);
            }
        }
    }

    static String getDN(IRODSAccount iRODSAccount) throws IOException {
        int lastIndexOf;
        try {
            StringBuffer stringBuffer = new StringBuffer(getCredential(iRODSAccount).getName().toString());
            int indexOf = stringBuffer.indexOf("UID");
            if (indexOf >= 0 && (lastIndexOf = stringBuffer.lastIndexOf("CN")) > indexOf) {
                stringBuffer = stringBuffer.delete(lastIndexOf - 1, stringBuffer.length());
            }
            int indexOf2 = stringBuffer.indexOf(",");
            while (true) {
                int i = indexOf2;
                if (i < 0) {
                    break;
                }
                stringBuffer = stringBuffer.replace(i, i + 1, "/");
                indexOf2 = stringBuffer.indexOf(",");
            }
            return stringBuffer.indexOf("/") != 0 ? "/" + ((Object) stringBuffer) : stringBuffer.toString();
        } catch (GSSException e) {
            throw new IllegalArgumentException("Invalid or missing credentials");
        }
    }

    static GSSCredential getCredential(IRODSAccount iRODSAccount) throws GSSException, IOException {
        GSSCredential createCredential;
        GSSCredential gSSCredential = iRODSAccount.getGSSCredential();
        if (gSSCredential != null) {
            if (gSSCredential.getRemainingLifetime() <= 0) {
                throw new GSSException(8);
            }
            return gSSCredential;
        }
        String password = iRODSAccount.getPassword();
        ExtendedGSSManager extendedGSSManager = ExtendedGSSManager.getInstance();
        if (password == null) {
            throw new IllegalArgumentException("Password/Proxyfile and GSSCredential cannot be null.");
        }
        if (password.startsWith("-----BEGIN CERTIFICATE-----")) {
            createCredential = extendedGSSManager.createCredential(password.getBytes(), 0, 0, (Oid) null, 0);
        } else {
            LocalFile localFile = new LocalFile(password);
            if (!localFile.exists()) {
                throw new IOException("Proxy file path invalid");
            }
            GeneralRandomAccessFile newRandomAccessFile = FileFactory.newRandomAccessFile(localFile, "r");
            byte[] bArr = new byte[(int) localFile.length()];
            newRandomAccessFile.read(bArr);
            newRandomAccessFile.close();
            createCredential = extendedGSSManager.createCredential(bArr, 0, 0, (Oid) null, 0);
        }
        if (createCredential.getRemainingLifetime() <= 0) {
            throw new GSSException(8);
        }
        return createCredential;
    }
}
