package org.jgroups.auth;

import java.io.DataInput;
import java.io.DataOutput;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.jgroups.Message;
import org.jgroups.annotations.Property;
import org.jgroups.util.Util;

/* loaded from: input_file:artemis-tomcat-jndi-resources-sample.war:WEB-INF/lib/jgroups-5.2.16.Final.jar:org/jgroups/auth/X509Token.class */
public class X509Token extends AuthToken {
    private boolean valueSet;

    @Property
    protected String cert_alias;

    @Property
    protected String keystore_path;

    @Property(exposeAsManagedAttribute = false)
    protected String auth_value;
    private byte[] encryptedToken;
    private char[] cert_password;
    private char[] keystore_password;
    private Cipher cipher;
    private PrivateKey certPrivateKey;
    private X509Certificate certificate;

    @Property
    protected String keystore_type = "JKS";

    @Property
    protected String cipher_type = "RSA";

    @Property(name = "cert_password", exposeAsManagedAttribute = false)
    public void setCertPassword(String str) {
        this.cert_password = str.toCharArray();
    }

    @Property(name = "keystore_password", exposeAsManagedAttribute = false)
    public void setKeyStorePassword(String str) {
        this.keystore_password = str.toCharArray();
        if (this.cert_password == null) {
            this.cert_password = this.keystore_password;
        }
    }

    public X509Token encryptedToken(byte[] bArr) {
        this.encryptedToken = bArr;
        return this;
    }

    @Override // org.jgroups.auth.AuthToken
    public String getName() {
        return X509Token.class.getName();
    }

    @Override // org.jgroups.auth.AuthToken
    public boolean authenticate(AuthToken authToken, Message message) {
        if (!this.valueSet) {
            this.log.error(Util.getMessage("X509TokenNotSetupCorrectlyCheckTokenAttrs"));
            return false;
        }
        if (!(authToken instanceof X509Token)) {
            return false;
        }
        X509Token x509Token = (X509Token) authToken;
        if (!x509Token.valueSet) {
            this.log.error(Util.getMessage("X509TokenReceivedTokenNotValid"));
            return false;
        }
        try {
            this.cipher.init(2, this.certPrivateKey);
            if (!new String(this.cipher.doFinal(x509Token.encryptedToken)).equalsIgnoreCase(this.auth_value)) {
                return false;
            }
            this.log.debug("X509 authentication passed");
            return true;
        } catch (Exception e) {
            this.log.error(e.toString());
            return false;
        }
    }

    @Override // org.jgroups.util.Streamable
    public void writeTo(DataOutput dataOutput) throws IOException {
        Util.writeByteBuffer(this.encryptedToken, dataOutput);
    }

    @Override // org.jgroups.util.Streamable
    public void readFrom(DataInput dataInput) throws IOException {
        this.encryptedToken = Util.readByteBuffer(dataInput);
        this.valueSet = true;
    }

    @Override // org.jgroups.auth.AuthToken
    public int size() {
        return Util.size(this.encryptedToken);
    }

    public void setCertificate() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnrecoverableEntryException {
        KeyStore keyStore = KeyStore.getInstance(this.keystore_type);
        InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(this.keystore_path);
        if (resourceAsStream == null) {
            resourceAsStream = new FileInputStream(this.keystore_path);
        }
        keyStore.load(resourceAsStream, this.keystore_password);
        this.cipher = Cipher.getInstance(this.cipher_type);
        this.certificate = (X509Certificate) keyStore.getCertificate(this.cert_alias);
        this.log.debug("certificate = " + this.certificate.toString());
        this.cipher.init(1, this.certificate);
        this.encryptedToken = this.cipher.doFinal(this.auth_value.getBytes());
        this.certPrivateKey = ((KeyStore.PrivateKeyEntry) keyStore.getEntry(this.cert_alias, new KeyStore.PasswordProtection(this.cert_password))).getPrivateKey();
        this.valueSet = true;
    }
}
