package org.jboss.soa.esb.services.security.auth.login;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.log4j.Logger;
import org.jboss.security.auth.callback.ObjectCallback;
import org.jboss.soa.esb.services.security.principals.Group;
import org.jboss.soa.esb.services.security.principals.Role;
import org.jboss.soa.esb.services.security.principals.User;
import org.jboss.soa.esb.util.ClassUtil;

/* loaded from: input_file:org/jboss/soa/esb/services/security/auth/login/CertificateLoginModule.class */
public class CertificateLoginModule implements LoginModule {
    public static final String KEYSTORE_URL = "keyStoreURL";
    public static final String KEYSTORE_PASSWORD = "keyStorePassword";
    public static final String KEYSTORE_TYPE = "keyStoreType";
    public static final String ROLE_PROPERTIES = "rolesPropertiesFile";
    private Logger log = Logger.getLogger(CertificateLoginModule.class);
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map<String, ?> options;
    private X509Certificate verifiedCertificate;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.options = map2;
    }

    public boolean login() throws LoginException {
        assertOptions(this.options);
        assertCallbackHandler(this.callbackHandler);
        Callback nameCallback = new NameCallback("Key Alias: ");
        PasswordCallback passwordCallback = new PasswordCallback("Key Password", false);
        Callback objectCallback = new ObjectCallback("Certificate: ");
        try {
            this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback, objectCallback});
            X509Certificate callerCertificate = getCallerCertificate(objectCallback);
            String alias = getAlias(nameCallback);
            try {
                Certificate certificate = loadKeyStore().getCertificate(alias);
                if (certificate == null) {
                    throw new LoginException("No certificate found in keystore for alias '" + alias + "'");
                }
                callerCertificate.verify(certificate.getPublicKey());
                this.verifiedCertificate = callerCertificate;
                return true;
            } catch (InvalidKeyException e) {
                throw new LoginException("InvalidKeyExcpetion : " + e.getMessage());
            } catch (KeyStoreException e2) {
                throw new LoginException("KeystoreException : " + e2.getMessage());
            } catch (NoSuchAlgorithmException e3) {
                throw new LoginException("NoSuchAlgorithmException : " + e3.getMessage());
            } catch (NoSuchProviderException e4) {
                throw new LoginException("NoSuchProviderException : " + e4.getMessage());
            } catch (SignatureException e5) {
                throw new LoginException("SignatureException : " + e5.getMessage());
            } catch (CertificateException e6) {
                throw new LoginException("CertificateException : " + e6.getMessage());
            }
        } catch (IOException e7) {
            throw new LoginException("Failed to invoke callback: " + e7.toString());
        } catch (UnsupportedCallbackException e8) {
            throw new LoginException("CallbackHandler does not support: " + e8.getCallback());
        }
    }

    public boolean commit() throws LoginException {
        if (this.verifiedCertificate == null) {
            return false;
        }
        Set<Principal> principals = this.subject.getPrincipals();
        String name = this.verifiedCertificate.getSubjectX500Principal().getName();
        User user = new User(name.substring(name.indexOf(61) + 1, name.indexOf(44)));
        principals.add(user);
        addRoles(this.subject, user, this.verifiedCertificate, Collections.unmodifiableMap(this.options));
        return true;
    }

    public boolean abort() throws LoginException {
        return false;
    }

    public boolean logout() throws LoginException {
        this.verifiedCertificate = null;
        return false;
    }

    protected void addRoles(Subject subject, Principal principal, X509Certificate x509Certificate, Map<String, ?> map) throws LoginException {
        String str = (String) map.get(ROLE_PROPERTIES);
        if (str == null) {
            this.log.warn("No rolesPropertiesFile was specified hence no roles will be added.");
            return;
        }
        InputStream resourceAsStream = getResourceAsStream(str, getClass());
        try {
            if (resourceAsStream == null) {
                throw new LoginException("rolesPropertiesFile was specified as '" + str + "' but could not be located on the local file system or on the classpath. Please check the configuration.");
            }
            try {
                Properties properties = new Properties();
                properties.load(resourceAsStream);
                String str2 = (String) properties.get(principal.getName());
                if (str2 != null) {
                    this.log.debug("Roles for " + principal.getName() + " [" + str2 + "]");
                    for (String str3 : str2.split(",")) {
                        addRole(str3, subject);
                    }
                }
                try {
                    resourceAsStream.close();
                } catch (IOException e) {
                    this.log.error(e.getMessage(), e);
                }
            } catch (IOException e2) {
                throw new LoginException("IOException while trying to read properties from '" + str + "'");
            }
        } catch (Throwable th) {
            try {
                resourceAsStream.close();
            } catch (IOException e3) {
                this.log.error(e3.getMessage(), e3);
            }
            throw th;
        }
    }

