package org.apache.activemq.apollo.broker.security;

import java.io.File;
import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.LinkedList;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.activemq.apollo.openwire.command.ActiveMQDestination;
import org.apache.activemq.apollo.util.FileCache;
import org.apache.activemq.apollo.util.Log;
import org.apache.activemq.jaas.CertificateCallback;
import scala.Array$;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Some;
import scala.collection.mutable.StringBuilder;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;

/* compiled from: CertificateLoginModule.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005uv!B\u0001\u0003\u0011\u0003y\u0011AF\"feRLg-[2bi\u0016dunZ5o\u001b>$W\u000f\\3\u000b\u0005\r!\u0011\u0001C:fGV\u0014\u0018\u000e^=\u000b\u0005\u00151\u0011A\u00022s_.,'O\u0003\u0002\b\u0011\u00051\u0011\r]8mY>T!!\u0003\u0006\u0002\u0011\u0005\u001cG/\u001b<f[FT!a\u0003\u0007\u0002\r\u0005\u0004\u0018m\u00195f\u0015\u0005i\u0011aA8sO\u000e\u0001\u0001C\u0001\t\u0012\u001b\u0005\u0011a!\u0002\n\u0003\u0011\u0003\u0019\"AF\"feRLg-[2bi\u0016dunZ5o\u001b>$W\u000f\\3\u0014\u0005E!\u0002CA\u000b\u001b\u001b\u00051\"BA\f\u0019\u0003\u0011a\u0017M\\4\u000b\u0003e\tAA[1wC&\u00111D\u0006\u0002\u0007\u001f\nTWm\u0019;\t\u000bu\tB\u0011\u0001\u0010\u0002\rqJg.\u001b;?)\u0005y\u0001b\u0002\u0011\u0012\u0005\u0004%\t!I\u0001\r\u0019>;\u0015JT0D\u001f:3\u0015jR\u000b\u0002EA\u0011QcI\u0005\u0003IY\u0011aa\u0015;sS:<\u0007B\u0002\u0014\u0012A\u0003%!%A\u0007M\u001f\u001eKejX\"P\u001d\u001aKu\t\t\u0005\bQE\u0011\r\u0011\"\u0001\"\u0003-1\u0015\nT#`\u001fB#\u0016j\u0014(\t\r)\n\u0002\u0015!\u0003#\u000311\u0015\nT#`\u001fB#\u0016j\u0014(!\u0011\u001da\u0013C1A\u0005\u00025\n1\u0002R#G\u0003VcEk\u0018'P\u000fV\ta\u0006\u0005\u00020e5\t\u0001G\u0003\u00022\r\u0005!Q\u000f^5m\u0013\t\u0019\u0004GA\u0002M_\u001eDa!N\t!\u0002\u0013q\u0013\u0001\u0004#F\r\u0006+F\nV0M\u001f\u001e\u0003\u0003\"B\u001c\u0012\t\u0003A\u0014\u0001\u00037pC\u0012|FM\\:\u0015\u0005e:\u0005c\u0001\u001e>\u007f5\t1HC\u0001=\u0003\u0015\u00198-\u00197b\u0013\tq4H\u0001\u0004PaRLwN\u001c\t\u0005\u0001\n\u0013C)D\u0001B\u0015\t\t\u0004$\u0003\u0002D\u0003\n\u0019Q*\u00199\u0011\u0005i*\u0015B\u0001$<\u0005\u0019\te.