package io.mapsmessaging.security.jaas;

import io.mapsmessaging.security.identity.IdentityEntry;
import io.mapsmessaging.security.identity.IdentityLookup;
import io.mapsmessaging.security.identity.IdentityLookupFactory;
import io.mapsmessaging.security.identity.principals.AuthHandlerPrincipal;
import io.mapsmessaging.security.logging.AuthLogMessages;
import io.mapsmessaging.security.passwords.PasswordCipher;
import io.mapsmessaging.security.passwords.PasswordHandler;
import io.mapsmessaging.security.passwords.PasswordHandlerFactory;
import io.mapsmessaging.security.passwords.hashes.plain.PlainPasswordHasher;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:io/mapsmessaging/security/jaas/IdentityLoginModule.class */
public class IdentityLoginModule extends BaseLoginModule {
    private IdentityLookup identityLookup = null;

    @Override // io.mapsmessaging.security.jaas.BaseLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
        if (map2.containsKey("siteWide")) {
            this.identityLookup = IdentityLookupFactory.getInstance().getSiteWide(map2.get("siteWide").toString());
        } else if (map2.containsKey("identityName")) {
            this.identityLookup = IdentityLookupFactory.getInstance().get(map2.get("identityName").toString(), map2);
        }
    }

    @Override // io.mapsmessaging.security.jaas.BaseLoginModule
    protected String getDomain() {
        return this.identityLookup.getDomain();
    }

    @Override // io.mapsmessaging.security.jaas.BaseLoginModule
    protected boolean validate(String str, char[] cArr) throws LoginException {
        byte[] password;
        IdentityEntry findEntry = this.identityLookup.findEntry(str);
        if (findEntry == null) {
            throw new LoginException("Login failed: No such user");
        }
        byte[] bytes = new String(cArr).getBytes(StandardCharsets.UTF_8);
        try {
            PasswordHandler passwordHasher = findEntry.getPasswordHasher();
            if (passwordHasher == null) {
                passwordHasher = PasswordHandlerFactory.getInstance().parse(findEntry.getPassword());
            }
            if ((passwordHasher instanceof PasswordCipher) || (passwordHasher instanceof PlainPasswordHasher)) {
                password = passwordHasher.getPassword();
            } else {
                bytes = passwordHasher.transformPassword(bytes, passwordHasher.getSalt(), passwordHasher.getCost());
                password = new String(passwordHasher.getFullPasswordHash()).getBytes();
            }
            boolean equals = Arrays.equals(password, bytes);
            Arrays.fill(password, (byte) 0);
            Arrays.fill(bytes, (byte) 0);
            if (!equals) {
                throw new LoginException("Invalid password");
            }
            this.succeeded = true;
            if (!this.debug) {
                return true;
            }
            this.logger.log(AuthLogMessages.USER_LOGGED_IN, new Object[]{str});
            return true;
        } catch (IOException | GeneralSecurityException e) {
            LoginException loginException = new LoginException("Error raised while processing");
            loginException.initCause(e);
            throw loginException;
        }
    }

    @Override // io.mapsmessaging.security.jaas.BaseLoginModule
    public boolean commit() {
        if (!this.succeeded) {
            return false;
        }
        Subject subject = this.identityLookup.findEntry(this.username).getSubject();
        Set<Principal> principals = this.subject.getPrincipals();
        principals.addAll(subject.getPrincipals());
        principals.add(new AuthHandlerPrincipal("Identity:" + this.identityLookup.getName()));
        principals.add(this.userPrincipal);
        this.subject.getPrivateCredentials().addAll(subject.getPrivateCredentials());
        this.subject.getPublicCredentials().addAll(subject.getPublicCredentials());
        this.commitSucceeded = true;
        return true;
    }
}
