package lia.util.security;

import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.security.cert.X509Certificate;
import lia.Monitor.JiniSerFarmMon.MLLUSHelper;
import lia.Monitor.monitor.AppConfig;
import lia.Monitor.monitor.GenericMLEntry;
import lia.util.security.authz.AuthZRequest;
import lia.util.security.authz.AuthZResponse;
import net.jini.core.lookup.ServiceItem;

/* loaded from: input_file:lia/util/security/AuthZManager.class */
public class AuthZManager extends Thread {
    protected static final int DEFAULT_AUTHZ_PORT = 6066;
    private static final transient Logger logger = Logger.getLogger("lia.util.security.AuthZManager");
    private String authzServer;
    private static long CHECK_CLIENTS_INTERVAL;
    private Set clients;
    private volatile boolean hasToRun = true;
    private Object _lock = new Object();

    public AuthZManager() {
        setAuthzServiceAddress();
        this.clients = Collections.synchronizedSet(new HashSet());
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        while (this.hasToRun) {
            synchronized (this._lock) {
                if (this.authzServer == null) {
                    setAuthzServiceAddress();
                }
            }
            System.out.println(new StringBuffer().append("AuthZManager started: Using AuthzService:").append(this.authzServer).toString());
            synchronized (this.clients) {
                if (this.clients.size() > 0) {
                    Iterator it = this.clients.iterator();
                    while (it.hasNext()) {
                        SSLSocket sSLSocket = (SSLSocket) it.next();
                        if (sSLSocket.isClosed()) {
                            it.remove();
                        } else if (!checkClient(sSLSocket)) {
                            try {
                                sSLSocket.close();
                            } catch (IOException e) {
                                logger.log(Level.WARNING, "Closing client connection failed", (Throwable) e);
                            }
                            it.remove();
                        }
                    }
                }
            }
            try {
                Thread.sleep(CHECK_CLIENTS_INTERVAL);
            } catch (InterruptedException e2) {
                this.hasToRun = false;
                if (logger.isLoggable(Level.WARNING)) {
                    logger.log(Level.WARNING, "AuthZ Thread interrupted");
                }
            }
        }
    }

    public void finish() {
        this.hasToRun = false;
    }

    private Socket connectToAuthzService(String str) throws IOException {
        String[] split = str.split(":");
        InetAddress byName = InetAddress.getByName(split[0]);
        int i = DEFAULT_AUTHZ_PORT;
        if (split.length == 2) {
            try {
                int parseInt = Integer.parseInt(split[1]);
                i = parseInt < 0 ? DEFAULT_AUTHZ_PORT : parseInt;
            } catch (NumberFormatException e) {
                i = DEFAULT_AUTHZ_PORT;
            }
        }
        InetSocketAddress inetSocketAddress = new InetSocketAddress(byName, i);
        Socket socket = new Socket();
        socket.connect(inetSocketAddress, 60000);
        return socket;
    }

