package pl.edu.icm.unity.stdext.credential.cert;

import eu.emi.security.authn.x509.impl.X500NameUtils;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.ObjectFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.EntityManagement;
import pl.edu.icm.unity.engine.api.authn.AuthenticatedEntity;
import pl.edu.icm.unity.engine.api.authn.AuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.LocalAuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.local.AbstractLocalCredentialVerificatorFactory;
import pl.edu.icm.unity.engine.api.authn.local.AbstractLocalVerificator;
import pl.edu.icm.unity.engine.api.authn.remote.AuthenticationTriggeringContext;
import pl.edu.icm.unity.engine.api.utils.PrototypeComponent;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.exceptions.IllegalCredentialException;
import pl.edu.icm.unity.stdext.identity.X500Identity;
import pl.edu.icm.unity.types.authn.CredentialPublicInformation;
import pl.edu.icm.unity.types.authn.LocalCredentialState;
import pl.edu.icm.unity.types.basic.Entity;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.types.basic.Identity;

@PrototypeComponent
/* loaded from: input_file:pl/edu/icm/unity/stdext/credential/cert/CertificateVerificator.class */
public class CertificateVerificator extends AbstractLocalVerificator implements CertificateExchange {
    private static final Logger log = Log.getLogger("unity.server.authn", CertificateVerificator.class);
    private static final String[] IDENTITY_TYPES = {X500Identity.ID};
    public static final String NAME = "certificate";
    public static final String DESC = "Verifies certificates";
    private EntityManagement idMan;

    @Component
    /* loaded from: input_file:pl/edu/icm/unity/stdext/credential/cert/CertificateVerificator$Factory.class */
    public static class Factory extends AbstractLocalCredentialVerificatorFactory {
        @Autowired
        public Factory(ObjectFactory<CertificateVerificator> objectFactory) {
            super(CertificateVerificator.NAME, CertificateVerificator.DESC, false, objectFactory);
        }
    }

    @Autowired
    public CertificateVerificator(@Qualifier("insecure") EntityManagement entityManagement) {
        super(NAME, DESC, CertificateExchange.ID, false);
        this.idMan = entityManagement;
    }

    public String getSerializedConfiguration() {
        return "";
    }

    public void setSerializedConfiguration(String str) {
    }

    public String prepareCredential(String str, String str2, boolean z) throws IllegalCredentialException {
        return "";
    }

    public CredentialPublicInformation checkCredentialState(String str) {
        return new CredentialPublicInformation(LocalCredentialState.correct, "");
    }

    @Override // pl.edu.icm.unity.stdext.credential.cert.CertificateExchange
    public AuthenticationResult checkCertificate(X509Certificate[] x509CertificateArr, String str, boolean z, AuthenticationTriggeringContext authenticationTriggeringContext) {
        String name = x509CertificateArr[0].getSubjectX500Principal().getName();
        try {
            return LocalAuthenticationResult.successful(new AuthenticatedEntity(Long.valueOf(this.identityResolver.resolveIdentity(name, IDENTITY_TYPES, this.credentialName).getEntityId()), X500NameUtils.getReadableForm(name), (String) null));
        } catch (Exception e) {
            log.warn("Checking certificate failed", e);
            return LocalAuthenticationResult.failed(e);
        }
    }

    public String invalidate(String str) {
        throw new IllegalStateException("This credential doesn't support invalidation");
    }

    private boolean checkX500Id(EntityParam entityParam) throws EngineException {
        Entity entity = this.idMan.getEntity(entityParam);
        if (entity == null) {
            return false;
        }
        Iterator it = entity.getIdentities().iterator();
        while (it.hasNext()) {
            if (((Identity) it.next()).getTypeId().equals(X500Identity.ID)) {
                return true;
            }
        }
        return false;
    }

    public boolean isCredentialSet(EntityParam entityParam) throws EngineException {
        return checkX500Id(entityParam);
    }

    public boolean isCredentialDefinitionChagneOutdatingCredentials(String str) {
        return false;
    }
}
