package org.jboss.portal.identity.auth;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.naming.InitialContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.transaction.TransactionManager;
import org.jboss.logging.Logger;
import org.jboss.portal.common.transaction.Transactions;
import org.jboss.portal.identity.IdentityException;
import org.jboss.portal.identity.MembershipModule;
import org.jboss.portal.identity.Role;
import org.jboss.portal.identity.RoleModule;
import org.jboss.portal.identity.User;
import org.jboss.portal.identity.UserModule;
import org.jboss.portal.identity.UserProfileModule;
import org.jboss.security.auth.spi.LdapLoginModule;

/* loaded from: input_file:org/jboss/portal/identity/auth/SynchronizingLDAPLoginModule.class */
public class SynchronizingLDAPLoginModule extends LdapLoginModule {
    private static final Logger log = Logger.getLogger(SynchronizingLDAPLoginModule.class);
    protected String additionalRole;
    protected String defaultAssignedRole;
    protected String synchronizeIdentity;
    protected String synchronizeRoles;
    protected String userModuleJNDIName;
    protected String roleModuleJNDIName;
    protected String membershipModuleJNDIName;
    protected String userProfileModuleJNDIName;
    protected String preserveRoles;
    private UserModule userModule;
    private RoleModule roleModule;
    private MembershipModule membershipModule;
    private UserProfileModule userProfileModule;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.userModuleJNDIName = (String) map2.get("userModuleJNDIName");
        this.roleModuleJNDIName = (String) map2.get("roleModuleJNDIName");
        this.membershipModuleJNDIName = (String) map2.get("membershipModuleJNDIName");
        this.userProfileModuleJNDIName = (String) map2.get("userProfileModuleJNDIName");
        this.additionalRole = (String) map2.get("additionalRole");
        this.synchronizeIdentity = (String) map2.get("synchronizeIdentity");
        this.synchronizeRoles = (String) map2.get("synchronizeRoles");
        this.defaultAssignedRole = (String) map2.get("defaultAssignedRole");
        this.preserveRoles = (String) map2.get("preserveRoles");
        log.trace("additionalRole = " + this.additionalRole);
        log.trace("userModuleJNDIName = " + this.userModuleJNDIName);
        log.trace("roleModuleJNDIName = " + this.roleModuleJNDIName);
        log.trace("membershipModuleJNDIName = " + this.membershipModuleJNDIName);
        log.trace("userProfileModuleJNDIName = " + this.userProfileModuleJNDIName);
        log.trace("synchronizeIdentity = " + this.synchronizeIdentity);
        log.trace("synchronizeRoles = " + this.synchronizeRoles);
        log.trace("defaultAssignedRole = " + this.defaultAssignedRole);
        log.trace("preserveRoles = " + this.preserveRoles);
    }

    protected UserModule getUserModule() throws Exception {
        if (this.userModule == null) {
            this.userModule = (UserModule) new InitialContext().lookup(this.userModuleJNDIName);
        }
        if (this.userModule == null) {
            throw new IdentityException("Cannot obtain UserModule using JNDI name:" + this.userModuleJNDIName);
        }
        return this.userModule;
    }

    protected RoleModule getRoleModule() throws Exception {
        if (this.roleModule == null) {
            this.roleModule = (RoleModule) new InitialContext().lookup(this.roleModuleJNDIName);
        }
        if (this.roleModule == null) {
            throw new IdentityException("Cannot obtain RoleModule using JNDI name:" + this.roleModuleJNDIName);
        }
        return this.roleModule;
    }

    protected MembershipModule getMembershipModule() throws Exception {
        if (this.membershipModule == null) {
            this.membershipModule = (MembershipModule) new InitialContext().lookup(this.membershipModuleJNDIName);
        }
        if (this.membershipModule == null) {
            throw new IdentityException("Cannot obtain MembershipModule using JNDI name:" + this.membershipModuleJNDIName);
        }
        return this.membershipModule;
    }

    protected UserProfileModule getUserProfileModule() throws Exception {
        if (this.userProfileModule == null) {
            this.userProfileModule = (UserProfileModule) new InitialContext().lookup(this.userProfileModuleJNDIName);
        }
        if (this.userProfileModule == null) {
            throw new IdentityException("Cannot obtain UserProfileModule using JNDI name:" + this.userProfileModuleJNDIName);
        }
        return this.userProfileModule;
    }

    protected boolean validatePassword(String str, String str2) {
        boolean validatePassword = super.validatePassword(str, str2);
        if (validatePassword && isSynchronizeIdentity()) {
            try {
                performSynchronization(getUsername(), str);
            } catch (Throwable th) {
                log.warn("Failed to sychronize identity of user: " + str, th);
            }
        }
        return validatePassword;
    }

