package com.worklight.core.auth.ext;

import com.ibm.json.java.JSONObject;
import com.worklight.core.auth.impl.CertificateGenerator;
import com.worklight.core.auth.impl.DevicePublicKeyJWS;
import com.worklight.core.auth.impl.JWSAuthenticationValidationException;
import com.worklight.core.auth.impl.ProvisionedEntity;
import com.worklight.server.auth.api.MissingConfigurationOptionException;
import com.worklight.server.auth.api.UserIdentity;
import com.worklight.server.auth.api.WorkLightLoginModule;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:lib/worklight-extension-api.jar:com/worklight/core/auth/ext/DeviceAutoProvisioningLoginModule.class */
public class DeviceAutoProvisioningLoginModule implements WorkLightLoginModule {
    private final Logger logger = Logger.getLogger(DeviceAutoProvisioningLoginModule.class);
    private static final String CERTIFICATE = "certificate";
    private static final String APPLICATION_ID = "applicationId";
    private static final String GROUP_ID = "groupId";
    private static final String DEVICE_ID = "deviceId";
    public static final String DEVICE_CERTIFICATE = "deviceCertificate";
    private X509Certificate caCertificate;
    private PrivateKey caPrivateKey;
    private X509Certificate deviceCertificate;
    private ProvisionedEntity entity;

    /* renamed from: com.worklight.core.auth.ext.DeviceAutoProvisioningLoginModule$1, reason: invalid class name */
    /* loaded from: input_file:lib/worklight-extension-api.jar:com/worklight/core/auth/ext/DeviceAutoProvisioningLoginModule$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$worklight$core$auth$impl$ProvisionedEntity$Type = new int[ProvisionedEntity.Type.values().length];

        static {
            try {
                $SwitchMap$com$worklight$core$auth$impl$ProvisionedEntity$Type[ProvisionedEntity.Type.APPLICATION.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$worklight$core$auth$impl$ProvisionedEntity$Type[ProvisionedEntity.Type.GROUP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:8:0x0073. Please report as an issue. */
    @Override // com.worklight.server.auth.api.WorkLightLoginModule
    public boolean login(Map<String, Object> map) {
        try {
            DevicePublicKeyJWS devicePublicKeyJWS = new DevicePublicKeyJWS((String) map.get("CSR"));
            JSONObject jSONObject = devicePublicKeyJWS.getJwsParts().payload;
            String str = (String) jSONObject.get(DEVICE_ID);
            String str2 = (String) jSONObject.get(APPLICATION_ID);
            String str3 = (String) jSONObject.get(GROUP_ID);
            StringBuilder sb = new StringBuilder();
            if (StringUtils.isEmpty(str)) {
                return false;
            }
            sb.append("UID=");
            sb.append(str);
            switch (AnonymousClass1.$SwitchMap$com$worklight$core$auth$impl$ProvisionedEntity$Type[this.entity.getType().ordinal()]) {
                case 1:
                    if (StringUtils.isEmpty(str2)) {
                        return false;
                    }
                    sb.append(", DC=");
                    sb.append(str2);
                    this.deviceCertificate = CertificateGenerator.generateCertificate(devicePublicKeyJWS.getPublicKey(), sb.toString(), this.caCertificate, this.caPrivateKey);
                    return true;
                case 2:
                    if (StringUtils.isEmpty(str3)) {
                        return false;
                    }
                    sb.append(", DC=");
                    sb.append(str3);
                    this.deviceCertificate = CertificateGenerator.generateCertificate(devicePublicKeyJWS.getPublicKey(), sb.toString(), this.caCertificate, this.caPrivateKey);
                    return true;
                default:
                    this.deviceCertificate = CertificateGenerator.generateCertificate(devicePublicKeyJWS.getPublicKey(), sb.toString(), this.caCertificate, this.caPrivateKey);
                    return true;
            }
        } catch (InvalidKeyException e) {
            this.logger.error(e);
            return false;
        } catch (NoSuchAlgorithmException e2) {
            this.logger.error(e2);
            return false;
        } catch (NoSuchProviderException e3) {
            this.logger.error(e3);
            return false;
        } catch (SignatureException e4) {
            this.logger.error(e4);
            return false;
        } catch (CertificateEncodingException e5) {
            this.logger.error(e5);
            return false;
        } catch (JWSAuthenticationValidationException e6) {
            this.logger.error(e6);
            return false;
        }
    }

