package net.sf.jguard.ext.authentication.loginmodules;

import java.io.IOException;
import java.lang.reflect.Array;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import net.sf.jguard.core.authentication.credentials.JGuardCredential;
import net.sf.jguard.ext.SecurityConstants;
import net.sf.jguard.ext.authentication.callbacks.CertificatesCallback;

/* loaded from: input_file:WEB-INF/lib/jguard-ext-1.0.0.jar:net/sf/jguard/ext/authentication/loginmodules/CertificateLoginModule.class */
public abstract class CertificateLoginModule implements LoginModule {
    private static final Logger logger;
    protected Subject subject;
    protected boolean loginOK = true;
    protected X509Certificate[] certChainToCheck;
    protected CallbackHandler callbackHandler;
    static Class class$net$sf$jguard$ext$authentication$loginmodules$CertificateLoginModule;

    public boolean abort() throws LoginException {
        if (this.subject == null) {
            return true;
        }
        this.subject.getPrincipals().clear();
        this.subject.getPrivateCredentials().clear();
        this.subject.getPublicCredentials().clear();
        return true;
    }

    public boolean commit() throws LoginException {
        if (this.loginOK) {
            return certificateCommit();
        }
        return false;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().clear();
        this.subject.getPublicCredentials().clear();
        this.subject.getPrivateCredentials().clear();
        return true;
    }

    protected boolean certificateCommit() throws LoginException {
        Set<Object> publicCredentials = this.subject.getPublicCredentials();
        X509Certificate x509Certificate = (X509Certificate) Arrays.asList(this.certChainToCheck).get(0);
        this.subject.getPrincipals().add(x509Certificate.getSubjectX500Principal());
        if (x509Certificate.getSubjectUniqueID() != null) {
            JGuardCredential jGuardCredential = new JGuardCredential();
            jGuardCredential.setId(SecurityConstants.UNIQUE_ID);
            jGuardCredential.setValue(x509Certificate.getSubjectUniqueID());
            publicCredentials.add(jGuardCredential);
        }
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return true;
            }
            int i = 0;
            for (List<?> list : subjectAlternativeNames) {
                Integer num = (Integer) list.get(0);
                Object obj = list.get(1);
                JGuardCredential jGuardCredential2 = new JGuardCredential();
                jGuardCredential2.setId(new StringBuffer().append("alternativeName#").append(i).toString());
                byte[] bArr = obj instanceof Array ? (byte[]) obj : null;
                if (bArr != null) {
                    jGuardCredential2.setValue(new StringBuffer().append(num).append("#").append(new String(bArr)).toString());
                } else {
                    jGuardCredential2.setValue(new StringBuffer().append(num).append("#").append((String) obj).toString());
                }
                publicCredentials.add(jGuardCredential2);
                i++;
            }
            return true;
        } catch (CertificateParsingException e) {
            logger.severe(" certificate cannot be parsed ");
            throw new LoginException(e.getMessage());
        }
    }

    public boolean login() throws LoginException {
        if (this.callbackHandler == null) {
            this.loginOK = false;
            throw new LoginException("there is no CallbackHandler to authenticate the user");
        }
        Callback[] callbackArr = {new CertificatesCallback()};
        try {
            this.callbackHandler.handle(callbackArr);
        } catch (IOException e) {
            logger.log(Level.SEVERE, new StringBuffer().append(" IOException when we handle callbacks with callback ").append(this.callbackHandler.getClass().getName()).toString(), (Throwable) e);
        } catch (UnsupportedCallbackException e2) {
            logger.log(Level.SEVERE, " one callback type is not supported ", (Throwable) e2);
        }
        this.certChainToCheck = ((CertificatesCallback) callbackArr[0]).getCertificates();
        if (this.certChainToCheck != null && this.certChainToCheck.length != 0) {
            return true;
        }
        this.loginOK = false;
        return false;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$net$sf$jguard$ext$authentication$loginmodules$CertificateLoginModule == null) {
            cls = class$("net.sf.jguard.ext.authentication.loginmodules.CertificateLoginModule");
            class$net$sf$jguard$ext$authentication$loginmodules$CertificateLoginModule = cls;
        } else {
            cls = class$net$sf$jguard$ext$authentication$loginmodules$CertificateLoginModule;
        }
        logger = Logger.getLogger(cls.getName());
    }
}