    protected Group[] getRoleSets() throws LoginException {
        Group[] roleSets = super.getRoleSets();
        if (this.additionalRole != null) {
            for (Group group : roleSets) {
                try {
                    if (group.getName().equals("Roles")) {
                        group.addMember(createIdentity(this.additionalRole));
                    }
                } catch (Exception e) {
                    log.error("Error when adding additional role: ", e);
                }
            }
        }
        return roleSets;
    }

    protected Principal createIdentity(String str) throws Exception {
        return new UserPrincipal(str);
    }

    private void performSynchronization(final String str, final String str2) throws Exception {
        final Group[] roleSets = super.getRoleSets();
        log.debug("$$Synchronizing user: " + str);
        if (log.isDebugEnabled()) {
            for (Group group : roleSets) {
                log.debug("$$Role Group: " + group.getName());
                Enumeration<? extends Principal> members = group.members();
                while (members.hasMoreElements()) {
                    Principal nextElement = members.nextElement();
                    log.debug("$$Principal in group: " + nextElement.getName() + "; " + nextElement.toString());
                }
            }
        }
        try {
            Transactions.required((TransactionManager) new InitialContext().lookup("java:/TransactionManager"), new Transactions.Runnable() { // from class: org.jboss.portal.identity.auth.SynchronizingLDAPLoginModule.1
                public Object run() throws Exception {
                    Set roles;
                    User user = null;
                    try {
                        try {
                            user = SynchronizingLDAPLoginModule.this.getUserModule().findUserByUserName(str);
                            if (!user.validatePassword(str2)) {
                                user.updatePassword(str2);
                            }
                        } catch (Exception e) {
                        }
                        if (user == null) {
                            user = SynchronizingLDAPLoginModule.this.getUserModule().createUser(str, str2);
                            SynchronizingLDAPLoginModule.this.getUserProfileModule().setProperty(user, User.INFO_USER_ENABLED, Boolean.TRUE);
                        }
                        HashSet hashSet = new HashSet();
                        if (SynchronizingLDAPLoginModule.this.isSynchronizeRoles()) {
                            Enumeration<? extends Principal> members2 = roleSets[0].members();
                            while (members2.hasMoreElements()) {
                                String name = members2.nextElement().getName();
                                SynchronizingLDAPLoginModule.log.debug("$$Processing role principal object related to current user: " + name);
                                Role role = null;
                                try {
                                    role = SynchronizingLDAPLoginModule.this.getRoleModule().findRoleByName(name);
                                } catch (Exception e2) {
                                }
                                if (role == null) {
                                    try {
                                        role = SynchronizingLDAPLoginModule.this.getRoleModule().createRole(name, name);
                                    } catch (Throwable th) {
                                        SynchronizingLDAPLoginModule.log.warn("Error when trying to synchronize role: " + name, th);
                                    }
                                }
                                hashSet.add(role);
                            }
                        }
                        if (SynchronizingLDAPLoginModule.this.defaultAssignedRole != null) {
                            try {
                                hashSet.add(SynchronizingLDAPLoginModule.this.getRoleModule().findRoleByName(SynchronizingLDAPLoginModule.this.defaultAssignedRole));
                            } catch (Exception e3) {
                                SynchronizingLDAPLoginModule.log.warn("Cannot find defaultAssignedRole: " + SynchronizingLDAPLoginModule.this.defaultAssignedRole, e3);
                            }
                        }
                        if (hashSet.size() <= 0) {
                            return null;
                        }
                        if ((SynchronizingLDAPLoginModule.this.isPreserveRoles() || !SynchronizingLDAPLoginModule.this.isSynchronizeRoles()) && (roles = SynchronizingLDAPLoginModule.this.getMembershipModule().getRoles(user)) != null) {
                            hashSet.addAll(roles);
                        }
                        SynchronizingLDAPLoginModule.this.getMembershipModule().assignRoles(user, hashSet);
                        return null;
                    } catch (Exception e4) {
                        throw new LoginException(e4.toString());
                    }
                }
            });
        } catch (Exception e) {
            throw new LoginException(e.getCause().toString());
        }
    }

    protected boolean isSynchronizeIdentity() {
        return (this.synchronizeIdentity == null || !this.synchronizeIdentity.equalsIgnoreCase("false")) ? Boolean.TRUE.booleanValue() : Boolean.FALSE.booleanValue();
    }

    protected boolean isSynchronizeRoles() {
        return (this.synchronizeRoles == null || !this.synchronizeRoles.equalsIgnoreCase("false")) ? Boolean.TRUE.booleanValue() : Boolean.FALSE.booleanValue();
    }

    protected boolean isPreserveRoles() {
        return (this.preserveRoles == null || !this.preserveRoles.equalsIgnoreCase("true")) ? Boolean.FALSE.booleanValue() : Boolean.TRUE.booleanValue();
    }
}
