package org.bitrepository.protocol.security;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.apache.commons.codec.digest.DigestUtils;
import org.bitrepository.protocol.security.exception.PermissionStoreException;
import org.bitrepository.protocol.security.exception.UnregisteredPermissionException;
import org.bitrepository.settings.repositorysettings.InfrastructurePermission;
import org.bitrepository.settings.repositorysettings.Operation;
import org.bitrepository.settings.repositorysettings.OperationPermission;
import org.bitrepository.settings.repositorysettings.Permission;
import org.bitrepository.settings.repositorysettings.PermissionSet;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/bitrepository-core-1.5.jar:org/bitrepository/protocol/security/PermissionStore.class */
public class PermissionStore {
    private final Logger log = LoggerFactory.getLogger((Class<?>) PermissionStore.class);
    private Map<CertificateID, CertificatePermission> permissionMap = new HashMap();

    /* loaded from: input_file:WEB-INF/lib/bitrepository-core-1.5.jar:org/bitrepository/protocol/security/PermissionStore$CertificatePermission.class */
    private final class CertificatePermission {
        private final Set<Operation> permissions;
        private final Set<String> allowedUsers;
        private final X509Certificate certificate;
        private final String fingerprint;

        public CertificatePermission(X509Certificate x509Certificate, Collection<Operation> collection, Collection<String> collection2) throws CertificateEncodingException {
            if (collection2 == null) {
                this.allowedUsers = null;
            } else {
                this.allowedUsers = new HashSet();
                this.allowedUsers.addAll(collection2);
            }
            this.permissions = new HashSet();
            this.certificate = x509Certificate;
            this.permissions.addAll(collection);
            this.fingerprint = DigestUtils.sha1Hex(x509Certificate.getEncoded());
        }

        public boolean hasPermission(Operation operation) {
            return this.permissions.contains(operation);
        }

        public boolean isUserAllowed(String str) {
            if (this.allowedUsers == null) {
                return true;
            }
            return this.allowedUsers.contains(str);
        }

        public X509Certificate getCertificate() {
            return this.certificate;
        }

        public String getFingerprint() {
            return this.fingerprint;
        }
    }

    public PermissionStore() {
        Security.addProvider(new BouncyCastleProvider());
    }

    public void loadPermissions(PermissionSet permissionSet, String str) throws CertificateException {
        HashSet hashSet;
        if (permissionSet == null) {
            this.log.info("The provided PermissionSet was null");
            return;
        }
        for (Permission permission : permissionSet.getPermission()) {
            if (permission.getCertificate().getAllowedCertificateUsers() != null) {
                hashSet = new HashSet();
                hashSet.addAll(permission.getCertificate().getAllowedCertificateUsers().getIDs());
            } else {
                hashSet = null;
            }
            HashSet hashSet2 = new HashSet();
            X509Certificate x509Certificate = null;
            if (permission.getOperationPermission() != null) {
                for (OperationPermission operationPermission : permission.getOperationPermission()) {
                    if (operationPermission.getAllowedComponents() == null || operationPermission.getAllowedComponents().getIDs().contains(str)) {
                        hashSet2.add(operationPermission.getOperation());
                    }
                }
                if (!hashSet2.isEmpty()) {
                    x509Certificate = makeCertificate(permission.getCertificate().getCertificateData());
                }
            }
            if (permission.getInfrastructurePermission().contains(InfrastructurePermission.MESSAGE_SIGNER) && x509Certificate == null) {
                x509Certificate = makeCertificate(permission.getCertificate().getCertificateData());
            }
            if (x509Certificate != null) {
                this.permissionMap.put(new CertificateID(x509Certificate.getIssuerX500Principal(), x509Certificate.getSerialNumber()), new CertificatePermission(x509Certificate, hashSet2, hashSet));
            }
        }
    }

    public X509Certificate getCertificate(SignerId signerId) throws PermissionStoreException {
        CertificateID certificateID = new CertificateID(signerId.getIssuer(), signerId.getSerialNumber());
        CertificatePermission certificatePermission = this.permissionMap.get(certificateID);
        if (certificatePermission != null) {
            return certificatePermission.getCertificate();
        }
        throw new PermissionStoreException("Failed to find certificate for the requested signer:" + certificateID.toString());
    }

    public boolean checkCertificateUser(SignerId signerId, String str) throws PermissionStoreException {
        CertificateID certificateID = new CertificateID(signerId.getIssuer(), signerId.getSerialNumber());
        CertificatePermission certificatePermission = this.permissionMap.get(certificateID);
        if (certificatePermission == null) {
            throw new PermissionStoreException("Failed to find certificate and permissions for the requested signer: " + certificateID.toString());
        }
        return certificatePermission.isUserAllowed(str);
    }

    public String getCertificateFingerprint(SignerId signerId) throws UnregisteredPermissionException {
        CertificatePermission certificatePermission = this.permissionMap.get(new CertificateID(signerId.getIssuer(), signerId.getSerialNumber()));
        if (certificatePermission != null) {
            return certificatePermission.getFingerprint();
        }
        throw new UnregisteredPermissionException("No certificate fingerprint found for signer " + signerId);
    }

    public boolean checkPermission(SignerId signerId, Operation operation) throws PermissionStoreException {
        CertificateID certificateID = new CertificateID(signerId.getIssuer(), signerId.getSerialNumber());
        CertificatePermission certificatePermission = this.permissionMap.get(certificateID);
        if (certificatePermission == null) {
            throw new PermissionStoreException("Failed to find certificate and permissions for the requested signer: " + certificateID.toString());
        }
        return certificatePermission.hasPermission(operation);
    }

    private X509Certificate makeCertificate(byte[] bArr) throws CertificateException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(SecurityModuleConstants.CertificateType).generateCertificate(byteArrayInputStream);
        try {
            byteArrayInputStream.close();
        } catch (IOException e) {
            this.log.debug("Failed to close ByteArrayInputStream", (Throwable) e);
        }
        return x509Certificate;
    }
}
