package org.dataone.portal;

import edu.uiuc.ncsa.myproxy.oa4mp.client.Asset;
import edu.uiuc.ncsa.myproxy.oa4mp.client.ClientEnvironment;
import edu.uiuc.ncsa.myproxy.oa4mp.client.loader.ClientEnvironmentUtil;
import java.io.File;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.logging.Handler;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dataone.client.auth.CertificateManager;
import org.dataone.configuration.Settings;
import org.dataone.service.types.v1.Session;

/* loaded from: input_file:org/dataone/portal/PortalCertificateManager.class */
public class PortalCertificateManager {
    private static final String DEFAULT_OA4MP_CONFIG_PATH = "/var/lib/tomcat7/webapps/portal/WEB-INF/client.xml";
    private String configFile;
    private String configName;
    private static PortalCertificateManager instance;
    private static int maxAttempts = 10;
    public static Log log = LogFactory.getLog(PortalCertificateManager.class);

    public static PortalCertificateManager getInstance() {
        if (instance == null) {
            instance = new PortalCertificateManager();
        }
        return instance;
    }

    public PortalCertificateManager() {
        this.configFile = Settings.getConfiguration().getString("oa4mp.client.config.file", DEFAULT_OA4MP_CONFIG_PATH);
        this.configName = null;
    }

    public PortalCertificateManager(String str) {
        this.configFile = Settings.getConfiguration().getString("oa4mp.client.config.file", DEFAULT_OA4MP_CONFIG_PATH);
        this.configName = null;
        this.configFile = str;
    }

    public void closeLoggers() throws Exception {
        for (Handler handler : ClientEnvironmentUtil.load(new File(this.configFile), this.configName).getMyLogger().getLogger().getHandlers()) {
            handler.close();
        }
    }

    public String getConfigFile() {
        return this.configFile;
    }

    public void setConfigFile(String str) {
        this.configFile = str;
    }

    public void setCookie(String str, HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie("oa4mp_client_req_id", str);
        cookie.setMaxAge(64800);
        cookie.setPath("/");
        httpServletResponse.addCookie(cookie);
    }

    public Cookie getCookie(HttpServletRequest httpServletRequest) {
        if (httpServletRequest.getCookies() == null) {
            return null;
        }
        for (Cookie cookie : httpServletRequest.getCookies()) {
            if (cookie.getName().equals("oa4mp_client_req_id")) {
                return cookie;
            }
        }
        return null;
    }

    public void removeCookie(HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie("oa4mp_client_req_id", "removeMe");
        cookie.setMaxAge(0);
        cookie.setPath("/");
        httpServletResponse.addCookie(cookie);
    }

    public X509Certificate getCertificate(HttpServletRequest httpServletRequest) throws Exception {
        Asset credentials = getCredentials(httpServletRequest);
        if (credentials == null || credentials.getCertificates() == null || credentials.getCertificates().length < 1) {
            return null;
        }
        return credentials.getCertificates()[0];
    }

    public PrivateKey getPrivateKey(HttpServletRequest httpServletRequest) throws Exception {
        Asset credentials = getCredentials(httpServletRequest);
        if (credentials == null) {
            return null;
        }
        return credentials.getPrivateKey();
    }

    public Asset getCredentials(String str) throws Exception {
        if (str == null) {
            return null;
        }
        ClientEnvironment load = ClientEnvironmentUtil.load(new File(this.configFile), this.configName);
        Asset asset = null;
        int i = 0;
        while (asset == null) {
            try {
                asset = load.getAssetStore().get(str);
            } catch (Exception e) {
                log.warn(i + " - Error getting transaction, trying again. " + e.getMessage());
                try {
                    Thread.sleep(500L);
                    i++;
                    if (i > maxAttempts) {
                        throw e;
                    }
                } catch (InterruptedException e2) {
                    log.error("Could not wait for credentials: " + e2.getMessage());
                    throw e;
                }
            }
        }
        return asset;
    }

    public Asset getCredentials(HttpServletRequest httpServletRequest) throws Exception {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals("oa4mp_client_req_id")) {
                return getCredentials(cookie.getValue());
            }
        }
        return null;
    }

    public Session putPortalCertificateOnRequest(HttpServletRequest httpServletRequest) throws Exception {
        Session session = CertificateManager.getInstance().getSession(httpServletRequest);
        if (session == null) {
            X509Certificate certificate = getInstance().getCertificate(httpServletRequest);
            log.debug("Proxy certificate for the request = " + certificate);
            if (certificate != null) {
                httpServletRequest.setAttribute("javax.servlet.request.X509Certificate", new X509Certificate[]{certificate});
                log.debug("Added proxy certificate to the request");
            }
            session = CertificateManager.getInstance().getSession(httpServletRequest);
        }
        return session;
    }

    public void registerPortalCertificateWithCertificateManger(HttpServletRequest httpServletRequest) throws Exception {
        X509Certificate certificate = getInstance().getCertificate(httpServletRequest);
        if (certificate != null) {
            PrivateKey privateKey = getInstance().getPrivateKey(httpServletRequest);
            String subjectDN = CertificateManager.getInstance().getSubjectDN(certificate);
            if (subjectDN == null || privateKey == null || certificate == null) {
                return;
            }
            CertificateManager.getInstance().registerCertificate(subjectDN, certificate, privateKey);
        }
    }

    public Session registerPortalCertificateAndPlaceOnRequest(HttpServletRequest httpServletRequest) throws Exception {
        Session session = CertificateManager.getInstance().getSession(httpServletRequest);
        if (session == null) {
            getInstance().putPortalCertificateOnRequest(httpServletRequest);
            getInstance().registerPortalCertificateWithCertificateManger(httpServletRequest);
            session = CertificateManager.getInstance().getSession(httpServletRequest);
        }
        return session;
    }

    public Session getSession(HttpServletRequest httpServletRequest) {
        Session session = null;
        try {
            session = CertificateManager.getInstance().getSession(httpServletRequest);
        } catch (Exception e) {
            log.warn("For request " + httpServletRequest + ":" + e.getMessage(), e);
        }
        if (session == null) {
            String header = httpServletRequest.getHeader("Authorization");
            if (header != null) {
                try {
                    header = header.split(" ")[1];
                    session = TokenGenerator.getInstance().getSession(header);
                } catch (IndexOutOfBoundsException e2) {
                    log.warn("For request " + httpServletRequest + ": Could not extract a valid token from the request's Authorization header ('" + header + "') in order to set the Session. Continuing...");
                } catch (Exception e3) {
                    log.warn("For request " + httpServletRequest + ":" + e3.getMessage(), e3);
                }
            }
        }
        if (session == null) {
            try {
                session = registerPortalCertificateAndPlaceOnRequest(httpServletRequest);
            } catch (Exception e4) {
                log.warn("For request " + httpServletRequest + ":" + e4.getMessage(), e4);
            }
        }
        return session;
    }
}
