package org.apache.jetspeed.security.impl;

import java.security.Principal;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.jetspeed.security.AuthenticatedUser;
import org.apache.jetspeed.security.AuthenticationProvider;
import org.apache.jetspeed.security.LoginModuleProxy;
import org.apache.jetspeed.security.Role;
import org.apache.jetspeed.security.SubjectHelper;
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserManager;
import org.apache.jetspeed.security.UserSubjectPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:tomcat-portal.zip:webapps/jetspeed/WEB-INF/lib/jetspeed-security-2.3.1.jar:org/apache/jetspeed/security/impl/DefaultLoginModule.class */
public class DefaultLoginModule implements LoginModule {
    private static final Logger log = LoggerFactory.getLogger(DefaultLoginModule.class);
    protected boolean debug;
    protected boolean success;
    protected boolean commitSuccess;
    protected Subject subject;
    protected CallbackHandler callbackHandler;
    protected Map<String, ?> sharedState;
    protected Map<String, ?> options;
    protected AuthenticationProvider authProvider;
    protected UserManager ums;
    protected String portalUserRole;
    protected String username;
    protected AuthenticatedUser user;

    public DefaultLoginModule() {
        LoginModuleProxy loginModuleProxy = LoginModuleProxyImpl.loginModuleProxy;
        if (loginModuleProxy != null) {
            this.authProvider = loginModuleProxy.getAuthenticationProvider();
            this.ums = loginModuleProxy.getUserManager();
            this.portalUserRole = loginModuleProxy.getPortalUserRole();
        }
        this.debug = false;
        this.success = false;
        this.commitSuccess = false;
        this.username = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DefaultLoginModule(AuthenticationProvider authenticationProvider, UserManager userManager, String str) {
        this.authProvider = authenticationProvider;
        this.ums = userManager;
        this.portalUserRole = str;
        this.debug = false;
        this.success = false;
        this.commitSuccess = false;
        this.username = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DefaultLoginModule(AuthenticationProvider authenticationProvider, UserManager userManager) {
        this(authenticationProvider, userManager, LoginModuleProxy.DEFAULT_PORTAL_USER_ROLE_NAME);
    }

    public boolean abort() throws LoginException {
        this.success = false;
        this.commitSuccess = false;
        this.username = null;
        if (this.callbackHandler instanceof PassiveCallbackHandler) {
            ((PassiveCallbackHandler) this.callbackHandler).clearPassword();
        }
        logout();
        return true;
    }

    protected void refreshProxy() {
        LoginModuleProxy loginModuleProxy;
        if (this.ums != null || (loginModuleProxy = LoginModuleProxyImpl.loginModuleProxy) == null) {
            return;
        }
        this.authProvider = loginModuleProxy.getAuthenticationProvider();
        this.ums = loginModuleProxy.getUserManager();
    }

    public boolean commit() throws LoginException {
        if (this.success) {
            if (this.subject.isReadOnly()) {
                throw new LoginException("Subject is Readonly");
            }
            try {
                refreshProxy();
                commitSubject(this.subject, this.ums.getSubject(this.user), this.user);
                this.username = null;
                this.user = null;
                this.commitSuccess = true;
                if (this.callbackHandler instanceof PassiveCallbackHandler) {
                    ((PassiveCallbackHandler) this.callbackHandler).clearPassword();
                }
            } catch (Exception e) {
                log.error(e.getMessage(), (Throwable) e);
                throw new LoginException(e.getMessage());
            }
        }
        return this.commitSuccess;
    }

    public boolean login() throws LoginException {
        if (this.callbackHandler == null) {
            throw new LoginException("Error: no CallbackHandler available to garner authentication information from the user");
        }
        try {
            NameCallback[] nameCallbackArr = {new NameCallback("Username: "), new PasswordCallback("Password: ", false)};
            this.callbackHandler.handle(nameCallbackArr);
            this.username = nameCallbackArr[0].getName();
            String str = new String(((PasswordCallback) nameCallbackArr[1]).getPassword());
            ((PasswordCallback) nameCallbackArr[1]).clearPassword();
            refreshProxy();
            this.success = false;
            try {
                this.user = this.authProvider.authenticate(this.username, str);
                this.success = true;
                nameCallbackArr[0] = null;
                nameCallbackArr[1] = null;
                return true;
            } catch (SecurityException e) {
                if (e.getCause() != null) {
                    log.error(e.getLocalizedMessage(), e.getCause());
                } else {
                    log.warn(e.getLocalizedMessage());
                }
                throw new FailedLoginException("Authentication failed");
            }
        } catch (LoginException e2) {
            throw e2;
        } catch (Exception e3) {
            this.success = false;
            throw new LoginException(e3.getMessage());
        }
    }

    public boolean logout() throws LoginException {
        this.user = null;
        this.subject.getPrincipals().clear();
        this.subject.getPrivateCredentials().clear();
        this.subject.getPublicCredentials().clear();
        this.success = false;
        this.commitSuccess = false;
        return true;
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        if (map2.containsKey("debug")) {
            this.debug = "true".equalsIgnoreCase((String) map2.get("debug"));
        }
    }

    protected void commitSubject(Subject subject, Subject subject2, AuthenticatedUser authenticatedUser) {
        this.subject.getPrincipals().add(SubjectHelper.getPrincipal(subject2, UserSubjectPrincipal.class));
        this.subject.getPrincipals().add(SubjectHelper.getPrincipal(subject2, User.class));
        boolean z = false;
        for (Principal principal : SubjectHelper.getPrincipals(subject2, (Class<? extends Principal>) Role.class)) {
            this.subject.getPrincipals().add(principal);
            if (principal.getName().equals(this.portalUserRole)) {
                z = true;
            }
        }
        if (z) {
            return;
        }
        this.subject.getPrincipals().add(new RoleImpl(this.portalUserRole));
    }
}
