package org.irods.jargon.core.connection;

import java.io.IOException;
import java.io.InterruptedIOException;
import java.nio.channels.ClosedChannelException;
import org.globus.common.CoGProperties;
import org.globus.gsi.gssapi.net.impl.GSIGssInputStream;
import org.globus.gsi.gssapi.net.impl.GSIGssOutputStream;
import org.gridforum.jgss.ExtendedGSSManager;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.irods.jargon.core.connection.auth.AuthResponse;
import org.irods.jargon.core.exception.AuthenticationException;
import org.irods.jargon.core.exception.JargonException;
import org.irods.jargon.core.protovalues.RequestTypes;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/irods/jargon/core/connection/GSIAuth.class */
class GSIAuth extends AuthMechanism {
    public static final Logger log = LoggerFactory.getLogger(GSIAuth.class);
    private static final int GSI_AUTH_REQUEST_AN = 711;

    void sendGSIPassword(GSIIRODSAccount gSIIRODSAccount, AbstractIRODSMidLevelProtocol abstractIRODSMidLevelProtocol) throws JargonException {
        log.info("sendGSIPassword()");
        if (gSIIRODSAccount == null) {
            throw new JargonException("irods account is null");
        }
        if (abstractIRODSMidLevelProtocol == null) {
            throw new IllegalArgumentException("null irodsCommands");
        }
        log.debug("sending gsi auth request after startup...");
        try {
            abstractIRODSMidLevelProtocol.sendHeader(RequestTypes.RODS_API_REQ.getRequestType(), 0, 0, 0L, 711);
            abstractIRODSMidLevelProtocol.getIrodsConnection().flush();
            log.debug("reading iRODS response to gsi auth request, extracting server DN...");
            String stringValue = abstractIRODSMidLevelProtocol.readMessage(false).getTag("ServerDN").getStringValue();
            log.debug("serverDN:{}", stringValue);
            gSIIRODSAccount.setServerDistinguishedName(stringValue);
        } catch (InterruptedIOException e) {
            log.error("interrupted io", e);
            e.printStackTrace();
            throw new JargonException(e);
        } catch (ClosedChannelException e2) {
            log.error("closed channel", e2);
            e2.printStackTrace();
            throw new JargonException(e2);
        } catch (IOException e3) {
            log.error("io exception", e3);
            e3.printStackTrace();
            throw new JargonException(e3);
        }
    }

    /* JADX WARN: Finally extract failed */
    AbstractIRODSMidLevelProtocol sendGSIAuth(GSIIRODSAccount gSIIRODSAccount, AbstractIRODSMidLevelProtocol abstractIRODSMidLevelProtocol) throws AuthenticationException, JargonException {
        AuthenticationException authenticationException;
        log.info("sendGSIAuth()");
        if (gSIIRODSAccount == null) {
            throw new IllegalArgumentException("null irodsAccount");
        }
        if (gSIIRODSAccount.getGSSCredential() == null) {
            throw new IllegalArgumentException("null gssCredential");
        }
        if (abstractIRODSMidLevelProtocol == null) {
            throw new IllegalArgumentException("null irodsCommands");
        }
        sendGSIPassword(gSIIRODSAccount, abstractIRODSMidLevelProtocol);
        CoGProperties coGProperties = null;
        String str = null;
        String certificateAuthority = gSIIRODSAccount.getCertificateAuthority();
        ExtendedGSSManager extendedGSSManager = ExtendedGSSManager.getInstance();
        try {
            if (certificateAuthority != null) {
                try {
                    if (certificateAuthority.length() > 0) {
                        coGProperties = CoGProperties.getDefault();
                        str = coGProperties.getCaCertLocations();
                        coGProperties.setCaCertLocations(certificateAuthority);
                    }
                } catch (GSSException e) {
                    String message = e.getMessage();
                    if (message.indexOf("Invalid buffer") >= 0) {
                        authenticationException = new AuthenticationException("GSI Authentication Failed - Invalid Proxy File");
                        authenticationException.initCause(e);
                    } else if (message.indexOf("Unknown CA") >= 0) {
                        authenticationException = new AuthenticationException("GSI Authentication Failed - Cannot find Certificate Authority (CA)");
                        authenticationException.initCause(e);
                    } else {
                        authenticationException = new AuthenticationException("GSI Authentication Failed");
                        authenticationException.initCause(e);
                    }
                    throw authenticationException;
                } catch (Throwable th) {
                    SecurityException securityException = new SecurityException("GSI Authentication Failed");
                    securityException.initCause(th);
                    throw securityException;
                }
            }
            GSSContext createContext = extendedGSSManager.createContext((GSSName) null, (Oid) null, gSIIRODSAccount.getGSSCredential(), 0);
            createContext.requestCredDeleg(false);
            createContext.requestMutualAuth(true);
            GSIGssOutputStream gSIGssOutputStream = new GSIGssOutputStream(abstractIRODSMidLevelProtocol.getIrodsConnection().getIrodsOutputStream(), createContext);
            GSIGssInputStream gSIGssInputStream = new GSIGssInputStream(abstractIRODSMidLevelProtocol.getIrodsConnection().getIrodsInputStream(), createContext);
            byte[] bArr = new byte[0];
            while (!createContext.isEstablished()) {
                byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
                if (initSecContext != null) {
                    gSIGssOutputStream.writeToken(initSecContext);
                }
                if (!createContext.isEstablished()) {
                    bArr = gSIGssInputStream.readHandshakeToken();
                }
            }
            AuthResponse authResponse = new AuthResponse();
            authResponse.setAuthenticatingIRODSAccount(gSIIRODSAccount);
            authResponse.setAuthenticatedIRODSAccount(gSIIRODSAccount);
            abstractIRODSMidLevelProtocol.setAuthResponse(authResponse);
            if (str != null) {
                coGProperties.setCaCertLocations(str);
            }
            return abstractIRODSMidLevelProtocol;
        } catch (Throwable th2) {
            if (str != null) {
                coGProperties.setCaCertLocations(str);
            }
            throw th2;
        }
    }

    @Override // org.irods.jargon.core.connection.AuthMechanism
    protected AbstractIRODSMidLevelProtocol processAuthenticationAfterStartup(IRODSAccount iRODSAccount, AbstractIRODSMidLevelProtocol abstractIRODSMidLevelProtocol, StartupResponseData startupResponseData) throws AuthenticationException, JargonException {
        if (iRODSAccount == null) {
            throw new IllegalArgumentException("null irodsAccount");
        }
        log.info("processAuthenticationAfterStartup()..checking if GSIIRODSAccount and validating credential");
        if (!(iRODSAccount instanceof GSIIRODSAccount)) {
            throw new IllegalArgumentException("irodsAccount should be an instance of GSIIRODSAccount");
        }
        GSIIRODSAccount gSIIRODSAccount = (GSIIRODSAccount) iRODSAccount;
        log.info("have credential, check if valid...");
        try {
            if (gSIIRODSAccount.getGSSCredential().getRemainingLifetime() <= 0) {
                throw new AuthenticationException("gss credentials are expired");
            }
            log.info("all valid...send GSI auth to iRODS...");
            return sendGSIAuth(gSIIRODSAccount, abstractIRODSMidLevelProtocol);
        } catch (GSSException e) {
            log.error("GSSException processing credential");
            throw new JargonException("gss exception processing credential", (Throwable) e);
        }
    }
}
