package fr.lixbox.security.jaas.cert.login;

import fr.lixbox.security.cert.parser.CertParser;
import fr.lixbox.security.jaas.login.AbstractServerLoginModule;
import fr.lixbox.security.jaas.model.LixboxPrincipal;
import fr.lixbox.security.jaas.model.enumeration.TypeAuthentification;
import fr.lixbox.security.jaas.model.enumeration.TypeCompte;
import java.io.FileInputStream;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.acl.Group;
import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Map;
import java.util.Properties;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.sql.DataSource;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.callback.ObjectCallback;

/* loaded from: input_file:fr/lixbox/security/jaas/cert/login/CertLoginModule.class */
public class CertLoginModule extends AbstractServerLoginModule {
    public static final long serialVersionUID = -365985684758L;
    private static final Log LOG = LogFactory.getLog(CertLoginModule.class);
    private CertParser parser;
    private String certParserClass = "fr.lixbox.security.cert.parser.BasicCertParser";

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
        if (map2.get("certParserClass") != null) {
            this.certParserClass = (String) map2.get("certParserClass");
        }
        try {
            this.parser = (CertParser) Class.forName(this.certParserClass).getConstructors()[0].newInstance(new Object[0]);
        } catch (Exception e) {
            LOG.fatal(e);
        }
    }

    public boolean login() throws LoginException {
        try {
            this.loginOk = super.login();
        } catch (FailedLoginException e) {
            LOG.trace("CertLoginModule: Impossible d'authentifier l'utilisateur");
        }
        try {
            getLoginInfo();
            if (this.parser != null) {
                Object certificateId = this.parser.getCertificateId();
                if (!this.loginOk) {
                    LOG.trace("Identite presentee:" + certificateId);
                    if (this.parser.getCertificateId() == null) {
                        certificateId = this.sharedState.get("javax.security.auth.login.name");
                    }
                    if (certificateId == null) {
                        this.identity = this.unauthenticatedIdentity;
                    } else if (certificateId instanceof Principal) {
                        this.identity = (Principal) certificateId;
                    } else {
                        try {
                            this.identity = createIdentity("", certificateId.toString());
                        } catch (Exception e2) {
                            LOG.trace("Failed to create principal", e2);
                            throw new LoginException("Failed to create principal: " + e2.getMessage());
                        }
                    }
                    this.loginOk = authentifierUserName(this.identity);
                    LOG.info("User '" + this.identity + "' authenticated, loginOk=" + this.loginOk);
                }
            }
        } catch (Exception e3) {
            LOG.fatal(e3);
        }
        return this.loginOk;
    }

    protected boolean authentifierUserName(Principal principal) throws LoginException {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        try {
            Properties properties = System.getProperties();
            properties.put("java.naming.provider.url", this.jnpHost);
            if (this.jnpHost.contains("4447")) {
                properties.put("java.naming.security.principal", this.jnpUser);
                properties.put("java.naming.security.credentials", this.jnpPwd);
                properties.put("java.naming.factory.initial", this.jnpFactory);
            }
            connection = ((DataSource) new InitialContext(properties).lookup(this.dsJndiName)).getConnection();
            preparedStatement = connection.prepareStatement(this.userQuery);
            if (principal != null && ((LixboxPrincipal) principal).getCertificateId() != null) {
                preparedStatement.setString(1, ((LixboxPrincipal) principal).getCertificateId());
                ResultSet executeQuery = preparedStatement.executeQuery();
                if (!executeQuery.next()) {
                    LOG.trace("Utilisateur non autorise");
                    closeConnection(connection, preparedStatement, executeQuery);
                    return false;
                }
                ((LixboxPrincipal) principal).setName(executeQuery.getString(1));
                ((LixboxPrincipal) principal).setTypeCompte(TypeCompte.COMPTE_UTILISATEUR);
                LOG.trace("Utilisateur autorise");
                closeConnection(connection, preparedStatement, executeQuery);
                return true;
            }
        } catch (Exception e) {
            LOG.error(e);
        }
        closeConnection(connection, preparedStatement, null);
        throw new FailedLoginException("Utilisateur non reconnu");
    }