    @Override // com.worklight.server.auth.api.WorkLightLoginModule
    public void logout() {
        cleanup();
    }

    @Override // com.worklight.server.auth.api.WorkLightLoginModule
    public void abort() {
        cleanup();
    }

    private void cleanup() {
        this.deviceCertificate = null;
    }

    @Override // com.worklight.server.auth.api.WorkLightLoginModule
    public UserIdentity createIdenity(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(DEVICE_CERTIFICATE, this.deviceCertificate);
        return new UserIdentity(str, CERTIFICATE, CERTIFICATE, null, hashMap, null);
    }

    @Override // com.worklight.server.auth.api.WorkLightLoginModule
    public void init(Map<String, String> map) throws MissingConfigurationOptionException {
        String parameterValue = getParameterValue(map, "keystoreType", "jks");
        String parameterValue2 = getParameterValue(map, "keystorePath", false);
        String parameterValue3 = getParameterValue(map, "keystorePassword", "password");
        String parameterValue4 = getParameterValue(map, "certificateAlias", "wlProvCert");
        String parameterValue5 = getParameterValue(map, "privateKeyAlias", "wlProvCert");
        String parameterValue6 = getParameterValue(map, "privateKeyPassword", "password");
        this.entity = ProvisionedEntity.parse(getParameterValue(map, "entity", true));
        try {
            KeyStore keyStore = KeyStore.getInstance(parameterValue);
            InputStream inputStream = null;
            try {
                inputStream = parameterValue2 == null ? DeviceAutoProvisioningLoginModule.class.getClassLoader().getResourceAsStream("wl.keystore") : new FileInputStream(parameterValue2);
                keyStore.load(inputStream, parameterValue3.toCharArray());
                IOUtils.closeQuietly(inputStream);
                this.caCertificate = (X509Certificate) keyStore.getCertificate(parameterValue4);
                this.caPrivateKey = (PrivateKey) keyStore.getKey(parameterValue5, parameterValue6.toCharArray());
                if (this.caPrivateKey == null) {
                    throw new RuntimeException("Unable to extract private from supplied keystore");
                }
            } catch (Throwable th) {
                IOUtils.closeQuietly(inputStream);
                throw th;
            }
        } catch (FileNotFoundException e) {
            throw new IllegalArgumentException("Could not find keystore in path specified in authentication configuration", e);
        } catch (IOException e2) {
            throw new IllegalArgumentException("Could not load keystore. Check keystore password defined in authentication configuration", e2);
        } catch (KeyStoreException e3) {
            throw new IllegalArgumentException("Illegal keystoreType defined in authentication configuration", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new RuntimeException(e4);
        } catch (UnrecoverableKeyException e5) {
            throw new RuntimeException(e5);
        } catch (CertificateException e6) {
            throw new IllegalArgumentException("Failed to load certificates from keystore", e6);
        }
    }

    @Override // com.worklight.server.auth.api.WorkLightLoginModule
    /* renamed from: clone, reason: merged with bridge method [inline-methods] */
    public DeviceAutoProvisioningLoginModule m65clone() throws CloneNotSupportedException {
        return (DeviceAutoProvisioningLoginModule) super.clone();
    }

    private String getParameterValue(Map<String, String> map, String str, String str2) {
        try {
            return getParameterValue(map, str, true);
        } catch (MissingConfigurationOptionException e) {
            return str2;
        }
    }

    private String getParameterValue(Map<String, String> map, String str, boolean z) throws MissingConfigurationOptionException {
        String str2 = map.get(str);
        if (z && !map.containsKey(str)) {
            throw new MissingConfigurationOptionException(str);
        }
        map.remove(str);
        return str2;
    }
}
