package tyrex.security.cert;

import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
import java.util.Set;
import java.util.Vector;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:113638-04/tomcat40.nbm:netbeans/tomcat401/common/lib/tyrex-0.9.7.0.jar:tyrex/security/cert/X509CertificateLoginModule.class */
public final class X509CertificateLoginModule implements LoginModule {
    private static final String DefaultKeyStore = "JKS";
    private static final String ModuleName = "X509CertificateLoginModule";
    private Subject _subject;
    private Vector _subjectDN;
    private Hashtable _trusted;
    private X509CRL _crl;
    static Class class$java$security$cert$X509Certificate;

    /* loaded from: input_file:113638-04/tomcat40.nbm:netbeans/tomcat401/common/lib/tyrex-0.9.7.0.jar:tyrex/security/cert/X509CertificateLoginModule$Options.class */
    public static class Options {
        public static final String KeyStore = "key-store";
        public static final String TrustedCerts = "trusted-certs";
        public static final String CRLClass = "crl-class";
        public static final String LogErrors = "log-errors";
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean abort() throws LoginException {
        if (this._subjectDN == null) {
            return false;
        }
        this._subjectDN.clear();
        return true;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean commit() throws LoginException {
        if (this._subjectDN == null) {
            return false;
        }
        this._subject.getPrincipals().add(this._subjectDN);
        return true;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:45:0x0292 A[Catch: all -> 0x031d, TryCatch #2 {, blocks: (B:4:0x000b, B:7:0x0022, B:86:0x0043, B:9:0x00a5, B:11:0x00b8, B:13:0x00e7, B:14:0x0171, B:16:0x0102, B:18:0x0109, B:21:0x0113, B:24:0x0121, B:27:0x0129, B:35:0x0140, B:37:0x014c, B:42:0x0179, B:43:0x027f, B:45:0x0292, B:48:0x02b7, B:51:0x02e7, B:53:0x02f3, B:57:0x01a2, B:60:0x01cc, B:61:0x021f, B:63:0x01e1, B:66:0x01f7, B:69:0x0205, B:72:0x020d, B:79:0x0229, B:82:0x024f, B:84:0x025b, B:89:0x0069, B:91:0x0075, B:92:0x0096), top: B:3:0x000b, inners: #0, #1, #3, #4 }] */
    /* JADX WARN: Type inference failed for: r0v11 */
    /* JADX WARN: Type inference failed for: r0v2 */
    /* JADX WARN: Type inference failed for: r0v20, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v27, types: [java.util.Hashtable] */
    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v37, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v58, types: [java.security.cert.X509CRL] */
    /* JADX WARN: Type inference failed for: r0v64, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v75, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r0v80, types: [java.security.KeyStore] */
    /* JADX WARN: Type inference failed for: r0v81, types: [boolean] */
    /* JADX WARN: Type inference failed for: r0v82, types: [java.security.KeyStore] */
    @Override // javax.security.auth.spi.LoginModule
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void initialize(javax.security.auth.Subject r7, javax.security.auth.callback.CallbackHandler r8, java.util.Map r9, java.util.Map r10) {
        /*
            Method dump skipped, instructions count: 809
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: tyrex.security.cert.X509CertificateLoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map):void");
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean login() throws LoginException {
        Class class$;
        if (this._subject == null) {
            return false;
        }
        Subject subject = this._subject;
        if (class$java$security$cert$X509Certificate != null) {
            class$ = class$java$security$cert$X509Certificate;
        } else {
            class$ = class$("java.security.cert.X509Certificate");
            class$java$security$cert$X509Certificate = class$;
        }
        Set<X509Certificate> publicCredentials = subject.getPublicCredentials(class$);
        if (publicCredentials.size() == 0) {
            return false;
        }
        for (X509Certificate x509Certificate : publicCredentials) {
            X509Certificate x509Certificate2 = (X509Certificate) this._trusted.get(x509Certificate.getIssuerDN());
            if (x509Certificate2 != null) {
                try {
                    x509Certificate.checkValidity();
                    try {
                        x509Certificate.verify(x509Certificate2.getPublicKey());
                        if (this._crl != null && this._crl.isRevoked(x509Certificate)) {
                            throw new LoginException(new StringBuffer("The certificate for ").append(x509Certificate.getSubjectDN().getName()).append(" has been revoked").toString());
                        }
                        if (this._subjectDN == null) {
                            this._subjectDN = new Vector();
                        }
                        this._subjectDN.add(x509Certificate.getSubjectDN());
                    } catch (CertificateException unused) {
                        throw new LoginException(new StringBuffer("The certificate for ").append(x509Certificate.getSubjectDN().getName()).append(" was not signed by ").append(x509Certificate2.getSubjectDN().getName()).toString());
                    } catch (GeneralSecurityException e) {
                        throw new LoginException(new StringBuffer("Certificate verification error: ").append(e.toString()).toString());
                    }
                } catch (CertificateException unused2) {
                    throw new LoginException(new StringBuffer("The certificate for ").append(x509Certificate.getSubjectDN().getName()).append(" has expired").toString());
                }
            }
        }
        return this._subjectDN != null;
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean logout() throws LoginException {
        if (this._subjectDN == null) {
            return false;
        }
        this._subject.getPrincipals().remove(this._subjectDN);
        this._subjectDN.clear();
        return true;
    }
}
