package org.ldaptive.jaas;

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.TreeSet;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/ldaptive-2.0.0.jar:org/ldaptive/jaas/AbstractLoginModule.class */
public abstract class AbstractLoginModule implements LoginModule {
    public static final String LOGIN_NAME = "javax.security.auth.login.name";
    public static final String LOGIN_DN = "org.ldaptive.jaas.login.entryDn";
    public static final String LOGIN_PASSWORD = "javax.security.auth.login.password";
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    protected final List<LdapRole> defaultRole = new ArrayList();
    protected Subject subject;
    protected CallbackHandler callbackHandler;
    protected Map sharedState;
    protected boolean useFirstPass;
    protected boolean tryFirstPass;
    protected boolean storePass;
    protected boolean clearPass;
    protected boolean setLdapPrincipal;
    protected boolean setLdapDnPrincipal;
    protected boolean setLdapCredential;
    protected String principalGroupName;
    protected String roleGroupName;
    protected boolean loginSuccess;
    protected boolean commitSuccess;
    protected Set<Principal> principals;
    protected Set<LdapCredential> credentials;
    protected Set<Principal> roles;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.logger.trace("Begin initialize");
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        for (String str : map2.keySet()) {
            String str2 = (String) map2.get(str);
            if ("useFirstPass".equalsIgnoreCase(str)) {
                this.useFirstPass = Boolean.valueOf(str2).booleanValue();
            } else if ("tryFirstPass".equalsIgnoreCase(str)) {
                this.tryFirstPass = Boolean.valueOf(str2).booleanValue();
            } else if ("storePass".equalsIgnoreCase(str)) {
                this.storePass = Boolean.valueOf(str2).booleanValue();
            } else if ("clearPass".equalsIgnoreCase(str)) {
                this.clearPass = Boolean.valueOf(str2).booleanValue();
            } else if ("setLdapPrincipal".equalsIgnoreCase(str)) {
                this.setLdapPrincipal = Boolean.valueOf(str2).booleanValue();
            } else if ("setLdapDnPrincipal".equalsIgnoreCase(str)) {
                this.setLdapDnPrincipal = Boolean.valueOf(str2).booleanValue();
            } else if ("setLdapCredential".equalsIgnoreCase(str)) {
                this.setLdapCredential = Boolean.valueOf(str2).booleanValue();
            } else if ("defaultRole".equalsIgnoreCase(str)) {
                for (String str3 : str2.split(",")) {
                    this.defaultRole.add(new LdapRole(str3.trim()));
                }
            } else if ("principalGroupName".equalsIgnoreCase(str)) {
                this.principalGroupName = str2;
            } else if ("roleGroupName".equalsIgnoreCase(str)) {
                this.roleGroupName = str2;
            }
        }
        this.logger.trace("useFirstPass = {}, tryFirstPass = {}, storePass = {}, clearPass = {}, setLdapPrincipal = {}, setLdapDnPrincipal = {}, setLdapCredential = {}, defaultRole = {}, principalGroupName = {}, roleGroupName = {}", Boolean.valueOf(this.useFirstPass), Boolean.valueOf(this.tryFirstPass), Boolean.valueOf(this.storePass), Boolean.valueOf(this.clearPass), Boolean.valueOf(this.setLdapPrincipal), Boolean.valueOf(this.setLdapDnPrincipal), Boolean.valueOf(this.setLdapCredential), this.defaultRole, this.principalGroupName, this.roleGroupName);
        this.principals = new TreeSet();
        this.credentials = new HashSet();
        this.roles = new TreeSet();
    }

    public boolean login() throws LoginException {
        return login(new NameCallback("Enter user: "), new PasswordCallback("Enter user password: ", false));
    }

    protected abstract boolean login(NameCallback nameCallback, PasswordCallback passwordCallback) throws LoginException;

    public boolean commit() throws LoginException {
        this.logger.trace("Begin commit");
        if (!this.loginSuccess) {
            this.logger.debug("Login failed");
            return false;
        }
        if (this.subject.isReadOnly()) {
            clearState();
            throw new LoginException("Subject is read-only.");
        }
        this.subject.getPrincipals().addAll(this.principals);
        this.logger.debug("Committed the following principals: {}", this.principals);
        this.subject.getPrivateCredentials().addAll(this.credentials);
        this.subject.getPrincipals().addAll(this.roles);
        this.logger.debug("Committed the following roles: {}", this.roles);
        if (this.principalGroupName != null) {
            LdapGroup ldapGroup = new LdapGroup(this.principalGroupName);
            Set<Principal> set = this.principals;
            Objects.requireNonNull(ldapGroup);
            set.forEach(ldapGroup::addMember);
            this.subject.getPrincipals().add(ldapGroup);
            this.logger.debug("Committed the following principal group: {}", ldapGroup);
        }
        if (this.roleGroupName != null) {
            LdapGroup ldapGroup2 = new LdapGroup(this.roleGroupName);
            Set<Principal> set2 = this.roles;
            Objects.requireNonNull(ldapGroup2);
            set2.forEach(ldapGroup2::addMember);
            this.subject.getPrincipals().add(ldapGroup2);
            this.logger.debug("Committed the following role group: {}", ldapGroup2);
        }
        clearState();
        this.commitSuccess = true;
        return true;
    }

