package io.fabric8.jaas;

import io.fabric8.service.ContainerPlaceholderResolver;
import io.fabric8.zookeeper.curator.CuratorFrameworkLocator;
import io.fabric8.zookeeper.utils.ZooKeeperUtils;
import java.io.IOException;
import java.security.Principal;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.curator.framework.CuratorFramework;
import org.apache.karaf.jaas.boot.principal.RolePolicy;
import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.apache.karaf.jaas.modules.Encryption;
import org.apache.karaf.jaas.modules.encryption.EncryptionSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/fabric-jaas-1.1.0-SNAPSHOT.jar:io/fabric8/jaas/ZookeeperLoginModule.class */
public class ZookeeperLoginModule implements LoginModule {
    private static final Logger LOG = LoggerFactory.getLogger(ZookeeperLoginModule.class);
    private CallbackHandler callbackHandler;
    private String roleDiscriminator;
    private String rolePolicy;
    private Subject subject;
    private EncryptionSupport encryptionSupport;
    private Set<Principal> principals = new HashSet();
    private boolean debug = false;
    private Properties users = new Properties();
    private Properties containers = new Properties();

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.callbackHandler = callbackHandler;
        this.subject = subject;
        this.roleDiscriminator = (String) map2.get("role.discriminator");
        this.rolePolicy = (String) map2.get("role.policy");
        this.encryptionSupport = new BasicEncryptionSupport(map2);
        this.debug = Boolean.parseBoolean((String) map2.get("debug"));
        try {
            CuratorFramework curatorFramework = CuratorFrameworkLocator.getCuratorFramework();
            if (curatorFramework != null) {
                this.users = ZooKeeperUtils.getProperties(curatorFramework, ZookeeperBackingEngine.USERS_NODE);
                this.containers = ZooKeeperUtils.getContainerTokens(curatorFramework);
            }
            if (this.debug) {
                LOG.debug("Initialize [" + this + "] - curator=" + curatorFramework + ",users=" + this.users);
            }
        } catch (Exception e) {
            LOG.warn("Failed fetching authentication data.", e);
        }
    }

    public boolean login() throws LoginException {
        boolean z;
        try {
            NameCallback[] nameCallbackArr = {new NameCallback("Username: "), new PasswordCallback("Password: ", false)};
            try {
                this.callbackHandler.handle(nameCallbackArr);
                String name = nameCallbackArr[0].getName();
                if (name == null) {
                    throw new FailedLoginException("user name is null");
                }
                char[] password = ((PasswordCallback) nameCallbackArr[1]).getPassword();
                if (password == null) {
                    password = new char[0];
                }
                if (this.debug) {
                    LOG.debug("Login [" + this + "] - user=" + name + ",users=" + this.users);
                }
                if (ZooKeeperUtils.isContainerLogin(name)) {
                    String property = this.containers.getProperty(name);
                    if (property == null) {
                        throw new FailedLoginException("Container doesn't exist");
                    }
                    if (!new String(password).equals(property)) {
                        throw new FailedLoginException("Tokens do not match");
                    }
                    this.principals = new HashSet();
                    this.principals.add(new org.apache.karaf.jaas.boot.principal.UserPrincipal(name));
                    this.principals.add(new RolePrincipal(ContainerPlaceholderResolver.RESOLVER_SCHEME));
                    this.principals.add(new RolePrincipal("admin"));
                    this.subject.getPrivateCredentials().add(new String(password));
                    z = true;
                } else {
                    String property2 = this.users.getProperty(name);
                    if (property2 == null) {
                        throw new FailedLoginException("User doesn't exist");
                    }
                    String[] split = property2.split(",");
                    if (!checkPassword(new String(password), split[0])) {
                        throw new FailedLoginException("Password does not match");
                    }
                    this.principals = new HashSet();
                    this.principals.add(new org.apache.karaf.jaas.boot.principal.UserPrincipal(name));
                    for (int i = 1; i < split.length; i++) {
                        this.principals.add(new RolePrincipal(split[i]));
                    }
                    this.subject.getPrivateCredentials().add(new String(password));
                    z = true;
                }
                if (this.debug) {
                    LOG.debug("Successfully logged in {}", name);
                }
                return z;
            } catch (IOException e) {
                throw new LoginException(e.getMessage());
            } catch (UnsupportedCallbackException e2) {
                throw new LoginException(e2.getMessage() + " not available to obtain information from user");
            }
        } catch (LoginException e3) {
            if (this.debug) {
                LOG.debug("Login failed {}", (Object) null, e3);
            }
            throw e3;
        }
    }

    public boolean commit() throws LoginException {
        if (this.principals.isEmpty()) {
            return false;
        }
        RolePolicy policy = RolePolicy.getPolicy(this.rolePolicy);
        if (policy == null || this.roleDiscriminator == null) {
            this.subject.getPrincipals().addAll(this.principals);
            return true;
        }
        policy.handleRoles(this.subject, this.principals, this.roleDiscriminator);
        return true;
    }

    public boolean abort() throws LoginException {
        if (!this.debug) {
            return true;
        }
        LOG.debug("abort");
        return true;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().removeAll(this.principals);
        this.principals.clear();
        if (!this.debug) {
            return true;
        }
        LOG.debug("logout");
        return true;
    }

    public String getEncryptedPassword(String str) {
        Encryption encryption = this.encryptionSupport.getEncryption();
        String encryptionPrefix = this.encryptionSupport.getEncryptionPrefix();
        String encryptionSuffix = this.encryptionSupport.getEncryptionSuffix();
        if (encryption == null) {
            return str;
        }
        boolean z = encryptionPrefix == null || str.startsWith(encryptionPrefix);
        boolean z2 = encryptionSuffix == null || str.endsWith(encryptionSuffix);
        if (z && z2) {
            return str;
        }
        String encryptPassword = encryption.encryptPassword(str);
        if (encryptionPrefix != null) {
            encryptPassword = encryptionPrefix + encryptPassword;
        }
        if (encryptionSuffix != null) {
            encryptPassword = encryptPassword + encryptionSuffix;
        }
        return encryptPassword;
    }

    public boolean checkPassword(String str, String str2) {
        Encryption encryption = this.encryptionSupport.getEncryption();
        String encryptionPrefix = this.encryptionSupport.getEncryptionPrefix();
        String encryptionSuffix = this.encryptionSupport.getEncryptionSuffix();
        if (encryption == null) {
            return str.equals(str2);
        }
        boolean z = encryptionPrefix == null || str2.startsWith(encryptionPrefix);
        boolean z2 = encryptionSuffix == null || str2.endsWith(encryptionSuffix);
        if (z && z2) {
            return encryption.checkPassword(str, str2.substring(encryptionPrefix != null ? encryptionPrefix.length() : 0, str2.length() - (encryptionSuffix != null ? encryptionSuffix.length() : 0)));
        }
        return str.equals(str2);
    }
}
