package net.jxta.impl.membership.pse;

import java.beans.PropertyChangeListener;
import java.beans.PropertyChangeSupport;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.SequenceInputStream;
import java.io.StringReader;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Timer;
import java.util.TimerTask;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.cert.CertificateException;
import net.jxta.credential.Credential;
import net.jxta.credential.CredentialPCLSupport;
import net.jxta.document.Attributable;
import net.jxta.document.Attribute;
import net.jxta.document.Element;
import net.jxta.document.MimeMediaType;
import net.jxta.document.StructuredDocument;
import net.jxta.document.StructuredDocumentFactory;
import net.jxta.document.StructuredDocumentUtils;
import net.jxta.document.XMLDocument;
import net.jxta.document.XMLElement;
import net.jxta.exception.PeerGroupException;
import net.jxta.id.ID;
import net.jxta.id.IDFactory;
import net.jxta.impl.endpoint.EndpointServiceImpl;
import net.jxta.impl.endpoint.cbjx.CbJxDefs;
import net.jxta.impl.protocol.Certificate;
import net.jxta.impl.protocol.ResolverSrdiMsgImpl;
import net.jxta.logging.Logging;
import net.jxta.peer.PeerID;
import net.jxta.peergroup.PeerGroupID;
import net.jxta.service.Service;

/* loaded from: input_file:META-INF/lib/shoal-jxta-1.1_12142008.jar:net/jxta/impl/membership/pse/PSECredential.class */
public final class PSECredential implements Credential, CredentialPCLSupport {
    private static final Logger LOG = Logger.getLogger(PSECredential.class.getName());
    private static Timer expirationTimer = new Timer("PSECredential Expiration Timer", true);
    private PSEMembershipService source;
    private ID peerGroupID;
    private ID peerID;
    private ID keyID;
    private CertPath certs;
    private PrivateKey privateKey;
    private TimerTask becomesValidTask;
    private TimerTask expiresTask;
    private boolean valid;
    private final boolean local;
    private PropertyChangeSupport support;

    /* JADX INFO: Access modifiers changed from: protected */
    public PSECredential(PSEMembershipService pSEMembershipService, ID id, CertPath certPath, PrivateKey privateKey) throws IOException {
        this.peerGroupID = null;
        this.peerID = null;
        this.keyID = null;
        this.certs = null;
        this.privateKey = null;
        this.becomesValidTask = null;
        this.expiresTask = null;
        this.valid = true;
        this.support = new PropertyChangeSupport(this);
        this.source = pSEMembershipService;
        this.peerID = pSEMembershipService.group.getPeerID();
        this.peerGroupID = pSEMembershipService.group.getPeerGroupID();
        setKeyID(id);
        setCertificateChain(certPath);
        setPrivateKey(privateKey);
        this.local = true;
    }

    public PSECredential(Element element) {
        this.peerGroupID = null;
        this.peerID = null;
        this.keyID = null;
        this.certs = null;
        this.privateKey = null;
        this.becomesValidTask = null;
        this.expiresTask = null;
        this.valid = true;
        this.support = new PropertyChangeSupport(this);
        this.local = false;
        initialize(element);
    }

    public PSECredential(PSEMembershipService pSEMembershipService, Element element) {
        this.peerGroupID = null;
        this.peerID = null;
        this.keyID = null;
        this.certs = null;
        this.privateKey = null;
        this.becomesValidTask = null;
        this.expiresTask = null;
        this.valid = true;
        this.support = new PropertyChangeSupport(this);
        this.local = false;
        this.source = pSEMembershipService;
        initialize(element);
        if (!this.peerGroupID.equals(pSEMembershipService.group.getPeerGroupID())) {
            throw new IllegalArgumentException("Credential is from a different group. " + this.peerGroupID + " != " + pSEMembershipService.group.getPeerGroupID());
        }
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof PSECredential)) {
            return false;
        }
        PSECredential pSECredential = (PSECredential) obj;
        return (this.peerID.equals(pSECredential.peerID) && this.source.group.getPeerGroupID().equals(pSECredential.source.group.getPeerGroupID())) & this.certs.equals(pSECredential.certs);
    }

    protected void finalize() throws Throwable {
        if (null != this.becomesValidTask) {
            this.becomesValidTask.cancel();
        }
        if (null != this.expiresTask) {
            this.expiresTask.cancel();
        }
        super.finalize();
    }

    public int hashCode() {
        int hashCode = this.peerID.hashCode() * this.source.group.getPeerGroupID().hashCode() * this.certs.hashCode();
        if (0 == hashCode) {
            hashCode = 1;
        }
        return hashCode;
    }

    public String toString() {
        return "\"" + getSubject() + "\" " + getPeerID() + " [" + this.source + " / " + getPeerGroupID() + "]";
    }

