package de.bos_bremen.gov.autent.safe.client;

import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
import com.sun.xml.wss.impl.callback.DecryptionKeyCallback;
import com.sun.xml.wss.impl.callback.EncryptionKeyCallback;
import com.sun.xml.wss.impl.callback.PasswordCallback;
import com.sun.xml.wss.impl.callback.SignatureKeyCallback;
import com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback;
import com.sun.xml.wss.impl.callback.UsernameCallback;
import com.sun.xml.wss.impl.misc.DefaultCallbackHandler;
import de.bos_bremen.gov.autent.safe.CommonHelper;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Properties;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/bos_bremen/gov/autent/safe/client/ClientCallbackHandler.class */
public class ClientCallbackHandler implements CallbackHandler, CertificateValidationCallback.CertificateValidator {
    private static final Logger log = LoggerFactory.getLogger(ClientCallbackHandler.class);
    protected CallbackHandler defaultCallbackHandler;

    public ClientCallbackHandler() {
        Properties readProperties = readProperties(new Properties());
        readProperties.put("saml.callback.handler", SamlCallbackHandler.class.getName());
        try {
            this.defaultCallbackHandler = new DefaultCallbackHandler("client", readProperties);
        } catch (XWSSecurityException e) {
            log.error("init() ", e);
            throw new IllegalStateException((Throwable) e);
        }
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (Callback callback : callbackArr) {
            log.debug("handle() callback erhalten: " + callback);
            if (callback instanceof UsernameCallback) {
                handleUsernameCallback((UsernameCallback) callback);
            } else if (callback instanceof PasswordCallback) {
                handlePasswordCallback((PasswordCallback) callback);
            } else if (callback instanceof DecryptionKeyCallback) {
                handleDecryptionKeyCallback((DecryptionKeyCallback) callback);
            } else if (callback instanceof SignatureVerificationKeyCallback) {
                handleSignatureVerificationKeyCallback((SignatureVerificationKeyCallback) callback);
            } else if (callback instanceof SignatureKeyCallback) {
                handleSignatureKeyCallback((SignatureKeyCallback) callback);
            } else if (callback instanceof EncryptionKeyCallback) {
                handleEncryptionKeyCallback((EncryptionKeyCallback) callback);
            } else if (callback instanceof CertificateValidationCallback) {
                handleCertificateValidationCallback((CertificateValidationCallback) callback);
            } else {
                log.debug("handle() callback wird an DefaultCallbackHandler delegiert: " + callback);
                this.defaultCallbackHandler.handle(new Callback[]{callback});
            }
        }
    }

    private static void handleUsernameCallback(UsernameCallback usernameCallback) {
        usernameCallback.setUsername(getClientConfiguration().getUsername());
    }

    private static void handlePasswordCallback(PasswordCallback passwordCallback) {
        passwordCallback.setPassword(getClientConfiguration().getPassword());
    }

    private static void handleDecryptionKeyCallback(DecryptionKeyCallback decryptionKeyCallback) throws UnsupportedCallbackException {
        DecryptionKeyCallback.PrivateKeyRequest request = decryptionKeyCallback.getRequest();
        if (!(request instanceof DecryptionKeyCallback.PrivateKeyRequest)) {
            log.error("handleDecryptionKeyCallback() request not supported. Please implement: " + request.getClass().getName());
            throw new UnsupportedCallbackException(null, "Request not supported. Please implement: " + request.getClass().getName());
        }
        DecryptionKeyCallback.PrivateKeyRequest privateKeyRequest = request;
        ClientConfiguration clientConfiguration = getClientConfiguration();
        PrivateKey transportDecryptionKey = clientConfiguration.getTransportDecryptionKey();
        if (transportDecryptionKey == null) {
            log.warn("handleDecryptionKeyCallback() no private key for decryption found");
            return;
        }
        privateKeyRequest.setPrivateKey(transportDecryptionKey);
        X509Certificate transportDecryptionCertificate = clientConfiguration.getTransportDecryptionCertificate();
        if (transportDecryptionCertificate == null) {
            log.debug("handleDecryptionKeyCallback() returning private key for decryption " + transportDecryptionKey);
        } else {
            log.debug("handleDecryptionKeyCallback() returning private key for decryption certificate " + CommonHelper.getSubjectName(transportDecryptionCertificate));
        }
    }