    public boolean checkClient(String str) {
        logger.log(Level.INFO, new StringBuffer().append("AuthZManager checkClient:  ").append(str).toString());
        try {
            synchronized (this._lock) {
                if (this.authzServer == null) {
                    setAuthzServiceAddress();
                    if (this.authzServer == null) {
                        logger.log(Level.SEVERE, "No Authz Service available");
                        return false;
                    }
                }
                Socket connectToAuthzService = connectToAuthzService(this.authzServer);
                ObjectOutputStream objectOutputStream = new ObjectOutputStream(connectToAuthzService.getOutputStream());
                ObjectInputStream objectInputStream = new ObjectInputStream(connectToAuthzService.getInputStream());
                AuthZRequest authZRequest = new AuthZRequest(str, new String[]{"OSAdmins"});
                objectOutputStream.writeObject(authZRequest);
                objectOutputStream.flush();
                logger.fine(new StringBuffer().append("[AUTHZ] Request sent...Waiting response for: ").append(authZRequest).toString());
                try {
                    AuthZResponse authZResponse = (AuthZResponse) objectInputStream.readObject();
                    if (logger.isLoggable(Level.FINEST)) {
                        logger.log(Level.FINEST, new StringBuffer().append("\n\nAuthz response for ").append(str).append(": ").append(authZResponse).append(" IsAuthorized?").append(authZResponse.isAuthorized()).toString());
                    }
                    return authZResponse.isAuthorized();
                } catch (ClassNotFoundException e) {
                    if (!logger.isLoggable(Level.WARNING)) {
                        return false;
                    }
                    logger.log(Level.FINEST, "Received an unknown authorization response (CCE)");
                    return false;
                }
            }
        } catch (IOException e2) {
            if (logger.isLoggable(Level.WARNING)) {
                logger.log(Level.WARNING, new StringBuffer().append("Failed to fetch the permissions for [").append(str).append("] from [").append(this.authzServer).append("]. Invalidating authorization service").toString());
            }
            synchronized (this._lock) {
                this.authzServer = null;
                return false;
            }
        }
    }

    public boolean checkClient(SSLSocket sSLSocket) {
        logger.log(Level.INFO, new StringBuffer().append("AuthZManager checkClient:  ").append(sSLSocket).toString());
        SSLSession session = sSLSocket.getSession();
        try {
            X509Certificate[] peerCertificateChain = session.getPeerCertificateChain();
            if (logger.isLoggable(Level.FINE)) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append(new StringBuffer().append("certificate chain from ").append(session.getPeerHost()).append(": ChainLength").append(peerCertificateChain.length).toString());
                for (int i = 0; i < peerCertificateChain.length; i++) {
                    stringBuffer.append(new StringBuffer().append("\n--------\nSubjectDN-X509Certificate[").append(i).append("]=").append(peerCertificateChain[i].getSubjectDN()).toString());
                    stringBuffer.append(new StringBuffer().append("\nIssuerDN-X509Certificate[").append(i).append("]=").append(peerCertificateChain[i].getIssuerDN()).toString());
                }
                logger.log(Level.FINE, stringBuffer.toString());
            }
            return checkClient(peerCertificateChain[0].getSubjectDN().toString());
        } catch (SSLPeerUnverifiedException e) {
            e.printStackTrace();
            return false;
        }
    }

    public void registerClient(SSLSocket sSLSocket) {
        synchronized (this.clients) {
            this.clients.add(sSLSocket);
        }
    }

    private void setAuthzServiceAddress() {
        String str = null;
        try {
            MLLUSHelper.getInstance().forceUpdate();
            try {
                Thread.sleep(1000L);
            } catch (InterruptedException e) {
            }
            ServiceItem[] authzServices = MLLUSHelper.getInstance().getAuthzServices();
            if (authzServices == null || authzServices.length == 0 || authzServices[0].attributeSets.length == 0) {
                logger.log(Level.SEVERE, "No Authz service was found (yet)");
                str = null;
            } else {
                GenericMLEntry genericMLEntry = authzServices[0].attributeSets[0];
                if (genericMLEntry.hash != null) {
                    str = (String) genericMLEntry.hash.get("hostname");
                    logger.log(Level.INFO, new StringBuffer().append("Found an Authz service at ").append(genericMLEntry).toString());
                }
            }
        } catch (Exception e2) {
            logger.log(Level.WARNING, "While updating authz services list, got:", (Throwable) e2);
        }
        synchronized (this._lock) {
            this.authzServer = str;
        }
    }

    public String getAuthzServer() {
        String str;
        synchronized (this._lock) {
            str = this.authzServer;
        }
        return str;
    }

    static {
        try {
            CHECK_CLIENTS_INTERVAL = Long.parseLong(AppConfig.getProperty("lia.Monitor.Agents.OpticalPath.comm.AuthZManager.check_interval"));
        } catch (Throwable th) {
            CHECK_CLIENTS_INTERVAL = 3600000L;
        }
    }
}
