package org.jboss.security.auth.spi;

import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.jboss.security.JSSESecurityDomain;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityDomain;
import org.jboss.security.SecurityUtil;
import org.jboss.security.auth.callback.ObjectCallback;
import org.jboss.security.auth.certs.X509CertificateVerifier;

/* loaded from: classes3.dex */
public class BaseCertLoginModule extends AbstractServerLoginModule {
    private X509Certificate credential;
    private Object domain = null;
    private Principal identity;
    private X509CertificateVerifier verifier;
    private static final String SECURITY_DOMAIN = "securityDomain";
    private static final String VERIFIER = "verifier";
    private static final String[] ALL_VALID_OPTIONS = {SECURITY_DOMAIN, VERIFIER};

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public boolean commit() throws LoginException {
        boolean commit = super.commit();
        if (commit && this.credential != null) {
            this.subject.getPublicCredentials().add(this.credential);
        }
        return commit;
    }

    protected Object[] getAliasAndCert() throws LoginException {
        PicketBoxLogger picketBoxLogger = PicketBoxLogger.LOGGER;
        picketBoxLogger.traceBeginGetAliasAndCert();
        X509Certificate x509Certificate = null;
        Object[] objArr = {null, null};
        if (this.callbackHandler == null) {
            throw PicketBoxMessages.MESSAGES.noCallbackHandlerAvailable();
        }
        Callback nameCallback = new NameCallback("Alias: ");
        ObjectCallback objectCallback = new ObjectCallback("Certificate: ");
        try {
            this.callbackHandler.handle(new Callback[]{nameCallback, objectCallback});
            String name = nameCallback.getName();
            Object credential = objectCallback.getCredential();
            if (credential == null) {
                picketBoxLogger.warnNullCredentialFromCallbackHandler();
            } else if (credential instanceof X509Certificate) {
                x509Certificate = (X509Certificate) credential;
                picketBoxLogger.traceCertificateFound(x509Certificate.getSerialNumber().toString(16), x509Certificate.getSubjectDN().getName());
            } else {
                if (!(credential instanceof X509Certificate[])) {
                    throw PicketBoxMessages.MESSAGES.unableToGetCertificateFromClass(credential.getClass());
                }
                X509Certificate[] x509CertificateArr = (X509Certificate[]) credential;
                if (x509CertificateArr.length > 0) {
                    x509Certificate = x509CertificateArr[0];
                }
            }
            objArr[0] = name;
            objArr[1] = x509Certificate;
            picketBoxLogger.traceEndGetAliasAndCert();
            return objArr;
        } catch (IOException e2) {
            LoginException failedToInvokeCallbackHandler = PicketBoxMessages.MESSAGES.failedToInvokeCallbackHandler();
            failedToInvokeCallbackHandler.initCause(e2);
            throw failedToInvokeCallbackHandler;
        } catch (UnsupportedCallbackException e3) {
            LoginException loginException = new LoginException();
            loginException.initCause(e3);
            throw loginException;
        }
    }

