package net.deterlab.abac;

import edu.uci.ics.jung.graph.DirectedSparseGraph;
import edu.uci.ics.jung.graph.Graph;
import edu.uci.ics.jung.graph.util.Graphs;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.LineNumberReader;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.io.Writer;
import java.security.AccessController;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.PrivilegedAction;
import java.security.PublicKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Formatter;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.Vector;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import java.util.zip.ZipOutputStream;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.x509.X509V2AttributeCertificate;
import org.exolab.castor.dsml.XML;

/* loaded from: input_file:lib/fedd/jabac-1.3.jar:net/deterlab/abac/Context.class */
public class Context {
    public static final int ABAC_CERT_SUCCESS = 0;
    public static final int ABAC_CERT_INVALID = -1;
    public static final int ABAC_CERT_BAD_SIG = -2;
    public static final int ABAC_CERT_MISSING_ISSUER = -3;
    protected Graph<Role, Credential> g;
    protected Set<Credential> derived_edges;
    protected Query pq;
    protected boolean dirty;
    protected Set<Identity> m_identities;
    protected Map<String, String> nicknames;
    protected Map<String, String> keys;
    static boolean providerLoaded = false;

    /* loaded from: input_file:lib/fedd/jabac-1.3.jar:net/deterlab/abac/Context$QueryResult.class */
    public class QueryResult {
        protected Collection<Credential> creds;
        protected boolean success;

        QueryResult(Collection<Credential> collection, boolean z) {
            this.creds = collection;
            this.success = z;
        }

        public QueryResult() {
            this.creds = new TreeSet();
            this.success = false;
        }

        public Collection<Credential> getCredentials() {
            return this.creds;
        }

        public boolean getSuccess() {
            return this.success;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void loadBouncyCastle() {
        if (providerLoaded) {
            return;
        }
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: net.deterlab.abac.Context.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                Security.addProvider(new BouncyCastleProvider());
                return null;
            }
        });
        providerLoaded = true;
    }

    public Context() {
        this.g = Graphs.synchronizedDirectedGraph(new DirectedSparseGraph());
        this.derived_edges = new HashSet();
        this.pq = new Query(this.g);
        this.dirty = false;
        this.m_identities = new TreeSet();
        this.nicknames = new TreeMap();
        this.keys = new TreeMap();
    }

    public Context(Context context) {
        this();
        Iterator<Identity> it = context.m_identities.iterator();
        while (it.hasNext()) {
            load_id_chunk(it.next());
        }
        Iterator<Credential> it2 = context.credentials().iterator();
        while (it2.hasNext()) {
            load_attribute_chunk(it2.next());
        }
        derive_implied_edges();
    }

    public Context(Collection<Credential> collection) {
        this();
        for (Credential credential : collection) {
            Object issuer = credential.issuer();
            if (issuer != null) {
                load_id_chunk(issuer);
            }
            load_attribute_chunk(credential);
        }
    }

    public int load_id_file(String str) {
        return load_id_chunk(new File(str));
    }

    public int load_id_file(File file) {
        return load_id_chunk(file);
    }

    public int load_id_chunk(Object obj) {
        try {
            if (obj instanceof Identity) {
                addIdentity((Identity) obj);
                return 0;
            }
            if (obj instanceof String) {
                addIdentity(new Identity((String) obj));
                return 0;
            }
            if (obj instanceof File) {
                addIdentity(new Identity((File) obj));
                return 0;
            }
            if (!(obj instanceof X509Certificate)) {
                return -1;
            }
            addIdentity(new Identity((X509Certificate) obj));
            return 0;
        } catch (SignatureException e) {
            return -2;
        } catch (Exception e2) {
            return -1;
        }
    }

    public int load_attribute_file(String str) {
        return load_attribute_chunk(new File(str));
    }

    public int load_attribute_file(File file) {
        return load_attribute_chunk(file);
    }

