package org.bitrepository.protocol.security;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.bitrepository.settings.collectionsettings.InfrastructurePermission;
import org.bitrepository.settings.collectionsettings.OperationPermission;
import org.bitrepository.settings.collectionsettings.Permission;
import org.bitrepository.settings.collectionsettings.PermissionSet;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/bitrepository-protocol-0.11.jar:org/bitrepository/protocol/security/PermissionStore.class */
public class PermissionStore {
    private final Logger log = LoggerFactory.getLogger(PermissionStore.class);
    private Map<CertificateID, CertificatePermission> permissionMap = new HashMap();

    /* loaded from: input_file:WEB-INF/lib/bitrepository-protocol-0.11.jar:org/bitrepository/protocol/security/PermissionStore$CertificatePermission.class */
    private final class CertificatePermission {
        private Set<OperationPermission> permissions = new HashSet();
        private final X509Certificate certificate;

        public CertificatePermission(X509Certificate x509Certificate, Collection<OperationPermission> collection) {
            this.permissions.addAll(collection);
            this.certificate = x509Certificate;
        }

        public boolean hasPermission(OperationPermission operationPermission) {
            return this.permissions.contains(operationPermission);
        }

        public X509Certificate getCertificate() {
            return this.certificate;
        }
    }

    public PermissionStore() {
        Security.addProvider(new BouncyCastleProvider());
    }

    public void loadPermissions(PermissionSet permissionSet) throws CertificateException {
        if (permissionSet == null) {
            this.log.info("The provided PermissionSet was null");
            return;
        }
        for (Permission permission : permissionSet.getPermission()) {
            if (permission.getOperationPermission() != null) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(permission.getCertificate());
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(SecurityModuleConstants.CertificateType).generateCertificate(byteArrayInputStream);
                this.permissionMap.put(new CertificateID(x509Certificate.getIssuerX500Principal(), x509Certificate.getSerialNumber()), new CertificatePermission(x509Certificate, permission.getOperationPermission()));
                try {
                    byteArrayInputStream.close();
                } catch (IOException e) {
                    this.log.debug("Failed to close ByteArrayInputStream", (Throwable) e);
                }
            } else if (permission.getInfrastructurePermission().contains(InfrastructurePermission.MESSAGE_SIGNER)) {
                ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(permission.getCertificate());
                X509Certificate x509Certificate2 = (X509Certificate) CertificateFactory.getInstance(SecurityModuleConstants.CertificateType).generateCertificate(byteArrayInputStream2);
                this.permissionMap.put(new CertificateID(x509Certificate2.getIssuerX500Principal(), x509Certificate2.getSerialNumber()), new CertificatePermission(x509Certificate2, new HashSet()));
                try {
                    byteArrayInputStream2.close();
                } catch (IOException e2) {
                    this.log.debug("Failed to close ByteArrayInputStream", (Throwable) e2);
                }
            }
        }
    }

    public X509Certificate getCertificate(SignerId signerId) throws PermissionStoreException {
        CertificateID certificateID = new CertificateID(signerId.getIssuer(), signerId.getSerialNumber());
        CertificatePermission certificatePermission = this.permissionMap.get(certificateID);
        if (certificatePermission != null) {
            return certificatePermission.getCertificate();
        }
        throw new PermissionStoreException("Failed to find certificate for the requested signer:" + certificateID.toString());
    }

    public boolean checkPermission(SignerId signerId, OperationPermission operationPermission) throws PermissionStoreException {
        CertificateID certificateID = new CertificateID(signerId.getIssuer(), signerId.getSerialNumber());
        CertificatePermission certificatePermission = this.permissionMap.get(certificateID);
        if (certificatePermission == null) {
            throw new PermissionStoreException("Failed to find certificate and permissions for the requested signer: " + certificateID.toString());
        }
        return certificatePermission.hasPermission(operationPermission);
    }
}
