package org.dataone.client.auth;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMReader;
import org.dataone.client.D1Client;
import org.dataone.configuration.Settings;
import org.dataone.service.exceptions.InvalidToken;
import org.dataone.service.types.v1.Session;
import org.dataone.service.types.v1.Subject;
import org.dataone.service.types.v1.SubjectInfo;
import org.dataone.service.util.TypeMarshaller;
import org.jibx.runtime.JiBXException;

/* loaded from: input_file:org/dataone/client/auth/CertificateManager.class */
public class CertificateManager {
    private static Log log = LogFactory.getLog(CertificateManager.class);
    private String certificateLocation = null;
    private String keyStorePassword;
    private String keyStoreType;
    private static final String shippedCAcerts = "/org/dataone/client/auth/d1-trusted-certs.crt";
    private KeyStore d1TrustStore;
    private static String CILOGON_OID_SUBJECT_INFO;
    private static CertificateManager cm;
    private Map<String, X509Certificate> certificates;
    private Map<String, PrivateKey> keys;
    private boolean trustStoreIncludesD1CAs;

    public CertificateManager() {
        this.keyStorePassword = null;
        this.keyStoreType = null;
        this.trustStoreIncludesD1CAs = true;
        try {
            this.keyStorePassword = Settings.getConfiguration().getString("certificate.keystore.password", "changeit");
            this.keyStoreType = Settings.getConfiguration().getString("certificate.keystore.type", KeyStore.getDefaultType());
            this.trustStoreIncludesD1CAs = Settings.getConfiguration().getBoolean("certificate.truststore.includeD1CAs", true);
            this.certificates = new HashMap();
            this.keys = new HashMap();
            CILOGON_OID_SUBJECT_INFO = Settings.getConfiguration().getString("cilogon.oid.subjectinfo", "1.3.6.1.4.1.34998.2.1");
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
    }

    public static CertificateManager getInstance() {
        if (cm == null) {
            cm = new CertificateManager();
        }
        return cm;
    }

    public String getCertificateLocation() {
        return this.certificateLocation;
    }

    public void setCertificateLocation(String str) {
        this.certificateLocation = str;
    }

    public void registerCertificate(String str, X509Certificate x509Certificate, PrivateKey privateKey) {
        this.certificates.put(str, x509Certificate);
        this.keys.put(str, privateKey);
    }

    private KeyStore loadTrustStore() {
        if (this.d1TrustStore == null) {
            try {
                this.d1TrustStore = KeyStore.getInstance(KeyStore.getDefaultType());
                this.d1TrustStore.load(null, null);
                String string = Settings.getConfiguration().getString("certificate.truststore.aux.location");
                int i = 0;
                if (string != null) {
                    File file = new File(string);
                    if (file.exists()) {
                        if (file.isDirectory()) {
                            for (File file2 : file.listFiles()) {
                                i += loadIntoTrustStore(this.d1TrustStore, new FileReader(file2.getAbsolutePath()));
                            }
                        } else {
                            i = 0 + loadIntoTrustStore(this.d1TrustStore, new FileReader(file.getAbsolutePath()));
                        }
                    }
                }
                if (i == 0) {
                    InputStream resourceAsStream = getClass().getResourceAsStream(shippedCAcerts);
                    if (resourceAsStream != null) {
                        int loadIntoTrustStore = i + loadIntoTrustStore(this.d1TrustStore, new InputStreamReader(resourceAsStream));
                    } else {
                        log.error("'shippedCAcerts' file (/org/dataone/client/auth/d1-trusted-certs.crt) could not be found. No DataONE-trusted CA certs loaded");
                    }
                }
                if (log.isDebugEnabled()) {
                    Enumeration<String> aliases = this.d1TrustStore.aliases();
                    while (aliases.hasMoreElements()) {
                        log.debug(aliases.nextElement());
                    }
                    log.debug(this.d1TrustStore.aliases());
                }
            } catch (FileNotFoundException e) {
                log.error(e.getMessage(), e);
            } catch (IOException e2) {
                log.error(e2.getMessage(), e2);
            } catch (KeyStoreException e3) {
                log.error(e3.getMessage(), e3);
            } catch (NoSuchAlgorithmException e4) {
                log.error(e4.getMessage(), e4);
            } catch (CertificateException e5) {
                log.error(e5.getMessage(), e5);
            }
        }
        return this.d1TrustStore;
    }