    protected Object getCredentials() {
        return this.credential;
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Principal getIdentity() {
        return this.identity;
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Group[] getRoleSets() throws LoginException {
        return new Group[0];
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getUsername() {
        if (getIdentity() != null) {
            return getIdentity().getName();
        }
        return null;
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        addValidOptions(ALL_VALID_OPTIONS);
        super.initialize(subject, callbackHandler, map, map2);
        String unprefixSecurityDomain = SecurityUtil.unprefixSecurityDomain((String) map2.get(SECURITY_DOMAIN));
        if (unprefixSecurityDomain == null) {
            unprefixSecurityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
        }
        try {
            Object lookup = new InitialContext().lookup(SecurityConstants.JAAS_CONTEXT_ROOT + unprefixSecurityDomain);
            if (lookup instanceof SecurityDomain) {
                this.domain = lookup;
                PicketBoxLogger.LOGGER.traceSecurityDomainFound(lookup.getClass().getName());
            } else {
                Object lookup2 = new InitialContext().lookup(SecurityConstants.JAAS_CONTEXT_ROOT + unprefixSecurityDomain + "/jsse");
                if (lookup2 instanceof JSSESecurityDomain) {
                    this.domain = lookup2;
                    PicketBoxLogger.LOGGER.traceSecurityDomainFound(lookup2.getClass().getName());
                } else {
                    PicketBoxLogger.LOGGER.errorGettingJSSESecurityDomain(unprefixSecurityDomain);
                }
            }
        } catch (NamingException e2) {
            PicketBoxLogger.LOGGER.errorFindingSecurityDomain(unprefixSecurityDomain, e2);
        }
        String str = (String) map2.get(VERIFIER);
        if (str != null) {
            try {
                this.verifier = (X509CertificateVerifier) SecurityActions.getContextClassLoader().loadClass(str).newInstance();
            } catch (Throwable th) {
                PicketBoxLogger.LOGGER.errorCreatingCertificateVerifier(th);
            }
        }
        PicketBoxLogger.LOGGER.traceEndInitialize();
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public boolean login() throws LoginException {
        PicketBoxLogger picketBoxLogger = PicketBoxLogger.LOGGER;
        picketBoxLogger.traceBeginLogin();
        if (super.login()) {
            Object obj = this.sharedState.get("javax.security.auth.login.name");
            if (obj instanceof Principal) {
                this.identity = (Principal) obj;
            } else {
                try {
                    this.identity = createIdentity(obj.toString());
                } catch (Exception e2) {
                    throw PicketBoxMessages.MESSAGES.failedToCreatePrincipal(e2.getLocalizedMessage());
                }
            }
            Object obj2 = this.sharedState.get("javax.security.auth.login.password");
            if (obj2 instanceof X509Certificate) {
                this.credential = (X509Certificate) obj2;
            } else if (obj2 != null) {
                picketBoxLogger.debugPasswordNotACertificate();
                this.loginOk = false;
                return false;
            }
            return true;
        }
        this.loginOk = false;
        Object[] aliasAndCert = getAliasAndCert();
        String str = (String) aliasAndCert[0];
        X509Certificate x509Certificate = (X509Certificate) aliasAndCert[1];
        this.credential = x509Certificate;
        if (str == null && x509Certificate == null) {
            Principal principal = this.unauthenticatedIdentity;
            this.identity = principal;
            picketBoxLogger.traceUsingUnauthIdentity(principal.toString());
        }
        if (this.identity == null) {
            try {
                this.identity = createIdentity(str);
            } catch (Exception e3) {
                PicketBoxLogger.LOGGER.debugFailureToCreateIdentityForAlias(str, e3);
            }
            if (!validateCredential(str, this.credential)) {
                throw PicketBoxMessages.MESSAGES.failedToMatchCredential(str);
            }
        }
        if (getUseFirstPass()) {
            this.sharedState.put("javax.security.auth.login.name", str);
            this.sharedState.put("javax.security.auth.login.password", this.credential);
        }
        this.loginOk = true;
        PicketBoxLogger.LOGGER.traceEndLogin(true);
        return true;
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x003b  */
    /* JADX WARN: Removed duplicated region for block: B:14:0x004a  */
    /* JADX WARN: Removed duplicated region for block: B:7:0x0036  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected boolean validateCredential(java.lang.String r8, java.security.cert.X509Certificate r9) {
        /*
            r7 = this;
            java.lang.String r0 = "\n\t\t"
            org.jboss.security.PicketBoxLogger r1 = org.jboss.security.PicketBoxLogger.LOGGER
            r1.traceBeginValidateCredential()
            java.lang.Object r2 = r7.domain
            r3 = 0
            if (r2 == 0) goto L32
            boolean r4 = r2 instanceof org.jboss.security.SecurityDomain
            if (r4 == 0) goto L1f
            org.jboss.security.SecurityDomain r2 = (org.jboss.security.SecurityDomain) r2
            java.security.KeyStore r2 = r2.getKeyStore()
            java.lang.Object r4 = r7.domain
            org.jboss.security.SecurityDomain r4 = (org.jboss.security.SecurityDomain) r4
            java.security.KeyStore r4 = r4.getTrustStore()
            goto L34
        L1f:
            boolean r4 = r2 instanceof org.jboss.security.JSSESecurityDomain
            if (r4 == 0) goto L32
            org.jboss.security.JSSESecurityDomain r2 = (org.jboss.security.JSSESecurityDomain) r2
