package com.pcbsys.foundation.security;

import com.pcbsys.foundation.base.fException;
import com.pcbsys.foundation.collections.Vector;
import com.pcbsys.foundation.drivers.fDriver;
import com.pcbsys.foundation.drivers.fMultiplexDriver;
import com.pcbsys.foundation.drivers.fSSLDriver;
import com.pcbsys.foundation.fConstants;
import com.pcbsys.foundation.io.fEventInputStream;
import com.pcbsys.foundation.io.fEventOutputStream;
import com.pcbsys.foundation.io.fStreamFactory;
import com.pcbsys.foundation.security.auth.fAuthConstants;
import com.pcbsys.foundation.security.auth.fAuthentication;
import com.pcbsys.foundation.utils.fReverseDNSUtility;
import com.softwareag.security.jaas.login.SagCredentials;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLPeerUnverifiedException;

/* loaded from: input_file:com/pcbsys/foundation/security/fDefaultServerLoginContext.class */
public class fDefaultServerLoginContext extends fServerLoginContext {
    @Override // com.pcbsys.foundation.security.fServerLoginContext
    public fServerLoginContext newInstance() {
        return new fDefaultServerLoginContext();
    }

    @Override // com.pcbsys.foundation.security.fLoginContext
    public fLoginResponse login(fDriver fdriver) throws fException {
        try {
            fLoginResponse login = login(fdriver, fStreamFactory.createInputStream(fdriver.getInputStream()), new fEventOutputStream(fdriver.getOutputStream()));
            fdriver.setTimeout(0);
            return login;
        } catch (Exception e) {
            if (e instanceof fException) {
                throw ((fException) e);
            }
            throw new fException("Authentication failed with driver=" + fdriver.getClass().getName(), e);
        }
    }

    @Override // com.pcbsys.foundation.security.fLoginContext
    public fLoginResponse login(fDriver fdriver, fEventInputStream feventinputstream, fEventOutputStream feventoutputstream) throws IOException, fException {
        fSubject loadSubject = loadSubject(fdriver, feventinputstream, feventoutputstream);
        if (loadSubject == null) {
            fDefaultResponse fdefaultresponse = new fDefaultResponse(false);
            fdefaultresponse.enablePolicyRequest();
            return fdefaultresponse;
        }
        String remoteAddress = getRemoteAddress(fdriver);
        Vector<fPrincipal> principals = loadSubject.getPrincipals();
        Vector vector = new Vector();
        for (int i = 0; i < principals.size(); i++) {
            fPrincipal elementAt = principals.elementAt(i);
            String name = elementAt.getName();
            int indexOf = name.indexOf("@");
            String resolveAddress = fReverseDNSUtility.resolveAddress(remoteAddress);
            if (elementAt.isForwarded()) {
                vector.add(elementAt);
            } else {
                vector.add(new fPrincipal(name.substring(0, indexOf) + "@" + resolveAddress));
            }
        }
        fDefaultResponse checkSubject = checkSubject(fdriver, new fSubject((Vector<fPrincipal>) vector, loadSubject.getPublicCredentials(), (Vector<fCredential>) null), feventinputstream, feventoutputstream);
        setSubject(fdriver.getSubject());
        return checkSubject;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public fDefaultResponse checkSubject(fDriver fdriver, fSubject fsubject, fEventInputStream feventinputstream, fEventOutputStream feventoutputstream) throws IOException {
        boolean z = true;
        if (fAuthentication.authenticationMandatory && !fsubject.isAuthenticated() && !(fdriver instanceof fMultiplexDriver)) {
            z = fAuthentication.isExempt(fsubject);
        }
        fDefaultResponse fdefaultresponse = new fDefaultResponse(z);
        feventoutputstream.writeExternalable(fdefaultresponse);
        feventoutputstream.flush();
        fdriver.setSubject(fsubject);
        setSubject(fsubject);
        return fdefaultresponse;
    }

    @Override // com.pcbsys.foundation.security.fLoginContext
    public void logout(fDriver fdriver) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.pcbsys.foundation.security.fLoginContext
    public void init() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    public void extractTransportCredentials(SagCredentials sagCredentials, fDriver fdriver) {
        if (fdriver instanceof fSSLDriver) {
            try {
                Certificate[] peerCertificates = ((fSSLDriver) fdriver).getSSLSession().getPeerCertificates();
                if (peerCertificates instanceof X509Certificate[]) {
                    sagCredentials.setX509CertChain((X509Certificate[]) peerCertificates);
                }
            } catch (SSLPeerUnverifiedException e) {
                if (fAuthConstants.sDebug) {
                    fConstants.logger.log("Cannot retrieve client certificate chain - we are potentially using one-way SSL - " + e.getMessage());
                }
            }
        }
    }
}