    private int loadIntoTrustStore(KeyStore keyStore, Reader reader) throws FileNotFoundException {
        int i = 0;
        PEMReader pEMReader = null;
        try {
            try {
                try {
                    pEMReader = new PEMReader(reader);
                    log.info("loading into client truststore: ");
                    while (true) {
                        Object readObject = pEMReader.readObject();
                        if (readObject == null) {
                            break;
                        }
                        if (readObject instanceof X509Certificate) {
                            X509Certificate x509Certificate = (X509Certificate) readObject;
                            String name = x509Certificate.getSubjectX500Principal().getName();
                            if (!keyStore.containsAlias(name)) {
                                log.info(i + " alias " + name);
                                keyStore.setCertificateEntry(name, x509Certificate);
                                i++;
                            }
                        }
                    }
                    IOUtils.closeQuietly(pEMReader);
                } catch (KeyStoreException e) {
                    log.error(e.getMessage() + " after loading " + i + " certificates", e);
                    IOUtils.closeQuietly(pEMReader);
                }
            } catch (IOException e2) {
                log.error(e2.getMessage() + " after loading " + i + " certificates", e2);
                IOUtils.closeQuietly(pEMReader);
            }
            return i;
        } catch (Throwable th) {
            IOUtils.closeQuietly(pEMReader);
            throw th;
        }
    }

    public X509Certificate getCACert(String str) {
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = (X509Certificate) loadTrustStore().getCertificate(str);
        } catch (KeyStoreException e) {
            log.error(e.getMessage(), e);
        }
        return x509Certificate;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<X509Certificate> getSupplementalCACertificates() {
        ArrayList arrayList = null;
        try {
            try {
                KeyStore loadTrustStore = loadTrustStore();
                Enumeration<String> aliases = loadTrustStore.aliases();
                arrayList = new ArrayList();
                while (aliases.hasMoreElements()) {
                    arrayList.add((X509Certificate) loadTrustStore.getCertificate(aliases.nextElement()));
                }
                IOUtils.closeQuietly((InputStream) null);
            } catch (KeyStoreException e) {
                log.error(e.getMessage(), e);
                IOUtils.closeQuietly((InputStream) null);
            }
            return arrayList;
        } catch (Throwable th) {
            IOUtils.closeQuietly((InputStream) null);
            throw th;
        }
    }

    public X509Certificate loadCertificate() {
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = (X509Certificate) getKeyStore(null).getCertificate("cilogon");
        } catch (FileNotFoundException e) {
            log.warn(e.getMessage());
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
        }
        return x509Certificate;
    }

    public PrivateKey loadKey() {
        PrivateKey privateKey = null;
        try {
            privateKey = (PrivateKey) getKeyStore(null).getKey("cilogon", this.keyStorePassword.toCharArray());
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
        return privateKey;
    }

    protected String getExtensionValue(X509Certificate x509Certificate, String str) throws IOException {
        String str2 = null;
        byte[] extensionValue = x509Certificate.getExtensionValue(str);
        if (extensionValue != null) {
            DEROctetString dERObject = toDERObject(extensionValue);
            if (dERObject instanceof DEROctetString) {
                DERObject dERObject2 = toDERObject(dERObject.getOctets());
                if (dERObject2 instanceof DERUTF8String) {
                    str2 = DERUTF8String.getInstance(dERObject2).getString();
                }
            }
        }
        return str2;
    }

    private DERObject toDERObject(byte[] bArr) throws IOException {
        ASN1InputStream aSN1InputStream = null;
        try {
            aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(bArr));
            DERObject readObject = aSN1InputStream.readObject();
            IOUtils.closeQuietly(aSN1InputStream);
            return readObject;
        } catch (Throwable th) {
            IOUtils.closeQuietly(aSN1InputStream);
            throw th;
        }
    }