\u001f*fM\")\u0001J\u000ea\u0001\u0013\u0006!a-\u001b7f!\tQU*D\u0001L\u0015\ta\u0005$\u0001\u0002j_&\u0011aj\u0013\u0002\u0005\r&dW\rC\u0004Q#\t\u0007I\u0011A)\u0002\u0015\u0019LG.Z0dC\u000eDW-F\u0001S!\ry3kP\u0005\u0003)B\u0012\u0011BR5mK\u000e\u000b7\r[3\t\rY\u000b\u0002\u0015!\u0003S\u0003-1\u0017\u000e\\3`G\u0006\u001c\u0007.\u001a\u0011\u0007\tI\u0011\u0001\u0001W\n\u0004/RI\u0006C\u0001.c\u001b\u0005Y&B\u0001/^\u0003\r\u0019\b/\u001b\u0006\u0003=~\u000bA!Y;uQ*\u00111\u0001\u0019\u0006\u0002C\u0006)!.\u0019<bq&\u00111m\u0017\u0002\f\u0019><\u0017N\\'pIVdW\rC\u0003\u001e/\u0012\u0005Q\rF\u0001g!\t\u0001r\u000bC\u0004i/\n\u0007I\u0011A\u0017\u0002\u00071|w\r\u0003\u0004k/\u0002\u0006IAL\u0001\u0005Y><\u0007\u0005C\u0005m/\u0002\u0007\t\u0019!C\u0001[\u0006\u00012-\u00197mE\u0006\u001c7n\u00185b]\u0012dWM]\u000b\u0002]B\u0011qN]\u0007\u0002a*\u0011\u0011/X\u0001\tG\u0006dGNY1dW&\u00111\u000f\u001d\u0002\u0010\u0007\u0006dGNY1dW\"\u000bg\u000e\u001a7fe\"IQo\u0016a\u0001\u0002\u0004%\tA^\u0001\u0015G\u0006dGNY1dW~C\u0017M\u001c3mKJ|F%Z9\u0015\u0005]T\bC\u0001\u001ey\u0013\tI8H\u0001\u0003V]&$\bbB>u\u0003\u0003\u0005\rA\\\u0001\u0004q\u0012\n\u0004BB?XA\u0003&a.A\tdC2d'-Y2l?\"\fg\u000e\u001a7fe\u0002B!b`,A\u0002\u0003\u0007I\u0011AA\u0001\u0003\u001d\u0019XO\u00196fGR,\"!a\u0001\u0011\t\u0005\u0015\u0011qA\u0007\u0002;&\u0019\u0011\u0011B/\u0003\u000fM+(M[3di\"Y\u0011QB,A\u0002\u0003\u0007I\u0011AA\b\u0003-\u0019XO\u00196fGR|F%Z9\u0015\u0007]\f\t\u0002C\u0005|\u0003\u0017\t\t\u00111\u0001\u0002\u0004!A\u0011QC,!B\u0013\t\u0019!\u0001\u0005tk\nTWm\u0019;!\u0011-\tIb\u0016a\u0001\u0002\u0004%\t!a\u0007\u0002\u0019\r,'\u000f^5gS\u000e\fG/Z:\u0016\u0005\u0005u\u0001#\u0002\u001e\u0002 \u0005\r\u0012bAA\u0011w\t)\u0011I\u001d:bsB!\u0011QEA\u0017\u001b\t\t9C\u0003\u0003\u0002*\u0005-\u0012\u0001B2feRT!a\u0001\r\n\t\u0005=\u0012q\u0005\u0002\u00101V\u0002\u0014hQ3si&4\u0017nY1uK\"Y\u00111G,A\u0002\u0003\u0007I\u0011AA\u001b\u0003A\u0019WM\u001d;jM&\u001c\u0017\r^3t?\u0012*\u0017\u000fF\u0002x\u0003oA\u0011b_A\u0019\u0003\u0003\u0005\r!!\b\t\u0011\u0005mr\u000b)Q\u0005\u0003;\tQbY3si&4\u0017nY1uKN\u0004\u0003\"CA /\u0002\u0007I\u0011AA!