    public int load_attribute_chunk(Object obj) {
        try {
            if (obj instanceof Credential) {
                add_credential((Credential) obj);
                return 0;
            }
            if (obj instanceof String) {
                add_credential(new Credential((String) obj, this.m_identities));
                return 0;
            }
            if (obj instanceof File) {
                add_credential(new Credential((File) obj, this.m_identities));
                return 0;
            }
            if (!(obj instanceof X509V2AttributeCertificate)) {
                return -1;
            }
            add_credential(new Credential((X509V2AttributeCertificate) obj, this.m_identities));
            return 0;
        } catch (InvalidKeyException e) {
            return -3;
        } catch (SignatureException e2) {
            return -2;
        } catch (Exception e3) {
            return -1;
        }
    }

    public QueryResult query(String str, String str2) {
        derive_implied_edges();
        Query query = new Query(this.g);
        return new QueryResult(query.run(str, str2).getEdges(), query.successful());
    }

    public Collection<Credential> credentials() {
        HashSet hashSet = new HashSet();
        for (Credential credential : this.g.getEdges()) {
            if (!this.derived_edges.contains(credential)) {
                hashSet.add(credential);
            }
        }
        return hashSet;
    }

    public Collection<Identity> identities() {
        return this.m_identities;
    }

    public boolean knowsIdentity(Identity identity) {
        return this.m_identities.contains(identity);
    }

    public boolean knowsKeyID(String str) {
        Iterator<Identity> it = this.m_identities.iterator();
        while (it.hasNext()) {
            if (str.equals(it.next().getKeyID())) {
                return true;
            }
        }
        return false;
    }

    protected void add_credential(Credential credential) {
        Role tail = credential.tail();
        Role head = credential.head();
        if (!this.g.containsVertex(head)) {
            this.g.addVertex(head);
        }
        if (!this.g.containsVertex(tail)) {
            this.g.addVertex(tail);
        }
        if (!this.g.containsEdge(credential)) {
            this.g.addEdge((Graph<Role, Credential>) credential, tail, head);
        }
        if (tail.is_intersection()) {
            for (Role role : tail.prereqs()) {
                this.g.addVertex(role);
            }
        }
        this.dirty = true;
    }

    protected void remove_credential(Credential credential) {
        if (this.g.containsEdge(credential)) {
            this.g.removeEdge(credential);
        }
        this.dirty = true;
    }

    protected void add_vertex(Role role) {
        if (this.g.containsVertex(role)) {
            return;
        }
        this.g.addVertex(role);
        this.dirty = true;
    }

    protected void remove_vertex(Role role) {
        if (this.g.containsVertex(role)) {
            this.g.removeVertex(role);
            this.dirty = true;
        }
    }

    protected synchronized void derive_implied_edges() {
        if (this.dirty) {
            clear_old_edges();
            do {
            } while (derive_links_iter() > 0);
            this.dirty = false;
        }
    }

    protected int derive_links_iter() {
        int i = 0;
        for (Role role : this.g.getVertices()) {
            if (role.is_intersection()) {
                Set<Role> set = null;
                for (Role role2 : role.prereqs()) {
                    Set<Role> find_principals = this.pq.find_principals(role2);
                    if (set == null) {
                        set = find_principals;
                    } else {
                        set.retainAll(find_principals);
                    }
                    if (set.size() == 0) {
                        break;
                    }
                }
                Iterator<Role> it = set.iterator();
                while (it.hasNext()) {
                    if (add_derived_edge(role, it.next())) {
                        i++;
                    }
                }
            } else if (role.is_linking()) {
                Role role3 = new Role(role.A_r1());
                String r2 = role.r2();
                if (this.g.containsVertex(role3)) {
                    Iterator<Role> it2 = this.pq.find_principals(role3).iterator();
                    while (it2.hasNext()) {
                        Role role4 = new Role(it2.next() + "." + r2);
                        if (this.g.containsVertex(role4) && add_derived_edge(role, role4)) {
                            i++;
                        }
                    }
                }
            }
        }
        return i;
    }

    protected boolean add_derived_edge(Role role, Role role2) {
        if (this.g.findEdge(role2, role) != null) {
            return false;
        }
        Credential credential = new Credential(role, role2);
        this.derived_edges.add(credential);
        this.g.addEdge((Graph<Role, Credential>) credential, role2, role);
        return true;
    }

