package net.sf.jguard.ext.authentication.loginmodules;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.ProtocolException;
import java.net.URL;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import net.sf.jguard.ext.SecurityConstants;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPReqGenerator;
import org.bouncycastle.ocsp.OCSPResp;
import org.bouncycastle.ocsp.SingleResp;

/* loaded from: input_file:WEB-INF/lib/jguard-ext-1.0.3.jar:net/sf/jguard/ext/authentication/loginmodules/OCSPLoginModule.class */
public class OCSPLoginModule extends CertificateLoginModule implements LoginModule {
    private static final String X509 = "X509";
    private static final String CONTENT_TYPE = "Content-Type";
    private static final String APPLICATION_OCSP_REQUEST = "application/ocsp-request";
    private static final String POST = "POST";
    private static final String BC = "BC";
    private static final Logger logger;
    private Map sharedState;
    private Map options;
    private URL ocspServerUrl;
    private X509Certificate issuerCACert;
    private String issuerCACertLocation;
    private X509Certificate OcspSignerCert;
    private String OcspSignerCertLocation;
    private static boolean SecurityProviderInitialized;
    static Class class$net$sf$jguard$ext$authentication$loginmodules$OCSPLoginModule;
    private boolean debug = false;
    private Object certStatus = null;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        if (!SecurityProviderInitialized) {
            SecurityProviderInitialized = CRLLoginModule.initSecurityProvider();
        }
        try {
            this.ocspServerUrl = new URL((String) this.options.get(SecurityConstants.OCSP_SERVER_URL));
            this.issuerCACertLocation = (String) this.options.get(SecurityConstants.ISSUER_CA_CERT_LOCATION);
            try {
                this.issuerCACert = getCertFromFile(this.issuerCACertLocation);
                this.OcspSignerCertLocation = (String) this.options.get(SecurityConstants.OCSP_SIGNER_CERT_LOCATION);
                this.OcspSignerCert = getCertFromFile(this.OcspSignerCertLocation);
                if (!this.issuerCACert.equals(this.OcspSignerCert)) {
                    throw new UnsupportedOperationException("Having a CA cert different from ocspSigner cert is not currently supported, the ocsp response is signed by the CA ");
                }
            } catch (CertificateException e) {
                logger.log(Level.SEVERE, "", (Throwable) e);
                throw new IllegalArgumentException(e.getMessage());
            }
        } catch (MalformedURLException e2) {
            logger.severe(new StringBuffer().append("ocspServerUrl=").append(this.ocspServerUrl).append(" is malformed").toString());
            throw new IllegalArgumentException(e2.getMessage());
        }
    }

    @Override // net.sf.jguard.ext.authentication.loginmodules.CertificateLoginModule
    public boolean login() throws LoginException {
        boolean login = super.login();
        if (!login) {
            return login;
        }
        OCSPResp oCSPResp = null;
        try {
            try {
                oCSPResp = new OCSPResp(new ByteArrayInputStream(getResponseFromHttp(generateOcspRequest(this.certChainToCheck), this.ocspServerUrl)));
            } catch (IOException e) {
                logger.log(Level.SEVERE, " IOException when we build the OCSPResponse from HTTP ", (Throwable) e);
            }
            BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
            if (!basicOCSPResp.verify(basicOCSPResp.getCerts(BC)[0].getPublicKey(), BC)) {
                this.loginOK = false;
                throw new LoginException(" OCSP response is not valid ");
            }
            for (SingleResp singleResp : basicOCSPResp.getResponses()) {
                this.certStatus = singleResp.getCertStatus();
                if (this.certStatus != null) {
                    this.loginOK = false;
                    throw new FailedLoginException(new StringBuffer().append(" status is not null. 'null' is the success result ").append(this.certStatus.toString()).toString());
                }
            }
            this.sharedState.put(SecurityConstants.SKIP_PASSWORD_CHECK, SchemaSymbols.ATTVAL_TRUE);
            return true;
        } catch (NoSuchProviderException e2) {
            throw new LoginException(e2.getMessage());
        } catch (OCSPException e3) {
            throw new LoginException(e3.getMessage());
        }
    }

    private byte[] getResponseFromHttp(byte[] bArr, URL url) throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
        httpURLConnection.setDoOutput(true);
        try {
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setRequestProperty(CONTENT_TYPE, APPLICATION_OCSP_REQUEST);
            OutputStream outputStream = null;
            try {
                try {
                    outputStream = httpURLConnection.getOutputStream();
                    outputStream.write(bArr);
                    outputStream.close();
                    InputStream inputStream = null;
                    try {
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        inputStream = httpURLConnection.getInputStream();
                        for (int read = inputStream.read(); read != -1; read = inputStream.read()) {
                            byteArrayOutputStream.write(read);
                        }
                        byteArrayOutputStream.flush();
                        inputStream.close();
                        httpURLConnection.disconnect();
                        return byteArrayOutputStream.toByteArray();
                    } catch (Throwable th) {
                        inputStream.close();
                        httpURLConnection.disconnect();
                        throw th;
                    }
                } catch (Throwable th2) {
                    outputStream.close();
                    throw th2;
                }
            } catch (IOException e) {
                logger.severe(e.getMessage());
                throw e;
            }
        } catch (ProtocolException e2) {
            throw new IOException(e2.getMessage());
        }
    }