\u0003)\u0001(/\u001b8dSB\fGn]\u000b\u0003\u0003\u0007\u0002R\u0001QA#\u0003\u0013J1!a\u0012B\u0005)a\u0015N\\6fI2K7\u000f\u001e\t\u0005\u0003\u0017\ni%\u0004\u0002\u0002,%!\u0011qJA\u0016\u0005%\u0001&/\u001b8dSB\fG\u000eC\u0005\u0002T]\u0003\r\u0011\"\u0001\u0002V\u0005q\u0001O]5oG&\u0004\u0018\r\\:`I\u0015\fHcA<\u0002X!I10!\u0015\u0002\u0002\u0003\u0007\u00111\t\u0005\t\u00037:\u0006\u0015)\u0003\u0002D\u0005Y\u0001O]5oG&\u0004\u0018\r\\:!\u0011!Au\u000b1A\u0005\u0002\u0005}SCAA1!\rQT(\u0013\u0005\n\u0003K:\u0006\u0019!C\u0001\u0003O\n\u0001BZ5mK~#S-\u001d\u000b\u0004o\u0006%\u0004\"C>\u0002d\u0005\u0005\t\u0019AA1\u0011!\tig\u0016Q!\n\u0005\u0005\u0014!\u00024jY\u0016\u0004\u0003bBA9/\u0012\u0005\u00111O\u0001\u000bS:LG/[1mSj,G#C<\u0002v\u0005]\u0014\u0011PAL\u0011\u001dy\u0018q\u000ea\u0001\u0003\u0007Aa\u0001\\A8\u0001\u0004q\u0007\u0002CA>\u0003_\u0002\r!! \u0002\u0019MD\u0017M]3e?N$\u0018\r^31\t\u0005}\u0014Q\u0011\t\u0006\u0001\n\u0013\u0013\u0011\u0011\t\u0005\u0003\u0007\u000b)\t\u0004\u0001\u0005\u0019\u0005\u001d\u0015qNA\u0001\u0002\u0003\u0015\t!!#\u0003\u0007}#\u0013'\u0005\u0003\u0002\f\u0006E\u0005c\u0001\u001e\u0002\u000e&\u0019\u0011qR\u001e\u0003\u000f9{G\u000f[5oOB\u0019!(a%\n\u0007\u0005U5HA\u0002B]fD\u0001\"!'\u0002p\u0001\u0007\u00111T\u0001\b_B$\u0018n\u001c8ta\u0011\ti*!)\u0011\u000b\u0001\u0013%%a(\u0011\t\u0005\r\u0015\u0011\u0015\u0003\r\u0003G\u000by'!A\u0001\u0002\u000b\u0005\u0011\u0011\u0012\u0002\u0004?\u0012\u0012\u0004bBAT/\u0012\u0005\u0011\u0011V\u0001\u0006Y><\u0017N\u001c\u000b\u0003\u0003W\u00032AOAW\u0013\r\tyk\u000f\u0002\b\u0005>|G.Z1o\u0011\u001d\t\u0019l\u0016C\u0001\u0003S\u000baaY8n[&$\bbBA\\/\u0012\u0005\u0011\u0011V\u0001\u0006C\n|'\u000f\u001e\u0005\b\u0003w;F\u0011AAU\u0003\u0019awnZ8vi\u0002")
/* loaded from: input_file:WEB-INF/lib/apollo-broker-1.7.1.jar:org/apache/activemq/apollo/broker/security/CertificateLoginModule.class */
public class CertificateLoginModule implements LoginModule {
    private CallbackHandler callback_handler;
    private Subject subject;
    private X509Certificate[] certificates;
    private final Log log = (Log) JaasAuthenticator$.MODULE$.broker_log().getOrElse(new CertificateLoginModule$$anonfun$2(this));
    private LinkedList<Principal> principals = new LinkedList<>();
    private Option<File> file = None$.MODULE$;

