package org.springframework.security.authentication.jaas;

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.ApplicationListener;
import org.springframework.core.log.LogMessage;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent;
import org.springframework.security.authentication.jaas.event.JaasAuthenticationSuccessEvent;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.session.SessionDestroyedEvent;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.ObjectUtils;

/* loaded from: input_file:WEB-INF/lib/spring-security-core-5.6.5.jar:org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.class */
public abstract class AbstractJaasAuthenticationProvider implements AuthenticationProvider, ApplicationEventPublisherAware, InitializingBean, ApplicationListener<SessionDestroyedEvent> {
    private ApplicationEventPublisher applicationEventPublisher;
    private AuthorityGranter[] authorityGranters;
    private JaasAuthenticationCallbackHandler[] callbackHandlers;
    protected final Log log = LogFactory.getLog(getClass());
    private LoginExceptionResolver loginExceptionResolver = new DefaultLoginExceptionResolver();
    private String loginContextName = "SPRINGSECURITY";

    /* loaded from: input_file:WEB-INF/lib/spring-security-core-5.6.5.jar:org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider$InternalCallbackHandler.class */
    private class InternalCallbackHandler implements CallbackHandler {
        private final Authentication authentication;

        InternalCallbackHandler(Authentication authentication) {
            this.authentication = authentication;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (JaasAuthenticationCallbackHandler jaasAuthenticationCallbackHandler : AbstractJaasAuthenticationProvider.this.callbackHandlers) {
                for (Callback callback : callbackArr) {
                    jaasAuthenticationCallbackHandler.handle(callback, this.authentication);
                }
            }
        }
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.hasLength(this.loginContextName, "loginContextName cannot be null or empty");
        Assert.notEmpty(this.authorityGranters, "authorityGranters cannot be null or empty");
        if (ObjectUtils.isEmpty((Object[]) this.callbackHandlers)) {
            setCallbackHandlers(new JaasAuthenticationCallbackHandler[]{new JaasNameCallbackHandler(), new JaasPasswordCallbackHandler()});
        }
        Assert.notNull(this.loginExceptionResolver, "loginExceptionResolver cannot be null");
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!(authentication instanceof UsernamePasswordAuthenticationToken)) {
            return null;
        }
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = (UsernamePasswordAuthenticationToken) authentication;
        try {
            LoginContext createLoginContext = createLoginContext(new InternalCallbackHandler(authentication));
            createLoginContext.login();
            JaasAuthenticationToken jaasAuthenticationToken = new JaasAuthenticationToken(usernamePasswordAuthenticationToken.getPrincipal(), usernamePasswordAuthenticationToken.getCredentials(), new ArrayList(getAuthorities(createLoginContext.getSubject().getPrincipals())), createLoginContext);
            publishSuccessEvent(jaasAuthenticationToken);
            return jaasAuthenticationToken;
        } catch (LoginException e) {
            AuthenticationException resolveException = this.loginExceptionResolver.resolveException(e);
            publishFailureEvent(usernamePasswordAuthenticationToken, resolveException);
            throw resolveException;
        }
    }

    private Set<GrantedAuthority> getAuthorities(Set<Principal> set) {
        HashSet hashSet = new HashSet();
        for (Principal principal : set) {
            for (AuthorityGranter authorityGranter : this.authorityGranters) {
                Set<String> grant = authorityGranter.grant(principal);
                if (!CollectionUtils.isEmpty(grant)) {
                    Iterator<String> it = grant.iterator();
                    while (it.hasNext()) {
                        hashSet.add(new JaasGrantedAuthority(it.next(), principal));
                    }
                }
            }
        }
        return hashSet;
    }

    protected abstract LoginContext createLoginContext(CallbackHandler callbackHandler) throws LoginException;

    protected void handleLogout(SessionDestroyedEvent sessionDestroyedEvent) {
        List<SecurityContext> securityContexts = sessionDestroyedEvent.getSecurityContexts();
        if (securityContexts.isEmpty()) {
            this.log.debug("The destroyed session has no SecurityContexts");
            return;
        }
        Iterator<SecurityContext> it = securityContexts.iterator();
        while (it.hasNext()) {
            Authentication authentication = it.next().getAuthentication();
            if (authentication != null && (authentication instanceof JaasAuthenticationToken)) {
                JaasAuthenticationToken jaasAuthenticationToken = (JaasAuthenticationToken) authentication;
                try {
                    logout(jaasAuthenticationToken, jaasAuthenticationToken.getLoginContext());
                } catch (LoginException e) {
                    this.log.warn("Error error logging out of LoginContext", e);
                }
            }
        }
    }

    private void logout(JaasAuthenticationToken jaasAuthenticationToken, LoginContext loginContext) throws LoginException {
        if (loginContext == null) {
            this.log.debug(LogMessage.of(() -> {
                return "Cannot logout principal: [" + jaasAuthenticationToken.getPrincipal() + "] from LoginContext. The LoginContext is unavailable";
            }));
        } else {
            this.log.debug(LogMessage.of(() -> {
                return "Logging principal: [" + jaasAuthenticationToken.getPrincipal() + "] out of LoginContext";
            }));
            loginContext.logout();
        }
    }

    @Override // org.springframework.context.ApplicationListener
    public void onApplicationEvent(SessionDestroyedEvent sessionDestroyedEvent) {
        handleLogout(sessionDestroyedEvent);
    }

    protected void publishFailureEvent(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken, AuthenticationException authenticationException) {
        if (this.applicationEventPublisher != null) {
            this.applicationEventPublisher.publishEvent((ApplicationEvent) new JaasAuthenticationFailedEvent(usernamePasswordAuthenticationToken, authenticationException));
        }
    }

    protected void publishSuccessEvent(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        if (this.applicationEventPublisher != null) {
            this.applicationEventPublisher.publishEvent((ApplicationEvent) new JaasAuthenticationSuccessEvent(usernamePasswordAuthenticationToken));
        }
    }

    AuthorityGranter[] getAuthorityGranters() {
        return this.authorityGranters;
    }

    public void setAuthorityGranters(AuthorityGranter[] authorityGranterArr) {
        this.authorityGranters = authorityGranterArr;
    }

    JaasAuthenticationCallbackHandler[] getCallbackHandlers() {
        return this.callbackHandlers;
    }

    public void setCallbackHandlers(JaasAuthenticationCallbackHandler[] jaasAuthenticationCallbackHandlerArr) {
        this.callbackHandlers = jaasAuthenticationCallbackHandlerArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getLoginContextName() {
        return this.loginContextName;
    }

    public void setLoginContextName(String str) {
        this.loginContextName = str;
    }

    LoginExceptionResolver getLoginExceptionResolver() {
        return this.loginExceptionResolver;
    }

    public void setLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver) {
        this.loginExceptionResolver = loginExceptionResolver;
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }

    @Override // org.springframework.context.ApplicationEventPublisherAware
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.applicationEventPublisher = applicationEventPublisher;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ApplicationEventPublisher getApplicationEventPublisher() {
        return this.applicationEventPublisher;
    }
}
