package org.clazzes.login.external;

import java.math.BigInteger;
import java.security.Principal;
import java.security.acl.Group;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import java.util.TimeZone;
import javax.security.auth.x500.X500Principal;
import javax.servlet.http.HttpServletRequest;
import org.clazzes.util.http.RequestHelper;
import org.clazzes.util.http.sec.HttpLoginService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/clazzes/login/external/X509HttpLoginService.class */
public class X509HttpLoginService implements HttpLoginService {
    private static final Logger log = LoggerFactory.getLogger(X509HttpLoginService.class);
    public static final String CTX_URL_PREFIX = "/http-login/org.clazzes.login.x509/ctx/";
    private String subjectDnHeader;
    private String issuerDnHeader;
    private String serialHeader;
    private ConfigurationService configurationService;

    public static final BigInteger parseClientSerial(String str) {
        return new BigInteger(str.replace(":", ""), 16);
    }

    protected X509CertRef parseCertRef(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(this.subjectDnHeader);
        String header2 = httpServletRequest.getHeader(this.issuerDnHeader);
        String header3 = httpServletRequest.getHeader(this.serialHeader);
        if (header == null) {
            log.error("Missing Subject DN in request to [{}]", RequestHelper.describeRequest(httpServletRequest));
            return null;
        }
        if (header2 == null) {
            log.error("Missing Issuer DN in request to [{}]", RequestHelper.describeRequest(httpServletRequest));
            return null;
        }
        if (header3 == null) {
            log.error("Missing Serial in request to [{}]", RequestHelper.describeRequest(httpServletRequest));
            return null;
        }
        try {
            return new X509CertRef(header, header2, parseClientSerial(header3));
        } catch (NumberFormatException e) {
            log.error("Malformatted serial number [{}] in request to [{}]", header3, RequestHelper.describeRequest(httpServletRequest));
            return null;
        }
    }

    public String getLoginUrl() {
        return "/http-login/org.clazzes.login.x509/login";
    }

    public Principal checkLogin(HttpServletRequest httpServletRequest) {
        X509CertRef parseCertRef = parseCertRef(httpServletRequest);
        if (parseCertRef == null) {
            return null;
        }
        IssuerConfig issuerConfig = this.configurationService.getIssuerConfig(parseCertRef.getIssuerDn());
        if (issuerConfig == null) {
            log.error("Request with certificate [{}] to [{}] refers to an unconfigured issuer DN.", parseCertRef, RequestHelper.describeRequest(httpServletRequest));
            return null;
        }
        if (!issuerConfig.checkCertStatus(parseCertRef)) {
            return null;
        }
        log.info("Got request with certificate [{}] to [{}]", parseCertRef, RequestHelper.describeRequest(httpServletRequest));
        return new X500Principal(parseCertRef.getSubjectDn());
    }

    public List<? extends Group> checkLoginGroups(HttpServletRequest httpServletRequest) {
        return null;
    }

    public Locale getLocale(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getLocale();
    }

    public TimeZone getTimeZone(HttpServletRequest httpServletRequest) {
        return TimeZone.getDefault();
    }

    public boolean checkPermission(HttpServletRequest httpServletRequest, String str) {
        if (str.equals(getLoginUrl())) {
            return true;
        }
        if (!str.startsWith(CTX_URL_PREFIX)) {
            return false;
        }
        Set<String> whiteList = this.configurationService.getWhiteList(str.substring(CTX_URL_PREFIX.length()));
        if (whiteList != null) {
            return whiteList.contains(httpServletRequest.getHeader(this.subjectDnHeader));
        }
        return false;
    }

    public void logout(HttpServletRequest httpServletRequest) {
        log.info("X.509 logout ist not implemented.");
    }

    public void setSubjectDnHeader(String str) {
        this.subjectDnHeader = str;
    }

    public void setIssuerDnHeader(String str) {
        this.issuerDnHeader = str;
    }

    public void setSerialHeader(String str) {
        this.serialHeader = str;
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }
}
