package be.iminds.ilabt.jfed.lowlevel.userloginmodel;

import be.iminds.ilabt.jfed.lowlevel.AnyCredential;
import be.iminds.ilabt.jfed.lowlevel.GeniUser;
import be.iminds.ilabt.jfed.lowlevel.JFedException;
import be.iminds.ilabt.jfed.lowlevel.ServerType;
import be.iminds.ilabt.jfed.lowlevel.SfaCredential;
import be.iminds.ilabt.jfed.lowlevel.SimpleGeniUser;
import be.iminds.ilabt.jfed.lowlevel.api.PlanetlabSfaRegistryInterface;
import be.iminds.ilabt.jfed.lowlevel.authority.AuthorityListModel;
import be.iminds.ilabt.jfed.lowlevel.authority.SfaAuthority;
import be.iminds.ilabt.jfed.lowlevel.connection.JFedConnectionProvider;
import be.iminds.ilabt.jfed.lowlevel.connection.SfaConnection;
import be.iminds.ilabt.jfed.lowlevel.planetlab.PlanetlabCertificateFetcher;
import be.iminds.ilabt.jfed.lowlevel.userloginmodel.UserLoginModelManager;
import be.iminds.ilabt.jfed.preferences.JFedPreferences;
import be.iminds.ilabt.jfed.util.AnsibleFileWriter;
import be.iminds.ilabt.jfed.util.GeniUrn;
import be.iminds.ilabt.jfed.util.IOUtils;
import be.iminds.ilabt.jfed.util.KeyUtil;
import ch.qos.logback.classic.ClassicConstants;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.List;
import javanet.staxutils.Indentation;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/userloginmodel/PlanetlabUserLoginModel.class */
public class PlanetlabUserLoginModel implements UserLoginModel {
    private static final Logger LOG;
    private static final String PREFS_PLE_LOGIN_SOURCE = "pleLoginSource";
    private static final String PREFS_SSH_PRIVATE_KEY_FILE = "sshPrivateKeyFile";
    private static final String PREFS_SSH_PRIVATE_KEY_URL = "sshPrivateKeyUrl";
    private static final String PREFS_PLANETLAB_SFA_HRN = "planetlabSfaHrn";
    private static final String PREFS_PLANETLAB_AUTHORITY = "planetlabAuthority";
    private static final String PREFS_PLANETLAB_RETRIEVED_CERTIFICATE = "planetlabRetrievedCertificate";
    protected static File defaultSshPrivateKeyFile;
    protected String planetlabSfaHrn;
    protected SfaAuthority authority;
    protected File sshPrivateKeyFile;
    protected URL sshPrivateKeyUrl;
    protected String privateKeyContent;
    protected LoginSource loginSource;
    protected List<X509Certificate> certificateChain;
    protected RSAPrivateKey privateKey;
    protected KeyPair keypair;
    protected GeniUrn userUrn;
    protected boolean passwordRequired;
    protected AuthorityListModel authorityListModel;
    protected UserLoginModelManager userLoginModelManager;
    private final be.iminds.ilabt.jfed.log.Logger logger;
    private final JFedPreferences jFedPreferences;
    private final JFedConnectionProvider connectionProvider;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/userloginmodel/PlanetlabUserLoginModel$CertificateFetchException.class */
    public static class CertificateFetchException extends Exception {
        public CertificateFetchException() {
        }

        public CertificateFetchException(String str) {
            super(str);
        }

        public CertificateFetchException(String str, Throwable th) {
            super(str, th);
        }

        public CertificateFetchException(Throwable th) {
            super(th);
        }

        public CertificateFetchException(String str, Throwable th, boolean z, boolean z2) {
            super(str, th, z, z2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/userloginmodel/PlanetlabUserLoginModel$LoginSource.class */
    public enum LoginSource {
        FILE,
        URL,
        STRING
    }

    public PlanetlabUserLoginModel(AuthorityListModel authorityListModel, UserLoginModelManager userLoginModelManager, be.iminds.ilabt.jfed.log.Logger logger, JFedConnectionProvider jFedConnectionProvider, JFedPreferences jFedPreferences) {
        this.authorityListModel = authorityListModel;
        this.userLoginModelManager = userLoginModelManager;
        this.logger = logger;
        this.connectionProvider = jFedConnectionProvider;
        this.jFedPreferences = jFedPreferences;
        reset();
    }