    private void addRole(String str, Subject subject) {
        if (str != null) {
            Role role = new Role(str);
            Set<Group> principals = subject.getPrincipals(Group.class);
            if (principals.isEmpty()) {
                Group group = new Group(Group.ROLES_GROUP_NAME);
                group.addMember(role);
                subject.getPrincipals().add(group);
            } else {
                for (Group group2 : principals) {
                    if (Group.ROLES_GROUP_NAME.equals(group2.getName())) {
                        group2.addMember(role);
                    }
                }
            }
        }
    }

    void assertOptions(Map<String, ?> map) throws LoginException {
        if (map == null || map.isEmpty() || !map.containsKey(KEYSTORE_URL) || !map.containsKey(KEYSTORE_PASSWORD)) {
            throw new LoginException(getMissingRequiredOptionString(map));
        }
    }

    private KeyStore loadKeyStore() throws LoginException {
        String str = (String) this.options.get(KEYSTORE_URL);
        InputStream inputStream = null;
        try {
            try {
                try {
                    String str2 = (String) this.options.get(KEYSTORE_TYPE);
                    if (str2 == null) {
                        str2 = KeyStore.getDefaultType();
                    }
                    KeyStore keyStore = KeyStore.getInstance(str2);
                    InputStream resourceAsStream = getResourceAsStream(str, getClass());
                    if (resourceAsStream == null) {
                        throw new LoginException("Could not open a stream to the keystore '" + str + "'");
                    }
                    keyStore.load(resourceAsStream, ((String) this.options.get(KEYSTORE_PASSWORD)).toCharArray());
                    this.log.info("Successfully loaded keystore: '" + str + "'");
                    if (resourceAsStream != null) {
                        try {
                            resourceAsStream.close();
                        } catch (IOException e) {
                            this.log.error("Error while closing stream to keystore '" + str + "'", e);
                        }
                    }
                    return keyStore;
                } catch (IOException e2) {
                    throw new LoginException("IOException while trying to load keystore '" + str + "': " + e2.getMessage());
                } catch (NoSuchAlgorithmException e3) {
                    throw new LoginException("NoSuchAlgorithm while trying to load keystore '" + str + "': " + e3.getMessage());
                }
            } catch (KeyStoreException e4) {
                throw new LoginException("KeyStoreException while trying to load keystore '" + str + "': " + e4.getMessage());
            } catch (CertificateException e5) {
                throw new LoginException("CertificateException while trying to load keystore '" + str + "': " + e5.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e6) {
                    this.log.error("Error while closing stream to keystore '" + str + "'", e6);
                }
            }
            throw th;
        }
    }

    private String getMissingRequiredOptionString(Map<String, ?> map) {
        StringBuilder sb = new StringBuilder();
        sb.append("Options missing [");
        if (map == null || !map.containsKey(KEYSTORE_URL)) {
            sb.append(KEYSTORE_URL).append(", ");
        }
        if (map == null || !map.containsKey(KEYSTORE_PASSWORD)) {
            sb.append(KEYSTORE_PASSWORD).append(",");
        }
        sb.append("]");
        return sb.toString();
    }

    private void assertCallbackHandler(CallbackHandler callbackHandler) throws LoginException {
        if (this.callbackHandler == null) {
            throw new LoginException("No callback handler was specified for CertificateLoginModule.");
        }
    }

    private X509Certificate getCallerCertificate(ObjectCallback objectCallback) throws LoginException {
        Set set = (Set) objectCallback.getCredential();
        if (set == null || set.isEmpty()) {
            throw new LoginException("No X509Certificate was passed to the login module");
        }
        X509Certificate x509Certificate = null;
        Iterator it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            if (next instanceof X509Certificate) {
                x509Certificate = (X509Certificate) next;
                break;
            }
        }
        if (x509Certificate == null) {
            throw new LoginException("No X509Certificate was passed to the login module");
        }
        return x509Certificate;
    }

    private String getAlias(NameCallback nameCallback) throws LoginException {
        if (nameCallback.getName() == null) {
            throw new LoginException("No X509Certificate was passed to the login module");
        }
        return nameCallback.getName();
    }

    private InputStream getResourceAsStream(String str, Class<?> cls) {
        File file;
        try {
            file = new File(new URL(str).getFile());
        } catch (MalformedURLException e) {
            file = new File(str);
        }
        if (file.exists() && file.isFile()) {
            try {
                return new FileInputStream(file);
            } catch (FileNotFoundException e2) {
            }
        }
        return ClassUtil.getResourceAsStream(str, cls);
    }
}
