package com.sun.enterprise.security.auth.realm.certificate;

import com.sun.enterprise.security.BaseRealm;
import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.auth.login.DistinguishedPrincipalCredential;
import com.sun.enterprise.security.auth.realm.BadRealmException;
import com.sun.enterprise.security.auth.realm.InvalidOperationException;
import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
import com.sun.enterprise.security.auth.realm.NoSuchUserException;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.logging.Level;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.x500.X500Principal;
import org.glassfish.security.common.Group;
import org.jboss.weld.util.bytecode.BytecodeUtils;
import org.jvnet.hk2.annotations.Service;

@Service
/* loaded from: input_file:MICRO-INF/runtime/security.jar:com/sun/enterprise/security/auth/realm/certificate/CertificateRealm.class */
public final class CertificateRealm extends BaseRealm {
    public static final String AUTH_TYPE = "certificate";
    public static final Map<String, String> OID_MAP;
    private List<String> defaultGroups = new LinkedList();

    /* loaded from: input_file:MICRO-INF/runtime/security.jar:com/sun/enterprise/security/auth/realm/certificate/CertificateRealm$AppContextCallback.class */
    public static final class AppContextCallback implements Callback {
        private String moduleID;

        public String getModuleID() {
            return this.moduleID;
        }

        public void setModuleID(String str) {
            this.moduleID = str;
        }
    }

    @Override // com.sun.enterprise.security.auth.realm.AbstractStatefulRealm
    protected void init(Properties properties) throws BadRealmException, NoSuchRealmException {
        super.init(properties);
        String[] addAssignGroups = addAssignGroups(null);
        if (addAssignGroups != null && addAssignGroups.length > 0) {
            this.defaultGroups.addAll(Arrays.asList(addAssignGroups));
        }
        String property = properties.getProperty("jaas-context");
        if (property != null) {
            setProperty("jaas-context", property);
        }
        String property2 = properties.getProperty("common-name-as-principal-name");
        if (property2 != null) {
            setProperty("useCommonName", property2);
        }
    }

    @Override // com.sun.enterprise.security.auth.realm.AbstractRealm
    public String getAuthType() {
        return "certificate";
    }

    @Override // com.sun.enterprise.security.auth.realm.AbstractRealm
    public Enumeration<String> getGroupNames(String str) throws NoSuchUserException, InvalidOperationException {
        return Collections.enumeration(this.defaultGroups);
    }

    public String authenticate(Subject subject, X500Principal x500Principal) {
        String name = x500Principal.getName("RFC2253", OID_MAP);
        if (Boolean.valueOf(getProperty("useCommonName")).booleanValue()) {
            name = extractCN(name);
        }
        _logger.log(Level.FINEST, "Certificate realm setting up security context for: {0}", name);
        if (this.defaultGroups != null) {
            Set<Principal> principals = subject.getPrincipals();
            Iterator<String> it = this.defaultGroups.iterator();
            while (it.hasNext()) {
                principals.add(new Group(it.next()));
            }
        }
        if (!subject.getPrincipals().isEmpty()) {
            subject.getPublicCredentials().add(new DistinguishedPrincipalCredential(x500Principal));
        }
        SecurityContext.setCurrent(new SecurityContext(name, subject));
        return name;
    }

    private static String extractCN(String str) {
        try {
            return (String) ((Rdn) new LdapName(str).getRdns().stream().filter(rdn -> {
                return rdn.getType().equalsIgnoreCase("CN");
            }).findFirst().orElseThrow(() -> {
                return new IllegalStateException("common-name-as-principal-name set to true, but no CN present in " + str);
            })).getValue();
        } catch (InvalidNameException e) {
            throw new IllegalStateException("Exception extracting CN from DN " + str, e);
        }
    }

    static {
        HashMap hashMap = new HashMap();
        hashMap.put(OIDs.UID, "UID");
        hashMap.put(OIDs.DC, "DC");
        hashMap.put(OIDs.EMAILADDRESS, "EMAILADDRESS");
        hashMap.put(OIDs.IP, "IP");
        hashMap.put(OIDs.CN, "CN");
        hashMap.put(OIDs.SURNAME, "SURNAME");
        hashMap.put(OIDs.SERIALNUMBER, "SERIALNUMBER");
        hashMap.put(OIDs.C, BytecodeUtils.CHAR_CLASS_DESCRIPTOR);
        hashMap.put(OIDs.L, "L");
        hashMap.put(OIDs.ST, "ST");
        hashMap.put(OIDs.STREET, "STREET");
        hashMap.put(OIDs.O, "O");
        hashMap.put(OIDs.OU, "OU");
        hashMap.put(OIDs.T, "T");
        hashMap.put(OIDs.GIVENNAME, "GIVENNAME");
        hashMap.put(OIDs.INITIALS, "INITIALS");
        hashMap.put(OIDs.GENERATION, "GENERATION");
        hashMap.put(OIDs.DNQUALIFIER, "DNQUALIFIER");
        OID_MAP = Collections.unmodifiableMap(hashMap);
    }
}
