package net.corda.node.services.messaging;

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.security.cert.X509Certificate;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.internal.InternalUtils;
import net.corda.core.utilities.KotlinUtilsKt;
import net.corda.node.internal.artemis.CertificateChainCheckPolicy;
import org.apache.activemq.artemis.spi.core.security.jaas.CertificateCallback;
import org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal;
import org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;

/* compiled from: ArtemisMessagingServer.kt */
@Metadata(mv = {1, 1, 8}, bv = {1, 0, 2}, k = 1, d1 = {"��T\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000e\n��\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u0002\n\u0002\b\u0006\n\u0002\u0010$\n\u0002\b\u0005\u0018�� %2\u00020\u0001:\u0001%B\u0005¢\u0006\u0002\u0010\u0002J\b\u0010\u0010\u001a\u00020\u0006H\u0016J\u001b\u0010\u0011\u001a\u00020\u00122\f\u0010\u0013\u001a\b\u0012\u0004\u0012\u00020\u00150\u0014H\u0002¢\u0006\u0002\u0010\u0016J\u001b\u0010\u0017\u001a\u00020\u00122\f\u0010\u0013\u001a\b\u0012\u0004\u0012\u00020\u00150\u0014H\u0002¢\u0006\u0002\u0010\u0016J\u001b\u0010\u0018\u001a\u00020\u00122\f\u0010\u0013\u001a\b\u0012\u0004\u0012\u00020\u00150\u0014H\u0002¢\u0006\u0002\u0010\u0016J\b\u0010\u0019\u001a\u00020\u001aH\u0002J\b\u0010\u001b\u001a\u00020\u0006H\u0016J'\u0010\u001c\u001a\u0004\u0018\u00010\u00122\u000e\u0010\u0013\u001a\n\u0012\u0004\u0012\u00020\u0015\u0018\u00010\u00142\u0006\u0010\u001d\u001a\u00020\u0012H\u0002¢\u0006\u0002\u0010\u001eJ<\u0010\u001f\u001a\u00020\u001a2\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u0003\u001a\u00020\u00042\u0010\u0010 \u001a\f\u0012\u0004\u0012\u00020\u0012\u0012\u0002\b\u00030!2\u0010\u0010\"\u001a\f\u0012\u0004\u0012\u00020\u0012\u0012\u0002\b\u00030!H\u0016J\b\u0010#\u001a\u00020\u0006H\u0016J\b\u0010$\u001a\u00020\u0006H\u0016R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082.¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082\u000e¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\bX\u0082.¢\u0006\u0002\n��R\u000e\u0010\t\u001a\u00020\bX\u0082.¢\u0006\u0002\n��R\u0014\u0010\n\u001a\b\u0012\u0004\u0012\u00020\f0\u000bX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\r\u001a\u00020\u000eX\u0082.¢\u0006\u0002\n��R\u000e\u0010\u000f\u001a\u00020\bX\u0082.¢\u0006\u0002\n��¨\u0006&"}, d2 = {"Lnet/corda/node/services/messaging/NodeLoginModule;", "Ljavax/security/auth/spi/LoginModule;", "()V", "callbackHandler", "Ljavax/security/auth/callback/CallbackHandler;", "loginSucceeded", "", "nodeCertCheck", "Lnet/corda/node/internal/artemis/CertificateChainCheckPolicy$Check;", "peerCertCheck", "principals", "Ljava/util/ArrayList;", "Ljava/security/Principal;", "subject", "Ljavax/security/auth/Subject;", "verifierCertCheck", "abort", "authenticateNode", "", "certificates", "", "Ljavax/security/cert/X509Certificate;", "([Ljavax/security/cert/X509Certificate;)Ljava/lang/String;", "authenticatePeer", "authenticateVerifier", "clear", "", "commit", "determineUserRole", "username", "([Ljavax/security/cert/X509Certificate;Ljava/lang/String;)Ljava/lang/String;", "initialize", "sharedState", "", "options", "login", "logout", "Companion", "node"})
/* loaded from: input_file:net/corda/node/services/messaging/NodeLoginModule.class */
public final class NodeLoginModule implements LoginModule {
    private boolean loginSucceeded;
    private Subject subject;
    private CallbackHandler callbackHandler;
    private CertificateChainCheckPolicy.Check peerCertCheck;
    private CertificateChainCheckPolicy.Check nodeCertCheck;
    private CertificateChainCheckPolicy.Check verifierCertCheck;
    private final ArrayList<Principal> principals = new ArrayList<>();