    private static GeniUrn sfaHrnToUrn(String str) {
        if (str == null) {
            return null;
        }
        int lastIndexOf = str.lastIndexOf(46);
        if (!$assertionsDisabled && lastIndexOf == -1) {
            throw new AssertionError();
        }
        return GeniUrn.createGeniUrnFromEncodedParts(str.substring(0, lastIndexOf).replace('.', ':'), ClassicConstants.USER_MDC_KEY, str.substring(lastIndexOf + 1));
    }

    public void setAuthority(SfaAuthority sfaAuthority) {
        this.authority = sfaAuthority;
    }

    private void partialResetForLoad() {
        this.loginSource = null;
        this.sshPrivateKeyFile = null;
        this.sshPrivateKeyUrl = null;
        this.passwordRequired = false;
        this.privateKeyContent = null;
        this.privateKey = null;
        this.keypair = null;
    }

    /* JADX WARN: Finally extract failed */
    public void setSshPrivateKeyUrl(@Nonnull URL url) throws InvalidLoginException {
        partialResetForLoad();
        this.sshPrivateKeyUrl = url;
        this.loginSource = LoginSource.URL;
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(url.openConnection().getInputStream()));
            StringBuilder sb = new StringBuilder();
            while (true) {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    sb.append(readLine);
                    sb.append(Indentation.NORMAL_END_OF_LINE);
                } catch (Throwable th) {
                    bufferedReader.close();
                    throw th;
                }
            }
            bufferedReader.close();
            String sb2 = sb.toString();
            if (sb2.isEmpty()) {
                throw new InvalidLoginException("Could not read planetlab login file from the provided URL. Got null");
            }
            this.privateKeyContent = sb2;
            processLoginContent();
        } catch (IOException e) {
            LOG.error("Could not fetch planetlab login file", (Throwable) e);
            throw new InvalidLoginException("Could not fetch planetlab login file", e);
        }
    }

    public void setSshPrivateKeyFile(@Nonnull File file) throws InvalidLoginException {
        partialResetForLoad();
        this.sshPrivateKeyFile = file;
        this.loginSource = LoginSource.FILE;
        if (!file.exists()) {
            throw new InvalidLoginException("SSH Private key file does not exist: \"" + file.getPath() + "\"");
        }
        this.sshPrivateKeyFile = file;
        this.loginSource = LoginSource.FILE;
        try {
            this.privateKeyContent = IOUtils.fileToString(file);
            processLoginContent();
        } catch (IOException e) {
            throw new InvalidLoginException("Error reading \"" + file.getPath() + "\"", e);
        }
    }

    public void setSshPrivateKeyString(String str) throws InvalidLoginException {
        partialResetForLoad();
        this.privateKeyContent = str;
        this.loginSource = LoginSource.STRING;
        processLoginContent();
    }

    private void processLoginContent() throws InvalidLoginException {
        if (!$assertionsDisabled && this.privateKeyContent == null) {
            throw new AssertionError();
        }
        String str = this.privateKeyContent.contains(Indentation.NORMAL_END_OF_LINE) ? Indentation.NORMAL_END_OF_LINE : " ";
        if (!KeyUtil.hasRsaPrivateKey(this.privateKeyContent)) {
            this.privateKeyContent = null;
            throw new InvalidLoginException("Error no private key found in \"" + this.sshPrivateKeyFile.getPath() + "\"");
        }
        boolean hasEncryptedRsaPrivateKey = KeyUtil.hasEncryptedRsaPrivateKey(this.privateKeyContent);
        this.passwordRequired = hasEncryptedRsaPrivateKey;
        if (!hasEncryptedRsaPrivateKey) {
            try {
                this.keypair = KeyUtil.pemToRsaKeyPair(this.privateKeyContent, null);
                this.privateKey = (RSAPrivateKey) this.keypair.getPrivate();
            } catch (KeyUtil.PEMDecodingException e) {
                throw new InvalidLoginException("Error reading private key", e);
            }
        }
        boolean contains = this.privateKeyContent.contains("#planetlab.sfa.hrn = ");
        if (contains) {
            int indexOf = this.privateKeyContent.indexOf("#planetlab.sfa.hrn = ") + "#planetlab.sfa.hrn = ".length();
            String trim = this.privateKeyContent.substring(indexOf, this.privateKeyContent.indexOf(str, indexOf)).trim();
            LOG.trace("Found Sfa Hrn in private key file: '{}'", trim);
            setPlanetlabSfaHrn(trim);
            return;
        }
        if (this.privateKeyContent.startsWith("fed4fire.")) {
            contains = true;
        }
        if (this.privateKeyContent.contains("http://sfa-fed4fire.pl.sophia.inria.fr:12345/")) {
            contains = true;
        }
        if (!contains) {
            LOG.trace("No Sfa Hrn in private key file");
            return;
        }
        String trim2 = this.privateKeyContent.substring(0, this.privateKeyContent.indexOf(str, 0)).trim();
        LOG.trace("Found fed4fire Sfa Hrn in private key file: '{}'", trim2);
        setPlanetlabSfaHrn(trim2);
        if (correctAuthority()) {
            return;
        }
        SfaAuthority byUrnExact = this.authorityListModel.getByUrnExact("urn:publicid:IDN+fed4fire+authority+sa");
        if (byUrnExact == null) {
            throw new NullPointerException("fed4fire authority is not known: cannot continue.");
        }
        setAuthority(byUrnExact);
    }

