package com.ibm.security.auth.module;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.PushbackInputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.Map;
import java.util.ResourceBundle;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.ConfirmationCallback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.security.auth.x500.X500Principal;
import javax.security.auth.x500.X500PrivateCredential;
import org.apache.xalan.xsltc.trax.TransformerFactoryImpl;
import org.apache.xerces.impl.xs.SchemaSymbols;

/* loaded from: input_file:efixes/JDKiFix_aix/components/prereq.jdk/update.jar:/java/jre/lib/security.jar:com/ibm/security/auth/module/KeyStoreLoginModule.class */
public class KeyStoreLoginModule implements LoginModule {
    static final ResourceBundle rb = ResourceBundle.getBundle("com.ibm.security.util.AuthResources");
    private static final int UNINITIALIZED = 0;
    private static final int INITIALIZED = 1;
    private static final int AUTHENTICATED = 2;
    private static final int LOGGED_IN = 3;
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map sharedState;
    private Map options;
    private char[] keyStorePassword;
    private char[] privateKeyPassword;
    private String keyStoreURL;
    private String keyStoreType;
    private String keyStoreProvider;
    private String keyStoreAlias;
    private String keyStorePasswordURL;
    private String privateKeyPasswordURL;
    private boolean debug;
    private X500Principal principal;
    private Certificate[] fromKeyStore;
    private X500PrivateCredential privateCredential;
    private CertPath certP = null;
    private int status = 0;

    @Override // javax.security.auth.spi.LoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        processOptions();
        this.status = 1;
    }

    private void processOptions() {
        this.keyStoreURL = (String) this.options.get("keyStoreURL");
        if (this.keyStoreURL == null) {
            this.keyStoreURL = new StringBuffer().append("file:").append(System.getProperty("user.home").replace(File.separatorChar, '/')).append('/').append(".keystore").toString();
        }
        this.keyStoreType = (String) this.options.get("keyStoreType");
        if (this.keyStoreType == null) {
            this.keyStoreType = KeyStore.getDefaultType();
        }
        this.keyStoreProvider = (String) this.options.get("keyStoreProvider");
        this.keyStoreAlias = (String) this.options.get("keyStoreAlias");
        this.keyStorePasswordURL = (String) this.options.get("keyStorePasswordURL");
        this.privateKeyPasswordURL = (String) this.options.get("privateKeyPasswordURL");
        this.debug = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) this.options.get(TransformerFactoryImpl.DEBUG));
        if (this.debug) {
            debugPrint(new StringBuffer().append("keyStoreURL=").append(this.keyStoreURL).append(" keyStoreAlias=").append(this.keyStoreAlias).append(" keyStorePasswordURL=").append(this.keyStorePasswordURL).append(" privateKeyPasswordURL=").append(this.privateKeyPasswordURL).toString());
        }
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean login() throws LoginException {
        switch (this.status) {
            case 0:
            default:
                throw new LoginException("The login module is not initialized");
            case 1:
            case 2:
                getAliasAndPassword();
                getKeyStoreInfo();
                this.status = 2;
                return true;
            case 3:
                return true;
        }
    }

