package org.josso.auth.scheme;

import java.io.ByteArrayInputStream;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.StringTokenizer;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.josso.auth.CertificatePrincipal;
import org.josso.auth.Credential;
import org.josso.auth.CredentialProvider;
import org.josso.auth.exceptions.SSOAuthenticationException;
import org.josso.auth.scheme.validation.X509CertificateValidationException;
import org.josso.auth.scheme.validation.X509CertificateValidator;
import sun.security.util.DerValue;

/* loaded from: input_file:WEB-INF/lib/josso-strong-authscheme-1.8.9-SNAPSHOT.jar:org/josso/auth/scheme/X509CertificateAuthScheme.class */
public class X509CertificateAuthScheme extends AbstractAuthenticationScheme {
    private static final Log logger = LogFactory.getLog(X509CertificateAuthScheme.class);
    private String _uidOID;
    private String _uid;
    private List<X509CertificateValidator> _validators;

    public X509CertificateAuthScheme() {
        setName("strong-authentication");
    }

    @Override // org.josso.auth.scheme.AuthenticationScheme
    public boolean authenticate() throws SSOAuthenticationException {
        setAuthenticated(false);
        X509Certificate x509Certificate = getX509Certificate(this._inputCredentials);
        if (x509Certificate == null) {
            if (!logger.isDebugEnabled()) {
                return false;
            }
            logger.debug("X.509 Certificate not provided");
            return false;
        }
        if (this._validators != null) {
            Iterator<X509CertificateValidator> it = this._validators.iterator();
            while (it.hasNext()) {
                try {
                    it.next().validate(x509Certificate);
                } catch (X509CertificateValidationException e) {
                    logger.error("Certificate is not valid!", e);
                    return false;
                }
            }
        }
        List<X509Certificate> x509Certificates = getX509Certificates(getKnownCredentials());
        StringBuffer stringBuffer = new StringBuffer("\n\tSupplied Credential: ");
        stringBuffer.append(x509Certificate.getSerialNumber().toString(16));
        stringBuffer.append("\n\t\t");
        stringBuffer.append(x509Certificate.getSubjectX500Principal().getName());
        stringBuffer.append("\n\n\tExisting Credentials: ");
        for (int i = 0; i < x509Certificates.size(); i++) {
            X509Certificate x509Certificate2 = x509Certificates.get(i);
            stringBuffer.append(i + 1);
            stringBuffer.append("\n\t\t");
            stringBuffer.append(x509Certificate2.getSerialNumber().toString(16));
            stringBuffer.append("\n\t\t");
            stringBuffer.append(x509Certificate2.getSubjectX500Principal().getName());
            stringBuffer.append("\n");
        }
        logger.debug(stringBuffer.toString());
        X509Certificate x509Certificate3 = null;
        Iterator<X509Certificate> it2 = x509Certificates.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            X509Certificate next = it2.next();
            if (validateX509Certificate(x509Certificate, next)) {
                x509Certificate3 = next;
                break;
            }
        }
        if (x509Certificate3 == null) {
            return false;
        }
        this._uid = getUID();
        if (this._uid == null) {
            return false;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("[authenticate()], Principal authenticated : " + x509Certificate.getSubjectX500Principal());
        }
        setAuthenticated(true);
        return true;
    }

    @Override // org.josso.auth.scheme.AbstractAuthenticationScheme
    protected CredentialProvider doMakeCredentialProvider() {
        return new X509CertificateCredentialProvider();
    }

    private X509Certificate buildX509Certificate(byte[] bArr) {
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            if (logger.isDebugEnabled()) {
                logger.debug("Building X.509 certificate result :\n " + x509Certificate);
            }
        } catch (CertificateException e) {
            logger.error("Error instantiating X.509 Certificate", e);
        }
        return x509Certificate;
    }

    private X509Certificate buildX509Certificate(String str) {
        return buildX509Certificate(str.getBytes());
    }

    @Override // org.josso.auth.scheme.AuthenticationScheme
    public Credential[] getPrivateCredentials() {
        X509CertificateCredential x509CertificateCredential = getX509CertificateCredential(this._inputCredentials);
        return x509CertificateCredential == null ? new Credential[0] : new Credential[]{x509CertificateCredential};
    }

    @Override // org.josso.auth.scheme.AuthenticationScheme
    public Credential[] getPublicCredentials() {
        X509CertificateCredential x509CertificateCredential = getX509CertificateCredential(this._inputCredentials);
        return x509CertificateCredential == null ? new Credential[0] : new Credential[]{x509CertificateCredential};
    }

    @Override // org.josso.auth.scheme.AuthenticationScheme
    public Principal getPrincipal() {
        return this._uid != null ? new CertificatePrincipal(this._uid, getX509Certificate(this._inputCredentials)) : getPrincipal(this._inputCredentials);
    }