    public SubjectInfo getSubjectInfo(X509Certificate x509Certificate) throws IOException, InstantiationException, IllegalAccessException, JiBXException {
        String extensionValue = getExtensionValue(x509Certificate, CILOGON_OID_SUBJECT_INFO);
        log.debug("Certificate subjectInfoValue: " + extensionValue);
        SubjectInfo subjectInfo = null;
        if (extensionValue != null) {
            subjectInfo = (SubjectInfo) TypeMarshaller.unmarshalTypeFromStream(SubjectInfo.class, new ByteArrayInputStream(extensionValue.getBytes("UTF-8")));
        }
        return subjectInfo;
    }

    public String getSubjectDN(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        return x509Certificate.getSubjectX500Principal().getName("RFC2253");
    }

    public String standardizeDN(String str) {
        log.debug("name: " + str);
        String name = new X500Principal(str).getName("RFC2253");
        log.debug("standardizedName: " + name);
        return name;
    }

    public boolean equalsDN(String str, String str2) {
        return getInstance().standardizeDN(str).equals(getInstance().standardizeDN(str2));
    }

    public static boolean verify(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        return verify(x509Certificate, x509Certificate2, true);
    }

    public static boolean verify(X509Certificate x509Certificate, X509Certificate x509Certificate2, boolean z) {
        boolean z2 = false;
        try {
            x509Certificate.checkValidity();
            x509Certificate.verify(x509Certificate2.getPublicKey());
            z2 = true;
        } catch (InvalidKeyException e) {
            if (z) {
                log.error("Certificate verification failed, invalid key.");
                log.error(e.getMessage(), e);
            }
        } catch (NoSuchAlgorithmException e2) {
            if (z) {
                log.error("Certificate verification failed, no such algorithm.");
                log.error(e2.getMessage(), e2);
            }
        } catch (NoSuchProviderException e3) {
            if (z) {
                log.error("Certificate verification failed, no such provider.");
                log.error(e3.getMessage(), e3);
            }
        } catch (SignatureException e4) {
            if (z) {
                log.error("Certificate verification failed, signatures do not match.");
            }
        } catch (CertificateException e5) {
            if (z) {
                log.error(e5.getMessage(), e5);
            }
        }
        return z2;
    }

    public Session getSession(HttpServletRequest httpServletRequest) throws InvalidToken {
        return getSession(httpServletRequest, false);
    }

    public Session getSession(HttpServletRequest httpServletRequest, boolean z) throws InvalidToken {
        Session session = null;
        X509Certificate certificate = getCertificate(httpServletRequest);
        if (certificate != null) {
            String subjectDN = getSubjectDN(certificate);
            Subject subject = new Subject();
            subject.setValue(subjectDN);
            session = new Session();
            session.setSubject(subject);
            SubjectInfo subjectInfo = null;
            if (z) {
                try {
                    subjectInfo = D1Client.getCN().getSubjectInfo(session, subject);
                    session.setSubjectInfo(subjectInfo);
                } catch (Exception e) {
                    log.error("Could not lookup complete SubjectInfo for: " + subject.getValue(), e);
                }
            } else {
                try {
                    subjectInfo = getSubjectInfo(certificate);
                } catch (Exception e2) {
                    String str = "Could not get SubjectInfo from certificate for: " + subject.getValue();
                    log.error(str, e2);
                    throw new InvalidToken("", str);
                }
            }
            session.setSubjectInfo(subjectInfo);
        }
        return session;
    }

    public X509Certificate getCertificate(HttpServletRequest httpServletRequest) {
        Object attribute = httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        log.debug("javax.servlet.request.X509Certificate  = " + attribute);
        log.debug("javax.servlet.request.ssl_session  = " + httpServletRequest.getAttribute("javax.servlet.request.ssl_session"));
        if (!(attribute instanceof X509Certificate[])) {
            return null;
        }
        X509Certificate[] x509CertificateArr = (X509Certificate[]) attribute;
        if (0 >= x509CertificateArr.length) {
            return null;
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        displayCertificate(x509Certificate);
        return x509Certificate;
    }

