package net.sf.jguard.ext.authentication.loginmodules;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import net.sf.jguard.core.authentication.AuthenticationChallengeException;
import net.sf.jguard.core.authentication.callbacks.AsynchronousCallbackException;
import net.sf.jguard.core.authentication.callbacks.AuthenticationSchemeHandlerCallback;
import net.sf.jguard.core.authentication.credentials.JGuardCredential;
import net.sf.jguard.core.util.CryptUtils;
import net.sf.jguard.ext.SecurityConstants;
import net.sf.jguard.ext.authentication.PersistedSubject;
import net.sf.jguard.ext.authentication.callbacks.CertificatesCallback;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/sf/jguard/ext/authentication/loginmodules/UserLoginModule.class */
public abstract class UserLoginModule implements LoginModule {
    protected Subject subject;
    protected CallbackHandler callbackHandler;
    protected Map sharedState;
    protected Map options;
    private static final Logger logger = LoggerFactory.getLogger(UserLoginModule.class.getName());
    protected boolean skipPasswordCheck;
    protected static final String LOGIN_ERROR = "login.error";
    protected static final String USER_INACTIVE = "user.inactive";
    protected Set globalPrincipals;
    protected Set globalPrivateCredentials;
    protected Set globalPublicCredentials;
    protected String authenticationSchemeHandlerName;
    protected boolean debug = false;
    protected String login = null;
    protected char[] password = null;
    protected boolean loginOK = true;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        if (this.options != null) {
            this.debug = Boolean.valueOf((String) this.options.get("debug")).booleanValue();
        }
    }

    private void grabCredentials() throws LoginException {
        if (this.callbackHandler == null) {
            throw new LoginException("there is no CallbackHandler to authenticate the user");
        }
        AuthenticationSchemeHandlerCallback[] authenticationSchemeHandlerCallbackArr = {new NameCallback(PersistedSubject.LOGIN), new PasswordCallback("password", false), new CertificatesCallback(), new AuthenticationSchemeHandlerCallback()};
        try {
            this.callbackHandler.handle(authenticationSchemeHandlerCallbackArr);
            this.login = ((NameCallback) authenticationSchemeHandlerCallbackArr[0]).getName();
            this.password = ((PasswordCallback) authenticationSchemeHandlerCallbackArr[1]).getPassword();
            this.authenticationSchemeHandlerName = authenticationSchemeHandlerCallbackArr[3].getAuthenticationSchemeHandlerName();
            if (this.login == null || this.login.equals("")) {
                this.login = "guest";
                this.password = "guest".toCharArray();
            }
            if ("guest".equals(this.login) && "guest".toCharArray().equals(this.password)) {
                this.skipPasswordCheck = true;
            }
            if (this.password == null) {
                this.password = "".toCharArray();
                logger.debug(" password is null");
            } else {
                this.password = CryptUtils.cryptPassword(this.password);
                ((PasswordCallback) authenticationSchemeHandlerCallbackArr[1]).clearPassword();
                if (this.debug & logger.isDebugEnabled()) {
                    logger.debug("login() - usernameFromForm=" + this.login);
                    logger.debug("login() - passwordFromForm=" + new String(this.password));
                }
            }
            X509Certificate[] certificates = ((CertificatesCallback) authenticationSchemeHandlerCallbackArr[2]).getCertificates();
            if (certificates != null) {
                this.login = certificates[0].getSubjectX500Principal().getName();
                if (this.debug) {
                    logger.debug(" login used in the certificate =" + this.login);
                }
                this.skipPasswordCheck = true;
            }
        } catch (AsynchronousCallbackException e) {
            throw new AuthenticationChallengeException(e.getMessage());
        } catch (IOException e2) {
            throw new LoginException(e2.toString());
        } catch (NoSuchAlgorithmException e3) {
            throw new LoginException("Error encoding password (" + e3.getMessage() + ")");
        } catch (UnsupportedCallbackException e4) {
            throw new LoginException("Callback error : " + e4.getCallback().toString() + " not available to authenticate the user");
        }
    }

    public boolean logout() throws LoginException {
        if (this.subject == null) {
            return true;
        }
        this.subject.getPrincipals().clear();
        this.subject.getPrivateCredentials().clear();
        this.subject.getPublicCredentials().clear();
        return true;
    }

    public boolean abort() throws LoginException {
        if (this.subject != null) {
            this.subject.getPrincipals().clear();
            this.subject.getPrivateCredentials().clear();
            this.subject.getPublicCredentials().clear();
        }
        if (this.globalPrivateCredentials != null) {
            this.globalPrivateCredentials.clear();
        }
        if (this.globalPublicCredentials != null) {
            this.globalPublicCredentials.clear();
        }
        if (this.globalPrincipals == null) {
            return true;
        }
        this.globalPrincipals.clear();
        return true;
    }

    public boolean login() throws LoginException {
        this.skipPasswordCheck = Boolean.valueOf((String) this.sharedState.get(SecurityConstants.SKIP_PASSWORD_CHECK)).booleanValue();
        grabCredentials();
        if (!"guest".equals(this.login)) {
            return true;
        }
        this.sharedState.put(SecurityConstants.SKIP_PASSWORD_CHECK, "true");
        return true;
    }

    public boolean commit() throws LoginException {
        if (!this.loginOK) {
            return false;
        }
        Set<Principal> principals = this.subject.getPrincipals();
        if (this.globalPrincipals != null) {
            principals.addAll(this.globalPrincipals);
        }
        Set<Object> privateCredentials = this.subject.getPrivateCredentials();
        if (this.globalPrivateCredentials != null) {
            privateCredentials.addAll(this.globalPrivateCredentials);
        }
        Set<Object> publicCredentials = this.subject.getPublicCredentials();
        if (this.globalPublicCredentials != null) {
            publicCredentials.addAll(this.globalPublicCredentials);
        }
        publicCredentials.add(new JGuardCredential("authenticationSchemeHandlerName", this.authenticationSchemeHandlerName));
        return true;
    }
}
