package org.springframework.ws.soap.security.xwss.callback.jaas;

import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
import java.security.cert.X509Certificate;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:org/springframework/ws/soap/security/xwss/callback/jaas/JaasCertificateValidationCallbackHandler.class */
public class JaasCertificateValidationCallbackHandler extends AbstractJaasValidationCallbackHandler {

    /* loaded from: input_file:org/springframework/ws/soap/security/xwss/callback/jaas/JaasCertificateValidationCallbackHandler$JaasCertificateValidator.class */
    private class JaasCertificateValidator implements CertificateValidationCallback.CertificateValidator {
        private JaasCertificateValidator() {
        }

        public boolean validate(X509Certificate x509Certificate) throws CertificateValidationCallback.CertificateValidationException {
            Subject subject = new Subject();
            subject.getPrincipals().add(x509Certificate.getSubjectX500Principal());
            try {
                LoginContext loginContext = new LoginContext(JaasCertificateValidationCallbackHandler.this.getLoginContextName(), subject);
                try {
                    loginContext.login();
                    if (loginContext.getSubject().getPrincipals().isEmpty()) {
                        if (!JaasCertificateValidationCallbackHandler.this.logger.isDebugEnabled()) {
                            return false;
                        }
                        JaasCertificateValidationCallbackHandler.this.logger.debug("Authentication request for certificate with DN [" + x509Certificate.getSubjectX500Principal().getName() + "] failed");
                        return false;
                    }
                    if (!JaasCertificateValidationCallbackHandler.this.logger.isDebugEnabled()) {
                        return true;
                    }
                    JaasCertificateValidationCallbackHandler.this.logger.debug("Authentication request for certificate with DN [" + x509Certificate.getSubjectX500Principal().getName() + "] successful");
                    return true;
                } catch (LoginException e) {
                    if (!JaasCertificateValidationCallbackHandler.this.logger.isDebugEnabled()) {
                        return false;
                    }
                    JaasCertificateValidationCallbackHandler.this.logger.debug("Authentication request for certificate with DN [" + x509Certificate.getSubjectX500Principal().getName() + "] failed");
                    return false;
                }
            } catch (SecurityException e2) {
                throw new CertificateValidationCallback.CertificateValidationException(e2);
            } catch (LoginException e3) {
                throw new CertificateValidationCallback.CertificateValidationException(e3);
            }
        }
    }

    @Override // org.springframework.ws.soap.security.callback.AbstractCallbackHandler
    protected final void handleInternal(Callback callback) throws UnsupportedCallbackException {
        if (!(callback instanceof CertificateValidationCallback)) {
            throw new UnsupportedCallbackException(callback);
        }
        ((CertificateValidationCallback) callback).setValidator(new JaasCertificateValidator());
    }
}
