package org.soulwing.jwt.extension.jaas;

import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
import org.jboss.security.auth.callback.ObjectCallback;
import org.jboss.security.auth.spi.AbstractServerLoginModule;
import org.soulwing.jwt.extension.api.Claim;
import org.soulwing.jwt.extension.api.UserPrincipal;
import org.soulwing.jwt.extension.service.Credential;
import org.wildfly.security.authz.RoleDecoder;

/* loaded from: input_file:WEB-INF/lib/jwt-subsystem-1.1.0.jar:org/soulwing/jwt/extension/jaas/JwtLoginModule.class */
public class JwtLoginModule extends AbstractServerLoginModule {
    static final String ROLE_CLAIMS = "role-claims";
    private String[] roleClaims;
    Credential credential;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.roleClaims = parseRoleAttributes(map2.get(ROLE_CLAIMS));
        if (JaasLogger.LOGGER.isDebugEnabled()) {
            JaasLogger.LOGGER.debug("role attributes: " + Arrays.asList(this.roleClaims));
        }
    }

    private static String[] parseRoleAttributes(Object obj) {
        if (obj == null) {
            return new String[0];
        }
        String obj2 = obj.toString();
        return obj2.isEmpty() ? new String[0] : obj2.split("\\s*(,|\\s)\\s*");
    }

    public boolean login() throws LoginException {
        Callback objectCallback = new ObjectCallback("Credential");
        try {
            this.callbackHandler.handle(new Callback[]{objectCallback});
            Object credential = objectCallback.getCredential();
            if (credential instanceof Credential) {
                this.credential = (Credential) credential;
                this.loginOk = true;
                return true;
            }
            if (!JaasLogger.LOGGER.isDebugEnabled()) {
                return false;
            }
            JaasLogger.LOGGER.debug("not a credential");
            return false;
        } catch (IOException e) {
            if (JaasLogger.LOGGER.isDebugEnabled()) {
                JaasLogger.LOGGER.debug("I/O error");
            }
            throw new LoginException("I/O error: " + e.toString());
        } catch (UnsupportedCallbackException e2) {
            if (JaasLogger.LOGGER.isDebugEnabled()) {
                JaasLogger.LOGGER.debug("unsupported callback");
            }
            throw new LoginException("ObjectCallback not supported");
        }
    }

    protected Principal getIdentity() {
        UserPrincipal principal = this.credential.getPrincipal();
        if (JaasLogger.LOGGER.isDebugEnabled()) {
            JaasLogger.LOGGER.debug("principal name is `" + principal.getName() + "`");
        }
        return principal;
    }

    protected Group[] getRoleSets() throws LoginException {
        try {
            Set<Principal> roles = getRoles();
            if (roles.isEmpty()) {
                return new Group[0];
            }
            Group simpleGroup = new SimpleGroup(RoleDecoder.KEY_ROLES);
            Iterator<Principal> it = roles.iterator();
            while (it.hasNext()) {
                simpleGroup.addMember(it.next());
            }
            return new Group[]{simpleGroup};
        } catch (RuntimeException e) {
            JaasLogger.LOGGER.error("getRoleSets error: " + e.toString(), e);
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<Principal> getRoles() throws LoginException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        UserPrincipal principal = this.credential.getPrincipal();
        if (this.roleClaims.length > 0) {
            for (String str : this.roleClaims) {
                Claim claim = principal.getClaim(str);
                if (!claim.isNull()) {
                    Iterator it = claim.asList(String.class).iterator();
                    while (it.hasNext()) {
                        linkedHashSet.add(createRole((String) it.next()));
                    }
                } else if (JaasLogger.LOGGER.isDebugEnabled()) {
                    JaasLogger.LOGGER.debug("assertion does not contain claim '" + str + "'");
                }
            }
        }
        if (JaasLogger.LOGGER.isDebugEnabled()) {
            JaasLogger.LOGGER.debug("assertion-derived roles: " + linkedHashSet);
        }
        return linkedHashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Principal createRole(String str) throws LoginException {
        try {
            Principal createIdentity = createIdentity(str);
            if (JaasLogger.LOGGER.isDebugEnabled()) {
                JaasLogger.LOGGER.debug("created role principal '" + str + "'");
            }
            return createIdentity;
        } catch (Exception e) {
            JaasLogger.LOGGER.error("while creating role '" + str + "': " + e, e);
            throw new LoginException("cannot create role: " + str);
        }
    }
}
