package com.sun.enterprise.security.auth.login;

import com.sun.enterprise.deployment.PrincipalImpl;
import com.sun.enterprise.security.auth.login.common.X509CertificateCredential;
import com.sun.enterprise.util.LocalStringManagerImpl;
import com.sun.logging.LogDomains;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.ChoiceCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:com/sun/enterprise/security/auth/login/ClientCertificateLoginModule.class */
public class ClientCertificateLoginModule implements LoginModule {
    private static Logger _logger;
    private static LocalStringManagerImpl localStrings = new LocalStringManagerImpl(ClientCertificateLoginModule.class);
    private static KeyStore ks = null;
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map sharedState;
    private Map options;
    private boolean debug = false;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    private String alias;
    private X509Certificate certificate;
    private PrincipalImpl userPrincipal;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        this.debug = "true".equalsIgnoreCase((String) map2.get("debug"));
    }

    public boolean login() throws LoginException {
        if (this.callbackHandler == null) {
            throw new LoginException("Error: no CallbackHandler available to garner authentication information from the user");
        }
        try {
            String[] strArr = new String[ks.size()];
            String[] strArr2 = new String[ks.size()];
            Enumeration<String> aliases = ks.aliases();
            for (int i = 0; i < ks.size(); i++) {
                strArr2[i] = aliases.nextElement();
                strArr[i] = ((X509Certificate) ks.getCertificate(strArr2[i])).getSubjectDN().getName();
            }
            ChoiceCallback[] choiceCallbackArr = {new ChoiceCallback(localStrings.getLocalString("login.certificate", "Choose from list of certificates: "), strArr, 0, false)};
            this.callbackHandler.handle(choiceCallbackArr);
            String[] choices = choiceCallbackArr[0].getChoices();
            int[] selectedIndexes = choiceCallbackArr[0].getSelectedIndexes();
            if (choices == null) {
            }
            if (selectedIndexes == null) {
                throw new LoginException("No certificate selected!");
            }
            if (selectedIndexes[0] == -1) {
                throw new LoginException("Incorrect keystore password");
            }
            if (this.debug && _logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "\t\t[ClientCertificateLoginModule] user entered certificate: ");
                for (int i2 : selectedIndexes) {
                    _logger.log(Level.FINE, strArr2[i2]);
                }
            }
            this.alias = strArr2[selectedIndexes[0]];
            this.certificate = (X509Certificate) ks.getCertificate(this.alias);
            if (this.debug && _logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "\t\t[ClientCertificateLoginModule] authentication succeeded");
            }
            this.succeeded = true;
            return true;
        } catch (IOException e) {
            throw new LoginException(e.toString());
        } catch (UnsupportedCallbackException e2) {
            throw new LoginException("Error: " + e2.getCallback().toString() + " not available to garner authentication information from the user");
        } catch (Exception e3) {
            throw new LoginException(e3.toString());
        }
    }

    public boolean commit() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        this.userPrincipal = new PrincipalImpl(this.alias);
        if (!this.subject.getPrincipals().contains(this.userPrincipal)) {
            this.subject.getPrincipals().add(this.userPrincipal);
        }
        if (this.debug && _logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "\t\t[ClientCertificateLoginModule] added PrincipalImpl to Subject");
        }
        X509CertificateCredential x509CertificateCredential = new X509CertificateCredential(new X509Certificate[]{this.certificate}, this.alias, "certificate");
        if (!this.subject.getPrivateCredentials().contains(x509CertificateCredential)) {
            this.subject.getPrivateCredentials().add(x509CertificateCredential);
        }
        this.commitSucceeded = true;
        return true;
    }

    public boolean abort() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        if (!this.succeeded || this.commitSucceeded) {
            logout();
            return true;
        }
        this.succeeded = false;
        this.alias = null;
        this.userPrincipal = null;
        return true;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().remove(this.userPrincipal);
        this.succeeded = false;
        this.succeeded = this.commitSucceeded;
        this.alias = null;
        this.userPrincipal = null;
        return true;
    }

    public static void setKeyStore(KeyStore keyStore) {
        ks = keyStore;
    }

    static {
        _logger = null;
        _logger = LogDomains.getLogger(LogDomains.SECURITY_LOGGER);
    }
}
