package org.objectweb.joram.shared.security.jaas;

import fr.dyade.aaa.common.Configuration;
import fr.dyade.aaa.common.stream.StreamUtil;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.acl.Group;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import javax.security.auth.Subject;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.objectweb.jonas.security.auth.JPrincipal;
import org.objectweb.jonas.security.auth.JSigned;
import org.objectweb.jonas.security.auth.callback.NoInputCallbackHandler;
import org.objectweb.joram.shared.security.Identity;
import org.objectweb.util.monolog.api.BasicLevel;

/* loaded from: input_file:org/objectweb/joram/shared/security/jaas/JonasIdentity.class */
public class JonasIdentity extends Identity {
    private static final long serialVersionUID = 1;
    private static final String JAAS_ENTRY_NAME = "ask_remote";
    private static final String KEYSTORE_FILE = "joram.security.jaas.keystoreFile";
    private static final String KEYSTORE_PASS = "joram.security.jaas.keystorePass";
    private static final String KEYSTORE_ALIAS = "joram.security.jaas.alias";
    private static final String UNTESTED_SIGNATURE = "joram.security.jaas.untestedSignature";
    private static final String UNSORT_ROLES = "joram.security.jaas.unsortRoles";
    private String principal;
    private LoginContext loginContext;
    private Subject subject = null;
    private PublicKey publickey = null;

    public void setIdentity(String str, String str2) throws Exception {
        setIdentity(str, str2, null);
    }

    public void setIdentity(String str, String str2, String str3) throws Exception {
        if (logger.isLoggable(BasicLevel.DEBUG)) {
            logger.log(BasicLevel.DEBUG, "JonasIdentity.setIdentity(" + str + ", ****)");
        }
        this.principal = str;
        if (logger.isLoggable(BasicLevel.DEBUG)) {
            logger.log(BasicLevel.DEBUG, "JonasIdentity.setIdentity principal = " + this.principal);
        }
        try {
            String property = Configuration.getBoolean("joram.security.jaas.entryName") ? Configuration.getProperty("joram.security.jaas.entryName") : str3 != null ? str3 : JAAS_ENTRY_NAME;
            if (logger.isLoggable(BasicLevel.DEBUG)) {
                logger.log(BasicLevel.DEBUG, "setIdentity: jaasEntryName = " + property);
            }
            this.loginContext = new LoginContext(property, new NoInputCallbackHandler(str, str2));
            try {
                if (logger.isLoggable(BasicLevel.DEBUG)) {
                    logger.log(BasicLevel.DEBUG, "JonasIdentity.setIdentity factory initial = " + Configuration.getProperty("java.naming.factory.initial"));
                }
                this.loginContext.login();
                this.subject = this.loginContext.getSubject();
                if (this.subject == null) {
                    if (logger.isLoggable(BasicLevel.ERROR)) {
                        logger.log(BasicLevel.ERROR, "No subject for the user " + this.principal);
                    }
                    throw new Exception("No subject for the user " + this.principal);
                }
            } catch (FailedLoginException e) {
                if (logger.isLoggable(BasicLevel.ERROR)) {
                    logger.log(BasicLevel.ERROR, "Failed Login for the user " + this.principal, e);
                }
                throw new Exception("Failed Login for the user " + this.principal, e);
            } catch (LoginException e2) {
                if (logger.isLoggable(BasicLevel.ERROR)) {
                    logger.log(BasicLevel.ERROR, "Login exception for the user " + this.principal, e2);
                }
                throw new Exception("Login exception for the user " + this.principal, e2);
            } catch (CredentialExpiredException e3) {
                if (logger.isLoggable(BasicLevel.ERROR)) {
                    logger.log(BasicLevel.ERROR, "Credential expired for the user " + this.principal, e3);
                }
                throw new Exception("Credential expired for the user " + this.principal, e3);
            } catch (AccountExpiredException e4) {
                if (logger.isLoggable(BasicLevel.ERROR)) {
                    logger.log(BasicLevel.ERROR, "Account expired for the user " + this.principal, e4);
                }
                throw new Exception("Account expired for the user " + this.principal, e4);
            }
        } catch (LoginException e5) {
            if (logger.isLoggable(BasicLevel.ERROR)) {
                logger.log(BasicLevel.ERROR, "EXCEPTION setIdentity::", e5);
            }
            throw new Exception(e5.getMessage());
        }
    }

    public String getUserName() {
        return this.principal;
    }

    public void setUserName(String str) {
        this.principal = str;
    }

    private String getPrincipal() {
        for (JPrincipal jPrincipal : this.subject.getPrincipals(Principal.class)) {
            if (logger.isLoggable(BasicLevel.DEBUG)) {
                logger.log(BasicLevel.DEBUG, "getPrincipal class = " + jPrincipal.getClass().getName());
            }
            if (jPrincipal instanceof JPrincipal) {
                if (logger.isLoggable(BasicLevel.DEBUG)) {
                    logger.log(BasicLevel.DEBUG, "getPrincipal name = " + jPrincipal.getName());
                }
                return jPrincipal.getName();
            }
        }
        return null;
    }

