package net.corda.node.internal.artemis;

import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.internal.InternalUtils;
import net.corda.core.utilities.KotlinUtilsKt;
import net.corda.node.internal.artemis.CertificateChainCheckPolicy;
import net.corda.node.internal.security.Password;
import net.corda.node.services.config.shell.ShellSafetyConfigKt;
import org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;

/* compiled from: BrokerJaasLoginModule.kt */
@Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��`\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010$\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0002\u0018�� \u001f2\u00020\u0001:\u0001\u001fB\u0005¢\u0006\u0002\u0010\u0002J=\u0010\t\u001a\u0014\u0012\u0004\u0012\u00020\u000b\u0012\n\u0012\b\u0012\u0004\u0012\u00020\r0\f0\n2\u0006\u0010\u000e\u001a\u00020\u000b2\f\u0010\u000f\u001a\b\u0012\u0004\u0012\u00020\u00110\u00102\u0006\u0010\u0012\u001a\u00020\u000bH\u0002¢\u0006\u0002\u0010\u0013J<\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u00192\u0010\u0010\u001a\u001a\f\u0012\u0004\u0012\u00020\u000b\u0012\u0002\b\u00030\u001b2\u0010\u0010\u001c\u001a\f\u0012\u0004\u0012\u00020\u000b\u0012\u0002\b\u00030\u001bH\u0016J\b\u0010\u001d\u001a\u00020\u001eH\u0016R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082.¢\u0006\u0002\n��R\u0010\u0010\u0005\u001a\u0004\u0018\u00010\u0006X\u0082\u000e¢\u0006\u0002\n��R\u0010\u0010\u0007\u001a\u0004\u0018\u00010\bX\u0082\u000e¢\u0006\u0002\n��¨\u0006 "}, d2 = {"Lnet/corda/node/internal/artemis/BrokerJaasLoginModule;", "Lnet/corda/node/internal/artemis/BaseBrokerJaasLoginModule;", "()V", "nodeJaasConfig", "Lnet/corda/node/internal/artemis/NodeJaasConfig;", "p2pJaasConfig", "Lnet/corda/node/internal/artemis/P2PJaasConfig;", "rpcJaasConfig", "Lnet/corda/node/internal/artemis/RPCJaasConfig;", "authenticateAndAuthorise", "Lkotlin/Pair;", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "Lorg/apache/activemq/artemis/spi/core/security/jaas/RolePrincipal;", "username", "certificates", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "Ljava/security/cert/X509Certificate;", "password", "(Ljava/lang/String;[Ljava/security/cert/X509Certificate;Ljava/lang/String;)Lkotlin/Pair;", "initialize", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "subject", "Ljavax/security/auth/Subject;", "callbackHandler", "Ljavax/security/auth/callback/CallbackHandler;", "sharedState", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "options", "login", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "Companion", "node"})
/* loaded from: input_file:net/corda/node/internal/artemis/BrokerJaasLoginModule.class */
public final class BrokerJaasLoginModule extends BaseBrokerJaasLoginModule {
    private NodeJaasConfig nodeJaasConfig;
    private RPCJaasConfig rpcJaasConfig;
    private P2PJaasConfig p2pJaasConfig;

    @NotNull
    public static final String PEER_ROLE = "SystemRoles/Peer";

    @NotNull
    public static final String NODE_P2P_ROLE = "SystemRoles/NodeP2P";

    @NotNull
    public static final String NODE_RPC_ROLE = "SystemRoles/NodeRPC";

    @NotNull
    public static final String RPC_ROLE = "SystemRoles/RPC";
    public static final Companion Companion = new Companion(null);

    @NotNull
    private static final String RPC_SECURITY_CONFIG = RPC_SECURITY_CONFIG;

    @NotNull
    private static final String RPC_SECURITY_CONFIG = RPC_SECURITY_CONFIG;

    @NotNull
    private static final String P2P_SECURITY_CONFIG = P2P_SECURITY_CONFIG;

    @NotNull
    private static final String P2P_SECURITY_CONFIG = P2P_SECURITY_CONFIG;

    @NotNull
    private static final String NODE_SECURITY_CONFIG = NODE_SECURITY_CONFIG;

    @NotNull
    private static final String NODE_SECURITY_CONFIG = NODE_SECURITY_CONFIG;
    private static final Logger log = KotlinUtilsKt.contextLogger(Companion);