            java.security.KeyStore r2 = r2.getKeyStore()
            java.lang.Object r4 = r7.domain
            org.jboss.security.JSSESecurityDomain r4 = (org.jboss.security.JSSESecurityDomain) r4
            java.security.KeyStore r4 = r4.getTrustStore()
            goto L34
        L32:
            r2 = r3
            r4 = r2
        L34:
            if (r4 != 0) goto L37
            r4 = r2
        L37:
            org.jboss.security.auth.certs.X509CertificateVerifier r5 = r7.verifier
            if (r5 == 0) goto L4a
            java.lang.Class r0 = r5.getClass()
            r1.traceValidatingUsingVerifier(r0)
            org.jboss.security.auth.certs.X509CertificateVerifier r0 = r7.verifier
            boolean r8 = r0.verify(r9, r8, r2, r4)
            goto Lef
        L4a:
            if (r4 == 0) goto Leb
            if (r9 == 0) goto Leb
            java.security.cert.Certificate r2 = r4.getCertificate(r8)     // Catch: java.security.KeyStoreException -> Ldf
            java.security.cert.X509Certificate r2 = (java.security.cert.X509Certificate) r2     // Catch: java.security.KeyStoreException -> Ldf
            boolean r1 = r1.isTraceEnabled()     // Catch: java.security.KeyStoreException -> Ldc
            if (r1 == 0) goto Le6
            java.lang.StringBuffer r1 = new java.lang.StringBuffer     // Catch: java.security.KeyStoreException -> Ldc
            java.lang.String r3 = "\n\t"
            r1.<init>(r3)     // Catch: java.security.KeyStoreException -> Ldc
            org.jboss.security.PicketBoxMessages r3 = org.jboss.security.PicketBoxMessages.MESSAGES     // Catch: java.security.KeyStoreException -> Ldc
            java.lang.String r5 = r3.suppliedCredentialMessage()     // Catch: java.security.KeyStoreException -> Ldc
            r1.append(r5)     // Catch: java.security.KeyStoreException -> Ldc
            java.math.BigInteger r5 = r9.getSerialNumber()     // Catch: java.security.KeyStoreException -> Ldc
            r6 = 16
            java.lang.String r5 = r5.toString(r6)     // Catch: java.security.KeyStoreException -> Ldc
            r1.append(r5)     // Catch: java.security.KeyStoreException -> Ldc
            r1.append(r0)     // Catch: java.security.KeyStoreException -> Ldc
            java.security.Principal r5 = r9.getSubjectDN()     // Catch: java.security.KeyStoreException -> Ldc
            java.lang.String r5 = r5.getName()     // Catch: java.security.KeyStoreException -> Ldc
            r1.append(r5)     // Catch: java.security.KeyStoreException -> Ldc
            java.lang.String r5 = "\n\n\t"
            r1.append(r5)     // Catch: java.security.KeyStoreException -> Ldc
            java.lang.String r3 = r3.existingCredentialMessage()     // Catch: java.security.KeyStoreException -> Ldc
            r1.append(r3)     // Catch: java.security.KeyStoreException -> Ldc
            if (r2 == 0) goto Lb2
            java.math.BigInteger r3 = r2.getSerialNumber()     // Catch: java.security.KeyStoreException -> Ldc
            java.lang.String r3 = r3.toString(r6)     // Catch: java.security.KeyStoreException -> Ldc
            r1.append(r3)     // Catch: java.security.KeyStoreException -> Ldc
            r1.append(r0)     // Catch: java.security.KeyStoreException -> Ldc
            java.security.Principal r0 = r2.getSubjectDN()     // Catch: java.security.KeyStoreException -> Ldc
            java.lang.String r0 = r0.getName()     // Catch: java.security.KeyStoreException -> Ldc
            r1.append(r0)     // Catch: java.security.KeyStoreException -> Ldc
            java.lang.String r0 = "\n"
            r1.append(r0)     // Catch: java.security.KeyStoreException -> Ldc
            goto Ld2
        Lb2:
            java.util.ArrayList r0 = new java.util.ArrayList     // Catch: java.security.KeyStoreException -> Ldc
            r0.<init>()     // Catch: java.security.KeyStoreException -> Ldc
            java.util.Enumeration r3 = r4.aliases()     // Catch: java.security.KeyStoreException -> Ldc
        Lbb:
            boolean r4 = r3.hasMoreElements()     // Catch: java.security.KeyStoreException -> Ldc
            if (r4 == 0) goto Lc9
            java.lang.Object r4 = r3.nextElement()     // Catch: java.security.KeyStoreException -> Ldc
            r0.add(r4)     // Catch: java.security.KeyStoreException -> Ldc
            goto Lbb
        Lc9:
            org.jboss.security.PicketBoxMessages r3 = org.jboss.security.PicketBoxMessages.MESSAGES     // Catch: java.security.KeyStoreException -> Ldc
            java.lang.String r0 = r3.noMatchForAliasMessage(r8, r0)     // Catch: java.security.KeyStoreException -> Ldc
            r1.append(r0)     // Catch: java.security.KeyStoreException -> Ldc
        Ld2:
            org.jboss.security.PicketBoxLogger r0 = org.jboss.security.PicketBoxLogger.LOGGER     // Catch: java.security.KeyStoreException -> Ldc
            java.lang.String r1 = r1.toString()     // Catch: java.security.KeyStoreException -> Ldc
            r0.trace(r1)     // Catch: java.security.KeyStoreException -> Ldc
            goto Le6
        Ldc:
            r0 = move-exception
            r3 = r2
            goto Le0
        Ldf:
            r0 = move-exception
        Le0:
            org.jboss.security.PicketBoxLogger r1 = org.jboss.security.PicketBoxLogger.LOGGER
            r1.warnFailureToFindCertForAlias(r8, r0)
            r2 = r3
        Le6:
            boolean r8 = r9.equals(r2)
            goto Lef
        Leb:
            r1.warnFailureToValidateCertificate()
            r8 = 0
        Lef:
            org.jboss.security.PicketBoxLogger r9 = org.jboss.security.PicketBoxLogger.LOGGER
            r9.traceEndValidateCredential(r8)
            return r8
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jboss.security.auth.spi.BaseCertLoginModule.validateCredential(java.lang.String, java.security.cert.X509Certificate):boolean");
    }
}
