package org.opensciencegrid.authz.xacml.service;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.Set;
import java.util.Vector;
import javax.security.auth.Subject;
import org.apache.axis.MessageContext;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.signature.XMLSignature;
import org.globus.gsi.CertUtil;
import org.globus.gsi.jaas.GlobusPrincipal;
import org.globus.util.I18n;
import org.globus.wsrf.config.ConfigException;
import org.ietf.jgss.GSSCredential;

/* compiled from: TestMappingService.java */
/* loaded from: input_file:org/opensciencegrid/authz/xacml/service/CredentialUtil.class */
class CredentialUtil {
    private static I18n i18n = I18n.getI18n("org.globus.wsrf.impl.security.error", CredentialUtil.class.getClassLoader());

    CredentialUtil() {
    }

    public static GSSCredential getCredential(MessageContext messageContext) throws SecurityException {
        Object property = messageContext.getProperty("org.globus.gsi.credentials");
        if (property == null || (property instanceof GSSCredential)) {
            return (GSSCredential) property;
        }
        throw new SecurityException(i18n.getMessage("invalidType", new Object[]{"org.globus.gsi.credentials", GSSCredential.class.getName()}));
    }

    public static String getIdentity(Subject subject) {
        Set principals;
        if (subject == null || (principals = subject.getPrincipals(GlobusPrincipal.class)) == null || principals.isEmpty()) {
            return null;
        }
        return ((GlobusPrincipal) principals.iterator().next()).toString();
    }

    public static X509Certificate[] getCertificates(XMLSignature xMLSignature) throws Exception {
        return getCertificatesX509Data(xMLSignature.getKeyInfo());
    }

    public static X509Certificate[] getCertificatesX509Data(KeyInfo keyInfo) throws Exception {
        int lengthX509Data = keyInfo.lengthX509Data();
        if (lengthX509Data != 1) {
            throw new ConfigException(i18n.getMessage("invalidX509Data", new Object[]{new Integer(lengthX509Data)}));
        }
        X509Data itemX509Data = keyInfo.itemX509Data(0);
        int lengthCertificate = itemX509Data.lengthCertificate();
        if (lengthCertificate <= 0) {
            throw new ConfigException(i18n.getMessage("invalidCertData", new Object[]{new Integer(lengthCertificate)}));
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[lengthCertificate];
        for (int i = 0; i < lengthCertificate; i++) {
            x509CertificateArr[i] = CertUtil.loadCertificate(new ByteArrayInputStream(itemX509Data.itemCertificate(i).getCertificateBytes()));
        }
        return x509CertificateArr;
    }

    public static Calendar[] getValidity(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            return null;
        }
        Date notAfter = x509CertificateArr[0].getNotAfter();
        Date notBefore = x509CertificateArr[0].getNotBefore();
        for (int i = 1; i < x509CertificateArr.length; i++) {
            Date notAfter2 = x509CertificateArr[i].getNotAfter();
            if (notAfter2.before(notAfter)) {
                notAfter = notAfter2;
            }
            Date notBefore2 = x509CertificateArr[i].getNotBefore();
            if (notBefore2.after(notBefore)) {
                notBefore = notBefore2;
            }
        }
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(notAfter);
        Calendar calendar2 = Calendar.getInstance();
        calendar2.setTime(notBefore);
        return new Calendar[]{calendar, calendar2};
    }

    public static Principal getPrincipal(Subject subject) {
        Set<Principal> principals;
        if (subject == null || (principals = subject.getPrincipals()) == null || principals.isEmpty()) {
            return null;
        }
        return principals.iterator().next();
    }

    public static String getIdentity(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            return null;
        }
        return x509CertificateArr[x509CertificateArr.length - 1].getSubjectDN().getName();
    }

    public static void writeSubject(Subject subject, ObjectOutputStream objectOutputStream) throws SecurityException {
        try {
            objectOutputStream.writeObject(subject);
            if (subject == null) {
                return;
            }
            Set<Object> publicCredentials = subject.getPublicCredentials();
            if (publicCredentials == null || publicCredentials.isEmpty()) {
                objectOutputStream.writeObject(Boolean.FALSE);
            } else {
                objectOutputStream.writeObject(Boolean.TRUE);
                objectOutputStream.writeObject(new Vector(publicCredentials));
            }
            Set<Object> privateCredentials = subject.getPrivateCredentials();
            if (privateCredentials == null || privateCredentials.isEmpty()) {
                objectOutputStream.writeObject(Boolean.FALSE);
            } else {
                objectOutputStream.writeObject(Boolean.TRUE);
                objectOutputStream.writeObject(new Vector(privateCredentials));
            }
        } catch (IOException e) {
            throw new SecurityException(e);
        }
    }

    public static Subject readSubject(ObjectInputStream objectInputStream) throws SecurityException, ClassNotFoundException {
        Subject subject;
        try {
            Subject subject2 = (Subject) objectInputStream.readObject();
            if (subject2 == null) {
                return subject2;
            }
            if (subject2.isReadOnly()) {
                subject = new Subject();
                subject.getPrincipals().addAll(subject2.getPrincipals());
            } else {
                subject = subject2;
            }
            if (Boolean.TRUE.equals((Boolean) objectInputStream.readObject())) {
                subject.getPublicCredentials().addAll((Vector) objectInputStream.readObject());
            }
            if (Boolean.TRUE.equals((Boolean) objectInputStream.readObject())) {
                subject.getPrivateCredentials().addAll((Vector) objectInputStream.readObject());
            }
            if (subject2.isReadOnly()) {
                subject.setReadOnly();
            }
            return subject;
        } catch (IOException e) {
            throw new SecurityException(e);
        }
    }
}
