package net.sf.jguard.ext.authentication.loginmodules;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.ProtocolException;
import java.net.URL;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import net.sf.jguard.ext.SecurityConstants;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPReqGenerator;
import org.bouncycastle.ocsp.OCSPResp;
import org.bouncycastle.ocsp.SingleResp;

/* loaded from: input_file:net/sf/jguard/ext/authentication/loginmodules/OCSPLoginModule.class */
public class OCSPLoginModule extends CertificateLoginModule implements LoginModule {
    private static final String X509 = "X509";
    private static final String CONTENT_TYPE = "Content-Type";
    private static final String APPLICATION_OCSP_REQUEST = "application/ocsp-request";
    private static final String POST = "POST";
    private static final String BC = "BC";
    private static final Logger logger;
    private Map sharedState;
    private Map options;
    private URL ocspServerUrl;
    private X509Certificate issuerCACert;
    private String issuerCACertLocation;
    private X509Certificate OcspSignerCert;
    private String OcspSignerCertLocation;
    private static boolean SecurityProviderInitialized;
    static Class class$net$sf$jguard$ext$authentication$loginmodules$OCSPLoginModule;
    private boolean debug = false;
    private Object certStatus = null;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        if (!SecurityProviderInitialized) {
            SecurityProviderInitialized = CRLLoginModule.initSecurityProvider();
        }
        try {
            this.ocspServerUrl = new URL((String) this.options.get(SecurityConstants.OCSP_SERVER_URL));
            this.issuerCACertLocation = (String) this.options.get(SecurityConstants.ISSUER_CA_CERT_LOCATION);
            try {
                this.issuerCACert = getCertFromFile(this.issuerCACertLocation);
                this.OcspSignerCertLocation = (String) this.options.get(SecurityConstants.OCSP_SIGNER_CERT_LOCATION);
                this.OcspSignerCert = getCertFromFile(this.OcspSignerCertLocation);
                if (!this.issuerCACert.equals(this.OcspSignerCert)) {
                    throw new UnsupportedOperationException("Having a CA cert different from ocspSigner cert is not currently supported, the ocsp response is signed by the CA ");
                }
            } catch (CertificateException e) {
                logger.log(Level.SEVERE, "", (Throwable) e);
                throw new IllegalArgumentException(e.getMessage());
            }
        } catch (MalformedURLException e2) {
            logger.severe(new StringBuffer().append("ocspServerUrl=").append(this.ocspServerUrl).append(" is malformed").toString());
            throw new IllegalArgumentException(e2.getMessage());
        }
    }

    @Override // net.sf.jguard.ext.authentication.loginmodules.CertificateLoginModule
    public boolean login() throws LoginException {
        boolean login = super.login();
        if (!login) {
            return login;
        }
        OCSPResp oCSPResp = null;
        try {
            try {
                oCSPResp = new OCSPResp(new ByteArrayInputStream(getResponseFromHttp(generateOcspRequest(this.certChainToCheck), this.ocspServerUrl)));
            } catch (IOException e) {
                logger.log(Level.SEVERE, " IOException when we build the OCSPResponse from HTTP ", (Throwable) e);
            }
            BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
            if (!basicOCSPResp.verify(basicOCSPResp.getCerts(BC)[0].getPublicKey(), BC)) {
                this.loginOK = false;
                throw new LoginException(" OCSP response is not valid ");
            }
            for (SingleResp singleResp : basicOCSPResp.getResponses()) {
                this.certStatus = singleResp.getCertStatus();
                if (this.certStatus != null) {
                    this.loginOK = false;
                    throw new FailedLoginException(new StringBuffer().append(" status is not null. 'null' is the success result ").append(this.certStatus.toString()).toString());
                }
            }
            this.sharedState.put(SecurityConstants.SKIP_PASSWORD_CHECK, "true");
            return true;
        } catch (OCSPException e2) {
            throw new LoginException(e2.getMessage());
        } catch (NoSuchProviderException e3) {
            throw new LoginException(e3.getMessage());
        }
    }

    private byte[] getResponseFromHttp(byte[] bArr, URL url) throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
        httpURLConnection.setDoOutput(true);
        try {
            httpURLConnection.setRequestMethod(POST);
            httpURLConnection.setRequestProperty(CONTENT_TYPE, APPLICATION_OCSP_REQUEST);
            OutputStream outputStream = null;
            try {
                try {
                    outputStream = httpURLConnection.getOutputStream();
                    outputStream.write(bArr);
                    outputStream.close();
                    InputStream inputStream = null;
                    try {
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        inputStream = httpURLConnection.getInputStream();
                        for (int read = inputStream.read(); read != -1; read = inputStream.read()) {
                            byteArrayOutputStream.write(read);
                        }
                        byteArrayOutputStream.flush();
                        inputStream.close();
                        httpURLConnection.disconnect();
                        return byteArrayOutputStream.toByteArray();
                    } catch (Throwable th) {
                        inputStream.close();
                        httpURLConnection.disconnect();
                        throw th;
                    }
                } catch (Throwable th2) {
                    outputStream.close();
                    throw th2;
                }
            } catch (IOException e) {
                logger.severe(e.getMessage());
                throw e;
            }
        } catch (ProtocolException e2) {
            throw new IOException(e2.getMessage());
        }
    }

    private byte[] generateOcspRequest(X509Certificate[] x509CertificateArr) throws OCSPException, IOException {
        OCSPReqGenerator oCSPReqGenerator = new OCSPReqGenerator();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            oCSPReqGenerator.addRequest(new CertificateID(CertificateID.HASH_SHA1, this.issuerCACert, x509Certificate.getSerialNumber()));
        }
        return oCSPReqGenerator.generate().getEncoded();
    }

    public static X509Certificate getCertFromFile(String str) throws CertificateException {
        X509Certificate x509Certificate = null;
        File file = new File(str);
        if (!file.canRead()) {
            logger.severe(new StringBuffer().append(" File ").append(file.toString()).append(" is unreadable").toString());
            throw new CertificateException(new StringBuffer().append(" File ").append(file.toString()).append(" is unreadable").toString());
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(str);
                x509Certificate = (X509Certificate) CertificateFactory.getInstance(X509).generateCertificate(fileInputStream);
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                    logger.severe(e.getMessage());
                }
            } catch (FileNotFoundException e2) {
                logger.log(Level.SEVERE, new StringBuffer().append("we cannot found the certificate file here:").append(str).toString(), (Throwable) e2);
                try {
                    fileInputStream.close();
                } catch (IOException e3) {
                    logger.severe(e3.getMessage());
                }
            }
            return x509Certificate;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (IOException e4) {
                logger.severe(e4.getMessage());
            }
            throw th;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$net$sf$jguard$ext$authentication$loginmodules$OCSPLoginModule == null) {
            cls = class$("net.sf.jguard.ext.authentication.loginmodules.OCSPLoginModule");
            class$net$sf$jguard$ext$authentication$loginmodules$OCSPLoginModule = cls;
        } else {
            cls = class$net$sf$jguard$ext$authentication$loginmodules$OCSPLoginModule;
        }
        logger = Logger.getLogger(cls.getName());
        SecurityProviderInitialized = false;
    }
}