    @Override // org.josso.auth.scheme.AuthenticationScheme
    public Principal getPrincipal(Credential[] credentialArr) {
        X509Certificate x509Certificate = getX509Certificate(credentialArr);
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        CertificatePrincipal certificatePrincipal = null;
        if (this._uidOID == null) {
            String str = (String) parseCompoundName(subjectX500Principal.getName()).get("cn");
            if (str == null) {
                logger.error("Invalid Subject DN. Cannot create Principal : " + subjectX500Principal.getName());
            }
            certificatePrincipal = new CertificatePrincipal(str, x509Certificate);
        } else {
            try {
                byte[] oIDBitStringValueFromCert = getOIDBitStringValueFromCert(x509Certificate, this._uidOID);
                if (oIDBitStringValueFromCert == null) {
                    logger.error("No value obtained for OID " + this._uidOID + ". Cannot create Principal : " + subjectX500Principal.getName());
                }
                certificatePrincipal = new CertificatePrincipal(new String(oIDBitStringValueFromCert), x509Certificate);
            } catch (Exception e) {
                logger.error("Fatal error obtaining UID value using OID " + this._uidOID + ". Cannot create Principal : " + subjectX500Principal.getName(), e);
            }
        }
        return certificatePrincipal;
    }

    protected X509CertificateCredential getX509CertificateCredential(Credential[] credentialArr) {
        for (int i = 0; i < credentialArr.length; i++) {
            if (credentialArr[i] instanceof X509CertificateCredential) {
                return (X509CertificateCredential) credentialArr[i];
            }
        }
        return null;
    }

    protected List<X509CertificateCredential> getX509CertificateCredentials(Credential[] credentialArr) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < credentialArr.length; i++) {
            if (credentialArr[i] instanceof X509CertificateCredential) {
                arrayList.add((X509CertificateCredential) credentialArr[i]);
            }
        }
        return arrayList;
    }

    protected X509Certificate getX509Certificate(Credential[] credentialArr) {
        X509CertificateCredential x509CertificateCredential = getX509CertificateCredential(credentialArr);
        if (x509CertificateCredential == null) {
            return null;
        }
        return (X509Certificate) x509CertificateCredential.getValue();
    }

    protected List<X509Certificate> getX509Certificates(Credential[] credentialArr) {
        ArrayList arrayList = new ArrayList();
        Iterator<X509CertificateCredential> it = getX509CertificateCredentials(credentialArr).iterator();
        while (it.hasNext()) {
            arrayList.add((X509Certificate) it.next().getValue());
        }
        return arrayList;
    }

    protected boolean validateX509Certificate(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        if (x509Certificate == null && x509Certificate2 == null) {
            return false;
        }
        return x509Certificate.equals(x509Certificate2);
    }

    private HashMap parseCompoundName(String str) {
        if (str == null) {
            throw new IllegalArgumentException();
        }
        HashMap hashMap = new HashMap();
        if (str.indexOf("\"") > 0 || str.indexOf("\\") > 0) {
            StringBuffer stringBuffer = new StringBuffer(str);
            boolean z = false;
            StringBuffer stringBuffer2 = new StringBuffer();
            String str2 = "";
            int i = 0;
            while (i < stringBuffer.length()) {
                if ('\"' == stringBuffer.charAt(i)) {
                    z = !z;
                } else {
                    if ('\\' == stringBuffer.charAt(i)) {
                        i++;
                        if (i >= stringBuffer.length()) {
                            break;
                        }
                    } else if ('=' == stringBuffer.charAt(i)) {
                        str2 = stringBuffer2.toString();
                        stringBuffer2 = new StringBuffer();
                    } else if (',' == stringBuffer.charAt(i) && !z) {
                        String stringBuffer3 = stringBuffer2.toString();
                        stringBuffer2 = new StringBuffer();
                        str2 = str2.trim().toLowerCase();
                        hashMap.put(str2, stringBuffer3.trim());
                    }
                    stringBuffer2.append(stringBuffer.charAt(i));
                }
                i++;
            }
            hashMap.put(str2.trim().toLowerCase(), stringBuffer2.toString().trim());
        } else {
            StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                int indexOf = nextToken.indexOf(61);
                if (indexOf == -1) {
                    throw new IllegalArgumentException();
                }
                hashMap.put(nextToken.substring(0, indexOf).trim().toLowerCase(), nextToken.substring(indexOf + 1, nextToken.length()).trim());
            }
        }
        return hashMap;
    }

    private byte[] getOIDBitStringValueFromCert(X509Certificate x509Certificate, String str) throws Exception {
        DerValue derValue = new DerValue(x509Certificate.getExtensionValue(str));
        if (derValue == null) {
            throw new IllegalArgumentException("extension not found for OID : " + str);
        }
        if (derValue.tag != 3) {
            throw new IllegalArgumentException("extension vaue for OID not of type BIT_STRING: " + str);
        }
        byte[] bitString = derValue.getBitString();
        byte[] bArr = new byte[bitString.length - 2];
        System.arraycopy(bitString, 2, bArr, 0, bArr.length);
        return bArr;
    }

    public void setUidOID(String str) {
        this._uidOID = str;
    }

    public String getUidOID() {
        return this._uidOID;
    }

    public List<X509CertificateValidator> getValidators() {
        return this._validators;
    }

    public void setValidators(List<X509CertificateValidator> list) {
        this._validators = list;
    }
}
