package de.fzj.unicore.uas.security;

import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import eu.emi.security.authn.x509.proxy.ProxyCertificate;
import eu.emi.security.authn.x509.proxy.ProxyCertificateOptions;
import eu.emi.security.authn.x509.proxy.ProxyGenerator;
import eu.unicore.security.wsutil.client.Configurable;
import eu.unicore.security.wsutil.client.DSigOutHandler;
import eu.unicore.util.Log;
import eu.unicore.util.httpclient.IClientConfiguration;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.Properties;
import javax.xml.namespace.QName;
import org.apache.commons.io.FileUtils;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.headers.Header;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.message.MessageUtils;
import org.apache.log4j.Logger;
import org.apache.log4j.spi.LoggingEventFieldResolver;
import org.bouncycastle.openssl.PEMWriter;
import org.w3c.dom.Element;

/* loaded from: input_file:de/fzj/unicore/uas/security/ProxyCertOutHandler.class */
public class ProxyCertOutHandler extends AbstractSoapInterceptor implements Configurable {
    protected IClientConfiguration sec;
    protected ProxyCertProperties props;
    private Element proxyHeaderAsJDOM;
    private long expiryInstant;
    private String pem;
    private static final Logger logger = Log.getLogger(Log.SECURITY, ProxyCertOutHandler.class);
    public static final String PROXY_NS = "http://www.unicore.eu/unicore6";
    public static final String PROXY = "Proxy";
    private static final QName headerQName = new QName(PROXY_NS, PROXY);

    public ProxyCertOutHandler() {
        super("pre-protocol");
        this.proxyHeaderAsJDOM = null;
        getBefore().add(DSigOutHandler.class.getName());
    }

    @Override // eu.unicore.security.wsutil.client.Configurable
    public synchronized void configure(IClientConfiguration iClientConfiguration) {
        this.sec = iClientConfiguration;
        this.pem = null;
        this.props = (ProxyCertProperties) iClientConfiguration.getConfigurationHandler(ProxyCertProperties.class);
        if (this.props == null) {
            this.props = new ProxyCertProperties(new Properties());
        }
        try {
            if (this.props.isSetFileName()) {
                this.pem = readProxyFromFile(this.props.getFileValueAsString(ProxyCertProperties.PROXY_FILE, false));
            } else {
                this.pem = generateProxy();
            }
            this.proxyHeaderAsJDOM = DOMUtils.readXml(new ByteArrayInputStream(("<proxy:Proxy xmlns:proxy=\"http://www.unicore.eu/unicore6\">" + this.pem + "</proxy:Proxy>").getBytes())).getDocumentElement();
            if (logger.isDebugEnabled()) {
                logger.debug("(Re-)initialised Proxy Outhandler");
                try {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    DOMUtils.writeXml(this.proxyHeaderAsJDOM, byteArrayOutputStream);
                    logger.debug(byteArrayOutputStream.toString());
                } catch (Exception e) {
                    logger.warn(LoggingEventFieldResolver.EMPTY_STRING, e);
                }
            }
        } catch (Exception e2) {
            logger.error("Can't create Proxy header: ", e2);
        }
    }

    protected String readProxyFromFile(String str) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateUtils.loadPEMKeystore(fileInputStream, (char[]) null, "none".toCharArray()).getCertificate("default");
                logger.info("Read proxy from '" + str + "' valid till " + x509Certificate.getNotAfter());
                this.expiryInstant = x509Certificate.getNotAfter().getTime() - 21600000;
                String readFileToString = FileUtils.readFileToString(new File(str));
                fileInputStream.close();
                return readFileToString;
            } catch (KeyStoreException e) {
                throw new IOException(e);
            }
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    protected String generateProxy() throws Exception {
        X509Credential credential = this.sec.getCredential();
        ProxyCertificateOptions proxyCertificateOptions = new ProxyCertificateOptions(credential.getCertificateChain());
        proxyCertificateOptions.setLifetime(this.props.getLifetime());
        proxyCertificateOptions.setKeyLength(this.props.getKeysize());
        ProxyCertificate generate = ProxyGenerator.generate(proxyCertificateOptions, credential.getKey());
        this.expiryInstant = generate.getCertificateChain()[0].getNotAfter().getTime() - ((proxyCertificateOptions.getLifetime() / 2) * 1000);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(10240);
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(byteArrayOutputStream);
        PEMWriter pEMWriter = new PEMWriter(outputStreamWriter);
        pEMWriter.writeObject(generate.getCertificateChain()[0]);
        pEMWriter.writeObject(generate.getPrivateKey());
        pEMWriter.writeObject(credential.getCertificate());
        pEMWriter.flush();
        outputStreamWriter.close();
        return byteArrayOutputStream.toString("US-ASCII");
    }

    public Element getProxyHeader() {
        return this.proxyHeaderAsJDOM;
    }

    public synchronized void handleMessage(SoapMessage soapMessage) {
        if (MessageUtils.isOutbound(soapMessage) && this.proxyHeaderAsJDOM != null) {
            if (System.currentTimeMillis() > this.expiryInstant) {
                configure(this.sec);
            }
            soapMessage.getHeaders().add(new Header(headerQName, this.proxyHeaderAsJDOM));
        }
    }

    String getPem() {
        return this.pem;
    }
}
