package com.sun.enterprise.security.ssl;

import com.sun.enterprise.security.SecurityLoggerInfo;
import com.sun.enterprise.security.auth.login.common.LoginException;
import com.sun.enterprise.security.auth.login.common.PasswordCredential;
import com.sun.enterprise.security.auth.login.common.X509CertificateCredential;
import com.sun.enterprise.security.common.AppservAccessController;
import com.sun.enterprise.security.common.ClientSecurityContext;
import com.sun.enterprise.security.common.Util;
import com.sun.enterprise.security.ssl.manager.UnifiedX509KeyManager;
import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;

/* loaded from: input_file:MICRO-INF/runtime/security.jar:com/sun/enterprise/security/ssl/J2EEKeyManager.class */
public final class J2EEKeyManager extends X509ExtendedKeyManager {
    private static final Logger LOGGER = SecurityLoggerInfo.getLogger();
    private X509KeyManager x509KeyManager;
    private String alias;
    private Map<String, X509KeyManager> tokenName2MgrMap;
    private boolean supportTokenAlias;
    private static final String CLIENT_JAAS_PASSWORD = "default";

    public J2EEKeyManager(X509KeyManager x509KeyManager, String str) {
        this.x509KeyManager = x509KeyManager;
        this.alias = str;
        if (x509KeyManager instanceof UnifiedX509KeyManager) {
            UnifiedX509KeyManager unifiedX509KeyManager = (UnifiedX509KeyManager) x509KeyManager;
            X509KeyManager[] x509KeyManagers = unifiedX509KeyManager.getX509KeyManagers();
            String[] tokenNames = unifiedX509KeyManager.getTokenNames();
            this.tokenName2MgrMap = new HashMap();
            for (int i = 0; i < x509KeyManagers.length; i++) {
                if (tokenNames[i] != null) {
                    this.tokenName2MgrMap.put(tokenNames[i], x509KeyManagers[i]);
                }
            }
            this.supportTokenAlias = this.tokenName2MgrMap.size() > 0;
        }
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return this.x509KeyManager.chooseClientAlias(strArr, principalArr, null);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return this.alias;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        String str = null;
        if (this.alias != null) {
            str = this.alias;
        } else if (Util.getInstance().isNotServerOrACC()) {
            str = this.x509KeyManager.chooseClientAlias(strArr, principalArr, socket);
        } else if (Util.getInstance().isACC()) {
            ClientSecurityContext current = ClientSecurityContext.getCurrent();
            Subject subject = current.getSubject();
            if (subject == null) {
                doClientLogin(2, Util.getInstance().getCallbackHandler());
                subject = current.getSubject();
            }
            Iterator<Object> it = subject.getPrivateCredentials().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Object next = it.next();
                if (next instanceof X509CertificateCredential) {
                    str = ((X509CertificateCredential) next).getAlias();
                    break;
                }
            }
        }
        LOGGER.log(Level.FINE, "Choose client Alias :{0}", str);
        return str;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        String chooseServerAlias = this.alias != null ? this.alias : this.x509KeyManager.chooseServerAlias(str, principalArr, socket);
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Choosing server alias :{0}", chooseServerAlias);
        }
        return chooseServerAlias;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        LOGGER.log(Level.FINE, "Getting certificate chain");
        X509KeyManager managerFromToken = getManagerFromToken(str);
        return managerFromToken != null ? managerFromToken.getCertificateChain(str.substring(str.indexOf(58) + 1)) : this.x509KeyManager.getCertificateChain(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        LOGGER.log(Level.FINE, "Getting client aliases");
        return this.x509KeyManager.getClientAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        LOGGER.log(Level.FINE, "Getting server aliases");
        return this.x509KeyManager.getServerAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        LOGGER.log(Level.FINE, "Getting private key for alias:{0}", str);
        X509KeyManager managerFromToken = getManagerFromToken(str);
        return managerFromToken != null ? managerFromToken.getPrivateKey(str.substring(str.indexOf(58) + 1)) : this.x509KeyManager.getPrivateKey(str);
    }

    private X509KeyManager getManagerFromToken(String str) {
        int indexOf;
        X509KeyManager x509KeyManager = null;
        if (this.supportTokenAlias && str != null && (indexOf = str.indexOf(58)) != -1) {
            x509KeyManager = this.tokenName2MgrMap.get(this.alias.substring(0, indexOf));
        }
        return x509KeyManager;
    }

