package tigase.auth.impl;

import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import tigase.auth.SessionAware;
import tigase.auth.callbacks.ValidateCertificateData;
import tigase.auth.mechanisms.SaslEXTERNAL;
import tigase.cert.CertificateUtil;
import tigase.util.stringprep.TigaseStringprepException;
import tigase.xmpp.XMPPResourceConnection;
import tigase.xmpp.jid.BareJID;

/* loaded from: input_file:tigase/auth/impl/CertBasedCallbackHandler.class */
public class CertBasedCallbackHandler implements CallbackHandler, SessionAware {
    protected Logger log = Logger.getLogger(getClass().getName());
    private XMPPResourceConnection session;

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbackArr.length; i++) {
            try {
                if (this.log.isLoggable(Level.FINEST)) {
                    this.log.log(Level.FINEST, "Callback: {0}", callbackArr[i].getClass().getSimpleName());
                }
                if (!(callbackArr[i] instanceof ValidateCertificateData)) {
                    throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
                }
                ValidateCertificateData validateCertificateData = (ValidateCertificateData) callbackArr[i];
                String domain = this.session.getDomain().getVhost().getDomain();
                BareJID defaultAuthzid = validateCertificateData.getDefaultAuthzid();
                if (defaultAuthzid != null && !defaultAuthzid.getDomain().equals(domain)) {
                    return;
                }
                for (String str : (String[]) CertificateUtil.extractXmppAddrs((X509Certificate) ((Certificate) this.session.getSessionData(SaslEXTERNAL.PEER_CERTIFICATE_KEY))).toArray(new String[0])) {
                    if (defaultAuthzid != null) {
                        if (str.equals(defaultAuthzid.toString())) {
                            validateCertificateData.setAuthorized(true);
                            validateCertificateData.setAuthorizedID(str);
                        }
                    } else if (BareJID.bareJIDInstance(str).getDomain().equals(domain)) {
                        validateCertificateData.setAuthorized(true);
                        validateCertificateData.setAuthorizedID(str);
                    }
                }
            } catch (TigaseStringprepException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
    }

    @Override // tigase.auth.SessionAware
    public void setSession(XMPPResourceConnection xMPPResourceConnection) {
        this.session = xMPPResourceConnection;
    }
}
