package xsul.secconv.pki;

import java.io.ByteArrayInputStream;
import java.security.cert.X509Certificate;
import org.globus.gsi.CertUtil;
import org.globus.gsi.GlobusCredential;
import org.globus.gsi.GlobusCredentialException;
import org.globus.gsi.TrustedCertificates;
import org.globus.gsi.bc.BouncyCastleUtil;
import xsul.MLogger;
import xsul.dsig.saml.authorization.CapabilityUtil;
import xsul.secconv.SCUtil;
import xsul.secconv.token.pki.ServerResponseTokenType;

/* loaded from: input_file:WEB-INF/lib/xsul-2.10.5_b.jar:xsul/secconv/pki/GlobusCredServerNegotiator.class */
public class GlobusCredServerNegotiator extends RSAServerNegotiator {
    private static final MLogger logger = MLogger.getLogger();
    private GlobusCredential globusCred;
    private TrustedCertificates trustedCerts;

    public GlobusCredServerNegotiator(GlobusCredential globusCredential, TrustedCertificates trustedCertificates) {
        this.globusCred = globusCredential;
        this.trustedCerts = trustedCertificates;
    }

    public GlobusCredServerNegotiator() throws GlobusCredentialException {
        this.globusCred = GlobusCredential.getDefaultCredential();
        this.trustedCerts = CapabilityUtil.getTrustedCertificates(null);
    }

    public GlobusCredServerNegotiator(String str) throws GlobusCredentialException {
        this.globusCred = new GlobusCredential(str);
        this.trustedCerts = CapabilityUtil.getTrustedCertificates(null);
    }

    public GlobusCredServerNegotiator(GlobusCredential globusCredential) {
        this.globusCred = globusCredential;
        this.trustedCerts = CapabilityUtil.getTrustedCertificates(null);
    }

    public void setGlobusCred(GlobusCredential globusCredential) {
        this.globusCred = globusCredential;
    }

    public GlobusCredential getGlobusCred() {
        return this.globusCred;
    }

    @Override // xsul.secconv.pki.RSAServerNegotiator
    protected void init() throws Exception {
        this.prikey = this.globusCred.getPrivateKey();
        this.pubkey = this.globusCred.getCertificateChain()[0].getPublicKey();
        if (this.pubkey == null) {
            throw new Exception("public key null");
        }
    }

    @Override // xsul.secconv.pki.RSAServerNegotiator
    protected void loadCertificate(ServerResponseTokenType serverResponseTokenType) throws Exception {
        serverResponseTokenType.setPublicKey(this.globusCred.getCertificateChain()[0].getEncoded());
    }

    @Override // xsul.secconv.pki.RSAServerNegotiator
    protected void getClientPublicKey(byte[] bArr) throws Exception {
        X509Certificate loadCertificate = CertUtil.loadCertificate(new ByteArrayInputStream(BouncyCastleUtil.toByteArray(BouncyCastleUtil.toDERObject(bArr))));
        SCUtil.pathValidation(loadCertificate, this.trustedCerts);
        logger.finest("path validated !!!");
        this.clPubkey = loadCertificate.getPublicKey();
    }
}