    private static void handleSignatureVerificationKeyCallback(SignatureVerificationKeyCallback signatureVerificationKeyCallback) throws UnsupportedCallbackException {
        SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest request = signatureVerificationKeyCallback.getRequest();
        if (request instanceof SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest) {
            SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest x509SubjectKeyIdentifierBasedRequest = request;
            byte[] subjectKeyIdentifier = x509SubjectKeyIdentifierBasedRequest.getSubjectKeyIdentifier();
            log.debug("handleSignatureVerificationKeyCallback() found request " + x509SubjectKeyIdentifierBasedRequest.getClass().getName() + " with SubjectKeyIdentifier " + Arrays.toString(subjectKeyIdentifier));
            X509Certificate signatureVerificationCertificate = getClientConfiguration().getSignatureVerificationCertificate(subjectKeyIdentifier);
            if (log.isDebugEnabled()) {
                if (signatureVerificationCertificate != null) {
                    log.debug("getSignatureVerificationCertificateForThumbprint() returning certificate: " + CommonHelper.getSubjectName(signatureVerificationCertificate) + " for thumb print: " + CommonHelper.toHexString(subjectKeyIdentifier));
                } else {
                    log.warn("handleSignatureVerificationKeyCallback() no certificate found for thumb print:" + CommonHelper.toHexString(subjectKeyIdentifier));
                }
            }
            x509SubjectKeyIdentifierBasedRequest.setX509Certificate(signatureVerificationCertificate);
            return;
        }
        if (request instanceof SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest) {
            SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest x509IssuerSerialBasedRequest = (SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest) request;
            String issuerName = x509IssuerSerialBasedRequest.getIssuerName();
            BigInteger serialNumber = x509IssuerSerialBasedRequest.getSerialNumber();
            log.debug("handleSignatureVerificationKeyCallback() found request " + request.getClass().getName() + " with IssuerName: " + issuerName + " Serial: " + serialNumber);
            X509Certificate signatureVerificationCertificate2 = getClientConfiguration().getSignatureVerificationCertificate(issuerName, serialNumber);
            if (log.isDebugEnabled()) {
                if (signatureVerificationCertificate2 != null) {
                    log.debug("handleSignatureVerificationKeyCallback() returning certificate: " + CommonHelper.getSubjectName(signatureVerificationCertificate2));
                } else {
                    log.warn("handleSignatureVerificationKeyCallback() no certificate found for issuer name=" + issuerName + "; serial number=" + serialNumber);
                }
            }
            x509IssuerSerialBasedRequest.setX509Certificate(signatureVerificationCertificate2);
            return;
        }
        if (request instanceof SignatureVerificationKeyCallback.ThumbprintBasedRequest) {
            SignatureVerificationKeyCallback.ThumbprintBasedRequest thumbprintBasedRequest = (SignatureVerificationKeyCallback.ThumbprintBasedRequest) request;
            byte[] thumbprintIdentifier = thumbprintBasedRequest.getThumbprintIdentifier();
            log.debug("handleSignatureVerificationKeyCallback() found request " + request.getClass().getName() + " with thumbprint: " + CommonHelper.toHexString(thumbprintIdentifier));
            X509Certificate signatureVerificationCertificateByThumbprint = getClientConfiguration().getSignatureVerificationCertificateByThumbprint(thumbprintIdentifier);
            if (log.isDebugEnabled()) {
                if (signatureVerificationCertificateByThumbprint != null) {
                    log.debug("handleSignatureVerificationKeyCallback() returning certificate: " + CommonHelper.getSubjectName(signatureVerificationCertificateByThumbprint));
                } else {
                    log.warn("handleSignatureVerificationKeyCallback() no certificate found for thumbprint: " + CommonHelper.toHexString(thumbprintIdentifier));
                }
            }
            thumbprintBasedRequest.setX509Certificate(signatureVerificationCertificateByThumbprint);
            return;
        }
        if (!(request instanceof SignatureVerificationKeyCallback.PublicKeyBasedRequest)) {
            log.error("handleSignatureVerificationKeyCallback() request not supported. Please implement: " + request.getClass().getName());
            throw new UnsupportedCallbackException(null, "Request not supported. Please implement: " + request.getClass().getName());
        }
        SignatureVerificationKeyCallback.PublicKeyBasedRequest publicKeyBasedRequest = (SignatureVerificationKeyCallback.PublicKeyBasedRequest) request;
        PublicKey publicKey = publicKeyBasedRequest.getPublicKey();
        log.debug("handleSignatureVerificationKeyCallback() gefunden " + publicKeyBasedRequest.getClass().getName() + " mit publicKey: " + publicKey);
        X509Certificate signatureVerificationCertificate3 = getClientConfiguration().getSignatureVerificationCertificate(publicKey);
        if (log.isDebugEnabled()) {
            if (signatureVerificationCertificate3 != null) {
                log.debug("handleSignatureVerificationKeyCallback() returning certificate: " + CommonHelper.getSubjectName(signatureVerificationCertificate3));
            } else {
                log.warn("handleSignatureVerificationKeyCallback() no certificate found for public key=" + publicKey);
            }
        }
        publicKeyBasedRequest.setX509Certificate(signatureVerificationCertificate3);
    }