    private Object[] getRoles() {
        ArrayList arrayList = new ArrayList();
        for (Group group : this.subject.getPrincipals(Group.class)) {
            if (!(group instanceof JSigned)) {
                Enumeration<? extends Principal> members = group.members();
                while (members.hasMoreElements()) {
                    arrayList.add(members.nextElement().getName());
                }
            }
        }
        return arrayList.toArray();
    }

    private byte[] getSignature() {
        for (JSigned jSigned : this.subject.getPrincipals(Group.class)) {
            if (logger.isLoggable(BasicLevel.DEBUG)) {
                logger.log(BasicLevel.DEBUG, "getSignature group = " + jSigned.getClass().getName());
            }
            if (jSigned instanceof JSigned) {
                return jSigned.getSignature();
            }
        }
        return null;
    }

    private synchronized void initPublicKey() throws Exception {
        String property = Configuration.getProperty(KEYSTORE_FILE);
        if (property == null) {
            throw new IllegalStateException("The 'joram.security.jaas.keystoreFile' attribute was not found but this attribute is mandatory");
        }
        String property2 = Configuration.getProperty(KEYSTORE_PASS);
        if (property2 == null) {
            throw new IllegalStateException("The 'joram.security.jaas.keystorePass' attribute was not found but this attribute is mandatory");
        }
        String property3 = Configuration.getProperty(KEYSTORE_ALIAS);
        if (property3 == null) {
            throw new IllegalStateException("The 'joram.security.jaas.alias' attribute was not found but this attribute is mandatory");
        }
        File file = new File(property);
        if (!file.exists()) {
            throw new IllegalStateException("The keystore file named '" + file + "' was not found.");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            try {
                keyStore.load(new BufferedInputStream(new FileInputStream(file)), property2.toCharArray());
                try {
                    this.publickey = keyStore.getCertificate(property3).getPublicKey();
                } catch (KeyStoreException e) {
                    throw new IllegalStateException("Error while getting the alias '" + property3 + "' in the keystore file '" + property + "':" + e.getMessage());
                }
            } catch (FileNotFoundException e2) {
                throw new IllegalStateException("Error while loading the keystore file '" + file + "'." + e2.getMessage());
            } catch (IOException e3) {
                throw new IllegalStateException("Error while loading the keystore file '" + file + "'." + e3.getMessage());
            } catch (NoSuchAlgorithmException e4) {
                throw new IllegalStateException("Error while loading the keystore file '" + file + "'." + e4.getMessage());
            } catch (CertificateException e5) {
                throw new IllegalStateException("Error while loading the keystore file '" + file + "'." + e5.getMessage());
            }
        } catch (KeyStoreException e6) {
            throw new IllegalStateException("Error while getting a keystore ':" + e6.getMessage());
        }
    }

    private PublicKey getPublicKey() throws Exception {
        if (this.publickey == null) {
            initPublicKey();
        }
        return this.publickey;
    }

    private boolean validate(JonasIdentity jonasIdentity) throws Exception {
        if (logger.isLoggable(BasicLevel.DEBUG)) {
            logger.log(BasicLevel.DEBUG, "validate(" + jonasIdentity + ')');
        }
        if (!Configuration.getBoolean(UNTESTED_SIGNATURE)) {
            return validate(getPublicKey(), jonasIdentity);
        }
        if (!logger.isLoggable(BasicLevel.WARN)) {
            return true;
        }
        logger.log(BasicLevel.WARN, "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
        logger.log(BasicLevel.WARN, "!!!!!!!!!!!! untested signature.");
        logger.log(BasicLevel.WARN, "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
        return true;
    }

