package ca.nrc.cadc.cred.server;

import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.X509CertificateChain;
import ca.nrc.cadc.cred.server.CertificateDAO;
import java.io.IOException;
import java.io.Writer;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
import org.astrogrid.security.delegation.CertificateSigningRequest;
import org.astrogrid.security.delegation.Delegations;
import org.astrogrid.security.delegation.Util;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMWriter;

/* loaded from: input_file:ca/nrc/cadc/cred/server/DatabaseDelegations.class */
public class DatabaseDelegations extends Delegations {
    private static final Logger log = Logger.getLogger(DatabaseDelegations.class);
    private CertificateDAO certificateDAO;
    private KeyPairGenerator keyPairGenerator;

    protected DatabaseDelegations(String str, CertificateDAO.CertificateSchema certificateSchema) {
        this.certificateDAO = null;
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        try {
            this.keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            this.keyPairGenerator.initialize(2048);
            this.certificateDAO = new CertificateDAO(certificateSchema);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("BUG/CONFIG: cannot load RSA key-pair generator", e);
        }
    }

    @Override // org.astrogrid.security.delegation.Delegations
    public String initializeIdentity(String str) throws GeneralSecurityException {
        try {
            return initializeIdentity(new X500Principal(AuthenticationUtil.canonizeDistinguishedName(str)));
        } catch (RuntimeException e) {
            log.debug("initializeIdentity failed", e);
            throw e;
        } catch (GeneralSecurityException e2) {
            log.debug("initializeIdentity failed", e2);
            throw e2;
        }
    }

    @Override // org.astrogrid.security.delegation.Delegations
    public String initializeIdentity(X500Principal x500Principal) throws GeneralSecurityException {
        try {
            String canonizeDistinguishedName = AuthenticationUtil.canonizeDistinguishedName(x500Principal.getName());
            X500Principal x500Principal2 = new X500Principal(canonizeDistinguishedName);
            String hash = hash(x500Principal2);
            KeyPair generateKeyPair = this.keyPairGenerator.generateKeyPair();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            log.debug("creating CertificateSigningRequest: " + canonizeDistinguishedName + "," + generateKeyPair);
            this.certificateDAO.put(new X509CertificateChain(x500Principal2, privateKey, Util.getCsrString(new CertificateSigningRequest(canonizeDistinguishedName, generateKeyPair))));
            return hash;
        } catch (RuntimeException e) {
            log.debug("initializeIdentity failed", e);
            throw e;
        } catch (GeneralSecurityException e2) {
            log.debug("initializeIdentity failed", e2);
            throw e2;
        }
    }

    @Override // org.astrogrid.security.delegation.Delegations
    public CertificateSigningRequest getCsr(String str) {
        X509CertificateChain x509CertificateChain = this.certificateDAO.get(str);
        if (x509CertificateChain == null) {
            return null;
        }
        return Util.getCsrFromString(x509CertificateChain.getCsrString());
    }

    @Override // org.astrogrid.security.delegation.Delegations
    public PrivateKey getPrivateKey(String str) {
        X509CertificateChain x509CertificateChain = this.certificateDAO.get(str);
        if (x509CertificateChain == null) {
            return null;
        }
        return x509CertificateChain.getPrivateKey();
    }

    @Override // org.astrogrid.security.delegation.Delegations
    public X509Certificate[] getCertificates(String str) {
        X509CertificateChain x509CertificateChain = this.certificateDAO.get(str);
        if (x509CertificateChain == null) {
            return null;
        }
        return x509CertificateChain.getChain();
    }

    @Override // org.astrogrid.security.delegation.Delegations
    public void remove(String str) {
        this.certificateDAO.delete(str);
    }

    @Override // org.astrogrid.security.delegation.Delegations
    public boolean isKnown(String str) {
        return this.certificateDAO.get(str) != null;
    }

    @Override // org.astrogrid.security.delegation.Delegations
    public void setCertificates(String str, X509Certificate[] x509CertificateArr) throws InvalidKeyException {
        X509CertificateChain x509CertificateChain = this.certificateDAO.get(str);
        if (x509CertificateChain == null) {
            throw new InvalidKeyException("No identity matches the hash key " + str);
        }
        x509CertificateChain.setChain(x509CertificateArr);
        this.certificateDAO.put(x509CertificateChain);
    }

    @Override // org.astrogrid.security.delegation.Delegations
    public Object[] getPrincipals() {
        Set principals = Subject.getSubject(AccessController.getContext()).getPrincipals(X500Principal.class);
        if (principals.size() == 0) {
            throw new AccessControlException("Delegation failed because the caller is not authenticated.");
        }
        if (principals.size() > 1) {
            throw new AccessControlException("Delegation failed because caller autheticated with multiple certificates.");
        }
        return new String[]{X509CertificateChain.genHashKey((X500Principal) principals.iterator().next())};
    }

    @Override // org.astrogrid.security.delegation.Delegations
    public String getName(String str) {
        X509CertificateChain x509CertificateChain = this.certificateDAO.get(str);
        if (x509CertificateChain == null) {
            return null;
        }
        return x509CertificateChain.getPrincipal().getName();
    }

    @Override // org.astrogrid.security.delegation.Delegations
    public KeyPair getKeys(String str) {
        throw new RuntimeException("getKeys() not implemented in DAO version implementation.");
    }

    @Override // org.astrogrid.security.delegation.Delegations
    public boolean hasCertificate(String str) {
        return this.certificateDAO.get(str).getChain() != null;
    }

    @Override // org.astrogrid.security.delegation.Delegations
    public void writeCertificate(String str, Writer writer) throws IOException {
        PEMWriter pEMWriter = new PEMWriter(writer);
        X509Certificate[] certificates = getCertificates(str);
        if (certificates == null) {
            throw new IllegalArgumentException("No certificate corresponding to the haskey: " + str);
        }
        for (X509Certificate x509Certificate : certificates) {
            pEMWriter.writeObject(x509Certificate);
        }
        pEMWriter.flush();
        pEMWriter.close();
    }
}
