package org.apache.activemq.apollo.broker.security;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.LinkedList;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.activemq.apollo.util.FileSupport$;
import org.apache.activemq.apollo.util.Log;
import org.apache.activemq.jaas.CertificateCallback;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.ScalaObject;
import scala.Some;
import scala.reflect.ScalaSignature;

/* compiled from: CertificateLoginModule.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005\u0005v!B\u0001\u0003\u0011\u000by\u0011AF\"feRLg-[2bi\u0016dunZ5o\u001b>$W\u000f\\3\u000b\u0005\r!\u0011\u0001C:fGV\u0014\u0018\u000e^=\u000b\u0005\u00151\u0011A\u00022s_.,'O\u0003\u0002\b\u0011\u00051\u0011\r]8mY>T!!\u0003\u0006\u0002\u0011\u0005\u001cG/\u001b<f[FT!a\u0003\u0007\u0002\r\u0005\u0004\u0018m\u00195f\u0015\u0005i\u0011aA8sO\u000e\u0001\u0001C\u0001\t\u0012\u001b\u0005\u0011a!\u0002\n\u0003\u0011\u000b\u0019\"AF\"feRLg-[2bi\u0016dunZ5o\u001b>$W\u000f\\3\u0014\u0007E!B\u0004\u0005\u0002\u001655\taC\u0003\u0002\u00181\u0005!A.\u00198h\u0015\u0005I\u0012\u0001\u00026bm\u0006L!a\u0007\f\u0003\r=\u0013'.Z2u!\ti\u0002%D\u0001\u001f\u0015\u0005y\u0012!B:dC2\f\u0017BA\u0011\u001f\u0005-\u00196-\u00197b\u001f\nTWm\u0019;\t\u000b\r\nB\u0011\u0001\u0013\u0002\rqJg.\u001b;?)\u0005y\u0001b\u0002\u0014\u0012\u0005\u0004%\taJ\u0001\r\u0019>;\u0015JT0D\u001f:3\u0015jR\u000b\u0002QA\u0011Q#K\u0005\u0003UY\u0011aa\u0015;sS:<\u0007B\u0002\u0017\u0012A\u0003%\u0001&A\u0007M\u001f\u001eKejX\"P\u001d\u001aKu\t\t\u0005\b]E\u0011\r\u0011\"\u0001(\u0003-1\u0015\nT#`\u001fB#\u0016j\u0014(\t\rA\n\u0002\u0015!\u0003)\u000311\u0015\nT#`\u001fB#\u0016j\u0014(!\u0011\u001d\u0011\u0014C1A\u0005\u0002M\n1\u0002R#G\u0003VcEk\u0018'P\u000fV\tA\u0007\u0005\u00026q5\taG\u0003\u00028\r\u0005!Q\u000f^5m\u0013\tIdGA\u0002M_\u001eDaaO\t!\u0002\u0013!\u0014\u0001\u0004#F\r\u0006+F\nV0M\u001f\u001e\u0003c\u0001\u0002\n\u0003\u0001u\u001aB\u0001\u0010\u000b?9A\u0011qhR\u0007\u0002\u0001*\u0011\u0011IQ\u0001\u0004gBL'BA\"E\u0003\u0011\tW\u000f\u001e5\u000b\u0005\r)%\"\u0001$\u0002\u000b)\fg/\u0019=\n\u0005!\u0003%a\u0003'pO&tWj\u001c3vY\u0016DQa\t\u001f\u0005\u0002)#\u0012a\u0013\t\u0003!qBq!\u0014\u001fC\u0002\u0013\u00051'A\u0002m_\u001eDaa\u0014\u001f!\u0002\u0013!\u0014\u0001\u00027pO\u0002Bq!\u0015\u001fA\u0002\u0013\u0005!+\u0001\tdC2d'-Y2l?\"\fg\u000e\u001a7feV\t1\u000b\u0005\u0002U/6\tQK\u0003\u0002W\u0005\u0006A1-\u00197mE\u0006\u001c7.\u0003\u0002Y+\ny1)\u00197mE\u0006\u001c7\u000eS1oI2,'\u000fC\u0004[y\u0001\u0007I\u0011A.\u0002)\r\fG\u000e\u001c2bG.|\u0006.\u00198eY\u0016\u0014x\fJ3r)\tav\f\u0005\u0002\u001e;&\u0011aL\b\u0002\u0005+:LG\u000fC\u0004a3\u0006\u0005\t\u0019A*\u0002\u0007a$\u0013\u0007\u0003\u0004cy\u0001\u0006KaU\u0001\u0012G\u0006dGNY1dW~C\u0017M\u001c3mKJ\u0004\u0003b\u00023=\u0001\u0004%\t!Z\u0001\bgV\u0014'.Z2u+\u00051\u0007CA4i\u001b\u0005\u0011\u0015BA5C\u0005\u001d\u0019VO\u00196fGRDqa\u001b\u001fA\u0002\u0013\u0005A.A\u0006tk\nTWm\u0019;`I\u0015\fHC\u0001/n\u0011\u001d\u0001'.!AA\u0002\u0019Daa\u001c\u001f!B\u00131\u0017\u0001C:vE*,7\r\u001e\u0011\t\u000fEd\u0004\u0019!C\u0001e\u0006a1-\u001a:uS\u001aL7-\u0019;fgV\t1\u000fE\u0002\u001eiZL!!