    @Override // net.jxta.credential.CredentialPCLSupport
    public void addPropertyChangeListener(PropertyChangeListener propertyChangeListener) {
        this.support.addPropertyChangeListener(propertyChangeListener);
    }

    @Override // net.jxta.credential.CredentialPCLSupport
    public void addPropertyChangeListener(String str, PropertyChangeListener propertyChangeListener) {
        this.support.addPropertyChangeListener(str, propertyChangeListener);
    }

    @Override // net.jxta.credential.CredentialPCLSupport
    public void removePropertyChangeListener(PropertyChangeListener propertyChangeListener) {
        this.support.removePropertyChangeListener(propertyChangeListener);
    }

    @Override // net.jxta.credential.CredentialPCLSupport
    public void removePropertyChangeListener(String str, PropertyChangeListener propertyChangeListener) {
        this.support.removePropertyChangeListener(str, propertyChangeListener);
    }

    @Override // net.jxta.credential.Credential
    public ID getPeerGroupID() {
        return this.peerGroupID;
    }

    private void setPeerGroupID(ID id) {
        this.peerGroupID = id;
    }

    @Override // net.jxta.credential.Credential
    public ID getPeerID() {
        return this.peerID;
    }

    private void setPeerID(PeerID peerID) {
        this.peerID = peerID;
    }

    @Override // net.jxta.credential.Credential
    public boolean isExpired() {
        try {
            ((X509Certificate) this.certs.getCertificates().get(0)).checkValidity();
            return false;
        } catch (CertificateExpiredException e) {
            return true;
        } catch (CertificateNotYetValidException e2) {
            return true;
        }
    }

    @Override // net.jxta.credential.Credential
    public boolean isValid() {
        return this.valid && !isExpired();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setValid(boolean z) {
        boolean isValid = isValid();
        this.valid = z;
        if (isValid != z) {
            this.support.firePropertyChange(CredentialPCLSupport.VALID_CREDENTIAL_PROPERTY, isValid, z);
        }
    }

    @Override // net.jxta.credential.Credential
    public Object getSubject() {
        return ((X509Certificate) this.certs.getCertificates().get(0)).getSubjectDN();
    }

    @Override // net.jxta.credential.Credential
    public Service getSourceService() {
        return this.source;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // net.jxta.credential.Credential
    public StructuredDocument getDocument(MimeMediaType mimeMediaType) throws Exception {
        if (!isValid()) {
            throw new CertificateException("Credential is not valid. Cannot generate document.");
        }
        if (!this.local) {
            throw new IllegalStateException("This credential is not a local credential and document cannot be created.");
        }
        StructuredDocument newStructuredDocument = StructuredDocumentFactory.newStructuredDocument(mimeMediaType, ResolverSrdiMsgImpl.credentialTag);
        if (newStructuredDocument instanceof XMLDocument) {
            ((XMLDocument) newStructuredDocument).addAttribute("xmlns:jxta", "http://jxta.org");
            ((XMLDocument) newStructuredDocument).addAttribute("xml:space", "preserve");
        }
        if (newStructuredDocument instanceof Attributable) {
            ((Attributable) newStructuredDocument).addAttribute("type", "jxta:PSECred");
        }
        newStructuredDocument.appendChild(newStructuredDocument.createElement("PeerGroupID", getPeerGroupID().toString()));
        newStructuredDocument.appendChild(newStructuredDocument.createElement("PeerID", getPeerID().toString()));
        Certificate certificate = new Certificate();
        List<? extends java.security.cert.Certificate> certificates = this.certs.getCertificates();
        certificate.setCertificates((List<X509Certificate>) certificates);
        StructuredDocument structuredDocument = (StructuredDocument) certificate.getDocument(mimeMediaType);
        if (structuredDocument instanceof Attributable) {
            ((Attributable) structuredDocument).addAttribute("type", structuredDocument.getKey().toString());
        }
        StructuredDocumentUtils.copyElements(newStructuredDocument, newStructuredDocument, structuredDocument, "Certificate");
        ArrayList arrayList = new ArrayList(3);
        try {
            arrayList.add(new ByteArrayInputStream(getPeerGroupID().toString().getBytes("UTF-8")));
            arrayList.add(new ByteArrayInputStream(getPeerID().toString().getBytes("UTF-8")));
            Iterator<? extends java.security.cert.Certificate> it = certificates.iterator();
            while (it.hasNext()) {
                arrayList.add(new ByteArrayInputStream(((X509Certificate) it.next()).getEncoded()));
            }
            newStructuredDocument.appendChild(newStructuredDocument.createElement("Signature", PSEUtils.base64Encode(this.source.peerSecurityEngine.sign(this.source.peerSecurityEngine.getSignatureAlgorithm(), this, new SequenceInputStream(Collections.enumeration(arrayList))))));
        } catch (UnsupportedEncodingException e) {
        }
        if (newStructuredDocument instanceof Attributable) {
            ((Attributable) newStructuredDocument).addAttribute("algorithm", this.source.peerSecurityEngine.getSignatureAlgorithm());
        }
        return newStructuredDocument;
    }

