package net.sf.jguard.ext.authentication.loginmodules;

import java.io.IOException;
import java.lang.reflect.Array;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import net.sf.jguard.core.authentication.callbacks.CertificatesCallback;
import net.sf.jguard.core.authentication.credentials.JGuardCredential;
import net.sf.jguard.core.authentication.loginmodules.UserLoginModule;
import net.sf.jguard.ext.SecurityConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/sf/jguard/ext/authentication/loginmodules/CertificateLoginModule.class */
public abstract class CertificateLoginModule extends UserLoginModule {
    private static final Logger logger = LoggerFactory.getLogger(CertificateLoginModule.class.getName());
    protected Subject subject;
    protected boolean loginOK = true;
    protected X509Certificate[] certChainToCheck;
    protected CallbackHandler callbackHandler;

    public boolean abort() throws LoginException {
        if (this.subject == null) {
            return true;
        }
        this.subject.getPrincipals().clear();
        this.subject.getPrivateCredentials().clear();
        this.subject.getPublicCredentials().clear();
        return true;
    }

    public boolean commit() throws LoginException {
        if (this.loginOK) {
            return certificateCommit();
        }
        return false;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().clear();
        this.subject.getPublicCredentials().clear();
        this.subject.getPrivateCredentials().clear();
        return true;
    }

    protected boolean certificateCommit() throws LoginException {
        Set<Object> publicCredentials = this.subject.getPublicCredentials();
        X509Certificate x509Certificate = (X509Certificate) Arrays.asList(this.certChainToCheck).get(0);
        this.subject.getPrincipals().add(x509Certificate.getSubjectX500Principal());
        if (x509Certificate.getSubjectUniqueID() != null) {
            publicCredentials.add(new JGuardCredential(SecurityConstants.UNIQUE_ID, x509Certificate.getSubjectUniqueID()));
        }
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return true;
            }
            int i = 0;
            for (List<?> list : subjectAlternativeNames) {
                Integer num = (Integer) list.get(0);
                Object obj = list.get(1);
                byte[] bArr = obj instanceof Array ? (byte[]) obj : null;
                publicCredentials.add(bArr != null ? new JGuardCredential("alternativeName#" + i, num + "#" + new String(bArr)) : new JGuardCredential("alternativeName#" + i, num + "#" + obj));
                i++;
            }
            return true;
        } catch (CertificateParsingException e) {
            logger.error(" certificate cannot be parsed ");
            throw new LoginException(e.getMessage());
        }
    }

    protected List<Callback> getCallbacks() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new CertificatesCallback());
        return arrayList;
    }

    public boolean login() throws LoginException {
        super.login();
        if (this.callbackHandler == null) {
            this.loginOK = false;
            throw new LoginException("there is no CallbackHandler to authenticate the user");
        }
        try {
            this.callbackHandler.handle(this.callbacks);
        } catch (IOException e) {
            logger.error(" IOException when we handle callbacks with callback " + this.callbackHandler.getClass().getName(), e);
        } catch (UnsupportedCallbackException e2) {
            logger.error(" one callback type is not supported ", e2);
        }
        this.certChainToCheck = this.callbacks[0].getCertificates();
        if (this.certChainToCheck == null || this.certChainToCheck.length == 0) {
            this.loginOK = false;
            return false;
        }
        X509Certificate[] certificates = this.callbacks[2].getCertificates();
        if (certificates == null) {
            return true;
        }
        this.login = certificates[0].getSubjectX500Principal().getName();
        if (this.debug) {
            logger.debug(" login used in the certificate =" + this.login);
        }
        this.skipPasswordCheck = true;
        return true;
    }
}
