package uk.ac.starlink.auth;

import cds.healpix.common.math.HackersDelight;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.util.Date;
import java.util.logging.Logger;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory;
import uk.ac.starlink.auth.ssl.SSLUtil;
import uk.ac.starlink.auth.ssl.X509CertificateChain;

/* loaded from: input_file:uk/ac/starlink/auth/X509IvoaAuthScheme.class */
public class X509IvoaAuthScheme extends IvoaAuthScheme {
    public static final String SCHEME_NAME = "ivoa_x509";
    private static final int MAX_CERT_SIZE = 65536;
    public static final X509IvoaAuthScheme INSTANCE = new X509IvoaAuthScheme();
    private static final Logger logger_ = Logger.getLogger("uk.ac.starlink.auth");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:uk/ac/starlink/auth/X509IvoaAuthScheme$X509Context.class */
    public static class X509Context implements AuthContext {
        private final X509IvoaAuthScheme scheme_;
        private final String loginUrl_;
        private final ProtectionSpace scope_;
        private final SSLSocketFactory sslFact_;
        private final long expireTime_;

        X509Context(X509IvoaAuthScheme x509IvoaAuthScheme, String str, ProtectionSpace protectionSpace, X509CertificateChain x509CertificateChain) {
            this.scheme_ = x509IvoaAuthScheme;
            this.loginUrl_ = str;
            this.scope_ = protectionSpace;
            this.sslFact_ = x509CertificateChain == null ? null : SSLUtil.getSocketFactory(x509CertificateChain);
            Date expiryDate = x509CertificateChain == null ? null : x509CertificateChain.getExpiryDate();
            this.expireTime_ = expiryDate == null ? HackersDelight.BUT_SIGN_BIT_MASK_L : expiryDate.getTime();
        }

        @Override // uk.ac.starlink.auth.AuthContext
        public AuthScheme getScheme() {
            return this.scheme_;
        }

        @Override // uk.ac.starlink.auth.AuthContext
        public boolean hasCredentials() {
            return this.sslFact_ != null;
        }

        @Override // uk.ac.starlink.auth.AuthContext
        public void configureConnection(HttpURLConnection httpURLConnection) throws IOException {
            if (!(httpURLConnection instanceof HttpsURLConnection) || this.sslFact_ == null) {
                return;
            }
            ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(this.sslFact_);
        }

        @Override // uk.ac.starlink.auth.AuthContext
        public boolean isUrlDomain(URL url) {
            return this.scope_.equals(new ProtectionSpace(url, null));
        }

        @Override // uk.ac.starlink.auth.AuthContext
        public boolean isChallengeDomain(Challenge challenge, URL url) {
            try {
                if (this.scheme_.createContextFactory(challenge, url) != null) {
                    if (this.loginUrl_.equals(challenge.getParams().get("access_url"))) {
                        return true;
                    }
                }
                return false;
            } catch (BadChallengeException e) {
                return false;
            }
        }

        @Override // uk.ac.starlink.auth.AuthContext
        public boolean isExpired() {
            return System.currentTimeMillis() > this.expireTime_;
        }

        @Override // uk.ac.starlink.auth.AuthContext
        public String[] getCurlArgs(URL url, boolean z) {
            return hasCredentials() ? new String[]{"--cert", "<PEM-FILE>"} : new String[0];
        }
    }

    private X509IvoaAuthScheme() {
        super(SCHEME_NAME);
    }

    @Override // uk.ac.starlink.auth.IvoaAuthScheme
    public ContextFactory createContextFactory(final LoginProtocol loginProtocol, final URL url, URL url2) {
        final ProtectionSpace protectionSpace = new ProtectionSpace(url2, null);
        return new ContextFactory() { // from class: uk.ac.starlink.auth.X509IvoaAuthScheme.1
            @Override // uk.ac.starlink.auth.ContextFactory
            public AuthContext createContext(UserInterface userInterface) {
                X509CertificateChain x509CertificateChain = (X509CertificateChain) IvoaAuthScheme.readAuth(loginProtocol, X509IvoaAuthScheme.this, url, userInterface, httpURLConnection -> {
                    return X509IvoaAuthScheme.readCertificate(httpURLConnection);
                });
                if (x509CertificateChain == null) {
                    return null;
                }
                return createX509Context(x509CertificateChain);
            }

            @Override // uk.ac.starlink.auth.ContextFactory
            public AuthContext createUnauthContext() {
                return createX509Context(null);
            }

            private AuthContext createX509Context(X509CertificateChain x509CertificateChain) {
                return new X509Context(X509IvoaAuthScheme.this, url.toString(), protectionSpace, x509CertificateChain);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509CertificateChain readCertificate(HttpURLConnection httpURLConnection) throws IOException {
        ContentType parse = ContentType.parse(httpURLConnection.getContentType());
        StringBuffer append = new StringBuffer().append("Attempting to read X509 certificate in PEM format from ").append(httpURLConnection.getURL());
        if (parse != null) {
            append.append(" (").append(parse).append(")");
        }
        logger_.info(append.toString());
        InputStream inputStream = httpURLConnection.getInputStream();
        Throwable th = null;
        try {
            try {
                byte[] readStream = readStream(inputStream, MAX_CERT_SIZE);
                if (inputStream != null) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        inputStream.close();
                    }
                }
                try {
                    return SSLUtil.readPemCertificateAndKey(readStream);
                } catch (GeneralSecurityException e) {
                    throw new IOException("Error reading certificate", e);
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (inputStream != null) {
                if (th != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    inputStream.close();
                }
            }
            throw th3;
        }
    }

    private static byte[] readStream(InputStream inputStream, int i) throws IOException {
        byte[] bArr = new byte[i];
        int i2 = 0;
        while (true) {
            int i3 = i2;
            if (i3 >= i) {
                throw new IOException("Certificate content surprisingly large (>" + i + ") - bailing out");
            }
            int read = inputStream.read(bArr, i3, i - i3);
            if (read < 0) {
                if (i3 == 0) {
                    throw new IOException("No certificate data found");
                }
                byte[] bArr2 = new byte[i3];
                System.arraycopy(bArr, 0, bArr2, 0, i3);
                return bArr2;
            }
            i2 = i3 + read;
        }
    }
}