    public SSLSocketFactory getSSLSocketFactory(String str) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException, CertificateException, IOException {
        SSLSocketFactory sSLSocketFactory;
        log.info("Entering getSSLSocketFactory");
        KeyStore keyStore = null;
        try {
            keyStore = getKeyStore(str);
        } catch (FileNotFoundException e) {
            log.warn("Client certificate could not be located. Setting up SocketFactory without it." + e.getMessage());
        }
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        X509TrustManager trustManager = getTrustManager();
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, this.keyStorePassword.toCharArray());
        sSLContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{trustManager}, new SecureRandom());
        if (this.trustStoreIncludesD1CAs) {
            log.info("using allow-all hostname verifier");
            sSLSocketFactory = new SSLSocketFactory(sSLContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        } else {
            sSLSocketFactory = new SSLSocketFactory(sSLContext);
        }
        return sSLSocketFactory;
    }

    private X509TrustManager getTrustManager() throws NoSuchAlgorithmException, KeyStoreException {
        X509TrustManager x509TrustManager;
        X509TrustManager x509TrustManager2 = null;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        log.debug("JVM Default Trust Managers:");
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        int length = trustManagers.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            TrustManager trustManager = trustManagers[i];
            log.debug(trustManager);
            if (trustManager instanceof X509TrustManager) {
                x509TrustManager2 = (X509TrustManager) trustManager;
                log.debug("Accepted issuers count : " + x509TrustManager2.getAcceptedIssuers().length);
                break;
            }
            i++;
        }
        if (this.trustStoreIncludesD1CAs) {
            log.info("creating custom TrustManager");
            final X509TrustManager x509TrustManager3 = x509TrustManager2;
            x509TrustManager = new X509TrustManager() { // from class: org.dataone.client.auth.CertificateManager.1
                private List<X509Certificate> d1CaCertificates;

                {
                    this.d1CaCertificates = CertificateManager.this.getSupplementalCACertificates();
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    System.err.println("checkClientTrusted - " + str);
                    boolean z = false;
                    List asList = Arrays.asList(getAcceptedIssuers());
                    int length2 = x509CertificateArr.length;
                    int i2 = 0;
                    while (true) {
                        if (i2 >= length2) {
                            break;
                        }
                        if (asList.contains(x509CertificateArr[i2])) {
                            z = true;
                            break;
                        }
                        i2++;
                    }
                    if (z) {
                        return;
                    }
                    x509TrustManager3.checkClientTrusted(x509CertificateArr, str);
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    System.err.println("checkServerTrusted - " + str);
                    boolean z = false;
                    List asList = Arrays.asList(getAcceptedIssuers());
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        Iterator it = asList.iterator();
                        while (true) {
                            if (it.hasNext()) {
                                if (CertificateManager.verify(x509Certificate, (X509Certificate) it.next(), false)) {
                                    z = true;
                                    break;
                                }
                            } else {
                                break;
                            }
                        }
                    }
                    if (z) {
                        return;
                    }
                    try {
                        System.err.println("CertMan Custom TrustManager: checking JVM trusted certs");
                        x509TrustManager3.checkServerTrusted(x509CertificateArr, str);
                    } catch (CertificateException e) {
                        System.err.println("CertMan Custom TrustManager: server cert chain subjectDNs: ");
                        for (X509Certificate x509Certificate2 : x509CertificateArr) {
                            System.err.println("CertMan Custom TrustManager:   subjDN: " + x509Certificate2.getSubjectDN() + " / issuerDN: " + x509Certificate2.getIssuerX500Principal());
                        }
                        throw e;
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    ArrayList arrayList = new ArrayList();
                    arrayList.addAll(this.d1CaCertificates);
                    arrayList.addAll(Arrays.asList(x509TrustManager3.getAcceptedIssuers()));
                    return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
                }
            };
        } else {
            log.info("using JVM TrustManager");
            x509TrustManager = x509TrustManager2;
        }
        return x509TrustManager;
    }

