package org.apache.karaf.jaas.modules.syncope;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;
import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.apache.karaf.jaas.boot.principal.UserPrincipal;
import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/karaf/system/org/apache/karaf/jaas/org.apache.karaf.jaas.modules/2.4.0.redhat-630300/org.apache.karaf.jaas.modules-2.4.0.redhat-630300.jar:org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.class */
public class SyncopeLoginModule extends AbstractKarafLoginModule {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SyncopeLoginModule.class);
    public static final String ADDRESS = "address";
    public static final String ADMIN_USER = "admin.user";
    public static final String ADMIN_PASSWORD = "admin.password";
    private String address;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map2);
        this.address = (String) map2.get("address");
    }

    public boolean login() throws LoginException {
        NameCallback[] nameCallbackArr = {new NameCallback("Username: "), new PasswordCallback("Password: ", false)};
        try {
            this.callbackHandler.handle(nameCallbackArr);
            this.user = nameCallbackArr[0].getName();
            char[] password = ((PasswordCallback) nameCallbackArr[1]).getPassword();
            if (password == null) {
                password = new char[0];
            }
            String str = new String(password);
            this.principals = new HashSet();
            LOGGER.debug("Authenticate user {} on Syncope located {}", this.user, this.address);
            DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
            defaultHttpClient.getCredentialsProvider().setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(this.user, str));
            HttpGet httpGet = new HttpGet(this.address + "/users/self");
            new ArrayList();
            try {
                CloseableHttpResponse execute = defaultHttpClient.execute((HttpUriRequest) httpGet);
                LOGGER.debug("Syncope HTTP response status code: {}", Integer.valueOf(execute.getStatusLine().getStatusCode()));
                if (execute.getStatusLine().getStatusCode() != 200) {
                    LOGGER.warn("User {} not authenticated", this.user);
                    return false;
                }
                LOGGER.debug("User {} authenticated", this.user);
                LOGGER.debug("Populating principals with user");
                this.principals.add(new UserPrincipal(this.user));
                LOGGER.debug("Retrieving user {} roles", this.user);
                List<String> extractingRoles = extractingRoles(EntityUtils.toString(execute.getEntity()));
                LOGGER.debug("Populating principals with roles");
                Iterator<String> it = extractingRoles.iterator();
                while (it.hasNext()) {
                    this.principals.add(new RolePrincipal(it.next()));
                }
                return true;
            } catch (Exception e) {
                LOGGER.error("User {} authentication failed", this.user, e);
                throw new LoginException("User " + this.user + " authentication failed: " + e.getMessage());
            }
        } catch (IOException e2) {
            throw new LoginException(e2.getMessage());
        } catch (UnsupportedCallbackException e3) {
            throw new LoginException(e3.getMessage() + " not available to obtain information from user.");
        }
    }

    protected List<String> extractingRoles(String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        if (str != null && !str.isEmpty()) {
            String substring = str.substring(str.indexOf("<memberships>") + "<memberships>".length());
            String substring2 = substring.substring(0, substring.indexOf("</memberships>"));
            int indexOf = substring2.indexOf("<roleName>");
            while (true) {
                int i = indexOf;
                if (i == -1) {
                    break;
                }
                String substring3 = substring2.substring(i + "<roleName>".length());
                int indexOf2 = substring3.indexOf("</roleName>");
                if (indexOf2 == -1) {
                }
                arrayList.add(substring3.substring(0, indexOf2));
                substring2 = substring3.substring(indexOf2 + "</roleName>".length());
                indexOf = substring2.indexOf("<roleName>");
            }
        }
        return arrayList;
    }

    public boolean abort() {
        return true;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().removeAll(this.principals);
        this.principals.clear();
        return true;
    }
}
