package tyrex.security.cert;

import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
import java.util.Set;
import java.util.Vector;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:tyrex/security/cert/X509CertificateLoginModule.class */
public final class X509CertificateLoginModule implements LoginModule {
    public static final String OPTION_KEY_STORE = "key-store";
    public static final String OPTION_TRUSTED_CERTS = "trusted-certs";
    public static final String OPTION_CRL_CLASS = "crl-class";
    public static final String OPTION_LOG_ERRORS = "log-errors";
    private static final String DEFAULT_KEY_STORE = "JKS";
    private static final String MODULE_NAME = "X509CertificateLoginModule";
    private Subject _subject;
    private Vector _subjectDN;
    private Hashtable _trusted;
    private X509CRL _crl;
    static Class class$java$security$cert$X509Certificate;

    /* JADX WARN: Removed duplicated region for block: B:43:0x02a1 A[Catch: all -> 0x032a, TryCatch #2 {, blocks: (B:4:0x000b, B:7:0x0022, B:85:0x0046, B:9:0x00ab, B:11:0x00be, B:13:0x00f0, B:14:0x017a, B:16:0x010b, B:18:0x0112, B:20:0x011c, B:22:0x012a, B:24:0x0132, B:32:0x0149, B:34:0x0155, B:36:0x0178, B:40:0x0182, B:41:0x028e, B:43:0x02a1, B:46:0x02c9, B:49:0x02fc, B:51:0x0308, B:53:0x0326, B:56:0x01ae, B:59:0x01db, B:60:0x022e, B:62:0x01f0, B:65:0x0206, B:68:0x0214, B:71:0x021c, B:78:0x0238, B:81:0x0261, B:83:0x026d, B:88:0x006f, B:90:0x007b, B:91:0x009c, B:92:0x00a9), top: B:3:0x000b, inners: #0, #1, #3, #4 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void initialize(javax.security.auth.Subject r6, javax.security.auth.callback.CallbackHandler r7, java.util.Map r8, java.util.Map r9) {
        /*
            Method dump skipped, instructions count: 819
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: tyrex.security.cert.X509CertificateLoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map):void");
    }

    public boolean login() throws LoginException {
        Class cls;
        if (this._subject == null) {
            return false;
        }
        Subject subject = this._subject;
        if (class$java$security$cert$X509Certificate == null) {
            cls = class$("java.security.cert.X509Certificate");
            class$java$security$cert$X509Certificate = cls;
        } else {
            cls = class$java$security$cert$X509Certificate;
        }
        Set<X509Certificate> publicCredentials = subject.getPublicCredentials(cls);
        if (publicCredentials.size() == 0) {
            return false;
        }
        for (X509Certificate x509Certificate : publicCredentials) {
            X509Certificate x509Certificate2 = (X509Certificate) this._trusted.get(x509Certificate.getIssuerDN());
            if (x509Certificate2 != null) {
                try {
                    x509Certificate.checkValidity();
                    try {
                        x509Certificate.verify(x509Certificate2.getPublicKey());
                        if (this._crl != null && this._crl.isRevoked(x509Certificate)) {
                            throw new LoginException(new StringBuffer().append("The certificate for ").append(x509Certificate.getSubjectDN().getName()).append(" has been revoked").toString());
                        }
                        if (this._subjectDN == null) {
                            this._subjectDN = new Vector();
                        }
                        this._subjectDN.add(x509Certificate.getSubjectDN());
                    } catch (CertificateException e) {
                        throw new LoginException(new StringBuffer().append("The certificate for ").append(x509Certificate.getSubjectDN().getName()).append(" was not signed by ").append(x509Certificate2.getSubjectDN().getName()).toString());
                    } catch (GeneralSecurityException e2) {
                        throw new LoginException(new StringBuffer().append("Certificate verification error: ").append(e2.toString()).toString());
                    }
                } catch (CertificateException e3) {
                    throw new LoginException(new StringBuffer().append("The certificate for ").append(x509Certificate.getSubjectDN().getName()).append(" has expired").toString());
                }
            }
        }
        return this._subjectDN != null;
    }

    public boolean commit() throws LoginException {
        if (this._subjectDN == null) {
            return false;
        }
        this._subject.getPrincipals().add(this._subjectDN);
        return true;
    }

    public boolean abort() throws LoginException {
        if (this._subjectDN == null) {
            return false;
        }
        this._subjectDN.clear();
        return true;
    }

    public boolean logout() throws LoginException {
        if (this._subjectDN == null) {
            return false;
        }
        this._subject.getPrincipals().remove(this._subjectDN);
        this._subjectDN.clear();
        return true;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }
}