\u001e\u0010\u0003\u000b\u0005\u0013(/Y=\u0011\u0005]\\X\"\u0001=\u000b\u0005eT\u0018\u0001B2feRT!a\u0001\r\n\u0005qD(a\u0004-6ae\u001aUM\u001d;jM&\u001c\u0017\r^3\t\u000fyd\u0004\u0019!C\u0001\u007f\u0006\u00012-\u001a:uS\u001aL7-\u0019;fg~#S-\u001d\u000b\u00049\u0006\u0005\u0001b\u00021~\u0003\u0003\u0005\ra\u001d\u0005\b\u0003\u000ba\u0004\u0015)\u0003t\u00035\u0019WM\u001d;jM&\u001c\u0017\r^3tA!I\u0011\u0011\u0002\u001fA\u0002\u0013\u0005\u00111B\u0001\u000baJLgnY5qC2\u001cXCAA\u0007!\u0019\ty!a\u0005\u0002\u00185\u0011\u0011\u0011\u0003\u0006\u0003oaIA!!\u0006\u0002\u0012\tQA*\u001b8lK\u0012d\u0015n\u001d;\u0011\t\u0005e\u00111D\u0007\u0002u&\u0019\u0011Q\u0004>\u0003\u0013A\u0013\u0018N\\2ja\u0006d\u0007\"CA\u0011y\u0001\u0007I\u0011AA\u0012\u00039\u0001(/\u001b8dSB\fGn]0%KF$2\u0001XA\u0013\u0011%\u0001\u0017qDA\u0001\u0002\u0004\ti\u0001\u0003\u0005\u0002*q\u0002\u000b\u0015BA\u0007\u0003-\u0001(/\u001b8dSB\fGn\u001d\u0011\t\u0013\u00055B\b1A\u0005\u0002\u0005=\u0012\u0001\u00024jY\u0016,\"!!\r\u0011\u000bu\t\u0019$a\u000e\n\u0007\u0005UbD\u0001\u0004PaRLwN\u001c\t\u0005\u0003s\ty$\u0004\u0002\u0002<)\u0019\u0011Q\b\r\u0002\u0005%|\u0017\u0002BA!\u0003w\u0011AAR5mK\"I\u0011Q\t\u001fA\u0002\u0013\u0005\u0011qI\u0001\tM&dWm\u0018\u0013fcR\u0019A,!\u0013\t\u0013\u0001\f\u0019%!AA\u0002\u0005E\u0002\u0002CA'y\u0001\u0006K!!\r\u0002\u000b\u0019LG.\u001a\u0011\t\u000f\u0005EC\b\"\u0001\u0002T\u0005Q\u0011N\\5uS\u0006d\u0017N_3\u0015\u0013q\u000b)&a\u0016\u0002Z\u0005m\u0004B\u00023\u0002P\u0001\u0007a\r\u0003\u0004R\u0003\u001f\u0002\ra\u0015\u0005\t\u00037\ny\u00051\u0001\u0002^\u0005a1\u000f[1sK\u0012|6\u000f^1uKB\"\u0011qLA5!\u001d\ty!!\u0019)\u0003KJA!a\u0019\u0002\u0012\t\u0019Q*\u00199\u0011\t\u0005\u001d\u0014\u0011\u000e\u0007\u0001\t!\tY'a\u0014\u0003\u0002\u00055$aA0%cE!\u0011qNA;!\ri\u0012\u0011O\u0005\u0004\u0003gr\"a\u0002(pi\"Lgn\u001a\t\u0004;\u0005]\u0014bAA==\t\u0019\u0011I\\=\t\u0011\u0005u\u0014q\na\u0001\u0003\u007f\nqa\u001c9uS>t7\u000f\r\u0003\u0002\u0002\u0006\u0015\u0005cBA\b\u0003CB\u00131\u0011\t\u0005\u0003O\n)\t\u0002\u0005\u0002\b\u0006=#\u0011AA7\u0005\ryFE\r\u0005\b\u0003\u0017cD\u0011AAG\u0003\u0015awnZ5o)\t\ty\tE\u0002\u001e\u0003#K1!a%\u001f\u0005\u001d\u0011un\u001c7fC:Dq!a&=\t\u0003\ti)\u0001\u0004d_6l\u0017\u000e\u001e\u0005\b\u00037cD\u0011AAG\u0003\u0015\t'm\u001c:u\u0011\u001d\ty\n\u0010C\u0001\u0003\u001b\u000ba\u0001\\8h_V$\b")
/* loaded from: input_file:org/apache/activemq/apollo/broker/security/CertificateLoginModule.class */
public class CertificateLoginModule implements LoginModule, ScalaObject {
    private CallbackHandler callback_handler;
    private Subject subject;
    private X509Certificate[] certificates;
    private final Log log = (Log) JaasAuthenticator$.MODULE$.broker_log().getOrElse(new CertificateLoginModule$$anonfun$1(this));
    private LinkedList<Principal> principals = new LinkedList<>();
    private Option<File> file = None$.MODULE$;

