package org.ow2.jonas.security.auth.spi;

import com.ibm.wsdl.Constants;
import java.io.File;
import java.io.FileInputStream;
import java.security.cert.CertStore;
import java.security.cert.CertStoreParameters;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.LDAPCertStoreParameters;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.ow2.jonas.lib.security.auth.JPrincipal;
import org.ow2.jonas.security.auth.callback.CertificateCallback;

/* loaded from: input_file:WEB-INF/lib/jonas-security-5.1.0-RC2.jar:org/ow2/jonas/security/auth/spi/CRLLoginModule.class */
public class CRLLoginModule implements LoginModule {
    private Subject subject = null;
    private CallbackHandler callbackHandler = null;
    private Map sharedState = null;
    private Map options = null;
    private String principalName = null;
    private String password = null;
    private ArrayList principalRoles = null;
    private X509Certificate cert = null;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
    }

    public boolean login() throws LoginException {
        String str;
        CertStoreParameters lDAPCertStoreParameters;
        if (this.callbackHandler == null) {
            throw new LoginException("No handler has been defined.");
        }
        String str2 = (String) this.options.get("CRLsResourceName");
        try {
            Callback nameCallback = new NameCallback("User :");
            CertificateCallback certificateCallback = new CertificateCallback();
            this.callbackHandler.handle(new Callback[]{nameCallback, certificateCallback});
            try {
                this.cert = (X509Certificate) certificateCallback.getUserCertificate();
                if (!nameCallback.getName().startsWith("##DN##")) {
                    return true;
                }
                if (this.cert == null) {
                    throw new LoginException("Client certificate not present, it can be verified with CRL");
                }
                if (str2.equalsIgnoreCase("Directory")) {
                    str = "Collection";
                    String str3 = (String) this.options.get("CRLsDirectoryName");
                    if (str3 == null) {
                        throw new LoginException("You have to give an argument to this login module. The \"CRLsDirectoryName\" parameter is required.");
                    }
                    File file = new File(str3);
                    if (!file.isDirectory()) {
                        throw new LoginException(str3 + " is not a directory");
                    }
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    String[] list = file.list();
                    ArrayList arrayList = new ArrayList(list.length);
                    for (int i = 0; i < list.length; i++) {
                        if (list[i].matches(".+\\.crl")) {
                            FileInputStream fileInputStream = new FileInputStream(file.getAbsolutePath() + File.separatorChar + list[i]);
                            arrayList.add((X509CRL) certificateFactory.generateCRL(fileInputStream));
                            fileInputStream.close();
                        }
                    }
                    lDAPCertStoreParameters = new CollectionCertStoreParameters(arrayList);
                } else {
                    if (!str2.equalsIgnoreCase("LDAP")) {
                        throw new LoginException("You have to give an argument to this login module. The \"CRLsResourceName\" is not valid. Must be set to \"Directory\" or \"LDAP\"");
                    }
                    str = "LDAP";
                    String str4 = (String) this.options.get("address");
                    int parseInt = Integer.parseInt((String) this.options.get(Constants.ELEM_PORT));
                    if (str4 == null) {
                        throw new LoginException("You have to give an argument to this login module. The \"address\" and \"port\" parameter are required.");
                    }
                    lDAPCertStoreParameters = new LDAPCertStoreParameters(str4, parseInt);
                }
                CertStore certStore = CertStore.getInstance(str, lDAPCertStoreParameters);
                X509CRLSelector x509CRLSelector = new X509CRLSelector();
                x509CRLSelector.addIssuerName(this.cert.getIssuerX500Principal().getEncoded());
                Iterator it = certStore.getCRLs(x509CRLSelector).iterator();
                while (it.hasNext()) {
                    if (((X509CRL) it.next()).isRevoked(this.cert)) {
                        throw new LoginException("Client certificate has been revoked");
                    }
                }
                return true;
            } catch (Exception e) {
                throw new LoginException("Error during the login phase : " + e.getMessage());
            }
        } catch (Exception e2) {
            throw new LoginException("Problem while getting informations in the callbackhandler: " + e2.getMessage());
        }
    }

    public boolean commit() throws LoginException {
        return true;
    }

    public boolean abort() throws LoginException {
        this.principalName = null;
        this.principalRoles = null;
        return true;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().remove(new JPrincipal(this.principalName));
        return true;
    }
}
