package jeus.security.impl.atn;

import java.io.File;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.management.ObjectName;
import jeus.security.base.SecurityException;
import jeus.security.base.ServiceException;
import jeus.security.impl.atnrep.XMLCertUserMapConverter;
import jeus.security.resource.JKSCertificateFactory;
import jeus.security.spi.IdentityAssertionService;
import jeus.security.spi.SecurityInstaller;
import jeus.security.util.Constants;
import jeus.security.util.NameAndPathUtil;
import jeus.security.util.X509Util;
import jeus.util.ErrorMsgManager;
import jeus.util.message.JeusMessage_Security_Exception;
import sun.security.x509.X500Name;

/* loaded from: input_file:jeus/security/impl/atn/DefaultIdentityAssertionService.class */
public class DefaultIdentityAssertionService extends IdentityAssertionService {
    private File theFile;
    private XMLCertUserMapConverter conv;
    private String certAttrType;
    private String delimiter;
    private String certAttrKey;
    private Map certUserMap;
    boolean existCertMap = false;

    @Override // jeus.security.base.Service
    protected void doCreate() throws ServiceException, SecurityException {
        String property = getProperty(Constants.FILE_NAME_CERT_USER_MAP);
        if (property == null) {
            property = NameAndPathUtil.getPathWithEndingSeparator(SecurityInstaller.getEnvironment().baseSecurityConfigurationDirectory) + NameAndPathUtil.getPathWithEndingSeparator(getDomain().getName()) + Constants.DEFAULT_CERT_USER_MAP_FILE_NAME;
        }
        this.theFile = new File(property);
        if (this.theFile.exists()) {
            this.certUserMap = new HashMap();
            try {
                this.conv = new XMLCertUserMapConverter(this.certUserMap);
                refreshRead();
                this.existCertMap = true;
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        this.certAttrType = getProperty(Constants.ATTRIBUTE_CERT_METHOD_PROPERTY_KEY);
        this.certAttrKey = getProperty(Constants.ATTRIBUTE_TYPE_PROPERTY_KEY);
        this.delimiter = getProperty(Constants.ATTRIBUTE_VALUE_DELIMITER_PROPERTY_KEY);
    }

    private void refreshRead() throws ServiceException {
        try {
            this.conv.unmarshal(this.theFile);
        } catch (Exception e) {
            throw new ServiceException(ErrorMsgManager.getErrorStringMessage(JeusMessage_Security_Exception._29, this.theFile.getAbsolutePath()), e);
        }
    }

    @Override // jeus.security.base.Service
    protected void doDestroy() {
    }

    @Override // jeus.security.base.Service
    public void doRegisterMBean(ObjectName objectName) {
    }

    @Override // jeus.security.spi.IdentityAssertionService
    protected Object doIdentity(Object obj) throws ServiceException, SecurityException {
        String userNameInCertificate = getUserNameInCertificate((X509Certificate) obj);
        String str = null;
        if (userNameInCertificate != null && this.existCertMap) {
            str = (String) this.certUserMap.get(userNameInCertificate);
        }
        if (str == null) {
            str = userNameInCertificate;
        }
        return str;
    }

    private String getUserNameInCertificate(X509Certificate x509Certificate) throws SecurityException {
        if (this.certAttrType == null) {
            return getCommonNameFromX500Name(x509Certificate);
        }
        if (!this.certAttrType.equals("SKI")) {
            return this.certAttrType.equals("issuer_serial") ? X509Util.getIssuerDNAndSerialNo(x509Certificate) : this.certAttrType.equals(JKSCertificateFactory.ALIAS_PROPERTY_KEY) ? X509Util.getAliasInTrustStore(getDomain().getTrustStore(), x509Certificate) : this.certAttrType.equals("SubjectDN") ? X509Util.getSubjectDNFromCertificate(x509Certificate, this.certAttrKey, this.delimiter) : getCommonNameFromX500Name(x509Certificate);
        }
        try {
            return new String(X509Util.getSKIBytesFromCert(x509Certificate));
        } catch (Exception e) {
            throw new SecurityException(e.getMessage(), e);
        }
    }

    private String getCommonNameFromX500Name(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        X500Name subjectDN = x509Certificate.getSubjectDN();
        if (!(subjectDN instanceof X500Name)) {
            return null;
        }
        try {
            return subjectDN.getCommonName();
        } catch (IOException e) {
            e.printStackTrace();
            return null;
        }
    }
}