    private void getAliasAndPassword() throws LoginException {
        if (this.callbackHandler == null) {
            if (this.keyStoreAlias == null) {
                throw new LoginException("Need to specify an alias option to use KeyStoreLoginModule non-interactively.");
            }
            if (this.keyStorePasswordURL == null) {
                throw new LoginException("Need to specify passwordFile option to use KeyStoreLoginModule non-interactively.");
            }
            try {
                InputStream openStream = new URL(this.keyStorePasswordURL).openStream();
                this.keyStorePassword = readPassword(openStream);
                openStream.close();
                if (this.privateKeyPasswordURL == null) {
                    this.privateKeyPassword = this.keyStorePassword;
                    return;
                }
                try {
                    InputStream openStream2 = new URL(this.privateKeyPasswordURL).openStream();
                    this.privateKeyPassword = readPassword(openStream2);
                    openStream2.close();
                    return;
                } catch (IOException e) {
                    throw new LoginException(new StringBuffer().append("Problem accessing private key password \"").append(this.privateKeyPasswordURL).append("\": ").append(e).toString());
                }
            } catch (IOException e2) {
                throw new LoginException(new StringBuffer().append("Problem accessing keystore password \"").append(this.keyStorePasswordURL).append("\": ").append(e2).toString());
            }
        }
        TextOutputCallback textOutputCallback = new TextOutputCallback(0, rb.getString("Please login to keystore"));
        NameCallback nameCallback = (this.keyStoreAlias == null || this.keyStoreAlias.length() == 0) ? new NameCallback(rb.getString("Keystore alias: ")) : new NameCallback(rb.getString("Keystore alias: "), this.keyStoreAlias);
        PasswordCallback passwordCallback = new PasswordCallback(rb.getString("Keystore password: "), false);
        PasswordCallback passwordCallback2 = new PasswordCallback(rb.getString("Private key password (optional): "), false);
        ConfirmationCallback confirmationCallback = new ConfirmationCallback(0, 2, 3);
        try {
            this.callbackHandler.handle(new Callback[]{textOutputCallback, nameCallback, passwordCallback, passwordCallback2, confirmationCallback});
            if (confirmationCallback.getSelectedIndex() == 2) {
                throw new LoginException("Login cancelled");
            }
            this.keyStoreAlias = nameCallback.getName();
            char[] password = passwordCallback.getPassword();
            if (password == null) {
                password = new char[0];
            }
            this.keyStorePassword = new char[password.length];
            System.arraycopy(password, 0, this.keyStorePassword, 0, password.length);
            passwordCallback.clearPassword();
            char[] password2 = passwordCallback2.getPassword();
            if (password2 == null || password2.length == 0) {
                this.privateKeyPassword = this.keyStorePassword;
            } else {
                this.privateKeyPassword = new char[password2.length];
                System.arraycopy(password2, 0, this.privateKeyPassword, 0, password2.length);
                for (int i = 0; i < password2.length; i++) {
                    password2[0] = ' ';
                }
                passwordCallback2.clearPassword();
            }
            if (this.debug) {
                debugPrint(new StringBuffer().append("alias=").append(this.keyStoreAlias).toString());
            }
        } catch (IOException e3) {
            throw new LoginException(new StringBuffer().append("Exception while getting keystore alias and password: ").append(e3).toString());
        } catch (UnsupportedCallbackException e4) {
            throw new LoginException(new StringBuffer().append("Error: ").append(e4.getCallback().toString()).append(" is not available to retrieve authentication ").append(" information from the user").toString());
        }
    }

    private void getKeyStoreInfo() throws LoginException {
        try {
            KeyStore keyStore = this.keyStoreProvider == null ? KeyStore.getInstance(this.keyStoreType) : KeyStore.getInstance(this.keyStoreType, this.keyStoreProvider);
            try {
                InputStream openStream = new URL(this.keyStoreURL).openStream();
                keyStore.load(openStream, this.keyStorePassword);
                openStream.close();
                try {
                    this.fromKeyStore = keyStore.getCertificateChain(this.keyStoreAlias);
                    if (this.fromKeyStore == null || this.fromKeyStore.length == 0 || !(this.fromKeyStore[0] instanceof X509Certificate)) {
                        throw new FailedLoginException("Unable to find X.509 certificate chain in keystore");
                    }
                    LinkedList linkedList = new LinkedList();
                    for (int i = 0; i < this.fromKeyStore.length; i++) {
                        linkedList.add(this.fromKeyStore[i]);
                    }
                    this.certP = CertificateFactory.getInstance("X.509").generateCertPath(linkedList);
                    try {
                        X509Certificate x509Certificate = (X509Certificate) this.fromKeyStore[0];
                        this.principal = new X500Principal(x509Certificate.getSubjectDN().getName());
                        Key key = keyStore.getKey(this.keyStoreAlias, this.privateKeyPassword);
                        if (key == null || !(key instanceof PrivateKey)) {
                            throw new FailedLoginException("Unable to recover key from keystore");
                        }
                        this.privateCredential = new X500PrivateCredential(x509Certificate, (PrivateKey) key, this.keyStoreAlias);
                        if (this.debug) {
                            debugPrint(new StringBuffer().append("principal=").append(this.principal).append("\n certificate=").append(this.privateCredential.getCertificate()).append("\n alias =").append(this.privateCredential.getAlias()).toString());
                        }
                    } catch (KeyStoreException e) {
                        throw new LoginException(new StringBuffer().append("Error using keystore: ").append(e).toString());
                    } catch (NoSuchAlgorithmException e2) {
                        throw new LoginException(new StringBuffer().append("Error using keystore: ").append(e2).toString());
                    } catch (UnrecoverableKeyException e3) {
                        throw new FailedLoginException(new StringBuffer().append("Unable to recover key from keystore: ").append(e3).toString());
                    }
                } catch (KeyStoreException e4) {
                    throw new LoginException(new StringBuffer().append("Error using keystore: ").append(e4).toString());
                } catch (CertificateException e5) {
                    throw new LoginException(new StringBuffer().append("Error: X.509 Certificate type unavailable: ").append(e5).toString());
                }
            } catch (MalformedURLException e6) {
                throw new LoginException(new StringBuffer().append("Incorrect keyStoreURL option: ").append(e6).toString());
            } catch (IOException e7) {
                throw new LoginException(new StringBuffer().append("Error initializing keystore: ").append(e7).toString());
            } catch (GeneralSecurityException e8) {
                throw new LoginException(new StringBuffer().append("Error initializing keystore: ").append(e8).toString());
            }
        } catch (KeyStoreException e9) {
            throw new LoginException(new StringBuffer().append("The specified keystore type was not available: ").append(e9).toString());
        } catch (NoSuchProviderException e10) {
            throw new LoginException(new StringBuffer().append("The specified keystore provider was not available: ").append(e10).toString());
        }
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean commit() throws LoginException {
        switch (this.status) {
            case 0:
            default:
                throw new LoginException("The login module is not initialized");
            case 1:
                logoutInternal();
                throw new LoginException("Authentication failed");
            case 2:
                if (commitInternal()) {
                    return true;
                }
                logoutInternal();
                throw new LoginException("Unable to retrieve certificates");
            case 3:
                return true;
        }
    }

    private boolean commitInternal() throws LoginException {
        if (this.subject.isReadOnly()) {
            throw new LoginException("Subject is set readonly");
        }
        this.subject.getPrincipals().add(this.principal);
        this.subject.getPublicCredentials().add(this.certP);
        this.subject.getPrivateCredentials().add(this.privateCredential);
        this.status = 3;
        return true;
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean abort() throws LoginException {
        switch (this.status) {
            case 0:
            default:
                return false;
            case 1:
                return false;
            case 2:
                logoutInternal();
                return true;
            case 3:
                logoutInternal();
                return true;
        }
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean logout() throws LoginException {
        if (this.debug) {
            debugPrint(new StringBuffer().append("Entering logout ").append(this.status).toString());
        }
        switch (this.status) {
            case 0:
                throw new LoginException("The login module is not initialized");
            case 1:
            case 2:
            default:
                return false;
            case 3:
                logoutInternal();
                return true;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:20:0x00d4, code lost:
    
        throw new javax.security.auth.login.LoginException("Unable to remove Principal (X500Principal ) and public credential (certificatepath) from read-only Subject");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void logoutInternal() throws javax.security.auth.login.LoginException {
        /*
            Method dump skipped, instructions count: 306
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.security.auth.module.KeyStoreLoginModule.logoutInternal():void");
    }

    private char[] readPassword(InputStream inputStream) throws IOException {
        char[] cArr = new char[128];
        char[] cArr2 = cArr;
        char[] cArr3 = cArr;
        int length = cArr3.length;
        int i = 0;
        boolean z = false;
        while (!z) {
            int read = inputStream.read();
            switch (read) {
                case -1:
                case 10:
                    z = true;
                    continue;
                case 13:
                    int read2 = inputStream.read();
                    if (read2 != 10 && read2 != -1) {
                        if (!(inputStream instanceof PushbackInputStream)) {
                            inputStream = new PushbackInputStream(inputStream);
                        }
                        ((PushbackInputStream) inputStream).unread(read2);
                        break;
                    } else {
                        z = true;
                        break;
                    }
                    break;
            }
            length--;
            if (length < 0) {
                cArr3 = new char[i + 128];
                length = (cArr3.length - i) - 1;
                System.arraycopy(cArr2, 0, cArr3, 0, i);
                Arrays.fill(cArr2, ' ');
                cArr2 = cArr3;
            }
            int i2 = i;
            i++;
            cArr3[i2] = (char) read;
        }
        if (i == 0) {
            return null;
        }
        char[] cArr4 = new char[i];
        System.arraycopy(cArr3, 0, cArr4, 0, i);
        Arrays.fill(cArr3, ' ');
        return cArr4;
    }

    private void debugPrint(String str) {
        System.err.println(new StringBuffer().append("Debug KeyStoreLoginModule: ").append(str).toString());
    }
}
