package org.apache.karaf.management;

import java.io.IOException;
import java.security.Principal;
import java.util.Iterator;
import javax.management.remote.JMXAuthenticator;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:WEB-INF/karaf/system/org/apache/karaf/management/org.apache.karaf.management.server/2.3.0.redhat-610401/org.apache.karaf.management.server-2.3.0.redhat-610401.jar:org/apache/karaf/management/JaasAuthenticator.class */
public class JaasAuthenticator implements JMXAuthenticator {
    private String realm;
    private String role;

    public String getRealm() {
        return this.realm;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public String getRole() {
        return this.role;
    }

    public void setRole(String str) {
        this.role = str;
    }

    public Subject authenticate(Object obj) throws SecurityException {
        if (!(obj instanceof String[])) {
            throw new IllegalArgumentException("Expected String[2], got " + (obj != null ? obj.getClass().getName() : null));
        }
        final String[] strArr = (String[]) obj;
        if (strArr.length != 2) {
            throw new IllegalArgumentException("Expected String[2] but length was " + strArr.length);
        }
        try {
            Subject subject = new Subject();
            new LoginContext(this.realm, subject, new CallbackHandler() { // from class: org.apache.karaf.management.JaasAuthenticator.1
                @Override // javax.security.auth.callback.CallbackHandler
                public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                    for (int i = 0; i < callbackArr.length; i++) {
                        if (callbackArr[i] instanceof NameCallback) {
                            ((NameCallback) callbackArr[i]).setName(strArr[0]);
                        } else {
                            if (!(callbackArr[i] instanceof PasswordCallback)) {
                                throw new UnsupportedCallbackException(callbackArr[i]);
                            }
                            ((PasswordCallback) callbackArr[i]).setPassword(strArr[1].toCharArray());
                        }
                    }
                }
            }).login();
            if (this.role != null && this.role.length() > 0) {
                String str = "org.apache.karaf.jaas.boot.principal.RolePrincipal";
                String str2 = this.role;
                int indexOf = this.role.indexOf(58);
                if (indexOf > 0) {
                    str = this.role.substring(0, indexOf);
                    str2 = this.role.substring(indexOf + 1);
                }
                boolean z = false;
                Iterator<Principal> it = subject.getPrincipals().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Principal next = it.next();
                    if (next.getClass().getName().equals(str) && next.getName().equals(str2)) {
                        z = true;
                        break;
                    }
                }
                if (!z) {
                    throw new FailedLoginException("User does not have the required role " + this.role);
                }
            }
            return subject;
        } catch (LoginException e) {
            throw new SecurityException("Authentication failed", e);
        }
    }
}