    /* compiled from: BrokerJaasLoginModule.kt */
    @Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��\u001a\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u000b\n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u0014\u0010\u0006\u001a\u00020\u0004X\u0080D¢\u0006\b\n��\u001a\u0004\b\u0007\u0010\bR\u0014\u0010\t\u001a\u00020\u0004X\u0080D¢\u0006\b\n��\u001a\u0004\b\n\u0010\bR\u000e\u0010\u000b\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\f\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u0014\u0010\r\u001a\u00020\u0004X\u0080D¢\u0006\b\n��\u001a\u0004\b\u000e\u0010\bR\u000e\u0010\u000f\u001a\u00020\u0010X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0011"}, d2 = {"Lnet/corda/node/internal/artemis/BrokerJaasLoginModule$Companion;", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "()V", "NODE_P2P_ROLE", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "NODE_RPC_ROLE", BrokerJaasLoginModule.NODE_SECURITY_CONFIG, "getNODE_SECURITY_CONFIG$node", "()Ljava/lang/String;", BrokerJaasLoginModule.P2P_SECURITY_CONFIG, "getP2P_SECURITY_CONFIG$node", "PEER_ROLE", "RPC_ROLE", BrokerJaasLoginModule.RPC_SECURITY_CONFIG, "getRPC_SECURITY_CONFIG$node", "log", "Lorg/slf4j/Logger;", "node"})
    /* loaded from: input_file:net/corda/node/internal/artemis/BrokerJaasLoginModule$Companion.class */
    public static final class Companion {
        @NotNull
        public final String getRPC_SECURITY_CONFIG$node() {
            return BrokerJaasLoginModule.RPC_SECURITY_CONFIG;
        }

        @NotNull
        public final String getP2P_SECURITY_CONFIG$node() {
            return BrokerJaasLoginModule.P2P_SECURITY_CONFIG;
        }

        @NotNull
        public final String getNODE_SECURITY_CONFIG$node() {
            return BrokerJaasLoginModule.NODE_SECURITY_CONFIG;
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @Override // net.corda.node.internal.artemis.BaseBrokerJaasLoginModule
    public void initialize(@NotNull Subject subject, @NotNull CallbackHandler callbackHandler, @NotNull Map<String, ?> map, @NotNull Map<String, ?> map2) {
        Intrinsics.checkParameterIsNotNull(subject, "subject");
        Intrinsics.checkParameterIsNotNull(callbackHandler, "callbackHandler");
        Intrinsics.checkParameterIsNotNull(map, "sharedState");
        Intrinsics.checkParameterIsNotNull(map2, "options");
        super.initialize(subject, callbackHandler, map, map2);
        this.nodeJaasConfig = (NodeJaasConfig) InternalUtils.uncheckedCast(map2.get(NODE_SECURITY_CONFIG));
        this.p2pJaasConfig = (P2PJaasConfig) InternalUtils.uncheckedCast(map2.get(P2P_SECURITY_CONFIG));
        this.rpcJaasConfig = (RPCJaasConfig) InternalUtils.uncheckedCast(map2.get(RPC_SECURITY_CONFIG));
    }

    /* JADX WARN: Removed duplicated region for block: B:21:0x012b  */
    /* JADX WARN: Removed duplicated region for block: B:23:0x0130  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean login() {
        /*
            Method dump skipped, instructions count: 319
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: net.corda.node.internal.artemis.BrokerJaasLoginModule.login():boolean");
    }