    /* JADX WARN: Finally extract failed */
    private KeyStore getKeyStore(String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        X509Certificate x509Certificate = null;
        PrivateKey privateKey = null;
        if (str != null) {
            x509Certificate = this.certificates.get(str);
            privateKey = this.keys.get(str);
        } else {
            String str2 = this.certificateLocation;
            File locateDefaultCertificate = str2 == null ? locateDefaultCertificate() : new File(str2);
            log.info("Using client certificate location: " + str2);
            PEMReader pEMReader = null;
            try {
                pEMReader = new PEMReader(new FileReader(locateDefaultCertificate));
                while (true) {
                    Object readObject = pEMReader.readObject();
                    if (readObject == null) {
                        break;
                    }
                    if (readObject instanceof PrivateKey) {
                        privateKey = (PrivateKey) readObject;
                    } else if (readObject instanceof KeyPair) {
                        privateKey = ((KeyPair) readObject).getPrivate();
                    } else if (readObject instanceof X509Certificate) {
                        x509Certificate = (X509Certificate) readObject;
                    }
                }
                IOUtils.closeQuietly(pEMReader);
            } catch (Throwable th) {
                IOUtils.closeQuietly(pEMReader);
                throw th;
            }
        }
        KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
        keyStore.load(null, this.keyStorePassword.toCharArray());
        keyStore.setKeyEntry("cilogon", privateKey, this.keyStorePassword.toCharArray(), new Certificate[]{x509Certificate});
        return keyStore;
    }

    /* JADX WARN: Removed duplicated region for block: B:22:0x0079 A[EDGE_INSN: B:22:0x0079->B:14:0x0079 BREAK  A[LOOP:0: B:6:0x0048->B:19:?], SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0052 A[Catch: all -> 0x0081, TryCatch #0 {all -> 0x0081, blocks: (B:24:0x000c, B:26:0x0013, B:6:0x0048, B:8:0x0052, B:21:0x0059, B:10:0x0062, B:13:0x0069, B:4:0x0034), top: B:23:0x000c }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.security.PrivateKey loadPrivateKeyFromFile(java.lang.String r7, final java.lang.String r8) throws java.io.IOException {
        /*
            r6 = this;
            r0 = 0
            r9 = r0
            r0 = 0
            r10 = r0
            r0 = 0
            r11 = r0
            r0 = r8
            if (r0 == 0) goto L34
            r0 = r8
            int r0 = r0.length()     // Catch: java.lang.Throwable -> L81
            if (r0 <= 0) goto L34
            org.dataone.client.auth.CertificateManager$2 r0 = new org.dataone.client.auth.CertificateManager$2     // Catch: java.lang.Throwable -> L81
            r1 = r0
            r2 = r6
            r3 = r8
            r1.<init>()     // Catch: java.lang.Throwable -> L81
            r12 = r0
            org.bouncycastle.openssl.PEMReader r0 = new org.bouncycastle.openssl.PEMReader     // Catch: java.lang.Throwable -> L81
            r1 = r0
            java.io.FileReader r2 = new java.io.FileReader     // Catch: java.lang.Throwable -> L81
            r3 = r2
            r4 = r7
            r3.<init>(r4)     // Catch: java.lang.Throwable -> L81
            r3 = r12
            r1.<init>(r2, r3)     // Catch: java.lang.Throwable -> L81
            r11 = r0
            goto L45
        L34:
            org.bouncycastle.openssl.PEMReader r0 = new org.bouncycastle.openssl.PEMReader     // Catch: java.lang.Throwable -> L81
            r1 = r0
            java.io.FileReader r2 = new java.io.FileReader     // Catch: java.lang.Throwable -> L81
            r3 = r2
            r4 = r7
            r3.<init>(r4)     // Catch: java.lang.Throwable -> L81
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L81
            r11 = r0
        L45:
            r0 = 0
            r12 = r0
        L48:
            r0 = r11
            java.lang.Object r0 = r0.readObject()     // Catch: java.lang.Throwable -> L81
            r1 = r0
            r9 = r1
            if (r0 == 0) goto L79
            r0 = r9
            boolean r0 = r0 instanceof java.security.PrivateKey     // Catch: java.lang.Throwable -> L81
            if (r0 == 0) goto L62
            r0 = r9
            java.security.PrivateKey r0 = (java.security.PrivateKey) r0     // Catch: java.lang.Throwable -> L81
            r10 = r0
            goto L79
        L62:
            r0 = r9
            boolean r0 = r0 instanceof java.security.KeyPair     // Catch: java.lang.Throwable -> L81
            if (r0 == 0) goto L48
            r0 = r9
            java.security.KeyPair r0 = (java.security.KeyPair) r0     // Catch: java.lang.Throwable -> L81
            r12 = r0
            r0 = r12
            java.security.PrivateKey r0 = r0.getPrivate()     // Catch: java.lang.Throwable -> L81
            r10 = r0
            goto L79
        L79:
            r0 = r11
            org.apache.commons.io.IOUtils.closeQuietly(r0)
            goto L8b
        L81:
            r13 = move-exception
            r0 = r11
            org.apache.commons.io.IOUtils.closeQuietly(r0)
            r0 = r13
            throw r0
        L8b:
            r0 = r10
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.dataone.client.auth.CertificateManager.loadPrivateKeyFromFile(java.lang.String, java.lang.String):java.security.PrivateKey");
    }