    @NotNull
    public static final String PEER_ROLE = "SystemRoles/Peer";

    @NotNull
    public static final String NODE_ROLE = "SystemRoles/Node";

    @NotNull
    public static final String VERIFIER_ROLE = "SystemRoles/Verifier";

    @NotNull
    public static final String CERT_CHAIN_CHECKS_OPTION_NAME = "CertChainChecks";
    public static final Companion Companion = new Companion(null);
    private static final Logger log = KotlinUtilsKt.contextLogger(Companion);

    /* compiled from: ArtemisMessagingServer.kt */
    @Metadata(mv = {1, 1, 8}, bv = {1, 0, 2}, k = 1, d1 = {"��\u001c\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u0014\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\b\n��\u001a\u0004\b\n\u0010\u000b¨\u0006\f"}, d2 = {"Lnet/corda/node/services/messaging/NodeLoginModule$Companion;", "", "()V", "CERT_CHAIN_CHECKS_OPTION_NAME", "", "NODE_ROLE", "PEER_ROLE", "VERIFIER_ROLE", "log", "Lorg/slf4j/Logger;", "getLog", "()Lorg/slf4j/Logger;", "node"})
    /* loaded from: input_file:net/corda/node/services/messaging/NodeLoginModule$Companion.class */
    public static final class Companion {
        /* JADX INFO: Access modifiers changed from: private */
        public final Logger getLog() {
            return NodeLoginModule.log;
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public void initialize(@NotNull Subject subject, @NotNull CallbackHandler callbackHandler, @NotNull Map<String, ?> map, @NotNull Map<String, ?> map2) {
        Intrinsics.checkParameterIsNotNull(subject, "subject");
        Intrinsics.checkParameterIsNotNull(callbackHandler, "callbackHandler");
        Intrinsics.checkParameterIsNotNull(map, "sharedState");
        Intrinsics.checkParameterIsNotNull(map2, "options");
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        Map map3 = (Map) InternalUtils.uncheckedCast(map2.get("CertChainChecks"));
        Object obj = map3.get(PEER_ROLE);
        if (obj == null) {
            Intrinsics.throwNpe();
        }
        this.peerCertCheck = (CertificateChainCheckPolicy.Check) obj;
        Object obj2 = map3.get("SystemRoles/Node");
        if (obj2 == null) {
            Intrinsics.throwNpe();
        }
        this.nodeCertCheck = (CertificateChainCheckPolicy.Check) obj2;
        Object obj3 = map3.get(VERIFIER_ROLE);
        if (obj3 == null) {
            Intrinsics.throwNpe();
        }
        this.verifierCertCheck = (CertificateChainCheckPolicy.Check) obj3;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:22:0x00dd. Please report as an issue. */
    public boolean login() {
        String authenticateVerifier;
        Callback nameCallback = new NameCallback("Username: ");
        Callback certificateCallback = new CertificateCallback();
        try {
            CallbackHandler callbackHandler = this.callbackHandler;
            if (callbackHandler == null) {
                Intrinsics.throwUninitializedPropertyAccessException("callbackHandler");
            }
            callbackHandler.handle(new Callback[]{nameCallback, certificateCallback});
            String name = nameCallback.getName();
            if (name == null) {
                throw new FailedLoginException("Username not provided");
            }
            X509Certificate[] certificates = certificateCallback.getCertificates();
            Logger log2 = Companion.getLog();
            if (log2.isDebugEnabled()) {
                log2.debug("Processing login for " + name);
            }
            try {
                String determineUserRole = determineUserRole(certificates, name);
                if (determineUserRole != null) {
                    switch (determineUserRole.hashCode()) {
                        case -1787398685:
                            if (determineUserRole.equals("SystemRoles/Node")) {
                                Intrinsics.checkExpressionValueIsNotNull(certificates, "certificates");
                                authenticateVerifier = authenticateNode(certificates);
                                this.principals.add(new UserPrincipal(authenticateVerifier));
                                this.loginSucceeded = true;
                                return this.loginSucceeded;
                            }
                            break;
                        case -1787348669:
                            if (determineUserRole.equals(PEER_ROLE)) {
                                Intrinsics.checkExpressionValueIsNotNull(certificates, "certificates");
                                authenticateVerifier = authenticatePeer(certificates);
                                this.principals.add(new UserPrincipal(authenticateVerifier));
                                this.loginSucceeded = true;
                                return this.loginSucceeded;
                            }
                            break;
                        case -1375072713:
                            if (determineUserRole.equals(VERIFIER_ROLE)) {
                                Intrinsics.checkExpressionValueIsNotNull(certificates, "certificates");
                                authenticateVerifier = authenticateVerifier(certificates);
                                this.principals.add(new UserPrincipal(authenticateVerifier));
                                this.loginSucceeded = true;
                                return this.loginSucceeded;
                            }
                            break;
                    }
                }
                throw new FailedLoginException("Peer does not belong on our network");
            } catch (FailedLoginException e) {
                Companion.getLog().warn("" + e);
                throw e;
            }
        } catch (IOException e2) {
            throw new LoginException(e2.getMessage());
        } catch (UnsupportedCallbackException e3) {
            throw new LoginException("" + e3.getMessage() + " not available to obtain information from user");
        }
    }

