package com.att.cadi.aaf.cert;

import aaf.v2_0.Certs;
import aaf.v2_0.Users;
import com.att.cadi.Access;
import com.att.cadi.Hash;
import com.att.cadi.aaf.v2_0.AAFCon;
import com.att.cadi.client.Future;
import com.att.cadi.principal.X509Principal;
import com.att.cadi.taf.cert.CertIdentity;
import com.att.cadi.taf.cert.X509Taf;
import com.att.inno.env.APIException;
import com.att.inno.env.util.Chrono;
import com.att.inno.env.util.Split;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Timer;
import java.util.TimerTask;
import java.util.TreeMap;
import javax.servlet.http.HttpServletRequest;
import javax.xml.datatype.XMLGregorianCalendar;

/* loaded from: input_file:com/att/cadi/aaf/cert/AAFListedCertIdentity.class */
public class AAFListedCertIdentity implements CertIdentity {
    private static final long EIGHT_HOURS = 28800000;
    private static final String AAF_VERSION = "2.0";
    private static String[] certIDs;
    private static Map<ByteArrayHolder, String> certs = null;
    private static final String[] authMechanisms = {"tguard", "basicAuth", "csp"};
    private static Map<String, Set<String>> trusted = null;

    /* loaded from: input_file:com/att/cadi/aaf/cert/AAFListedCertIdentity$ByteArrayHolder.class */
    private static class ByteArrayHolder implements Comparable<ByteArrayHolder> {
        private byte[] ba;

        public ByteArrayHolder(byte[] bArr) {
            this.ba = bArr;
        }

        @Override // java.lang.Comparable
        public int compareTo(ByteArrayHolder byteArrayHolder) {
            return Hash.compareTo(this.ba, byteArrayHolder.ba);
        }
    }

    /* loaded from: input_file:com/att/cadi/aaf/cert/AAFListedCertIdentity$CertUpdate.class */
    private class CertUpdate extends TimerTask {
        private AAFCon<?> aafcon;

        public CertUpdate(AAFCon<?> aAFCon) {
            this.aafcon = aAFCon;
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            try {
                TreeMap treeMap = new TreeMap();
                TreeMap treeMap2 = new TreeMap();
                HashSet<String> hashSet = new HashSet();
                for (String str : AAFListedCertIdentity.certIDs) {
                    hashSet.add(str);
                }
                for (String str2 : AAFListedCertIdentity.authMechanisms) {
                    Future read = this.aafcon.client("2.0").read("/authz/users/perm/com.att.aaf.trust/" + str2 + "/authenticate", Users.class, this.aafcon.usersDF);
                    if (read.get(5000)) {
                        List<Users.User> user = ((Users) read.value).getUser();
                        if (user.isEmpty()) {
                            this.aafcon.access.log(Access.Level.WARN, new Object[]{"AAF Lookup-No IDs in Role com.att.aaf.trustForID <> " + str2});
                        } else {
                            this.aafcon.access.log(Access.Level.INFO, new Object[]{"Loading Trust Authentication Info for", str2});
                            HashSet hashSet2 = new HashSet();
                            for (Users.User user2 : user) {
                                hashSet.add(user2.getId());
                                hashSet2.add(user2.getId());
                            }
                            treeMap2.put(str2, hashSet2);
                        }
                    } else {
                        this.aafcon.access.log(Access.Level.WARN, new Object[]{"Could not get Users in Perm com.att.trust|tguard|authenticate", Integer.valueOf(read.code()), read.body()});
                    }
                }
                for (String str3 : hashSet) {
                    Future read2 = this.aafcon.client("2.0").read("/authn/cert/id/" + str3, Certs.class, this.aafcon.certsDF);
                    XMLGregorianCalendar timeStamp = Chrono.timeStamp();
                    if (!read2.get(5000)) {
                        this.aafcon.access.log(Access.Level.WARN, new Object[]{"Could not get Certificates for", str3});
                    } else if (((Certs) read2.value).getCert().isEmpty()) {
                        this.aafcon.access.log(Access.Level.WARN, new Object[]{"No Cert Associations for", str3});
                    } else {
                        for (Certs.Cert cert : ((Certs) read2.value).getCert()) {
                            XMLGregorianCalendar expires = cert.getExpires();
                            if (expires != null && expires.compare(timeStamp) > 0) {
                                treeMap.put(new ByteArrayHolder(cert.getFingerprint()), cert.getId());
                                this.aafcon.access.log(Access.Level.INIT, new Object[]{"Associating " + cert.getId() + " expiring " + Chrono.dateOnlyStamp(cert.getExpires()) + " with " + cert.getX500()});
                            }
                        }
                    }
                }
                Map unused = AAFListedCertIdentity.certs = treeMap;
                Map unused2 = AAFListedCertIdentity.trusted = treeMap2;
            } catch (Exception e) {
                this.aafcon.access.log(e, new Object[]{"Failure to update Certificate Identities from AAF"});
            }
        }
    }

    public AAFListedCertIdentity(Access access, AAFCon<?> aAFCon) throws APIException {
        String property;
        synchronized (AAFListedCertIdentity.class) {
            if (certIDs == null && (property = access.getProperty("aaf_cert_ids", (String) null)) != null) {
                certIDs = Split.split(',', property);
            }
            if (certIDs != null && certs == null) {
                CertUpdate certUpdate = new CertUpdate(aAFCon);
                certUpdate.run();
                new Timer("AAF Identity Refresh Timer", true).scheduleAtFixedRate(certUpdate, EIGHT_HOURS, EIGHT_HOURS);
            }
        }
    }

    public static Set<String> trusted(String str) {
        return trusted.get(str);
    }

    public Principal identity(HttpServletRequest httpServletRequest, X509Certificate x509Certificate, byte[] bArr) throws CertificateException {
        if (x509Certificate == null && bArr == null) {
            return null;
        }
        if (bArr == null) {
            bArr = x509Certificate.getEncoded();
        }
        String str = certs.get(new ByteArrayHolder(X509Taf.getFingerPrint(bArr)));
        if (str != null) {
            return new X509Principal(str, x509Certificate, bArr);
        }
        return null;
    }
}
