package org.ow2.jonas.security.auth.spi;

import java.util.ArrayList;
import java.util.Map;
import javax.naming.InitialContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.ow2.jonas.lib.security.auth.JGroup;
import org.ow2.jonas.lib.security.auth.JPrincipal;
import org.ow2.jonas.lib.security.auth.JRole;
import org.ow2.jonas.security.auth.callback.CertificateCallback;
import org.ow2.jonas.security.realm.factory.JResource;
import org.ow2.jonas.security.realm.factory.JResourceException;
import org.ow2.jonas.security.realm.principal.JUser;

/* loaded from: input_file:WEB-INF/lib/jonas-security-5.1.0-RC2.jar:org/ow2/jonas/security/auth/spi/JDirectResourceLoginModule.class */
public class JDirectResourceLoginModule implements LoginModule {
    private Subject subject = null;
    private CallbackHandler callbackHandler = null;
    private Map options = null;
    private String principalName = null;
    private String password = null;
    private ArrayList principalRoles = null;
    private boolean loginWasDoneWithSuccess = false;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.options = map2;
    }

    public boolean login() throws LoginException {
        if (this.callbackHandler == null) {
            throw new LoginException("No handler has been defined.");
        }
        String str = (String) this.options.get("resourceName");
        String str2 = (String) this.options.get("certCallback");
        if (str == null) {
            throw new LoginException("You have to give an argument to this login module. The 'resourceName' parameter is required.");
        }
        try {
            try {
                JResource jResource = (JResource) new InitialContext().lookup(str);
                Callback nameCallback = new NameCallback("User :");
                PasswordCallback passwordCallback = new PasswordCallback("Password :", false);
                CertificateCallback certificateCallback = new CertificateCallback();
                this.callbackHandler.handle((str2 == null || !Boolean.valueOf(str2).booleanValue()) ? new Callback[]{nameCallback, passwordCallback} : new Callback[]{nameCallback, passwordCallback, certificateCallback});
                this.principalName = nameCallback.getName();
                if (this.principalName == null) {
                    throw new LoginException("A null username is not a valid username");
                }
                if (this.principalName.startsWith("##DN##") && certificateCallback.getUserCertificate() == null) {
                    throw new LoginException("Name must have a certificate to access this certificate based access login");
                }
                char[] password = passwordCallback.getPassword();
                if (password == null) {
                    throw new LoginException("A null password is not a valid password");
                }
                try {
                    JUser findUser = jResource.findUser(this.principalName);
                    if (findUser == null) {
                        throw new LoginException("User '" + this.principalName + "' not found.");
                    }
                    if (!jResource.isValidUser(findUser, new String(password))) {
                        throw new LoginException("The password for the user '" + this.principalName + "' is not valid");
                    }
                    if (findUser.getPassword() != null) {
                        this.password = findUser.getPassword();
                    } else {
                        this.password = new String(password);
                    }
                    try {
                        this.principalRoles = jResource.getArrayListCombinedRoles(findUser);
                        this.loginWasDoneWithSuccess = true;
                        return true;
                    } catch (JResourceException e) {
                        throw createChainedLoginException(e.getMessage(), e);
                    }
                } catch (Exception e2) {
                    throw createChainedLoginException("Can not find the user", e2);
                }
            } catch (Exception e3) {
                throw createChainedLoginException("Cannot retrieve the resource '" + str + "'. Check that this resource is bound in the registry", e3);
            }
        } catch (Exception e4) {
            throw createChainedLoginException("Error during the login phase : " + e4.getMessage(), e4);
        }
    }

    private static LoginException createChainedLoginException(String str, Exception exc) {
        LoginException loginException = new LoginException(str);
        loginException.initCause(exc);
        return loginException;
    }

    public boolean commit() throws LoginException {
        if (this.loginWasDoneWithSuccess) {
            this.subject.getPrincipals().add(new JPrincipal(this.principalName));
            this.subject.getPrivateCredentials().add(this.password);
            JGroup jGroup = new JGroup("Roles");
            String[] strArr = (String[]) this.principalRoles.toArray(new String[this.principalRoles.size()]);
            int size = this.principalRoles.size();
            for (int i = 0; i < size; i++) {
                jGroup.addMember(new JRole(strArr[i]));
            }
            this.subject.getPrincipals().add(jGroup);
        }
        return this.loginWasDoneWithSuccess;
    }

    public boolean abort() throws LoginException {
        if (this.loginWasDoneWithSuccess) {
            this.principalName = null;
            this.principalRoles = null;
        }
        return this.loginWasDoneWithSuccess;
    }

    public boolean logout() throws LoginException {
        if (this.loginWasDoneWithSuccess) {
            this.subject.getPrincipals().remove(new JPrincipal(this.principalName));
        }
        return this.loginWasDoneWithSuccess;
    }
}