    public void setPlanetlabSfaHrn(String str) {
        this.planetlabSfaHrn = str;
        if (!correctPlanetlabSfaUrn() || correctAuthority()) {
            return;
        }
        GeniUrn sfaHrnToUrn = sfaHrnToUrn(str);
        if (sfaHrnToUrn.getEncodedTopLevelAuthority().startsWith("ple:") || sfaHrnToUrn.getEncodedTopLevelAuthority().equals("ple")) {
            SfaAuthority byUrnExact = this.authorityListModel.getByUrnExact("urn:publicid:IDN+" + sfaHrnToUrn.getEncodedTopLevelAuthority() + "+authority+cm");
            if (byUrnExact != null) {
                this.authority = byUrnExact;
                return;
            }
            SfaAuthority byUrnExact2 = this.authorityListModel.getByUrnExact("urn:publicid:IDN+ple+authority+cm");
            if (byUrnExact2 != null) {
                this.authority = byUrnExact2;
            }
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.userloginmodel.UserLoginModel
    public void reset() {
        this.planetlabSfaHrn = null;
        this.authority = null;
        this.sshPrivateKeyUrl = null;
        this.sshPrivateKeyFile = null;
        this.privateKeyContent = null;
        this.certificateChain = null;
        this.passwordRequired = false;
        this.userUrn = null;
        this.privateKey = null;
        this.keypair = null;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.userloginmodel.UserLoginModel
    public void defaults() {
        reset();
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.userloginmodel.UserLoginModel
    public void save(UserLoginModelManager.UserLoginModelPreferences userLoginModelPreferences) {
        if (!$assertionsDisabled && this.loginSource == null) {
            throw new AssertionError();
        }
        userLoginModelPreferences.put(PREFS_PLE_LOGIN_SOURCE, this.loginSource.name());
        if (this.sshPrivateKeyUrl != null) {
            userLoginModelPreferences.put(PREFS_SSH_PRIVATE_KEY_URL, this.sshPrivateKeyUrl.toExternalForm());
        } else {
            userLoginModelPreferences.remove(PREFS_SSH_PRIVATE_KEY_URL);
        }
        if (this.sshPrivateKeyFile != null) {
            userLoginModelPreferences.put(PREFS_SSH_PRIVATE_KEY_FILE, this.sshPrivateKeyFile.toURI().toString());
        } else {
            userLoginModelPreferences.remove(PREFS_SSH_PRIVATE_KEY_FILE);
        }
        if (this.planetlabSfaHrn != null) {
            userLoginModelPreferences.put(PREFS_PLANETLAB_SFA_HRN, this.planetlabSfaHrn);
        } else {
            userLoginModelPreferences.remove(PREFS_PLANETLAB_SFA_HRN);
        }
        if (this.authority != null) {
            userLoginModelPreferences.put(PREFS_PLANETLAB_AUTHORITY, this.authority.getUrnString());
        } else {
            userLoginModelPreferences.remove(PREFS_PLANETLAB_AUTHORITY);
        }
        if (this.certificateChain == null || this.certificateChain.isEmpty()) {
            userLoginModelPreferences.remove(PREFS_PLANETLAB_RETRIEVED_CERTIFICATE);
        } else {
            userLoginModelPreferences.put(PREFS_PLANETLAB_RETRIEVED_CERTIFICATE, KeyUtil.x509certificateChainToPem(this.certificateChain));
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.userloginmodel.UserLoginModel
    public void load(UserLoginModelManager.UserLoginModelPreferences userLoginModelPreferences) throws InvalidLoginException {
        reset();
        this.planetlabSfaHrn = userLoginModelPreferences.get(PREFS_PLANETLAB_SFA_HRN, null);
        if (this.planetlabSfaHrn != null) {
            if (!correctPlanetlabSfaUrn()) {
                LOG.warn("Stored planetlabSfaHrn not valid: {}", this.planetlabSfaHrn);
                userLoginModelPreferences.remove(PREFS_PLANETLAB_SFA_HRN);
            }
            this.userUrn = sfaHrnToUrn(this.planetlabSfaHrn);
        }
        this.authority = this.authorityListModel.getByUrnExact(userLoginModelPreferences.get(PREFS_PLANETLAB_AUTHORITY, null));
        String str = userLoginModelPreferences.get(PREFS_PLANETLAB_RETRIEVED_CERTIFICATE, null);
        if (str != null) {
            this.certificateChain = KeyUtil.pemToX509CertificateChain(str);
            if (this.certificateChain == null || this.certificateChain.isEmpty()) {
                LOG.warn("Stored certificate PEM is not valid: {}", str);
                userLoginModelPreferences.remove(PREFS_PLANETLAB_RETRIEVED_CERTIFICATE);
            }
        }
        if (userLoginModelPreferences.contains(PREFS_PLE_LOGIN_SOURCE)) {
            if (userLoginModelPreferences.get(PREFS_PLE_LOGIN_SOURCE).equals(LoginSource.FILE.name())) {
                File file = null;
                try {
                    file = new File(new URI(userLoginModelPreferences.get(PREFS_SSH_PRIVATE_KEY_FILE, defaultSshPrivateKeyFile.toURI().toString())));
                } catch (URISyntaxException e) {
                    LOG.warn("Stored file URI is not a valid URI. It will be deleted from the settings", (Throwable) e);
                    userLoginModelPreferences.remove(PREFS_SSH_PRIVATE_KEY_FILE);
                }
                if (file != null) {
                    setSshPrivateKeyFile(file);
                    return;
                }
                return;
            }
            if (userLoginModelPreferences.get(PREFS_PLE_LOGIN_SOURCE).equals(LoginSource.URL.name())) {
                URL url = null;
                try {
                    url = new URL(userLoginModelPreferences.get(PREFS_SSH_PRIVATE_KEY_URL, null));
                } catch (MalformedURLException e2) {
                    LOG.warn("Stored URL is not a valid URL. It will be deleted from the settings", (Throwable) e2);
                    userLoginModelPreferences.remove(PREFS_SSH_PRIVATE_KEY_URL);
                }
                if (url != null) {
                    setSshPrivateKeyUrl(url);
                }
            }
        }
    }