    private static void handleSignatureKeyCallback(SignatureKeyCallback signatureKeyCallback) throws UnsupportedCallbackException {
        SignatureKeyCallback.DefaultPrivKeyCertRequest request = signatureKeyCallback.getRequest();
        if (!(request instanceof SignatureKeyCallback.DefaultPrivKeyCertRequest)) {
            log.error("handleSignatureKeyCallback() request not supported. Please implement: " + request.getClass().getName());
            throw new UnsupportedCallbackException(null, "Request not supported. Please implement: " + request.getClass().getName());
        }
        SignatureKeyCallback.DefaultPrivKeyCertRequest defaultPrivKeyCertRequest = request;
        ClientConfiguration clientConfiguration = getClientConfiguration();
        PrivateKey transportSignatureKey = clientConfiguration.getTransportSignatureKey();
        if (transportSignatureKey == null) {
            log.warn("handleSignatureKeyCallback() no private key found for signature");
            return;
        }
        defaultPrivKeyCertRequest.setPrivateKey(transportSignatureKey);
        X509Certificate transportSignatureCertificate = clientConfiguration.getTransportSignatureCertificate();
        if (transportSignatureCertificate == null) {
            log.warn("handleSignatureKeyCallback() no certificate found for signature");
        } else {
            defaultPrivKeyCertRequest.setX509Certificate(transportSignatureCertificate);
            log.debug("handleSignatureKeyCallback() returning signature certificate " + CommonHelper.getSubjectName(transportSignatureCertificate));
        }
    }

    private static void handleEncryptionKeyCallback(EncryptionKeyCallback encryptionKeyCallback) throws UnsupportedCallbackException {
        EncryptionKeyCallback.AliasX509CertificateRequest request = encryptionKeyCallback.getRequest();
        if (!(request instanceof EncryptionKeyCallback.AliasX509CertificateRequest)) {
            log.error("handleEncryptionKeyCallback() request not supported. Please implement: " + request.getClass().getName());
            throw new UnsupportedCallbackException(null, "Request not supported. Please implement: " + request.getClass().getName());
        }
        EncryptionKeyCallback.AliasX509CertificateRequest aliasX509CertificateRequest = request;
        String alias = aliasX509CertificateRequest.getAlias();
        log.debug("handleEncryptionKeyCallback() found " + aliasX509CertificateRequest.getClass().getName() + " with alias: '" + alias + "'");
        X509Certificate encryptionCertificate = getClientConfiguration().getEncryptionCertificate();
        if (encryptionCertificate == null) {
            log.warn("handleEncryptionKeyCallback() no encryption certificate found for alias: " + alias);
        } else {
            log.debug("handleEncryptionKeyCallback() returning encryption certificate " + CommonHelper.getSubjectName(encryptionCertificate));
            aliasX509CertificateRequest.setX509Certificate(encryptionCertificate);
        }
    }

    private void handleCertificateValidationCallback(CertificateValidationCallback certificateValidationCallback) {
        certificateValidationCallback.setValidator(this);
    }

    private static ClientConfiguration getClientConfiguration() {
        log.debug("getClientConfiguration() getting Subject");
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject == null) {
            throw new IllegalStateException("no Subject found. Create a Subject, add an instance of ClientConfiguration to its PublicCredentials and use Subject.doAs() to invoke your operation");
        }
        return (ClientConfiguration) subject.getPublicCredentials(ClientConfiguration.class).iterator().next();
    }

    public boolean validate(X509Certificate x509Certificate) throws CertificateValidationCallback.CertificateValidationException {
        try {
            log.debug("checkValidity() Checking valdity of certificate " + x509Certificate.getSubjectDN().getName());
            x509Certificate.checkValidity();
            log.debug("checkValidity() Certificate is valid (certificate interval)");
            return true;
        } catch (CertificateExpiredException e) {
            return false;
        } catch (CertificateNotYetValidException e2) {
            return false;
        }
    }

    protected Properties readProperties(Properties properties) {
        return readProperties(properties, "META-INF/CallbackHandler.properties");
    }

    protected Properties readProperties(Properties properties, String str) {
        InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str);
        try {
            Properties readProperties = readProperties(properties, resourceAsStream);
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (IOException e) {
                }
            }
            return readProperties;
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (IOException e2) {
                }
            }
            throw th;
        }
    }

    protected Properties readProperties(Properties properties, InputStream inputStream) {
        Properties properties2 = new Properties(properties);
        if (inputStream != null) {
            try {
                properties2.load(inputStream);
            } catch (IOException e) {
                log.error("readProperties() ", e);
            }
        }
        if (properties2.isEmpty()) {
            return properties == null ? properties2 : properties;
        }
        if (log.isDebugEnabled()) {
            Enumeration<?> propertyNames = properties2.propertyNames();
            while (propertyNames.hasMoreElements()) {
                String str = (String) propertyNames.nextElement();
                if (str.toLowerCase().indexOf("password") != -1) {
                    log.debug("readProperties() Property-Key: " + str + "; Value: ******");
                } else {
                    log.debug("readProperties() Property-Key: " + str + "; Value: " + properties2.getProperty(str));
                }
            }
        }
        return properties2;
    }
}
