package org.picketlink.idm.auth;

import java.security.Principal;
import java.util.Iterator;
import java.util.Map;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.jacc.PolicyContext;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import org.jboss.security.SimpleGroup;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
import org.picketlink.idm.api.Attribute;
import org.picketlink.idm.api.Group;
import org.picketlink.idm.api.IdentitySession;
import org.picketlink.idm.api.IdentitySessionFactory;
import org.picketlink.idm.api.RelationshipManager;
import org.picketlink.idm.api.User;
import org.picketlink.idm.common.exception.NoSuchUserException;
import org.picketlink.idm.common.transaction.TransactionManagerProvider;
import org.picketlink.idm.common.transaction.Transactions;

/* loaded from: input_file:org/picketlink/idm/auth/JBossIdentityIDMLoginModule.class */
public class JBossIdentityIDMLoginModule extends UsernamePasswordLoginModule {
    private static Logger log = Logger.getLogger(JBossIdentityIDMLoginModule.class.getName());
    protected String identitySessionFactoryJNDIName;
    protected String realmName;
    protected String roleGroupTypeName;
    protected String userEnabledAttributeName;
    protected String additionalRole;
    protected String associatedGroupType;
    protected String associatedGroupName;
    protected String validateUserNameCase;
    protected String userNameToLowerCase;
    protected String manageTransaction;
    private IdentitySessionFactory identitySessionFactory;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.identitySessionFactoryJNDIName = (String) map2.get("identitySessionFactoryJNDIName");
        this.realmName = (String) map2.get("realmName");
        this.roleGroupTypeName = (String) map2.get("roleGroupTypeName");
        this.userEnabledAttributeName = (String) map2.get("userEnabledAttributeName");
        this.additionalRole = (String) map2.get("additionalRole");
        this.associatedGroupType = (String) map2.get("associatedGroupType");
        this.associatedGroupName = (String) map2.get("associatedGroupName");
        this.validateUserNameCase = (String) map2.get("validateUserNameCase");
        this.userNameToLowerCase = (String) map2.get("userNameToLowerCase");
        this.manageTransaction = (String) map2.get("transactionAware");
        if (log.isDebugEnabled()) {
            log.debug("identitySessionFactoryJNDIName = " + this.identitySessionFactoryJNDIName);
        }
        log.debug("realmName = " + this.realmName);
        log.debug("groupTypeName = " + this.roleGroupTypeName);
        log.debug("userEnabledAttributeName = " + this.userEnabledAttributeName);
        log.debug("additionalRole = " + this.additionalRole);
        log.debug("havingRole = " + this.associatedGroupName);
        log.debug("validateUserNameCase = " + this.validateUserNameCase);
        log.debug("userNameToLowerCase = " + this.userNameToLowerCase);
        log.debug("transactionAware = " + this.manageTransaction);
    }

    protected String getUsersPassword() throws LoginException {
        return "";
    }

    protected boolean validatePassword(String str, String str2) {
        try {
            HttpServletRequest httpServletRequest = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
            if (httpServletRequest.getAttribute("ssoSuccess") != null) {
                return true;
            }
            if (str == null) {
                return false;
            }
            try {
                try {
                    UserStatus userStatus = getUserStatus(str);
                    httpServletRequest.setAttribute("org.picketlink.idm.userStatus", userStatus);
                    if (userStatus == UserStatus.DISABLE || userStatus == UserStatus.NOTASSIGNEDTOROLE || userStatus == UserStatus.UNEXISTING || userStatus == UserStatus.WRONGPASSWORD) {
                        return false;
                    }
                    if (userStatus == UserStatus.OK) {
                        return true;
                    }
                    log.info("Unexpected error while logging in");
                    return false;
                } catch (Exception e) {
                    log.info("Error when validating password: ", e);
                    return false;
                }
            } catch (Exception e2) {
                log.info("Failed to validate password: ", e2);
                return false;
            }
        } catch (Exception e3) {
            throw new RuntimeException(e3);
        }
    }

    protected UserStatus getUserStatus(final String str) {
        UserStatus userStatus = null;
        try {
            UserStatus userStatus2 = (UserStatus) Transactions.required(TransactionManagerProvider.JBOSS_PROVIDER.getTransactionManager(), new Transactions.Runnable() { // from class: org.picketlink.idm.auth.JBossIdentityIDMLoginModule.1
                @Override // org.picketlink.idm.common.transaction.Transactions.Runnable
                public Object run() throws Exception {
                    IdentitySession currentIdentitySession = JBossIdentityIDMLoginModule.this.getIdentitySessionFactory().getCurrentIdentitySession(JBossIdentityIDMLoginModule.this.realmName);
                    currentIdentitySession.beginTransaction();
                    if (JBossIdentityIDMLoginModule.this.manageTransaction != null && JBossIdentityIDMLoginModule.this.manageTransaction.equals("true")) {
                        currentIdentitySession.beginTransaction();
                    }
                    UserStatus _getUserStatus = JBossIdentityIDMLoginModule.this._getUserStatus(str);
                    if (JBossIdentityIDMLoginModule.this.manageTransaction != null && JBossIdentityIDMLoginModule.this.manageTransaction.equals("true")) {
                        currentIdentitySession.getTransaction().commit();
                    }
                    return _getUserStatus;
                }
            });
            if (userStatus2 != null) {
                userStatus = userStatus2;
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return userStatus;
    }

