package net.jini.jeri.ssl;

import java.net.Socket;
import java.security.AccessController;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import javax.security.auth.x500.X500PrivateCredential;
import net.jini.io.UnsupportedConstraintException;
import net.jini.jeri.ssl.SubjectCredentials;
import net.jini.security.AuthenticationPermission;

/* loaded from: input_file:net/jini/jeri/ssl/ClientAuthManager.class */
class ClientAuthManager extends AuthManager {
    private static final Logger logger = Utilities.clientLogger;
    private X509Certificate serverCredential;
    private X500Principal serverPrincipal;
    private X500PrivateCredential clientCredential;
    private X500Principal clientPrincipal;
    private Exception clientCredentialException;
    private long credentialsValidUntil;
    private AuthenticationPermission authenticationPermission;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ClientAuthManager(Subject subject, Set set, Set set2) throws NoSuchAlgorithmException {
        super(subject, set, set2);
        this.credentialsValidUntil = 0L;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized boolean getClientAuthenticated() {
        return this.clientCredential != null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized Exception getClientCredentialException() {
        return this.clientCredentialException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void checkAuthentication() throws UnsupportedConstraintException {
        if (this.clientCredential == null) {
            throw new UnsupportedConstraintException("Client is not authenticated");
        }
        if (this.clientCredential.isDestroyed()) {
            throw new UnsupportedConstraintException("Private credentials are destroyed");
        }
        if (System.currentTimeMillis() > this.credentialsValidUntil) {
            throw new UnsupportedConstraintException("Certificates are no longer valid");
        }
        if (this.subjectIsReadOnly) {
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                securityManager.checkPermission(this.authenticationPermission);
                return;
            }
            return;
        }
        Subject subject = getSubject();
        X509Certificate certificate = this.clientCredential.getCertificate();
        if (SubjectCredentials.getPrincipal(subject, certificate) == null) {
            throw new UnsupportedConstraintException("Missing principal");
        }
        if (SubjectCredentials.getCertificateChain(subject, certificate) == null) {
            throw new UnsupportedConstraintException("Missing public credentials");
        }
        X500PrivateCredential privateCredential = getPrivateCredential(certificate, this.authenticationPermission);
        if (privateCredential == null) {
            throw new UnsupportedConstraintException("Missing private credentials");
        }
        if (!equalPrivateCredentials(this.clientCredential, privateCredential)) {
            throw new UnsupportedConstraintException("Wrong private credentials");
        }
    }

    @Override // net.jini.jeri.ssl.AuthManager
    synchronized X500PrivateCredential getPrivateCredential(X509Certificate x509Certificate) {
        return getPrivateCredential(x509Certificate, getAuthenticationPermission(x509Certificate));
    }

    private X500PrivateCredential getPrivateCredential(X509Certificate x509Certificate, AuthenticationPermission authenticationPermission) {
        Subject subject = getSubject();
        if (subject == null) {
            return null;
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(authenticationPermission);
        }
        return (X500PrivateCredential) AccessController.doPrivileged(new SubjectCredentials.GetPrivateCredentialAction(subject, x509Certificate));
    }

    @Override // net.jini.jeri.ssl.AuthManager
    Logger getLogger() {
        return logger;
    }

    private AuthenticationPermission getAuthenticationPermission(X509Certificate x509Certificate) {
        return new AuthenticationPermission(Collections.singleton(x509Certificate.getSubjectX500Principal()), this.serverPrincipal == null ? null : Collections.singleton(this.serverPrincipal), "connect");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized X500Principal getServerPrincipal() {
        return this.serverPrincipal;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized X500Principal getClientPrincipal() {
        return this.clientPrincipal;
    }

    @Override // net.jini.jeri.ssl.FilterX509TrustManager, javax.net.ssl.X509TrustManager
    public synchronized void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        super.checkServerTrusted(x509CertificateArr, str);
        if (this.serverPrincipal != null) {
            if (!this.serverCredential.equals(x509CertificateArr[0])) {
                throw new CertificateException("Server credentials changed");
            }
        } else {
            this.serverCredential = x509CertificateArr[0];
            this.serverPrincipal = this.serverCredential.getSubjectX500Principal();
            setPermittedRemotePrincipals(Collections.singleton(this.serverPrincipal));
            this.credentialsValidUntil = AuthManager.certificatesValidUntil(x509CertificateArr);
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        String[] aliases = getAliases(str, principalArr);
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "get client aliases for key type {0}\nand issuers {1}\nreturns {2}", new Object[]{str, Utilities.toString(principalArr), Utilities.toString(aliases)});
        }
        return aliases;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:46:0x004a  */
    /* JADX WARN: Type inference failed for: r16v0, types: [java.lang.SecurityException] */
    @Override // javax.net.ssl.X509KeyManager
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized java.lang.String chooseClientAlias(java.lang.String[] r9, java.security.Principal[] r10, java.net.Socket r11) {
        /*
            Method dump skipped, instructions count: 358
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: net.jini.jeri.ssl.ClientAuthManager.chooseClientAlias(java.lang.String[], java.security.Principal[], java.net.Socket):java.lang.String");
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return null;
    }
}