    public boolean abort() throws LoginException {
        this.logger.trace("Begin abort");
        if (!this.loginSuccess) {
            return false;
        }
        if (this.commitSuccess) {
            logout();
            return true;
        }
        this.loginSuccess = false;
        clearState();
        return true;
    }

    public boolean logout() throws LoginException {
        this.logger.trace("Begin logout");
        if (this.subject.isReadOnly()) {
            clearState();
            throw new LoginException("Subject is read-only.");
        }
        Iterator it = this.subject.getPrincipals(LdapPrincipal.class).iterator();
        while (it.hasNext()) {
            this.subject.getPrincipals().remove((LdapPrincipal) it.next());
        }
        Iterator it2 = this.subject.getPrincipals(LdapDnPrincipal.class).iterator();
        while (it2.hasNext()) {
            this.subject.getPrincipals().remove((LdapDnPrincipal) it2.next());
        }
        Iterator it3 = this.subject.getPrincipals(LdapRole.class).iterator();
        while (it3.hasNext()) {
            this.subject.getPrincipals().remove((LdapRole) it3.next());
        }
        Iterator it4 = this.subject.getPrincipals(LdapGroup.class).iterator();
        while (it4.hasNext()) {
            this.subject.getPrincipals().remove((LdapGroup) it4.next());
        }
        Iterator it5 = this.subject.getPrivateCredentials(LdapCredential.class).iterator();
        while (it5.hasNext()) {
            this.subject.getPrivateCredentials().remove((LdapCredential) it5.next());
        }
        clearState();
        this.loginSuccess = false;
        this.commitSuccess = false;
        return true;
    }

    protected void clearState() {
        this.principals.clear();
        this.credentials.clear();
        this.roles.clear();
        if (this.clearPass) {
            this.sharedState.remove("javax.security.auth.login.name");
            this.sharedState.remove(LOGIN_PASSWORD);
            this.sharedState.remove(LOGIN_DN);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    public void getCredentials(NameCallback nameCallback, PasswordCallback passwordCallback, boolean z) throws LoginException {
        this.logger.trace("Begin getCredentials: useFistPass = {}, tryFistPass = {}, useCallback = {}, callbackhandler class = {}, name callback class = {}, password callback class = {}", Boolean.valueOf(this.useFirstPass), Boolean.valueOf(this.tryFirstPass), Boolean.valueOf(z), this.callbackHandler.getClass().getName(), nameCallback.getClass().getName(), passwordCallback.getClass().getName());
        try {
            if ((this.useFirstPass || this.tryFirstPass) && !z) {
                nameCallback.setName((String) this.sharedState.get("javax.security.auth.login.name"));
                passwordCallback.setPassword((char[]) this.sharedState.get(LOGIN_PASSWORD));
            } else {
                if (this.callbackHandler == null) {
                    throw new LoginException("No CallbackHandler available. Set useFirstPass, tryFirstPass, or provide a CallbackHandler");
                }
                this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            }
        } catch (IOException e) {
            this.logger.error("Error reading data from callback handler", (Throwable) e);
            this.loginSuccess = false;
            throw new LoginException(e.getMessage());
        } catch (UnsupportedCallbackException e2) {
            this.logger.error("Unsupported callback", (Throwable) e2);
            this.loginSuccess = false;
            throw new LoginException(e2.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeCredentials(NameCallback nameCallback, PasswordCallback passwordCallback, String str) {
        if (this.storePass) {
            if (nameCallback != null && nameCallback.getName() != null) {
                this.sharedState.put("javax.security.auth.login.name", nameCallback.getName());
            }
            if (passwordCallback != null && passwordCallback.getPassword() != null) {
                this.sharedState.put(LOGIN_PASSWORD, passwordCallback.getPassword());
            }
            if (str != null) {
                this.sharedState.put(LOGIN_DN, str);
            }
        }
    }
}
