package fr.lixbox.security.jaas.basic.login;

import fr.lixbox.security.crypto.util.PBEWithMD5AndDESUtil;
import fr.lixbox.security.jaas.login.AbstractServerLoginModule;
import fr.lixbox.security.jaas.model.LixboxPrincipal;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.acl.Group;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Map;
import java.util.Properties;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.sql.DataSource;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;

/* loaded from: input_file:fr/lixbox/security/jaas/basic/login/BasicLoginModule.class */
public class BasicLoginModule extends AbstractServerLoginModule {
    public static final long serialVersionUID = -365985684758L;
    private static final Log LOG = LogFactory.getLog(BasicLoginModule.class);
    protected byte[] encodedCredential;
    protected String passwordEncoding = "";
    protected String typeEncode = "";

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.passwordEncoding = (String) map2.get("passwordEncoding");
        if (this.passwordEncoding == null) {
            this.passwordEncoding = "";
        }
        this.typeEncode = (String) map2.get("typeEncode");
        if (this.typeEncode == null) {
            this.typeEncode = "String";
        }
        LOG.trace("UserPasswordLoginModule, dsJndiName=" + this.dsJndiName);
        LOG.trace("jnpHost=" + this.jnpHost);
        LOG.trace("passwordEncoding=" + this.passwordEncoding);
        LOG.trace("userQuery=" + this.userQuery);
        LOG.trace("rolesQuery=" + this.rolesQuery);
    }

    public boolean login() throws LoginException {
        try {
            this.loginOk = super.login();
        } catch (FailedLoginException e) {
            LOG.trace("UserPasswordLoginModule: Impossible d'authentifier l'utilisateur", e);
        }
        if (this.loginOk) {
            return this.loginOk;
        }
        if (this.callbackHandler == null) {
            throw new LoginException("Erreur: Le CallbackHandler n'est pas disponnible pour populer les informations d'authentification");
        }
        Callback[] callbackArr = {new NameCallback("[" + getClass().getName() + "] username: "), new PasswordCallback("[" + getClass().getName() + "] motdepasse: ", true)};
        try {
            this.callbackHandler.handle(callbackArr);
            Object name = ((NameCallback) callbackArr[0]).getName();
            if (((PasswordCallback) callbackArr[1]) != null && (((PasswordCallback) callbackArr[1]).getPassword() instanceof char[])) {
                this.credential = String.valueOf(((PasswordCallback) callbackArr[1]).getPassword());
            }
            if (!"".equalsIgnoreCase(this.passwordEncoding) && this.credential != null) {
                try {
                    this.encodedCredential = getEncodedPassword((String) this.credential);
                } catch (NoSuchAlgorithmException e2) {
                    LOG.error(e2);
                    throw new UnsupportedCallbackException(callbackArr[1]);
                }
            }
            LOG.trace("Identite presentee:" + name);
            if (name == null) {
                name = this.sharedState.get("javax.security.auth.login.name");
            }
            if (name == null) {
                this.identity = this.unauthenticatedIdentity;
            } else if (name instanceof Principal) {
                this.identity = (Principal) name;
            } else {
                try {
                    this.identity = createIdentity(name.toString());
                } catch (Exception e3) {
                    LOG.trace("Failed to create principal", e3);
                    throw new LoginException("Failed to create principal: " + e3.getMessage());
                }
            }
            this.loginOk = authentifierUserName(this.identity, this.encodedCredential);
            LOG.debug("User '" + this.identity + "' authenticated, loginOk=" + this.loginOk);
            return this.loginOk;
        } catch (IOException e4) {
            LOG.trace(e4);
            throw new LoginException(e4.toString());
        } catch (UnsupportedCallbackException e5) {
            LOG.trace(e5);
            throw new LoginException("Error: " + e5.getCallback().toString() + " not available to garner authentication information from the user");
        }
    }