    public static final Log DEFAULT_LOG() {
        return CertificateLoginModule$.MODULE$.DEFAULT_LOG();
    }

    public static final String FILE_OPTION() {
        return CertificateLoginModule$.MODULE$.FILE_OPTION();
    }

    public static final String LOGIN_CONFIG() {
        return CertificateLoginModule$.MODULE$.LOGIN_CONFIG();
    }

    public Log log() {
        return this.log;
    }

    public CallbackHandler callback_handler() {
        return this.callback_handler;
    }

    public void callback_handler_$eq(CallbackHandler callbackHandler) {
        this.callback_handler = callbackHandler;
    }

    public Subject subject() {
        return this.subject;
    }

    public void subject_$eq(Subject subject) {
        this.subject = subject;
    }

    public X509Certificate[] certificates() {
        return this.certificates;
    }

    public void certificates_$eq(X509Certificate[] x509CertificateArr) {
        this.certificates = x509CertificateArr;
    }

    public LinkedList<Principal> principals() {
        return this.principals;
    }

    public void principals_$eq(LinkedList<Principal> linkedList) {
        this.principals = linkedList;
    }

    public Option<File> file() {
        return this.file;
    }

    public void file_$eq(Option<File> option) {
        this.file = option;
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        subject_$eq(subject);
        callback_handler_$eq(callbackHandler);
        file_$eq(Option$.MODULE$.apply(map2.get(CertificateLoginModule$.MODULE$.FILE_OPTION())).map(new CertificateLoginModule$$anonfun$initialize$1(this, System.getProperty(CertificateLoginModule$.MODULE$.LOGIN_CONFIG()) == null ? new File(".") : new File(System.getProperty(CertificateLoginModule$.MODULE$.LOGIN_CONFIG())).getParentFile())));
        log().debug(new CertificateLoginModule$$anonfun$initialize$2(this), Predef$.MODULE$.genericWrapArray(new Object[]{file()}));
    }

    public boolean login() {
        Callback certificateCallback = new CertificateCallback();
        try {
            callback_handler().handle(new Callback[]{certificateCallback});
            certificates_$eq(certificateCallback.getCertificates());
            if (certificates() == null) {
                return false;
            }
            if (Predef$.MODULE$.refArrayOps(certificates()).isEmpty()) {
                throw new FailedLoginException("No associated certificates");
            }
            Some file = file();
            None$ none$ = None$.MODULE$;
            if (none$ != null ? none$.equals(file) : file == null) {
                Predef$.MODULE$.refArrayOps(certificates()).foreach(new CertificateLoginModule$$anonfun$login$1(this));
                return true;
            }
            if (!(file instanceof Some)) {
                throw new MatchError(file);
            }
            File file2 = (File) file.x();
            try {
                Predef$.MODULE$.refArrayOps(certificates()).foreach(new CertificateLoginModule$$anonfun$login$2(this, (Map) FileSupport$.MODULE$.using(new FileInputStream(file2), new CertificateLoginModule$$anonfun$2(this))));
                if (principals().isEmpty()) {
                    throw new FailedLoginException("Does not have a listed distinguished name");
                }
                return true;
            } catch (Throwable th) {
                log().warn(th, new CertificateLoginModule$$anonfun$3(this, file2), Predef$.MODULE$.genericWrapArray(new Object[0]));
                th.printStackTrace();
                throw new LoginException("Invalid login module configuration");
            }
        } catch (IOException e) {
            throw new LoginException(e.getMessage());
        } catch (UnsupportedCallbackException e2) {
            return false;
        }
    }

    public boolean commit() {
        subject().getPrincipals().addAll(principals());
        certificates_$eq(null);
        log().debug(new CertificateLoginModule$$anonfun$commit$1(this), Predef$.MODULE$.genericWrapArray(new Object[0]));
        return true;
    }

    public boolean abort() {
        principals().clear();
        certificates_$eq(null);
        log().debug(new CertificateLoginModule$$anonfun$abort$1(this), Predef$.MODULE$.genericWrapArray(new Object[0]));
        return true;
    }

    public boolean logout() {
        subject().getPrincipals().removeAll(principals());
        principals().clear();
        log().debug(new CertificateLoginModule$$anonfun$logout$1(this), Predef$.MODULE$.genericWrapArray(new Object[0]));
        return true;
    }
}