    public static Subject doClientLogin(int i, final CallbackHandler callbackHandler) throws LoginException {
        final Subject subject = new Subject();
        switch (i) {
            case 1:
                AppservAccessController.doPrivileged((PrivilegedAction<?>) new PrivilegedAction() { // from class: com.sun.enterprise.security.ssl.J2EEKeyManager.1
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        try {
                            new LoginContext("default", subject, callbackHandler).login();
                            return null;
                        } catch (javax.security.auth.login.LoginException e) {
                            throw ((LoginException) new LoginException(e.toString()).initCause(e));
                        }
                    }
                });
                postClientAuth(subject, PasswordCredential.class);
                return subject;
            case 2:
                AppservAccessController.doPrivileged((PrivilegedAction<?>) new PrivilegedAction() { // from class: com.sun.enterprise.security.ssl.J2EEKeyManager.2
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        try {
                            new LoginContext("certificate", subject, callbackHandler).login();
                            return null;
                        } catch (javax.security.auth.login.LoginException e) {
                            throw ((LoginException) new LoginException(e.toString()).initCause(e));
                        }
                    }
                });
                postClientAuth(subject, X509CertificateCredential.class);
                return subject;
            case 3:
                AppservAccessController.doPrivileged((PrivilegedAction<?>) new PrivilegedAction() { // from class: com.sun.enterprise.security.ssl.J2EEKeyManager.3
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        try {
                            LoginContext loginContext = new LoginContext("default", subject, callbackHandler);
                            LoginContext loginContext2 = new LoginContext("certificate", subject, callbackHandler);
                            loginContext.login();
                            J2EEKeyManager.postClientAuth(subject, PasswordCredential.class);
                            loginContext2.login();
                            J2EEKeyManager.postClientAuth(subject, X509CertificateCredential.class);
                            return null;
                        } catch (javax.security.auth.login.LoginException e) {
                            throw ((LoginException) new LoginException(e.toString()).initCause(e));
                        }
                    }
                });
                return subject;
            default:
                AppservAccessController.doPrivileged((PrivilegedAction<?>) new PrivilegedAction() { // from class: com.sun.enterprise.security.ssl.J2EEKeyManager.4
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        try {
                            new LoginContext("default", subject, callbackHandler).login();
                            J2EEKeyManager.postClientAuth(subject, PasswordCredential.class);
                            return null;
                        } catch (javax.security.auth.login.LoginException e) {
                            throw ((LoginException) new LoginException(e.toString()).initCause(e));
                        }
                    }
                });
                return subject;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void postClientAuth(final Subject subject, final Class<?> cls) {
        final Iterator it = ((Set) AppservAccessController.doPrivileged(new PrivilegedAction<Set>() { // from class: com.sun.enterprise.security.ssl.J2EEKeyManager.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Set run() {
                if (J2EEKeyManager.LOGGER.isLoggable(Level.FINEST)) {
                    J2EEKeyManager.LOGGER.log(Level.FINEST, "LCD post login subject :{0}", subject);
                }
                return subject.getPrivateCredentials(cls);
            }
        })).iterator();
        while (it.hasNext()) {
            Object obj = null;
            try {
                obj = AppservAccessController.doPrivileged((PrivilegedAction<?>) new PrivilegedAction() { // from class: com.sun.enterprise.security.ssl.J2EEKeyManager.6
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        return it.next();
                    }
                });
            } catch (Exception e) {
                LOGGER.log(Level.SEVERE, SecurityLoggerInfo.securityAccessControllerActionError, (Throwable) e);
            }
            if (obj instanceof PasswordCredential) {
                PasswordCredential passwordCredential = (PasswordCredential) obj;
                String user = passwordCredential.getUser();
                if (LOGGER.isLoggable(Level.FINEST)) {
                    LOGGER.log(Level.FINEST, "In LCD user-pass login:{0} realm :{1}", new Object[]{user, passwordCredential.getRealm()});
                }
                setClientSecurityContext(user, subject);
                return;
            }
            if (obj instanceof X509CertificateCredential) {
                X509CertificateCredential x509CertificateCredential = (X509CertificateCredential) obj;
                String alias = x509CertificateCredential.getAlias();
                if (LOGGER.isLoggable(Level.FINEST)) {
                    LOGGER.log(Level.FINEST, "In LCD cert-login::{0} realm :{1}", new Object[]{alias, x509CertificateCredential.getRealm()});
                }
                setClientSecurityContext(alias, subject);
                return;
            }
        }
    }

    private static void setClientSecurityContext(String str, Subject subject) {
        ClientSecurityContext.setCurrent(new ClientSecurityContext(str, subject));
    }
}