    protected Group[] getRoleSets() throws LoginException {
        LOG.trace("INVOCATION CertLoginModule.getRoleSets()");
        LOG.trace("for user " + this.identity);
        ArrayList<String> arrayList = new ArrayList();
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            Properties properties = System.getProperties();
            properties.put("java.naming.provider.url", this.jnpHost);
            connection = ((DataSource) (this.jnpHost.contains("localhost") ? new InitialContext() : new InitialContext(properties)).lookup(this.dsJndiName)).getConnection();
            preparedStatement = connection.prepareStatement(this.rolesQuery);
            preparedStatement.setString(1, this.identity.getCertificateId());
            resultSet = preparedStatement.executeQuery();
            while (resultSet.next()) {
                arrayList.add(resultSet.getString(1));
            }
        } catch (SQLException e) {
            LOG.error(e);
        } catch (NamingException e2) {
            LOG.error(e2);
        }
        closeConnection(connection, preparedStatement, resultSet);
        Group[] groupArr = {new SimpleGroup("Roles"), new SimpleGroup("CallerPrincipal")};
        for (String str : arrayList) {
            SimplePrincipal simplePrincipal = new SimplePrincipal(str);
            LOG.debug("role " + str);
            groupArr[0].addMember(simplePrincipal);
        }
        LOG.trace(groupArr[0]);
        groupArr[1].addMember(this.identity);
        return groupArr;
    }

    protected Principal getIdentity() {
        return this.identity;
    }

    private void closeConnection(Connection connection, PreparedStatement preparedStatement, ResultSet resultSet) {
        if (resultSet != null) {
            try {
                resultSet.close();
            } catch (SQLException e) {
                LOG.error(e);
            }
        }
        if (preparedStatement != null) {
            try {
                preparedStatement.close();
            } catch (SQLException e2) {
                LOG.error(e2);
            }
        }
        if (connection != null) {
            try {
                connection.close();
            } catch (SQLException e3) {
                LOG.error(e3);
            }
        }
    }

    protected Principal createIdentity(String str, String str2) throws ClassNotFoundException, NoSuchMethodException, IllegalAccessException, IllegalArgumentException, InstantiationException, InvocationTargetException {
        return this.principalClassName == null ? new SimplePrincipal(str) : (Principal) Thread.currentThread().getContextClassLoader().loadClass(this.principalClassName).getConstructor(String.class, String.class, TypeAuthentification.class).newInstance(str, str2, TypeAuthentification.CERTIFICAT);
    }

    private void getLoginInfo() throws FailedLoginException {
        if (this.callbackHandler == null) {
            LOG.debug("ERROR : CALLBACKHANDLER NULL");
            return;
        }
        Callback nameCallback = new NameCallback("username");
        Callback objectCallback = new ObjectCallback("certs");
        try {
            this.callbackHandler.handle(new Callback[]{nameCallback, objectCallback});
            this.credential = objectCallback.getCredential();
            if (this.credential instanceof String) {
                throw new UnsupportedCallbackException(objectCallback);
            }
            if (!this.credential.getClass().isArray()) {
                this.sharedState.put(this.parser.getCertificateDatas().get("serialNumber"), (X509Certificate) this.credential);
            } else {
                if (!this.credential.getClass().getComponentType().equals(X509Certificate.class)) {
                    throw new UnsupportedCallbackException(objectCallback);
                }
                X509Certificate[] x509CertificateArr = (X509Certificate[]) this.credential;
                verifierChaineCertifServClient(x509CertificateArr);
                this.sharedState.put(this.parser.getCertificateDatas().get("serialNumber"), x509CertificateArr[0]);
            }
        } catch (IOException e) {
            LOG.error(e);
        } catch (UnsupportedCallbackException e2) {
            LOG.trace(e2);
        }
    }

    private void verifierChaineCertifServClient(X509Certificate[] x509CertificateArr) throws FailedLoginException {
        try {
            FileInputStream fileInputStream = new FileInputStream(this.pathKeystore);
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(fileInputStream, this.pwdKeystore.toCharArray());
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificateChain(this.keyAlias)[1];
            if (x509CertificateArr[1].getPublicKey().equals(x509Certificate.getPublicKey()) && x509CertificateArr[1].getIssuerDN().equals(x509Certificate.getIssuerDN())) {
            } else {
                throw new FailedLoginException("Chaine cliente differente de la chaine serveur");
            }
        } catch (Exception e) {
            LOG.fatal(e);
            throw new FailedLoginException();
        }
    }
}