    public X509Certificate getCertificate() {
        return (X509Certificate) this.certs.getCertificates().get(0);
    }

    public X509Certificate[] getCertificateChain() {
        List<? extends java.security.cert.Certificate> certificates = this.certs.getCertificates();
        return (X509Certificate[]) certificates.toArray(new X509Certificate[certificates.size()]);
    }

    private void setCertificateChain(CertPath certPath) {
        this.certs = certPath;
        Date date = new Date();
        Date notBefore = ((X509Certificate) this.certs.getCertificates().get(0)).getNotBefore();
        Date notAfter = ((X509Certificate) this.certs.getCertificates().get(0)).getNotAfter();
        if (notBefore.compareTo(date) > 0) {
            if (null != this.becomesValidTask) {
                this.becomesValidTask.cancel();
            }
            this.becomesValidTask = new TimerTask() { // from class: net.jxta.impl.membership.pse.PSECredential.1
                @Override // java.util.TimerTask, java.lang.Runnable
                public void run() {
                    PSECredential.this.support.firePropertyChange(CredentialPCLSupport.EXPIRED_CREDENTIAL_PROPERTY, false, true);
                    if (PSECredential.this.valid) {
                        PSECredential.this.support.firePropertyChange(CredentialPCLSupport.VALID_CREDENTIAL_PROPERTY, false, true);
                    }
                }
            };
            expirationTimer.schedule(this.becomesValidTask, notBefore);
        }
        if (null != this.expiresTask) {
            this.expiresTask.cancel();
        }
        if (notAfter.compareTo(date) > 0) {
            this.expiresTask = new TimerTask() { // from class: net.jxta.impl.membership.pse.PSECredential.2
                @Override // java.util.TimerTask, java.lang.Runnable
                public void run() {
                    PSECredential.this.support.firePropertyChange(CredentialPCLSupport.EXPIRED_CREDENTIAL_PROPERTY, true, false);
                    if (PSECredential.this.valid) {
                        PSECredential.this.support.firePropertyChange(CredentialPCLSupport.VALID_CREDENTIAL_PROPERTY, true, false);
                    }
                }
            };
            expirationTimer.schedule(this.expiresTask, notAfter);
        }
        boolean z = null == this.becomesValidTask && null != this.expiresTask;
        this.support.firePropertyChange(CredentialPCLSupport.EXPIRED_CREDENTIAL_PROPERTY, true, z);
        setValid(z);
    }

    @Deprecated
    public PrivateKey getPrivateKey() {
        if (!this.local) {
            throw new IllegalStateException("This credential is not a local credential and cannot be used for signing.");
        }
        if (null == this.privateKey) {
            throw new IllegalStateException("This local credential is engine based and cannot provide the private key.");
        }
        return this.privateKey;
    }

    private void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public ID getKeyID() {
        return this.keyID;
    }

    private void setKeyID(ID id) {
        this.keyID = id;
    }

    public Signature getSigner(String str) throws NoSuchAlgorithmException {
        if (!this.local) {
            throw new IllegalStateException("This credential is not a local credential and cannot be used for signing.");
        }
        Signature signature = Signature.getInstance(str);
        try {
            signature.initSign(this.privateKey);
            return signature;
        } catch (InvalidKeyException e) {
            IllegalStateException illegalStateException = new IllegalStateException("Invalid private key");
            illegalStateException.initCause(e);
            throw illegalStateException;
        }
    }

    public Signature getSignatureVerifier(String str) throws NoSuchAlgorithmException {
        Signature signature = Signature.getInstance(str);
        try {
            signature.initVerify((X509Certificate) this.certs.getCertificates().get(0));
            return signature;
        } catch (InvalidKeyException e) {
            IllegalStateException illegalStateException = new IllegalStateException("Invalid certificate");
            illegalStateException.initCause(e);
            throw illegalStateException;
        }
    }