    protected boolean authentifierUserName(Principal principal, Object obj) throws LoginException {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            Properties properties = System.getProperties();
            properties.put("java.naming.provider.url", this.jnpHost);
            connection = ((DataSource) (this.jnpHost.contains("localhost") ? new InitialContext() : new InitialContext(properties)).lookup(this.dsJndiName)).getConnection();
            preparedStatement = connection.prepareStatement(this.userQuery);
            if (principal != null && principal.getName() != null && obj != null && !obj.toString().contains("ObjectId")) {
                preparedStatement.setString(1, principal.getName());
                Object obj2 = (this.encodedCredential == null || this.encodedCredential.length <= 0) ? obj : this.encodedCredential;
                if (!"String".equals(this.typeEncode)) {
                    preparedStatement.setObject(2, obj2);
                } else if (obj2 instanceof String) {
                    preparedStatement.setObject(2, obj2);
                } else {
                    preparedStatement.setObject(2, new String((byte[]) obj2, StandardCharsets.UTF_8));
                }
                resultSet = preparedStatement.executeQuery();
                if (!resultSet.next()) {
                    LOG.trace("Utilisateur non autorise");
                    closeConnection(connection, preparedStatement, resultSet);
                    return false;
                }
                try {
                    ((LixboxPrincipal) principal).setCertificateId((String) resultSet.getObject(2));
                } catch (Exception e) {
                    LOG.trace(e);
                    LOG.trace("Pas de UserId en base");
                }
                this.identity = (LixboxPrincipal) principal;
                LOG.trace("Utilisateur autorise");
                this.sharedState.put("javax.security.auth.login.name", this.identity);
                closeConnection(connection, preparedStatement, resultSet);
                return true;
            }
        } catch (NamingException | SQLException e2) {
            LOG.error(e2);
        }
        closeConnection(connection, preparedStatement, resultSet);
        throw new FailedLoginException("Utilisateur non reconnu");
    }

    protected Group[] getRoleSets() throws LoginException {
        LOG.trace("INVOCATION BusinessLoginModule.getRoleSets()");
        LOG.trace("for user " + this.identity);
        ArrayList<String> arrayList = new ArrayList();
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            Properties properties = System.getProperties();
            properties.put("java.naming.provider.url", this.jnpHost);
            connection = ((DataSource) (this.jnpHost.contains("localhost") ? new InitialContext() : new InitialContext(properties)).lookup(this.dsJndiName)).getConnection();
            preparedStatement = connection.prepareStatement(this.rolesQuery);
            preparedStatement.setString(1, this.identity.getName());
            resultSet = preparedStatement.executeQuery();
            while (resultSet.next()) {
                arrayList.add(resultSet.getString(1));
            }
        } catch (NamingException e) {
            LOG.error(e);
        } catch (SQLException e2) {
            LOG.error(e2);
        }
        closeConnection(connection, preparedStatement, resultSet);
        Group[] groupArr = {new SimpleGroup("Roles"), new SimpleGroup("CallerPrincipal")};
        for (String str : arrayList) {
            SimplePrincipal simplePrincipal = new SimplePrincipal(str);
            LOG.debug("role " + str);
            groupArr[0].addMember(simplePrincipal);
        }
        LOG.trace(groupArr[0]);
        groupArr[1].addMember(this.identity);
        return groupArr;
    }

    protected static void closeConnection(Connection connection, PreparedStatement preparedStatement, ResultSet resultSet) {
        if (resultSet != null) {
            try {
                resultSet.close();
            } catch (SQLException e) {
                LOG.error(e);
            }
        }
        if (preparedStatement != null) {
            try {
                preparedStatement.close();
            } catch (SQLException e2) {
                LOG.error(e2);
            }
        }
        if (connection != null) {
            try {
                connection.close();
            } catch (SQLException e3) {
                LOG.error(e3);
            }
        }
    }

    public byte[] getEncodedPassword(String str) throws NoSuchAlgorithmException {
        byte[] bArr = new byte[0];
        try {
            if ("MD5".equalsIgnoreCase(this.passwordEncoding)) {
                byte[] digest = MessageDigest.getInstance(this.passwordEncoding).digest(str.getBytes(StandardCharsets.UTF_8));
                StringBuilder sb = new StringBuilder();
                for (byte b : digest) {
                    String hexString = Integer.toHexString(b);
                    if (hexString.length() == 1) {
                        sb.append('0');
                        sb.append(hexString.charAt(hexString.length() - 1));
                    } else {
                        sb.append(hexString.substring(hexString.length() - 2));
                    }
                }
                bArr = sb.toString().getBytes(StandardCharsets.UTF_8);
            }
            if ("PBEWithMD5".equalsIgnoreCase(this.passwordEncoding)) {
                bArr = PBEWithMD5AndDESUtil.encrypt(str);
            }
        } catch (Exception e) {
            LOG.error(e);
        }
        return bArr;
    }

    protected Principal getIdentity() {
        return this.identity;
    }
}