    private boolean validate(PublicKey publicKey, JonasIdentity jonasIdentity) throws Exception {
        try {
            Signature signature = Signature.getInstance("SHA1withDSA");
            try {
                signature.initVerify(publicKey);
                try {
                    String principal = jonasIdentity.getPrincipal();
                    if (logger.isLoggable(BasicLevel.DEBUG)) {
                        logger.log(BasicLevel.DEBUG, "validate principal = " + principal);
                    }
                    if (principal == null) {
                        if (logger.isLoggable(BasicLevel.ERROR)) {
                            logger.log(BasicLevel.ERROR, "EXCEPTION:: validate principal == null");
                        }
                        throw new Exception("Cannot add the bytes for the principal name '" + principal + "'");
                    }
                    signature.update(principal.getBytes());
                    Object[] roles = jonasIdentity.getRoles();
                    if (!Configuration.getBoolean(UNSORT_ROLES)) {
                        Arrays.sort(roles);
                    }
                    for (int i = 0; i < roles.length; i++) {
                        try {
                            signature.update(((String) roles[i]).getBytes());
                        } catch (SignatureException e) {
                            if (logger.isLoggable(BasicLevel.ERROR)) {
                                logger.log(BasicLevel.ERROR, "EXCEPTION:: validate", e);
                            }
                            throw new Exception("Cannot add the bytes for the role '" + roles[i] + "' : " + e.getMessage());
                        }
                    }
                    try {
                        boolean verify = signature.verify(jonasIdentity.getSignature());
                        if (verify) {
                            if (logger.isLoggable(BasicLevel.DEBUG)) {
                                logger.log(BasicLevel.DEBUG, "validate trusted = " + verify);
                            }
                            return verify;
                        }
                        if (logger.isLoggable(BasicLevel.ERROR)) {
                            logger.log(BasicLevel.ERROR, "validate trusted = false");
                        }
                        throw new Exception("The signature for the identity '" + this + "' has been altered by an unknown source.");
                    } catch (SignatureException e2) {
                        if (logger.isLoggable(BasicLevel.ERROR)) {
                            logger.log(BasicLevel.ERROR, "EXCEPTION:: validate", e2);
                        }
                        throw new Exception("The signature found in the identity '" + this + "' is invalid:" + e2.getMessage());
                    }
                } catch (SignatureException e3) {
                    if (logger.isLoggable(BasicLevel.ERROR)) {
                        logger.log(BasicLevel.ERROR, "EXCEPTION:: validate", e3);
                    }
                    throw new Exception("Cannot add the bytes for the principal name '" + ((String) null) + "' :" + e3.getMessage());
                }
            } catch (InvalidKeyException e4) {
                if (logger.isLoggable(BasicLevel.ERROR)) {
                    logger.log(BasicLevel.ERROR, "EXCEPTION:: validate", e4);
                }
                throw new Exception("Cannot initialize the signature with the given public key:" + e4.getMessage());
            }
        } catch (NoSuchAlgorithmException e5) {
            if (logger.isLoggable(BasicLevel.ERROR)) {
                logger.log(BasicLevel.ERROR, "EXCEPTION:: validate", e5);
            }
            throw new Exception("Error while getting the algorithm 'SHA1withDSA' :" + e5.getMessage());
        }
    }

    public boolean check(Identity identity) throws Exception {
        if (logger.isLoggable(BasicLevel.DEBUG)) {
            logger.log(BasicLevel.DEBUG, "JonasIdentity.check(" + identity + ')');
        }
        if (identity instanceof JonasIdentity) {
            return validate((JonasIdentity) identity);
        }
        if (logger.isLoggable(BasicLevel.ERROR)) {
            logger.log(BasicLevel.ERROR, "check : JonasIdentity is not an instance of " + identity);
        }
        throw new Exception("check : JonasIdentity is not an instance of " + identity);
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("JonasIdentity (");
        stringBuffer.append("principal=");
        stringBuffer.append(this.principal);
        stringBuffer.append(",subject=");
        stringBuffer.append(this.subject);
        stringBuffer.append(')');
        return stringBuffer.toString();
    }

    public void readFrom(InputStream inputStream) throws IOException {
        this.principal = StreamUtil.readStringFrom(inputStream);
        ByteArrayInputStream byteArrayInputStream = null;
        ObjectInputStream objectInputStream = null;
        try {
            byteArrayInputStream = new ByteArrayInputStream(StreamUtil.readByteArrayFrom(inputStream));
            objectInputStream = new ObjectInputStream(byteArrayInputStream);
            try {
                this.subject = (Subject) objectInputStream.readObject();
                try {
                    objectInputStream.close();
                } catch (IOException e) {
                }
                try {
                    byteArrayInputStream.close();
                } catch (IOException e2) {
                }
            } catch (ClassNotFoundException e3) {
                if (logger.isLoggable(BasicLevel.ERROR)) {
                    logger.log(BasicLevel.ERROR, "EXCEPTION:: readFrom", e3);
                }
                throw new IOException(e3.getMessage());
            }
        } catch (Throwable th) {
            try {
                objectInputStream.close();
            } catch (IOException e4) {
            }
            try {
                byteArrayInputStream.close();
            } catch (IOException e5) {
            }
            throw th;
        }
    }

    public void writeTo(OutputStream outputStream) throws IOException {
        StreamUtil.writeTo(this.principal, outputStream);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
        try {
            objectOutputStream.writeObject(this.subject);
            objectOutputStream.flush();
            StreamUtil.writeTo(byteArrayOutputStream.toByteArray(), outputStream);
            objectOutputStream.close();
            byteArrayOutputStream.close();
        } finally {
            try {
                objectOutputStream.close();
            } catch (IOException e) {
            }
            try {
                byteArrayOutputStream.close();
            } catch (IOException e2) {
            }
        }
    }
}