    public boolean correctPlanetlabSfaUrn() {
        return this.planetlabSfaHrn != null && this.planetlabSfaHrn.split("\\.").length == 3;
    }

    public boolean correctAuthority() {
        return (this.authority == null || this.authority.getUrl(ServerType.GeniServerRole.PlanetLabSliceRegistry, 1) == null) ? false : true;
    }

    public boolean isReadyToFetchCertificate() {
        return (!correctPlanetlabSfaUrn() || !correctAuthority() || this.keypair == null || this.privateKey == null || this.privateKeyContent == null) ? false : true;
    }

    public boolean fetchCertificate() throws CertificateFetchException {
        if (!isReadyToFetchCertificate()) {
            throw new CertificateFetchException("Some data needed to fetch the certificate is missing.");
        }
        GeniUrn sfaHrnToUrn = sfaHrnToUrn(this.planetlabSfaHrn);
        this.userUrn = sfaHrnToUrn;
        LOG.trace("Your planetlab Sfa hrn ('{}') is converted to the user URN: '{}'", this.planetlabSfaHrn, sfaHrnToUrn.toString());
        this.certificateChain = null;
        X509Certificate createSelfSignedCertificate = PlanetlabCertificateFetcher.createSelfSignedCertificate(this.authority, this.planetlabSfaHrn, this.privateKeyContent, this.keypair);
        if (createSelfSignedCertificate == null) {
            throw new CertificateFetchException("Failed to create self signed certificate for initial planetlab connection.");
        }
        PlanetlabSfaRegistryInterface planetlabSfaRegistryInterface = new PlanetlabSfaRegistryInterface(this.logger, this.jFedPreferences);
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(createSelfSignedCertificate);
            PlanetlabSfaRegistryInterface.SimpleApiCallReply<AnyCredential> selfCredential = planetlabSfaRegistryInterface.getSelfCredential((SfaConnection) this.connectionProvider.getConnectionByAuthority(new SimpleGeniUser(this.authority, sfaHrnToUrn, arrayList, this.privateKey, (File) null, getPrivateKeyFile()), this.authority, PlanetlabSfaRegistryInterface.class), KeyUtil.x509certificateToPem(createSelfSignedCertificate), sfaHrnToUrn.toString(), "");
            if (selfCredential == null || selfCredential.getValue() == null) {
                this.userUrn = null;
                throw new CertificateFetchException("Call \"GetSelfCredential\" on planetlab server returned empty credential");
            }
            if (selfCredential.getValue() instanceof SfaCredential) {
                this.certificateChain = KeyUtil.pemToX509CertificateChain(((SfaCredential) selfCredential.getValue()).getTargetGid());
                return true;
            }
            this.userUrn = null;
            throw new CertificateFetchException("Call \"GetSelfCredential\" on planetlab server returned non SFA credential (type=\"" + selfCredential.getValue().getType() + "\" version=\"" + selfCredential.getValue().getVersion() + "\")");
        } catch (JFedException e) {
            this.userUrn = null;
            throw new CertificateFetchException("Failed to call \"GetSelfCredential\" on planetlab server", e);
        }
    }

