package org.picketbox.core.authentication.impl;

import java.io.IOException;
import java.io.StringReader;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import org.picketbox.core.PicketBoxPrincipal;
import org.picketbox.core.UserCredential;
import org.picketbox.core.authentication.AuthenticationInfo;
import org.picketbox.core.authentication.AuthenticationResult;
import org.picketbox.core.authentication.credential.CertificateCredential;
import org.picketbox.core.authorization.ent.Entitlement;
import org.picketbox.core.config.AuthenticationConfiguration;
import org.picketbox.core.config.ClientCertConfiguration;
import org.picketbox.core.exceptions.AuthenticationException;
import org.picketlink.idm.model.User;

/* loaded from: input_file:org/picketbox/core/authentication/impl/CertificateAuthenticationMechanism.class */
public class CertificateAuthenticationMechanism extends AbstractAuthenticationMechanism {
    private boolean useCertificateValidation;
    private boolean useCNAsPrincipal;

    @Override // org.picketbox.core.authentication.AuthenticationMechanism
    public List<AuthenticationInfo> getAuthenticationInfo() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AuthenticationInfo("Certificate authentication service.", "A authentication service using certificates.", CertificateCredential.class));
        return arrayList;
    }

    @Override // org.picketbox.core.authentication.impl.AbstractAuthenticationMechanism
    protected Principal doAuthenticate(UserCredential userCredential, AuthenticationResult authenticationResult) throws AuthenticationException {
        if (userCredential.getCredential() == null) {
            return null;
        }
        CertificateCredential certificateCredential = (CertificateCredential) userCredential;
        String name = getCertificatePrincipal(certificateCredential.getCredential().getCertificate()).getName();
        if (isUseCNAsPrincipal()) {
            Properties properties = new Properties();
            try {
                properties.load(new StringReader(name.replaceAll(Entitlement.COMMA, "\n")));
            } catch (IOException e) {
                e.printStackTrace();
            }
            name = properties.getProperty("CN");
        }
        User user = getIdentityManager().getUser(name);
        if (user == null) {
            return null;
        }
        if (!isUseCertificateValidation() || getIdentityManager().validateCredential(user, certificateCredential.getCredential())) {
            return new PicketBoxPrincipal(name);
        }
        return null;
    }

    private Principal getCertificatePrincipal(X509Certificate x509Certificate) {
        Principal subjectDN = x509Certificate.getSubjectDN();
        if (subjectDN == null) {
            subjectDN = x509Certificate.getIssuerDN();
        }
        return subjectDN;
    }

    public boolean isUseCertificateValidation() {
        ClientCertConfiguration clientCertAuthenticationConfig = getClientCertAuthenticationConfig();
        if (clientCertAuthenticationConfig != null) {
            this.useCertificateValidation = clientCertAuthenticationConfig.isUseCertificateValidation();
        }
        return this.useCertificateValidation;
    }

    private ClientCertConfiguration getClientCertAuthenticationConfig() {
        AuthenticationConfiguration authentication = getPicketBoxManager().getConfiguration().getAuthentication();
        if (authentication != null) {
            return authentication.getCertConfiguration();
        }
        return null;
    }

    public boolean isUseCNAsPrincipal() {
        ClientCertConfiguration clientCertAuthenticationConfig = getClientCertAuthenticationConfig();
        if (clientCertAuthenticationConfig != null) {
            this.useCNAsPrincipal = clientCertAuthenticationConfig.isUseCNAsPrincipal();
        }
        return this.useCNAsPrincipal;
    }
}