    protected void clear_old_edges() {
        Iterator<Credential> it = this.derived_edges.iterator();
        while (it.hasNext()) {
            this.g.removeEdge(it.next());
        }
        this.derived_edges = new HashSet();
    }

    protected void addIdentity(Identity identity) {
        this.m_identities.add(identity);
        if (identity.getName() == null || identity.getKeyID() == null || this.keys.containsKey(identity.getKeyID())) {
            return;
        }
        String name = identity.getName();
        int i = 1;
        while (this.nicknames.containsKey(name)) {
            int i2 = i;
            i++;
            name = identity.getName() + i2;
        }
        this.nicknames.put(name, identity.getKeyID());
        this.keys.put(identity.getKeyID(), name);
    }

    protected String replace(String str, Map<String, String> map) {
        String str2 = "";
        for (String str3 : str.split(" ")) {
            String str4 = "";
            for (String str5 : str3.split("\\.")) {
                String str6 = map.containsKey(str5) ? map.get(str5) : str5;
                str4 = str4.isEmpty() ? str6 : str4 + "." + str6;
            }
            str2 = str2.isEmpty() ? str4 : str2 + " " + str4;
        }
        return str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String expandKeyID(String str) {
        return replace(str, this.nicknames);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String expandNickname(String str) {
        return replace(str, this.keys);
    }

    protected byte[] readCurrentZipEntry(ZipInputStream zipInputStream) throws IOException {
        byte[] bArr = new byte[4096];
        byte[] bArr2 = new byte[0];
        while (true) {
            int read = zipInputStream.read(bArr, 0, 4096);
            if (read == -1) {
                return bArr2;
            }
            byte[] bArr3 = new byte[bArr2.length + read];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            System.arraycopy(bArr, 0, bArr3, bArr2.length, read);
            bArr2 = bArr3;
        }
    }

    public void load_zip(InputStream inputStream, Collection<KeyPair> collection, Map<String, Exception> map) throws IOException {
        HashMap hashMap = new HashMap();
        TreeMap treeMap = new TreeMap();
        TreeMap treeMap2 = new TreeMap();
        int i = 0;
        ZipInputStream zipInputStream = new ZipInputStream(inputStream);
        ZipEntry nextEntry = zipInputStream.getNextEntry();
        while (true) {
            ZipEntry zipEntry = nextEntry;
            if (zipEntry == null) {
                break;
            }
            try {
                i++;
                byte[] readCurrentZipEntry = readCurrentZipEntry(zipInputStream);
                Object readPEM = readPEM(new PEMReader(new InputStreamReader(new ByteArrayInputStream(readCurrentZipEntry))));
                if (readPEM == null) {
                    hashMap.put(zipEntry.getName(), readCurrentZipEntry);
                } else if (readPEM instanceof Identity) {
                    Identity identity = (Identity) readPEM;
                    String keyID = identity.getKeyID();
                    if (treeMap2.containsKey(keyID)) {
                        identity.setKeyPair((KeyPair) treeMap2.get(keyID));
                        treeMap2.remove(keyID);
                    } else if (identity.getKeyPair() == null) {
                        treeMap.put(identity.getKeyID(), identity);
                    }
                    load_id_chunk(identity);
                } else if (readPEM instanceof KeyPair) {
                    KeyPair keyPair = (KeyPair) readPEM;
                    String extractKeyID = extractKeyID(keyPair.getPublic());
                    if (treeMap.containsKey(extractKeyID)) {
                        ((Identity) treeMap.get(extractKeyID)).setKeyPair(keyPair);
                        treeMap.remove(extractKeyID);
                    } else {
                        treeMap2.put(extractKeyID, keyPair);
                    }
                }
            } catch (Exception e) {
                if (map != null) {
                    map.put(zipEntry.getName(), e);
                }
            }
            nextEntry = zipInputStream.getNextEntry();
        }
        for (String str : hashMap.keySet()) {
            try {
                add_credential(new Credential(new ByteArrayInputStream((byte[]) hashMap.get(str)), this.m_identities));
            } catch (Exception e2) {
                if (map != null) {
                    map.put(str, e2);
                }
            }
        }
        if (i == 0) {
            throw new IOException("Not a ZIP file (or empty ZIP file)");
        }
    }