    public boolean unlock(String str) {
        return unlock(str.toCharArray());
    }

    public boolean unlock(char[] cArr) {
        if (this.privateKeyContent == null) {
            return false;
        }
        try {
            this.keypair = KeyUtil.pemToRsaKeyPair(this.privateKeyContent, cArr);
            this.privateKey = (RSAPrivateKey) this.keypair.getPrivate();
            if (this.keypair == null || this.privateKey == null) {
                LOG.trace("Failed to unlock private key using password");
            }
        } catch (KeyUtil.PEMDecodingException e) {
            LOG.trace("Failed to unlock private key using password", (Throwable) e);
            this.privateKey = null;
        }
        return this.privateKey != null;
    }

    public boolean isPasswordRequired() {
        return this.passwordRequired;
    }

    public File getSshPrivateKeyFile() {
        return this.sshPrivateKeyFile;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public File getPrivateKeyFile() {
        return this.sshPrivateKeyFile;
    }

    public URL getPrivateKeyUrl() {
        return this.sshPrivateKeyUrl;
    }

    public LoginSource getLoginSource() {
        return this.loginSource;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public File getCertificateFile() {
        return null;
    }

    public String getPrivateKeyContent() {
        return this.privateKeyContent;
    }

    public String getSfaHrn() {
        return this.planetlabSfaHrn;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public String getUserUrnString() {
        if (this.userUrn == null) {
            return null;
        }
        return this.userUrn.toString();
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public GeniUrn getUserUrn() {
        return this.userUrn;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public PublicKey getPublicKey() {
        List<X509Certificate> clientCertificateChain = getClientCertificateChain();
        if (clientCertificateChain == null || clientCertificateChain.isEmpty()) {
            return null;
        }
        return clientCertificateChain.get(0).getPublicKey();
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public List<X509Certificate> getClientCertificateChain() {
        return this.certificateChain;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public SfaAuthority getUserAuthority() {
        return this.authority;
    }

    public String getUserAuthorityUrn() {
        if (this.authority == null) {
            return null;
        }
        return this.authority.getUrnString();
    }

    public boolean isValid() {
        if (this.authority == null || this.userUrn == null || this.planetlabSfaHrn == null) {
            return false;
        }
        if (this.loginSource == LoginSource.FILE) {
            if (this.sshPrivateKeyFile == null) {
                return false;
            }
        } else if (this.loginSource == LoginSource.URL && this.sshPrivateKeyUrl == null) {
            return false;
        }
        return (this.privateKeyContent == null || this.privateKey == null || this.certificateChain == null || this.certificateChain.isEmpty()) ? false : true;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUserProvider
    public GeniUser getLoggedInGeniUser() {
        if (isValid()) {
            return this;
        }
        return null;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUserProvider
    public boolean isUserLoggedIn() {
        return isValid();
    }

    public boolean equals(Object obj) {
        throw new UnsupportedOperationException();
    }

    public int hashCode() {
        throw new UnsupportedOperationException();
    }

    static {
        $assertionsDisabled = !PlanetlabUserLoginModel.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger((Class<?>) PlanetlabUserLoginModel.class);
        defaultSshPrivateKeyFile = new File(System.getProperty("user.home") + File.separator + ".ssh" + File.separator + AnsibleFileWriter.PRIVATE_KEY_FILE_BASENAME);
    }
}
