package de.adorsys.oauth.loginmodule;

import com.nimbusds.openid.connect.sdk.claims.UserInfo;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.http.Consts;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicAuthCache;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.protocol.HttpContext;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/oauth-jboss-support-0.15.jar:de/adorsys/oauth/loginmodule/HTTPAuthenticationLoginModule.class */
public class HTTPAuthenticationLoginModule implements LoginModule {
    private static final Logger LOG = LoggerFactory.getLogger(HTTPAuthenticationLoginModule.class);
    private static final CloseableHttpClient HTTP_CLIENT = HttpClients.custom().setConnectionManager(new PoolingHttpClientConnectionManager()).build();
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map<String, Object> sharedState;
    private URI restEndpoint;
    private ArrayList<Principal> preparedPrincipals;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        String str = (String) map2.get("restEndpoint");
        if (str == null) {
            throw new IllegalStateException("Missing required option restEndpoint");
        }
        try {
            this.restEndpoint = new URI(str);
        } catch (URISyntaxException e) {
            throw new IllegalStateException("Missing required option restEndpoint has no url format", e);
        }
    }

    public boolean login() throws LoginException {
        Callback nameCallback = new NameCallback(UserInfo.NAME_CLAIM_NAME);
        PasswordCallback passwordCallback = new PasswordCallback("password", false);
        try {
            this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            String name = nameCallback.getName();
            char[] password = passwordCallback.getPassword();
            String str = password == null ? null : new String(password);
            LOG.info("login {}", name);
            try {
                return authenticate(name, str);
            } catch (Exception e) {
                throw new LoginException(e.getMessage());
            }
        } catch (Exception e2) {
            throw new LoginException(e2.getMessage());
        }
    }

    private boolean authenticate(String str, String str2) throws LoginException {
        HttpHost httpHost = new HttpHost(this.restEndpoint.getHost(), this.restEndpoint.getPort(), this.restEndpoint.getScheme());
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(new AuthScope(httpHost.getHostName(), httpHost.getPort()), new UsernamePasswordCredentials(str, str2));
        BasicAuthCache basicAuthCache = new BasicAuthCache();
        basicAuthCache.put(httpHost, new BasicScheme(Consts.UTF_8));
        HttpClientContext create = HttpClientContext.create();
        create.setCredentialsProvider(basicCredentialsProvider);
        create.setAuthCache(basicAuthCache);
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            try {
                try {
                    CloseableHttpResponse execute = HTTP_CLIENT.execute((HttpUriRequest) new HttpGet(this.restEndpoint), (HttpContext) create);
                    if (execute.getStatusLine().getStatusCode() != 200) {
                        LOG.error("Authentication failed for user {}, restEndpoint {} HTTP Status {}", new Object[]{str, this.restEndpoint.toASCIIString(), execute.getStatusLine()});
                        throw new LoginException("Authentication failed for user " + str + ", restEndpoint " + this.restEndpoint.toASCIIString() + " HTTP Status " + execute.getStatusLine());
                    }
                    String readUserInfo = readUserInfo(execute);
                    JSONObject jSONObject = new JSONObject(readUserInfo);
                    String string = jSONObject.getString("principal");
                    if (string == null) {
                        LOG.error("could not read  field 'principal' for user {}. Response: {}", str, readUserInfo);
                        throw new LoginException("could not read  field 'principal' for user " + str + ". Response: " + readUserInfo);
                    }
                    populateSubject(string, jSONObject.getJSONArray("roles"));
                    this.sharedState.put("javax.security.auth.login.name", string);
                    this.sharedState.put("javax.security.auth.login.password", str2);
                    if (execute == null) {
                        return true;
                    }
                    try {
                        execute.close();
                        return true;
                    } catch (IOException e) {
                        return true;
                    }
                } catch (IOException e2) {
                    throw new IllegalStateException("problem on http backend authentication", e2);
                }
            } catch (Throwable th) {
                th.printStackTrace();
                if (0 == 0) {
                    return true;
                }
                try {
                    closeableHttpResponse.close();
                    return true;
                } catch (IOException e3) {
                    return true;
                }
            }
        } catch (Throwable th2) {
            if (0 != 0) {
                try {
                    closeableHttpResponse.close();
                } catch (IOException e4) {
                }
            }
            throw th2;
        }
    }

    private SimplePrincipal populateSubject(String str, Iterable<Object> iterable) {
        this.preparedPrincipals = new ArrayList<>();
        Principal simplePrincipal = new SimplePrincipal(str);
        this.preparedPrincipals.add(simplePrincipal);
        SimpleGroup simpleGroup = new SimpleGroup("CallerPrincipal");
        this.preparedPrincipals.add(simpleGroup);
        simpleGroup.addMember(simplePrincipal);
        SimpleGroup simpleGroup2 = new SimpleGroup("Roles");
        this.preparedPrincipals.add(simpleGroup2);
        if (iterable != null) {
            for (Object obj : iterable) {
                if (obj instanceof String) {
                    simpleGroup2.addMember(new SimplePrincipal((String) obj));
                }
            }
        }
        return simplePrincipal;
    }

    private String readUserInfo(CloseableHttpResponse closeableHttpResponse) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        closeableHttpResponse.getEntity().writeTo(byteArrayOutputStream);
        String str = new String(byteArrayOutputStream.toByteArray(), "UTF-8");
        LOG.debug("read userinfo {}", str);
        return str;
    }

    public boolean commit() throws LoginException {
        if (this.preparedPrincipals == null) {
            return true;
        }
        this.subject.getPrincipals().addAll(this.preparedPrincipals);
        return true;
    }

    public boolean abort() throws LoginException {
        return logout();
    }

    public boolean logout() throws LoginException {
        this.subject = null;
        this.preparedPrincipals = null;
        return true;
    }
}