    public void load_zip(InputStream inputStream) throws IOException {
        load_zip(inputStream, (Collection<KeyPair>) null, (Map<String, Exception>) null);
    }

    public void load_zip(InputStream inputStream, Map<String, Exception> map) throws IOException {
        load_zip(inputStream, (Collection<KeyPair>) null, map);
    }

    public void load_zip(InputStream inputStream, Collection<KeyPair> collection) throws IOException {
        load_zip(inputStream, collection, (Map<String, Exception>) null);
    }

    public void load_zip(File file, Collection<KeyPair> collection, Map<String, Exception> map) throws IOException {
        load_zip(new FileInputStream(file), collection, map);
    }

    public void load_zip(File file) throws IOException {
        load_zip(file, (Collection<KeyPair>) null, (Map<String, Exception>) null);
    }

    public void load_zip(File file, Map<String, Exception> map) throws IOException {
        load_zip(file, (Collection<KeyPair>) null, map);
    }

    public void load_zip(File file, Collection<KeyPair> collection) throws IOException {
        load_zip(file, collection, (Map<String, Exception>) null);
    }

    protected Object readPEM(PEMReader pEMReader) throws IOException {
        Identity identity = null;
        KeyPair keyPair = null;
        while (true) {
            Object readObject = pEMReader.readObject();
            if (readObject == null) {
                if (identity != null) {
                    return identity;
                }
                if (keyPair != null) {
                    return keyPair;
                }
                return null;
            }
            if (readObject instanceof X509Certificate) {
                if (identity != null) {
                    throw new IOException("Two certificates");
                }
                try {
                    identity = new Identity((X509Certificate) readObject);
                    if (keyPair != null) {
                        identity.setKeyPair(keyPair);
                        keyPair = null;
                    }
                } catch (Exception e) {
                    throw new IOException(e);
                }
            } else {
                if (!(readObject instanceof KeyPair)) {
                    throw new IOException("Unexpected PEM object: " + readObject.getClass().getName());
                }
                if (identity != null) {
                    identity.setKeyPair((KeyPair) readObject);
                } else {
                    keyPair = (KeyPair) readObject;
                }
            }
        }
    }

    public void load_directory(File file, Collection<KeyPair> collection, Map<String, Exception> map) {
        Vector vector = new Vector();
        Vector<File> vector2 = new Vector();
        TreeMap treeMap = new TreeMap();
        TreeMap treeMap2 = new TreeMap();
        if (file.isDirectory()) {
            for (File file2 : file.listFiles()) {
                vector2.add(file2);
            }
        } else {
            vector2.add(file);
        }
        for (File file3 : vector2) {
            try {
                Object readPEM = readPEM(new PEMReader(new FileReader(file3)));
                if (readPEM == null) {
                    vector.add(file3);
                } else if (readPEM instanceof Identity) {
                    Identity identity = (Identity) readPEM;
                    String keyID = identity.getKeyID();
                    if (treeMap2.containsKey(keyID)) {
                        identity.setKeyPair((KeyPair) treeMap2.get(keyID));
                        treeMap2.remove(keyID);
                    } else if (identity.getKeyPair() == null) {
                        treeMap.put(identity.getKeyID(), identity);
                    }
                    load_id_chunk(identity);
                } else if (readPEM instanceof KeyPair) {
                    KeyPair keyPair = (KeyPair) readPEM;
                    String extractKeyID = extractKeyID(keyPair.getPublic());
                    if (treeMap.containsKey(extractKeyID)) {
                        ((Identity) treeMap.get(extractKeyID)).setKeyPair(keyPair);
                        treeMap.remove(extractKeyID);
                    } else {
                        treeMap2.put(extractKeyID, keyPair);
                    }
                }
            } catch (Exception e) {
                if (map != null) {
                    map.put(file3.getName(), e);
                }
            }
        }
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            File file4 = (File) it.next();
            try {
                add_credential(new Credential(file4, this.m_identities));
            } catch (Exception e2) {
                if (map != null) {
                    map.put(file4.getName(), e2);
                }
            }
        }
    }