    protected UserStatus _getUserStatus(String str) throws Exception {
        try {
            IdentitySession currentIdentitySession = getIdentitySessionFactory().getCurrentIdentitySession(this.realmName);
            User findUser = currentIdentitySession.getPersistenceManager().findUser(getUsername());
            if (findUser == null) {
                throw new NoSuchUserException("UserModule returned null user object");
            }
            if (this.validateUserNameCase != null && this.validateUserNameCase.equalsIgnoreCase("true") && !getUsername().equals(findUser.getKey())) {
                return UserStatus.UNEXISTING;
            }
            if (this.userEnabledAttributeName != null) {
                boolean z = false;
                try {
                    Attribute attribute = currentIdentitySession.getAttributesManager().getAttribute(findUser, this.userEnabledAttributeName);
                    if (attribute != null) {
                        z = new Boolean(attribute.toString()).booleanValue();
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                }
                if (!z) {
                    return UserStatus.DISABLE;
                }
            }
            if (this.associatedGroupName != null && this.associatedGroupType != null) {
                boolean z2 = false;
                Group findGroup = currentIdentitySession.getPersistenceManager().findGroup(this.associatedGroupName, this.associatedGroupType);
                if (findGroup != null) {
                    z2 = currentIdentitySession.getRelationshipManager().isAssociated((RelationshipManager) findGroup, (Group) findUser);
                }
                if (!z2) {
                    return UserStatus.NOTASSIGNEDTOROLE;
                }
            }
            return !currentIdentitySession.getAttributesManager().validatePassword(findUser, str) ? UserStatus.WRONGPASSWORD : UserStatus.OK;
        } catch (NoSuchUserException e2) {
            return UserStatus.UNEXISTING;
        } catch (Exception e3) {
            throw new LoginException(e3.toString());
        }
    }

    protected java.security.acl.Group[] getRoleSets() throws LoginException {
        try {
            return (java.security.acl.Group[]) Transactions.required(TransactionManagerProvider.JBOSS_PROVIDER.getTransactionManager(), new Transactions.Runnable() { // from class: org.picketlink.idm.auth.JBossIdentityIDMLoginModule.2
                @Override // org.picketlink.idm.common.transaction.Transactions.Runnable
                public Object run() throws Exception {
                    IdentitySession currentIdentitySession = JBossIdentityIDMLoginModule.this.getIdentitySessionFactory().getCurrentIdentitySession(JBossIdentityIDMLoginModule.this.realmName);
                    currentIdentitySession.beginTransaction();
                    if (JBossIdentityIDMLoginModule.this.manageTransaction != null && JBossIdentityIDMLoginModule.this.manageTransaction.equals("true")) {
                        currentIdentitySession.beginTransaction();
                    }
                    java.security.acl.Group[] _getRoleSets = JBossIdentityIDMLoginModule.this._getRoleSets();
                    if (JBossIdentityIDMLoginModule.this.manageTransaction != null && JBossIdentityIDMLoginModule.this.manageTransaction.equals("true")) {
                        currentIdentitySession.getTransaction().commit();
                    }
                    return _getRoleSets;
                }
            });
        } catch (Exception e) {
            throw new LoginException(e.getCause().toString());
        }
    }

    protected java.security.acl.Group[] _getRoleSets() throws Exception {
        java.security.acl.Group simpleGroup = new SimpleGroup("Roles");
        if (this.additionalRole != null) {
            simpleGroup.addMember(createIdentity(this.additionalRole));
        }
        try {
            IdentitySession currentIdentitySession = getIdentitySessionFactory().getCurrentIdentitySession(this.realmName);
            Iterator<Group> it = currentIdentitySession.getRelationshipManager().findAssociatedGroups(currentIdentitySession.getPersistenceManager().findUser(getUsername()), this.roleGroupTypeName).iterator();
            while (it.hasNext()) {
                String name = it.next().getName();
                try {
                    simpleGroup.addMember(createIdentity(name));
                } catch (Exception e) {
                    log.info("Failed to create principal " + name, e);
                }
            }
            return new java.security.acl.Group[]{simpleGroup};
        } catch (Exception e2) {
            throw new LoginException(e2.toString());
        }
    }

    protected Principal createIdentity(String str) throws Exception {
        return new UserPrincipal(str);
    }

    protected String getUsername() {
        return (this.userNameToLowerCase == null || !this.userNameToLowerCase.equalsIgnoreCase("true")) ? super.getUsername() : super.getUsername().toLowerCase();
    }

    protected String[] getUsernameAndPassword() throws LoginException {
        String[] usernameAndPassword = super.getUsernameAndPassword();
        if (this.userNameToLowerCase != null && this.userNameToLowerCase.equalsIgnoreCase("true") && usernameAndPassword[0] != null) {
            usernameAndPassword[0] = usernameAndPassword[0].toLowerCase();
        }
        return usernameAndPassword;
    }

    protected IdentitySessionFactory getIdentitySessionFactory() throws NamingException {
        if (this.identitySessionFactory == null) {
            this.identitySessionFactory = (IdentitySessionFactory) new InitialContext().lookup(this.identitySessionFactoryJNDIName);
        }
        return this.identitySessionFactory;
    }
}
