package com.sun.enterprise.security;

import com.sun.enterprise.security.auth.realm.certificate.CertificateRealm;
import java.lang.annotation.Annotation;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.security.auth.x500.X500Principal;
import org.glassfish.internal.api.Globals;

/* loaded from: input_file:MICRO-INF/runtime/security.jar:com/sun/enterprise/security/BaseCertificateLoginModule.class */
public abstract class BaseCertificateLoginModule implements LoginModule {
    private Subject subject;
    protected Map<String, ?> _sharedState;
    protected Map<String, ?> _options;
    protected static final Logger _logger = SecurityLoggerInfo.getLogger();
    private CallbackHandler callbackHandler;
    private boolean success;
    private boolean commitsuccess;
    private X509Certificate[] certs;
    private X500Principal x500Principal;
    private String[] groups;
    private String appName;

    public final void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this._sharedState = map;
        this._options = map2;
        this.callbackHandler = callbackHandler;
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Login module initialized: {0}", getClass());
        }
    }

    public final boolean login() throws LoginException {
        extractCredentials();
        authenticateUser();
        _logger.fine("JAAS login complete.");
        return true;
    }

    public final boolean commit() throws LoginException {
        if (!this.success) {
            return false;
        }
        Set<Principal> principals = this.subject.getPrincipals();
        for (int i = 0; i < this.groups.length; i++) {
            if (this.groups[i] != null) {
                principals.add(((PrincipalGroupFactory) Globals.getDefaultHabitat().getService(PrincipalGroupFactory.class, new Annotation[0])).getGroupInstance(this.groups[i], "certificate"));
            }
            this.groups[i] = null;
        }
        this.groups = null;
        this.commitsuccess = true;
        if (!_logger.isLoggable(Level.FINE)) {
            return true;
        }
        _logger.log(Level.FINE, "JAAS authentication committed.");
        return true;
    }

    public final boolean abort() throws LoginException {
        _logger.fine("JAAS authentication aborted.");
        if (!this.success) {
            return false;
        }
        if (this.commitsuccess) {
            logout();
            return true;
        }
        this.success = false;
        for (int i = 0; i < this.groups.length; i++) {
            this.groups[i] = null;
        }
        this.groups = null;
        if (this.certs != null) {
            for (int i2 = 0; i2 < this.certs.length; i2++) {
                this.certs[i2] = null;
            }
            this.certs = null;
        }
        this.x500Principal = null;
        return true;
    }

    public final boolean logout() throws LoginException {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "JAAS logout for: {0}", this.subject);
        }
        this.subject.getPrincipals().clear();
        this.subject.getPublicCredentials().clear();
        this.subject.getPrivateCredentials().clear();
        this.success = false;
        this.commitsuccess = false;
        if (this.groups != null) {
            for (int i = 0; i < this.groups.length; i++) {
                this.groups[i] = null;
            }
            this.groups = null;
        }
        if (this.certs != null) {
            for (int i2 = 0; i2 < this.certs.length; i2++) {
                this.certs[i2] = null;
            }
            this.certs = null;
        }
        this.x500Principal = null;
        return true;
    }

    private void extractCredentials() throws LoginException {
        Iterator it = this.subject.getPublicCredentials(List.class).iterator();
        if (!it.hasNext()) {
            this.success = false;
            throw new LoginException("No Certificate Credential found.");
        }
        List list = (List) it.next();
        if (list == null || list.isEmpty()) {
            this.success = false;
            throw new LoginException("No Certificate(s) found.");
        }
        try {
            this.certs = (X509Certificate[]) list.toArray(new X509Certificate[list.size()]);
            this.x500Principal = this.certs[0].getSubjectX500Principal();
            CertificateRealm.AppContextCallback appContextCallback = new CertificateRealm.AppContextCallback();
            try {
                this.callbackHandler.handle(new Callback[]{appContextCallback});
                this.appName = appContextCallback.getModuleID();
            } catch (Exception e) {
            }
        } catch (Exception e2) {
            throw ((LoginException) new LoginException("No Certificate(s) found.").initCause(e2));
        }
    }

    protected final void commitUserAuthentication(String[] strArr) {
        this.groups = strArr;
        this.success = strArr != null;
    }

    protected abstract void authenticateUser() throws LoginException;

    protected final String getAppName() {
        return this.appName;
    }

    protected X509Certificate[] getCerts() {
        return this.certs;
    }

    protected X500Principal getX500Principal() {
        return this.x500Principal;
    }

    protected Subject getSubject() {
        return this.subject;
    }
}