    public void load_directory(File file) {
        load_directory(file, null, null);
    }

    public void load_directory(File file, Map<String, Exception> map) {
        load_directory(file, null, map);
    }

    public void load_directory(File file, Collection<KeyPair> collection) {
        load_directory(file, collection, null);
    }

    public void load_rt0(InputStream inputStream) throws IOException {
        Pattern compile = Pattern.compile("(^\\s*#|^\\s*$)");
        Pattern compile2 = Pattern.compile("([\\w\\.]+)\\s*<-+\\s*(.+)");
        LineNumberReader lineNumberReader = new LineNumberReader(new InputStreamReader(inputStream));
        while (true) {
            String readLine = lineNumberReader.readLine();
            if (readLine == null) {
                return;
            }
            Matcher matcher = compile.matcher(readLine);
            Matcher matcher2 = compile2.matcher(readLine);
            if (!matcher.find()) {
                if (!matcher2.find()) {
                    throw new RuntimeException("Unexpected format: line " + lineNumberReader.getLineNumber());
                }
                add_credential(new Credential(new Role(matcher2.group(1)), new Role(matcher2.group(2))));
            }
        }
    }

    public void load_rt0(File file) throws IOException {
        load_rt0(new FileInputStream(file));
    }

    public void write_zip(OutputStream outputStream, boolean z, boolean z2) throws IOException {
        String str;
        ZipOutputStream zipOutputStream = new ZipOutputStream(outputStream);
        Set<Identity> treeSet = z ? this.m_identities : new TreeSet();
        str = "creds";
        int indexOf = str.indexOf(46);
        str = indexOf != -1 ? str.substring(0, indexOf) : "creds";
        int i = 0;
        for (Credential credential : credentials()) {
            int i2 = i;
            i++;
            zipOutputStream.putNextEntry(new ZipEntry(str + File.separator + XML.Entries.Elements.ATTRIBUTE + i2 + ".der"));
            credential.write(zipOutputStream);
            zipOutputStream.closeEntry();
            if (credential.issuer() != null && !z) {
                treeSet.add(credential.issuer());
            }
        }
        for (Identity identity : treeSet) {
            zipOutputStream.putNextEntry(new ZipEntry(str + File.separator + identity.getName() + ".pem"));
            identity.write(zipOutputStream);
            if (z2) {
                identity.writePrivateKey(zipOutputStream);
            }
            zipOutputStream.closeEntry();
        }
        zipOutputStream.close();
    }

    public void write_zip(File file, boolean z, boolean z2) throws IOException {
        write_zip(new FileOutputStream(file), z, z2);
    }

    public void write_rt0(Writer writer, boolean z) {
        PrintWriter printWriter = writer instanceof PrintWriter ? (PrintWriter) writer : new PrintWriter(writer);
        for (Credential credential : credentials()) {
            printWriter.println(z ? credential.toString() : credential.simpleString(this));
        }
        printWriter.flush();
    }

    public void write_rt0(File file, boolean z) throws IOException {
        write_rt0(new FileWriter(file), z);
    }

    public void write_rt0(Writer writer) {
        write_rt0(writer, false);
    }

    public void write_rt0(File file) throws IOException {
        write_rt0((Writer) new FileWriter(file), false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String extractKeyID(PublicKey publicKey) {
        SubjectKeyIdentifier createSHA1KeyIdentifier = SubjectKeyIdentifier.createSHA1KeyIdentifier(extractSubjectPublicKeyInfo(publicKey));
        Formatter formatter = new Formatter(new StringWriter());
        for (byte b : createSHA1KeyIdentifier.getKeyIdentifier()) {
            formatter.format("%02x", Byte.valueOf(b));
        }
        return formatter.out().toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SubjectPublicKeyInfo extractSubjectPublicKeyInfo(PublicKey publicKey) {
        try {
            return new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(publicKey.getEncoded()).readObject());
        } catch (IOException e) {
            return null;
        }
    }

    static {
        loadBouncyCastle();
    }
}
