package com.enginframe.server.authorization.certificate;

import com.enginframe.common.utils.Utils;
import com.enginframe.server.authorization.os.FlexibleOperatingSystemAuthorizationService;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.servlet.http.HttpServletRequest;

/* JADX WARN: Classes with same name are omitted:
  input_file:kernel/ef_root/WEBAPP/WEB-INF/lib/ef.jar:com/enginframe/server/authorization/certificate/CertificateAuthorizationService.class
  input_file:kernel/ef_root/agent/agent.jar:com/enginframe/server/authorization/certificate/CertificateAuthorizationService.class
 */
/* loaded from: input_file:com/enginframe/server/authorization/certificate/CertificateAuthorizationService.class */
public class CertificateAuthorizationService extends FlexibleOperatingSystemAuthorizationService {
    static final String USER_CERTIFICATE = ".userCertificate";
    private static final long serialVersionUID = 1;
    private static final String DEFAULT_LOGIN = "<ef:error xmlns:ef=\"http://www.enginframe.com/2000/EnginFrame\">\n  <ef:title>Certificate Authentication Error</ef:title>\n  <ef:message>The Web Server should require Certificate Authentication!</ef:message>\n</ef:error>";

    public CertificateAuthorizationService(String str) {
        super(str);
    }

    @Override // com.enginframe.server.authorization.os.FlexibleOperatingSystemAuthorizationService, com.enginframe.server.authorization.AbstractAuthorizationService
    protected String createDefaultLogin() {
        return DEFAULT_LOGIN;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.enginframe.server.authorization.os.FlexibleOperatingSystemAuthorizationService
    public String getUsername(HttpServletRequest httpServletRequest) {
        String str = "";
        if (Utils.isTrue(getClassProperty(USER_CERTIFICATE))) {
            String str2 = "";
            try {
                str2 = ((X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate"))[0].getSubjectX500Principal().getName();
                if (getLog().isDebugEnabled()) {
                    getLog().debug(String.format("Found DN from client certificate (%s)", str2));
                }
                for (Rdn rdn : new LdapName(str2).getRdns()) {
                    if (getLog().isDebugEnabled()) {
                        getLog().debug(String.format("Found RDN from client certificate with type (%s) and value (%s)", rdn.getType(), rdn.getValue()));
                    }
                    if (rdn.getType().equalsIgnoreCase("CN")) {
                        str = rdn.getValue().toString();
                    }
                }
            } catch (InvalidNameException e) {
                getLog().error(String.format("Unable to parse a valid DN from certificate, it was (%s)", str2), e);
            } catch (IndexOutOfBoundsException e2) {
                getLog().error("No client certificate found", e2);
            }
            if (Utils.isVoid(str)) {
                setError(true);
                addErrorMessage("Username from Certificate is empty", "");
                getLog().error(String.format("Unable to get username from certificate with DN (%s)", str2));
            }
            getLog().info(String.format("Found username (%s) from client certificate", str));
        } else {
            str = super.getUsername(httpServletRequest);
            getLog().info(String.format("Found username (%s) from request parameter", str));
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.enginframe.server.authorization.os.FlexibleOperatingSystemAuthorizationService
    public void parseCredentials() {
        if (Utils.isTrue(getClassProperty(USER_CERTIFICATE))) {
            return;
        }
        super.parseCredentials();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.enginframe.server.authorization.os.FlexibleOperatingSystemAuthorizationService
    public List<String> getClientCredentials(String str, HttpServletRequest httpServletRequest) {
        List<String> arrayList = new ArrayList();
        if (Utils.isTrue(getClassProperty(USER_CERTIFICATE))) {
            arrayList.add(str);
        } else {
            arrayList = super.getClientCredentials(str, httpServletRequest);
        }
        return arrayList;
    }
}
