package net.deterlab.abac;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.x509.AttributeCertificateHolder;
import org.bouncycastle.x509.AttributeCertificateIssuer;
import org.bouncycastle.x509.X509Attribute;
import org.bouncycastle.x509.X509V2AttributeCertificate;
import org.bouncycastle.x509.X509V2AttributeCertificateGenerator;
import org.bouncycastle.x509.util.StreamParsingException;

/* loaded from: input_file:lib/fedd/jabac-1.3.jar:net/deterlab/abac/Credential.class */
public class Credential implements Comparable {
    protected static String attrOID = "1.3.6.1.5.5.7.10.4";
    protected static String authKeyOID = "2.5.29.35";
    protected Role m_head;
    protected Role m_tail;
    protected X509V2AttributeCertificate ac;
    protected Identity id;

    public Credential() {
        this.m_tail = null;
        this.m_head = null;
        this.ac = null;
        this.id = null;
    }

    public Credential(Role role, Role role2) {
        this.m_head = role;
        this.m_tail = role2;
        this.ac = null;
        this.id = null;
    }

    protected void read_certificate(InputStream inputStream) throws IOException {
        this.ac = new X509V2AttributeCertificate(inputStream);
    }

    protected void init(Collection<Identity> collection) throws CertificateException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
        for (Identity identity : collection) {
            try {
                this.ac.verify(identity.getCertificate().getPublicKey(), "BC");
                this.id = identity;
                break;
            } catch (InvalidKeyException e) {
            }
        }
        if (this.id == null) {
            throw new InvalidKeyException("Unknown identity");
        }
        load_roles();
        if (!this.id.getKeyID().equals(this.m_head.principal())) {
            throw new InvalidKeyException("Unknown identity");
        }
    }

    protected void init(InputStream inputStream, Collection<Identity> collection) throws CertificateException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, IOException {
        read_certificate(inputStream);
        if (this.ac == null) {
            throw new IOException("Unknown Format");
        }
        init(collection);
    }

    public Credential(String str, Collection<Identity> collection) throws Exception {
        init(new FileInputStream(str), collection);
    }

    public Credential(File file, Collection<Identity> collection) throws CertificateException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, StreamParsingException, IOException {
        init(new FileInputStream(file), collection);
    }

    public Credential(InputStream inputStream, Collection<Identity> collection) throws CertificateException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, StreamParsingException, IOException {
        init(inputStream, collection);
    }

    public Credential(X509V2AttributeCertificate x509V2AttributeCertificate, Collection<Identity> collection) throws CertificateException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, IOException {
        this.ac = x509V2AttributeCertificate;
        init(collection);
    }

    public void make_cert(Identity identity) throws IOException, CertificateEncodingException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        PrivateKey privateKey = identity.getKeyPair().getPrivate();
        SubjectPublicKeyInfo extractSubjectPublicKeyInfo = Context.extractSubjectPublicKeyInfo(identity.getKeyPair().getPublic());
        X509V2AttributeCertificateGenerator x509V2AttributeCertificateGenerator = new X509V2AttributeCertificateGenerator();
        x509V2AttributeCertificateGenerator.setIssuer(new AttributeCertificateIssuer(new X500Principal("CN=" + this.m_head.principal())));
        x509V2AttributeCertificateGenerator.setHolder(new AttributeCertificateHolder(new X500Principal("CN=" + this.m_head.principal())));
        x509V2AttributeCertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 1471228928));
        x509V2AttributeCertificateGenerator.setNotBefore(new Date(System.currentTimeMillis()));
        x509V2AttributeCertificateGenerator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        x509V2AttributeCertificateGenerator.addAttribute(new X509Attribute(attrOID, new DERSequence(new DERSequence(new DERUTF8String(toString())))));
        x509V2AttributeCertificateGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption");
        x509V2AttributeCertificateGenerator.addExtension(authKeyOID, false, (ASN1Encodable) new AuthorityKeyIdentifier(extractSubjectPublicKeyInfo));
        this.ac = (X509V2AttributeCertificate) x509V2AttributeCertificateGenerator.generate(privateKey, "BC");
        this.id = identity;
    }

    private void load_roles() {
        try {
            String string = ((DERUTF8String) ((DERSequence) ((DERSequence) this.ac.getAttributes()[0].getValues()[0]).getObjectAt(0)).getObjectAt(0)).getString();
            String[] split = string.split("\\s*<--?\\s*");
            if (split.length != 2) {
                throw new RuntimeException("Invalid attribute: " + string);
            }
            this.m_head = new Role(split[0]);
            this.m_tail = new Role(split[1]);
        } catch (Exception e) {
            throw new RuntimeException("Badly formatted certificate");
        }
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof Credential)) {
            return false;
        }
        Credential credential = (Credential) obj;
        return this.m_head != null && this.m_tail != null && this.m_head.equals(credential.head()) && this.m_tail.equals(credential.tail());
    }

    @Override // java.lang.Comparable
    public int compareTo(Object obj) {
        if (!(obj instanceof Credential)) {
            return 1;
        }
        Credential credential = (Credential) obj;
        return head().equals(credential.head()) ? tail().compareTo(credential.tail()) : head().compareTo(credential.head());
    }

    public Role head() {
        return this.m_head;
    }

    public Role tail() {
        return this.m_tail;
    }

    public X509V2AttributeCertificate cert() {
        return this.ac;
    }

    public String toString() {
        return this.m_head + " <- " + this.m_tail;
    }

    public String simpleString(Context context) {
        return this.m_head.simpleString(context) + " <- " + this.m_tail.simpleString(context);
    }

    public void write(OutputStream outputStream) throws IOException {
        if (this.ac != null) {
            outputStream.write(this.ac.getEncoded());
        }
        outputStream.flush();
    }

    public void write(String str) throws IOException, FileNotFoundException {
        write(new FileOutputStream(str));
    }

    public boolean hasCertificate() {
        return this.ac != null;
    }

    public Identity issuer() {
        return this.id;
    }

    public X509Certificate issuerCert() {
        return this.id.getCertificate();
    }

    public X509V2AttributeCertificate attributeCert() {
        return this.ac;
    }

    static {
        Context.loadBouncyCastle();
    }
}