    private final Pair<String, List<RolePrincipal>> authenticateAndAuthorise(String str, X509Certificate[] x509CertificateArr, String str2) {
        BrokerJaasLoginModule$authenticateAndAuthorise$1 brokerJaasLoginModule$authenticateAndAuthorise$1 = BrokerJaasLoginModule$authenticateAndAuthorise$1.INSTANCE;
        switch (str.hashCode()) {
            case -1678946952:
                if (str.equals("SystemUsers/Node")) {
                    brokerJaasLoginModule$authenticateAndAuthorise$1.invoke(x509CertificateArr);
                    CertificateChainCheckPolicy.LeafMustMatch leafMustMatch = CertificateChainCheckPolicy.LeafMustMatch.INSTANCE;
                    NodeJaasConfig nodeJaasConfig = this.nodeJaasConfig;
                    if (nodeJaasConfig == null) {
                        Intrinsics.throwUninitializedPropertyAccessException("nodeJaasConfig");
                    }
                    KeyStore keyStore = nodeJaasConfig.getKeyStore();
                    NodeJaasConfig nodeJaasConfig2 = this.nodeJaasConfig;
                    if (nodeJaasConfig2 == null) {
                        Intrinsics.throwUninitializedPropertyAccessException("nodeJaasConfig");
                    }
                    leafMustMatch.createCheck(keyStore, nodeJaasConfig2.getTrustStore()).checkCertificateChain(x509CertificateArr);
                    Principal subjectDN = ((X509Certificate) ArraysKt.first(x509CertificateArr)).getSubjectDN();
                    Intrinsics.checkExpressionValueIsNotNull(subjectDN, "certificates.first().subjectDN");
                    return new Pair<>(subjectDN.getName(), CollectionsKt.listOf(new RolePrincipal(NODE_P2P_ROLE)));
                }
                break;
            case -1678896936:
                if (str.equals("SystemUsers/Peer")) {
                    if (this.p2pJaasConfig == null) {
                        throw new IllegalArgumentException("Attempted to connect as a peer to the rpc broker.".toString());
                    }
                    brokerJaasLoginModule$authenticateAndAuthorise$1.invoke(x509CertificateArr);
                    CertificateChainCheckPolicy.RootMustMatch rootMustMatch = CertificateChainCheckPolicy.RootMustMatch.INSTANCE;
                    P2PJaasConfig p2PJaasConfig = this.p2pJaasConfig;
                    if (p2PJaasConfig == null) {
                        Intrinsics.throwNpe();
                    }
                    KeyStore keyStore2 = p2PJaasConfig.getKeyStore();
                    P2PJaasConfig p2PJaasConfig2 = this.p2pJaasConfig;
                    if (p2PJaasConfig2 == null) {
                        Intrinsics.throwNpe();
                    }
                    rootMustMatch.createCheck(keyStore2, p2PJaasConfig2.getTrustStore()).checkCertificateChain(x509CertificateArr);
                    P2PJaasConfig p2PJaasConfig3 = this.p2pJaasConfig;
                    if (p2PJaasConfig3 == null) {
                        Intrinsics.throwNpe();
                    }
                    CertificateChainCheckPolicy.RevocationCheck revocationCheck = new CertificateChainCheckPolicy.RevocationCheck(p2PJaasConfig3.getRevocationMode());
                    P2PJaasConfig p2PJaasConfig4 = this.p2pJaasConfig;
                    if (p2PJaasConfig4 == null) {
                        Intrinsics.throwNpe();
                    }
                    KeyStore keyStore3 = p2PJaasConfig4.getKeyStore();
                    P2PJaasConfig p2PJaasConfig5 = this.p2pJaasConfig;
                    if (p2PJaasConfig5 == null) {
                        Intrinsics.throwNpe();
                    }
                    revocationCheck.createCheck(keyStore3, p2PJaasConfig5.getTrustStore()).checkCertificateChain(x509CertificateArr);
                    Principal subjectDN2 = ((X509Certificate) ArraysKt.first(x509CertificateArr)).getSubjectDN();
                    Intrinsics.checkExpressionValueIsNotNull(subjectDN2, "certificates.first().subjectDN");
                    return new Pair<>(subjectDN2.getName(), CollectionsKt.listOf(new RolePrincipal(PEER_ROLE)));
                }
                break;
            case 1680563533:
                if (str.equals("SystemUsers/NodeRPC")) {
                    brokerJaasLoginModule$authenticateAndAuthorise$1.invoke(x509CertificateArr);
                    CertificateChainCheckPolicy.LeafMustMatch leafMustMatch2 = CertificateChainCheckPolicy.LeafMustMatch.INSTANCE;
                    NodeJaasConfig nodeJaasConfig3 = this.nodeJaasConfig;
                    if (nodeJaasConfig3 == null) {
                        Intrinsics.throwUninitializedPropertyAccessException("nodeJaasConfig");
                    }
                    KeyStore keyStore4 = nodeJaasConfig3.getKeyStore();
                    NodeJaasConfig nodeJaasConfig4 = this.nodeJaasConfig;
                    if (nodeJaasConfig4 == null) {
                        Intrinsics.throwUninitializedPropertyAccessException("nodeJaasConfig");
                    }
                    leafMustMatch2.createCheck(keyStore4, nodeJaasConfig4.getTrustStore()).checkCertificateChain(x509CertificateArr);
                    return new Pair<>("SystemUsers/NodeRPC", CollectionsKt.listOf(new RolePrincipal(NODE_RPC_ROLE)));
                }
                break;
        }
        if (this.rpcJaasConfig == null) {
            throw new IllegalArgumentException("Attempted to connect as an rpc user to the P2P broker.".toString());
        }
        RPCJaasConfig rPCJaasConfig = this.rpcJaasConfig;
        if (rPCJaasConfig == null) {
            Intrinsics.throwNpe();
        }
        rPCJaasConfig.getSecurityManager().authenticate(str, new Password(str2));
        rPCJaasConfig.getLoginListener().invoke(str);
        return new Pair<>(str, CollectionsKt.listOf(new RolePrincipal[]{new RolePrincipal(RPC_ROLE), new RolePrincipal("rpc.client." + str)}));
    }
}