    /* JADX WARN: Code restructure failed: missing block: B:9:0x0029, code lost:
    
        r8 = (java.security.cert.X509Certificate) r0;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.security.cert.X509Certificate loadCertificateFromFile(java.lang.String r7) throws java.io.IOException {
        /*
            r6 = this;
            r0 = 0
            r8 = r0
            r0 = 0
            r9 = r0
            org.bouncycastle.openssl.PEMReader r0 = new org.bouncycastle.openssl.PEMReader     // Catch: java.lang.Throwable -> L39
            r1 = r0
            java.io.FileReader r2 = new java.io.FileReader     // Catch: java.lang.Throwable -> L39
            r3 = r2
            r4 = r7
            r3.<init>(r4)     // Catch: java.lang.Throwable -> L39
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L39
            r9 = r0
            r0 = 0
            r10 = r0
        L17:
            r0 = r9
            java.lang.Object r0 = r0.readObject()     // Catch: java.lang.Throwable -> L39
            r1 = r0
            r10 = r1
            if (r0 == 0) goto L32
            r0 = r10
            boolean r0 = r0 instanceof java.security.cert.X509Certificate     // Catch: java.lang.Throwable -> L39
            if (r0 == 0) goto L17
            r0 = r10
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0     // Catch: java.lang.Throwable -> L39
            r8 = r0
            goto L32
        L32:
            r0 = r9
            org.apache.commons.io.IOUtils.closeQuietly(r0)
            goto L42
        L39:
            r11 = move-exception
            r0 = r9
            org.apache.commons.io.IOUtils.closeQuietly(r0)
            r0 = r11
            throw r0
        L42:
            r0 = r8
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.dataone.client.auth.CertificateManager.loadCertificateFromFile(java.lang.String):java.security.cert.X509Certificate");
    }

    public File locateDefaultCertificate() throws FileNotFoundException {
        BufferedReader stringBuffer = new StringBuffer();
        String property = System.getProperty("tmpdir");
        if (property == null) {
            property = "/tmp";
        }
        String str = null;
        BufferedReader bufferedReader = null;
        try {
            Process exec = Runtime.getRuntime().exec("id -u");
            if (exec.waitFor() == 0) {
                bufferedReader = new BufferedReader(new InputStreamReader(exec.getInputStream()));
                str = String.valueOf(Integer.parseInt(bufferedReader.readLine()));
            }
            IOUtils.closeQuietly(bufferedReader);
        } catch (Exception e) {
            log.warn("No UID found, using user.name");
        } finally {
            IOUtils.closeQuietly(bufferedReader);
        }
        if (str == null) {
            str = System.getProperty("user.name");
        }
        stringBuffer.append(property);
        stringBuffer.append("/");
        stringBuffer.append("x509up_u");
        log.debug("Calculated certificate location: " + stringBuffer.toString());
        File file = new File(stringBuffer.toString());
        if (file.exists()) {
            return file;
        }
        throw new FileNotFoundException("No certificate installed in expected location: " + stringBuffer.toString());
    }

    public void displayCertificate(X509Certificate x509Certificate) {
        if (x509Certificate != null && log.isDebugEnabled()) {
            log.debug("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~");
            log.debug(" Issuer: " + x509Certificate.getIssuerX500Principal().getName("RFC2253"));
            Date notBefore = x509Certificate.getNotBefore();
            DateFormat dateTimeInstance = SimpleDateFormat.getDateTimeInstance();
            log.debug("   From: " + dateTimeInstance.format(notBefore));
            log.debug("     To: " + dateTimeInstance.format(x509Certificate.getNotAfter()));
            log.debug("Subject: " + getSubjectDN(x509Certificate));
            log.debug("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~");
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        CILOGON_OID_SUBJECT_INFO = null;
        cm = null;
    }
}