    private final String authenticateNode(X509Certificate[] x509CertificateArr) {
        CertificateChainCheckPolicy.Check check = this.nodeCertCheck;
        if (check == null) {
            Intrinsics.throwUninitializedPropertyAccessException("nodeCertCheck");
        }
        check.checkCertificateChain(x509CertificateArr);
        this.principals.add(new RolePrincipal("SystemRoles/Node"));
        String name = ((X509Certificate) ArraysKt.first(x509CertificateArr)).getSubjectDN().getName();
        Intrinsics.checkExpressionValueIsNotNull(name, "certificates.first().subjectDN.name");
        return name;
    }

    private final String authenticateVerifier(X509Certificate[] x509CertificateArr) {
        CertificateChainCheckPolicy.Check check = this.verifierCertCheck;
        if (check == null) {
            Intrinsics.throwUninitializedPropertyAccessException("verifierCertCheck");
        }
        check.checkCertificateChain(x509CertificateArr);
        this.principals.add(new RolePrincipal(VERIFIER_ROLE));
        String name = ((X509Certificate) ArraysKt.first(x509CertificateArr)).getSubjectDN().getName();
        Intrinsics.checkExpressionValueIsNotNull(name, "certificates.first().subjectDN.name");
        return name;
    }

    private final String authenticatePeer(X509Certificate[] x509CertificateArr) {
        CertificateChainCheckPolicy.Check check = this.peerCertCheck;
        if (check == null) {
            Intrinsics.throwUninitializedPropertyAccessException("peerCertCheck");
        }
        check.checkCertificateChain(x509CertificateArr);
        this.principals.add(new RolePrincipal(PEER_ROLE));
        String name = ((X509Certificate) ArraysKt.first(x509CertificateArr)).getSubjectDN().getName();
        Intrinsics.checkExpressionValueIsNotNull(name, "certificates.first().subjectDN.name");
        return name;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Type inference failed for: r0v0, types: [net.corda.node.services.messaging.NodeLoginModule$determineUserRole$1] */
    private final String determineUserRole(final X509Certificate[] x509CertificateArr, String str) {
        ?? r0 = new Function0<Unit>() { // from class: net.corda.node.services.messaging.NodeLoginModule$determineUserRole$1
            public /* bridge */ /* synthetic */ Object invoke() {
                m140invoke();
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final void m140invoke() {
                if (!(x509CertificateArr != null)) {
                    throw new IllegalArgumentException("No TLS?".toString());
                }
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }
        };
        switch (str.hashCode()) {
            case -1678946952:
                if (str.equals("SystemUsers/Node")) {
                    r0.m140invoke();
                    return "SystemRoles/Node";
                }
                return null;
            case -1678896936:
                if (str.equals("SystemUsers/Peer")) {
                    r0.m140invoke();
                    return PEER_ROLE;
                }
                return null;
            case 1735463756:
                if (str.equals("SystemUsers/Verifier")) {
                    r0.m140invoke();
                    return VERIFIER_ROLE;
                }
                return null;
            default:
                return null;
        }
    }

    public boolean commit() {
        boolean z = this.loginSucceeded;
        if (z) {
            Subject subject = this.subject;
            if (subject == null) {
                Intrinsics.throwUninitializedPropertyAccessException("subject");
            }
            subject.getPrincipals().addAll(this.principals);
        }
        clear();
        return z;
    }

    public boolean abort() {
        clear();
        return true;
    }

    public boolean logout() {
        Subject subject = this.subject;
        if (subject == null) {
            Intrinsics.throwUninitializedPropertyAccessException("subject");
        }
        subject.getPrincipals().removeAll(this.principals);
        return true;
    }

    private final void clear() {
        this.loginSucceeded = false;
    }
}