    public static FileCache<Map<String, Object>> file_cache() {
        return CertificateLoginModule$.MODULE$.file_cache();
    }

    public static Option<Map<String, Object>> load_dns(File file) {
        return CertificateLoginModule$.MODULE$.load_dns(file);
    }

    public static Log DEFAULT_LOG() {
        return CertificateLoginModule$.MODULE$.DEFAULT_LOG();
    }

    public static String FILE_OPTION() {
        return CertificateLoginModule$.MODULE$.FILE_OPTION();
    }

    public static String LOGIN_CONFIG() {
        return CertificateLoginModule$.MODULE$.LOGIN_CONFIG();
    }

    public Log log() {
        return this.log;
    }

    public CallbackHandler callback_handler() {
        return this.callback_handler;
    }

    public void callback_handler_$eq(CallbackHandler callbackHandler) {
        this.callback_handler = callbackHandler;
    }

    public Subject subject() {
        return this.subject;
    }

    public void subject_$eq(Subject subject) {
        this.subject = subject;
    }

    public X509Certificate[] certificates() {
        return this.certificates;
    }

    public void certificates_$eq(X509Certificate[] x509CertificateArr) {
        this.certificates = x509CertificateArr;
    }

    public LinkedList<Principal> principals() {
        return this.principals;
    }

    public void principals_$eq(LinkedList<Principal> linkedList) {
        this.principals = linkedList;
    }

    public Option<File> file() {
        return this.file;
    }

    public void file_$eq(Option<File> option) {
        this.file = option;
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        subject_$eq(subject);
        callback_handler_$eq(callbackHandler);
        file_$eq(Option$.MODULE$.apply(map2.get(CertificateLoginModule$.MODULE$.FILE_OPTION())).map(new CertificateLoginModule$$anonfun$initialize$1(this, System.getProperty(CertificateLoginModule$.MODULE$.LOGIN_CONFIG()) == null ? new File(ActiveMQDestination.PATH_SEPERATOR) : new File(System.getProperty(CertificateLoginModule$.MODULE$.LOGIN_CONFIG())).getParentFile())));
        log().debug(new CertificateLoginModule$$anonfun$initialize$2(this), Predef$.MODULE$.genericWrapArray(new Object[]{file()}));
    }

    public boolean login() {
        Some some;
        Some some2;
        CertificateCallback certificateCallback = new CertificateCallback();
        try {
            callback_handler().handle(new Callback[]{certificateCallback});
            certificates_$eq(certificateCallback.getCertificates());
            if (certificates() == null) {
                return false;
            }
            if (Predef$.MODULE$.refArrayOps(certificates()).isEmpty()) {
                throw new FailedLoginException("No associated certificates");
            }
            Option<File> file = file();
            None$ none$ = None$.MODULE$;
            if (none$ != null ? none$.equals(file) : file == null) {
                Predef$.MODULE$.refArrayOps(certificates()).foreach(new CertificateLoginModule$$anonfun$login$1(this));
                BoxedUnit boxedUnit = BoxedUnit.UNIT;
            } else {
                if (!(file instanceof Some) || (some = (Some) file) == null) {
                    throw new MatchError(file);
                }
                Option<Map<String, Object>> option = CertificateLoginModule$.MODULE$.file_cache().get((File) some.x());
                None$ none$2 = None$.MODULE$;
                if (none$2 != null ? none$2.equals(option) : option == null) {
                    throw new LoginException("Invalid login module configuration");
                }
                if (!(option instanceof Some) || (some2 = (Some) option) == null) {
                    throw new MatchError(option);
                }
                Predef$.MODULE$.refArrayOps(certificates()).foreach(new CertificateLoginModule$$anonfun$login$2(this, (Map) some2.x()));
                BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
            }
            if (principals().isEmpty()) {
                throw new FailedLoginException(new StringBuilder().append((Object) "Unknown distinguished names: [").append((Object) Predef$.MODULE$.refArrayOps((Object[]) Predef$.MODULE$.refArrayOps(certificates()).map(new CertificateLoginModule$$anonfun$login$3(this), Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.apply(String.class)))).mkString(";")).append((Object) "]").toString());
            }
            return true;
        } catch (IOException e) {
            throw new LoginException(e.getMessage());
        } catch (UnsupportedCallbackException e2) {
            return false;
        }
    }

    public boolean commit() {
        subject().getPrincipals().addAll(principals());
        certificates_$eq(null);
        log().debug(new CertificateLoginModule$$anonfun$commit$1(this), Predef$.MODULE$.genericWrapArray(new Object[0]));
        return true;
    }

    public boolean abort() {
        principals().clear();
        certificates_$eq(null);
        log().debug(new CertificateLoginModule$$anonfun$abort$1(this), Predef$.MODULE$.genericWrapArray(new Object[0]));
        return true;
    }

    public boolean logout() {
        subject().getPrincipals().removeAll(principals());
        principals().clear();
        log().debug(new CertificateLoginModule$$anonfun$logout$1(this), Predef$.MODULE$.genericWrapArray(new Object[0]));
        return true;
    }
}
