package org.apache.atlas.web.security;

import java.io.IOException;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.jvnet.libpam.PAM;
import org.jvnet.libpam.PAMException;

/* loaded from: input_file:org/apache/atlas/web/security/PamLoginModule.class */
public class PamLoginModule implements LoginModule {
    public static final String SERVICE_KEY = "service";
    private PAM pam;
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map<String, ?> options;
    private String username;
    private String password;
    private boolean authSucceeded = false;
    private PamPrincipal principal;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.options = new HashMap(map2);
    }

    public boolean login() throws LoginException {
        initializePam();
        obtainUserAndPassword();
        return performLogin();
    }

    private void initializePam() throws LoginException {
        String str = (String) this.options.get(SERVICE_KEY);
        if (str == null) {
            throw new LoginException("Error: PAM service was not defined");
        }
        createPam(str);
    }

    private void createPam(String str) throws LoginException {
        try {
            this.pam = new PAM(str);
        } catch (PAMException e) {
            LoginException loginException = new LoginException("Error initializing PAM");
            loginException.initCause(e);
            throw loginException;
        }
    }

    private void obtainUserAndPassword() throws LoginException {
        if (this.callbackHandler == null) {
            throw new LoginException("Error: no CallbackHandler available  to gather authentication information from the user");
        }
        try {
            NameCallback nameCallback = new NameCallback("username");
            PasswordCallback passwordCallback = new PasswordCallback("password", false);
            invokeCallbackHandler(nameCallback, passwordCallback);
            initUserName(nameCallback);
            initPassword(passwordCallback);
        } catch (IOException | UnsupportedCallbackException e) {
            LoginException loginException = new LoginException("Error in callbacks");
            loginException.initCause(e);
            throw loginException;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void invokeCallbackHandler(NameCallback nameCallback, PasswordCallback passwordCallback) throws IOException, UnsupportedCallbackException {
        this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
    }

    private void initUserName(NameCallback nameCallback) {
        this.username = nameCallback.getName();
    }

    private void initPassword(PasswordCallback passwordCallback) {
        char[] password = passwordCallback.getPassword();
        if (password != null) {
            this.password = new String(password);
        }
        passwordCallback.clearPassword();
    }

    private boolean performLogin() throws LoginException {
        try {
            this.principal = new PamPrincipal(this.pam.authenticate(this.username, this.password));
            this.authSucceeded = true;
            return true;
        } catch (PAMException e) {
            FailedLoginException failedLoginException = new FailedLoginException("Invalid username or password");
            failedLoginException.initCause(e);
            throw failedLoginException;
        }
    }

    public boolean commit() throws LoginException {
        if (!this.authSucceeded) {
            return false;
        }
        if (this.subject.isReadOnly()) {
            cleanup();
            throw new LoginException("Subject is read-only");
        }
        Set<Principal> principals = this.subject.getPrincipals();
        if (principals.contains(this.principal)) {
            return true;
        }
        principals.add(this.principal);
        return true;
    }

    public boolean abort() throws LoginException {
        if (!this.authSucceeded) {
            return false;
        }
        cleanup();
        return true;
    }

    public boolean logout() throws LoginException {
        if (this.subject.isReadOnly()) {
            cleanup();
            throw new LoginException("Subject is read-only");
        }
        this.subject.getPrincipals().remove(this.principal);
        cleanup();
        return true;
    }

    private void cleanup() {
        this.authSucceeded = false;
        this.username = null;
        this.password = null;
        this.principal = null;
        this.pam.dispose();
    }
}