    protected boolean handleElement(XMLElement xMLElement) {
        if (xMLElement.getName().equals("PeerGroupID")) {
            try {
                setPeerGroupID((PeerGroupID) IDFactory.fromURI(new URI(xMLElement.getTextValue())));
                return true;
            } catch (ClassCastException e) {
                throw new IllegalArgumentException("Id is not a group id: " + xMLElement.getTextValue());
            } catch (URISyntaxException e2) {
                throw new IllegalArgumentException("Bad PeerGroupID in advertisement: " + xMLElement.getTextValue());
            }
        }
        if (xMLElement.getName().equals("PeerID")) {
            try {
                setPeerID((PeerID) IDFactory.fromURI(new URI(xMLElement.getTextValue())));
                return true;
            } catch (ClassCastException e3) {
                throw new IllegalArgumentException("Id is not a peer id: " + xMLElement.getTextValue());
            } catch (URISyntaxException e4) {
                throw new IllegalArgumentException("Bad Peer ID in advertisement: " + xMLElement.getTextValue());
            }
        }
        if (xMLElement.getName().equals("Certificate")) {
            if (null == xMLElement.getAttribute("type")) {
                xMLElement.addAttribute("type", Certificate.getMessageType());
            }
            try {
                this.certs = CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(new Certificate(xMLElement).getCertificates()));
                return true;
            } catch (java.security.cert.CertificateException e5) {
                throw new IllegalArgumentException("bad certificates in chain.");
            }
        }
        if (!xMLElement.getName().equals("Signature")) {
            return false;
        }
        if (null == this.certs) {
            throw new IllegalArgumentException("Signature out of order in Credential.");
        }
        ArrayList arrayList = new ArrayList(3);
        try {
            byte[] base64Decode = PSEUtils.base64Decode(new StringReader(xMLElement.getTextValue()));
            arrayList.add(new ByteArrayInputStream(getPeerGroupID().toString().getBytes("UTF-8")));
            arrayList.add(new ByteArrayInputStream(getPeerID().toString().getBytes("UTF-8")));
            this.certs.getCertificates().iterator();
            Iterator<? extends java.security.cert.Certificate> it = this.certs.getCertificates().iterator();
            while (it.hasNext()) {
                arrayList.add(new ByteArrayInputStream(((X509Certificate) it.next()).getEncoded()));
            }
            if (PSEUtils.verifySignature(CbJxDefs.signAlgoName, getCertificate(), base64Decode, new SequenceInputStream(Collections.enumeration(arrayList)))) {
                return true;
            }
            throw new IllegalArgumentException("Certificated did not match");
        } catch (Throwable th) {
            if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) {
                LOG.log(Level.WARNING, "Failed to validate signature ", th);
            }
            throw new IllegalArgumentException("Failed to validate signature " + th.getMessage());
        }
    }

    protected void initialize(Element element) {
        if (!XMLElement.class.isInstance(element)) {
            throw new IllegalArgumentException(getClass().getName() + " only supports XMLElement");
        }
        XMLElement xMLElement = (XMLElement) element;
        String str = EndpointServiceImpl.MESSAGE_EMPTY_NS;
        Attribute attribute = xMLElement.getAttribute("type");
        if (null != attribute) {
            str = attribute.getValue();
        }
        String name = xMLElement.getName();
        if (!name.equals("jxta:PSECred") && !str.equals("jxta:PSECred")) {
            throw new IllegalArgumentException("Could not construct : " + getClass().getName() + "from doc containing a " + name);
        }
        Enumeration<T> children = xMLElement.getChildren();
        while (children.hasMoreElements()) {
            XMLElement xMLElement2 = (XMLElement) children.nextElement();
            if (!handleElement(xMLElement2) && Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) {
                LOG.warning("Unhandled element '" + xMLElement2.getName() + "' in " + xMLElement.getName());
            }
        }
        if (null == getSubject()) {
            throw new IllegalArgumentException("subject was never initialized.");
        }
        if (null == getPeerGroupID()) {
            throw new IllegalArgumentException("peer group was never initialized.");
        }
        if (null == getPeerID()) {
            throw new IllegalArgumentException("peer id was never initialized.");
        }
        if (null == this.certs) {
            throw new IllegalArgumentException("certificates were never initialized.");
        }
    }

    public X509Certificate[] generateServiceCertificate(ID id) throws IOException, KeyStoreException, InvalidKeyException, SignatureException {
        return this.source.generateServiceCertificate(id, this);
    }

    public PSECredential getServiceCredential(ID id) throws IOException, PeerGroupException, InvalidKeyException, SignatureException {
        return this.source.getServiceCredential(id, this);
    }
}