    private byte[] generateOcspRequest(X509Certificate[] x509CertificateArr) throws OCSPException, IOException {
        OCSPReqGenerator oCSPReqGenerator = new OCSPReqGenerator();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            oCSPReqGenerator.addRequest(new CertificateID(CertificateID.HASH_SHA1, this.issuerCACert, x509Certificate.getSerialNumber()));
        }
        return oCSPReqGenerator.generate().getEncoded();
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:13:0x00af
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    public static java.security.cert.X509Certificate getCertFromFile(java.lang.String r5) throws java.security.cert.CertificateException {
        /*
            r0 = 0
            r6 = r0
            java.io.File r0 = new java.io.File
            r1 = r0
            r2 = r5
            r1.<init>(r2)
            r7 = r0
            r0 = r7
            boolean r0 = r0.canRead()
            if (r0 != 0) goto L56
            java.util.logging.Logger r0 = net.sf.jguard.ext.authentication.loginmodules.OCSPLoginModule.logger
            java.lang.StringBuffer r1 = new java.lang.StringBuffer
            r2 = r1
            r2.<init>()
            java.lang.String r2 = " File "
            java.lang.StringBuffer r1 = r1.append(r2)
            r2 = r7
            java.lang.String r2 = r2.toString()
            java.lang.StringBuffer r1 = r1.append(r2)
            java.lang.String r2 = " is unreadable"
            java.lang.StringBuffer r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.severe(r1)
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException
            r1 = r0
            java.lang.StringBuffer r2 = new java.lang.StringBuffer
            r3 = r2
            r3.<init>()
            java.lang.String r3 = " File "
            java.lang.StringBuffer r2 = r2.append(r3)
            r3 = r7
            java.lang.String r3 = r3.toString()
            java.lang.StringBuffer r2 = r2.append(r3)
            java.lang.String r3 = " is unreadable"
            java.lang.StringBuffer r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r1.<init>(r2)
            throw r0
        L56:
            r0 = 0
            r8 = r0
            java.io.FileInputStream r0 = new java.io.FileInputStream     // Catch: java.io.FileNotFoundException -> L78 java.lang.Throwable -> L9e
            r1 = r0
            r2 = r5
            r1.<init>(r2)     // Catch: java.io.FileNotFoundException -> L78 java.lang.Throwable -> L9e
            r8 = r0
            java.lang.String r0 = "X509"
            java.security.cert.CertificateFactory r0 = java.security.cert.CertificateFactory.getInstance(r0)     // Catch: java.io.FileNotFoundException -> L78 java.lang.Throwable -> L9e
            r9 = r0
            r0 = r9
            r1 = r8
            java.security.cert.Certificate r0 = r0.generateCertificate(r1)     // Catch: java.io.FileNotFoundException -> L78 java.lang.Throwable -> L9e
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0     // Catch: java.io.FileNotFoundException -> L78 java.lang.Throwable -> L9e
            r6 = r0
            r0 = jsr -> La6
        L75:
            goto Lbe
        L78:
            r9 = move-exception
            java.util.logging.Logger r0 = net.sf.jguard.ext.authentication.loginmodules.OCSPLoginModule.logger     // Catch: java.lang.Throwable -> L9e
            java.util.logging.Level r1 = java.util.logging.Level.SEVERE     // Catch: java.lang.Throwable -> L9e
            java.lang.StringBuffer r2 = new java.lang.StringBuffer     // Catch: java.lang.Throwable -> L9e
            r3 = r2
            r3.<init>()     // Catch: java.lang.Throwable -> L9e
            java.lang.String r3 = "we cannot found the certificate file here:"
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> L9e
            r3 = r5
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> L9e
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Throwable -> L9e
            r3 = r9
            r0.log(r1, r2, r3)     // Catch: java.lang.Throwable -> L9e
            r0 = jsr -> La6
        L9b:
            goto Lbe
        L9e:
            r10 = move-exception
            r0 = jsr -> La6
        La3:
            r1 = r10
            throw r1
        La6:
            r11 = r0
            r0 = r8
            r0.close()     // Catch: java.io.IOException -> Laf
            goto Lbc
        Laf:
            r12 = move-exception
            java.util.logging.Logger r0 = net.sf.jguard.ext.authentication.loginmodules.OCSPLoginModule.logger
            r1 = r12
            java.lang.String r1 = r1.getMessage()
            r0.severe(r1)
        Lbc:
            ret r11
        Lbe:
            r1 = r6
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: net.sf.jguard.ext.authentication.loginmodules.OCSPLoginModule.getCertFromFile(java.lang.String):java.security.cert.X509Certificate");
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$net$sf$jguard$ext$authentication$loginmodules$OCSPLoginModule == null) {
            cls = class$("net.sf.jguard.ext.authentication.loginmodules.OCSPLoginModule");
            class$net$sf$jguard$ext$authentication$loginmodules$OCSPLoginModule = cls;
        } else {
            cls = class$net$sf$jguard$ext$authentication$loginmodules$OCSPLoginModule;
        }
        logger = Logger.getLogger(cls.getName());
        SecurityProviderInitialized = false;
    }
}
