package org.fusesource.fabric.jaas;

import java.io.IOException;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
import org.apache.karaf.jaas.modules.Encryption;
import org.apache.karaf.jaas.modules.encryption.EncryptionSupport;
import org.apache.xalan.xsltc.trax.TransformerFactoryImpl;
import org.fusesource.fabric.zookeeper.IZKClient;
import org.fusesource.fabric.zookeeper.utils.ZooKeeperUtils;
import org.osgi.framework.BundleContext;
import org.osgi.framework.BundleReference;
import org.osgi.framework.ServiceReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:fuse-esb-7.1.0.fuse-SNAPSHOT/system/org/fusesource/fabric/fabric-jaas/7.1.0.fuse-046/fabric-jaas-7.1.0.fuse-046.jar:org/fusesource/fabric/jaas/ZookeeperLoginModule.class */
public class ZookeeperLoginModule extends AbstractKarafLoginModule implements LoginModule {
    private boolean debug = false;
    EncryptionSupport encryptionSupport;
    public static final ThreadLocal<IZKClient> ZOOKEEPER_CONTEXT = new ThreadLocal<>();
    private static final Logger LOG = LoggerFactory.getLogger(ZookeeperLoginModule.class);
    private static Properties users = new Properties();

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.debug = "true".equalsIgnoreCase((String) map2.get(TransformerFactoryImpl.DEBUG));
        IZKClient iZKClient = ZOOKEEPER_CONTEXT.get();
        if (iZKClient == null) {
            BundleContext bundleContext = ((BundleReference) getClass().getClassLoader()).getBundle().getBundleContext();
            this.encryptionSupport = new EncryptionSupport(map2);
            ServiceReference<?> serviceReference = bundleContext.getServiceReference(IZKClient.class.getName());
            try {
                if (serviceReference != null) {
                    try {
                        users = ZooKeeperUtils.getProperties((IZKClient) bundleContext.getService(serviceReference), ZookeeperBackingEngine.USERS_NODE);
                        if (serviceReference != null) {
                            bundleContext.ungetService(serviceReference);
                        }
                    } catch (Exception e) {
                        LOG.warn("Failed fetching authentication data.", (Throwable) e);
                        if (serviceReference != null) {
                            bundleContext.ungetService(serviceReference);
                        }
                    }
                }
            } catch (Throwable th) {
                if (serviceReference != null) {
                    bundleContext.ungetService(serviceReference);
                }
                throw th;
            }
        } else {
            try {
                users = ZooKeeperUtils.getProperties(iZKClient, ZookeeperBackingEngine.USERS_NODE);
            } catch (Exception e2) {
                LOG.warn("Failed fetching authentication data.", (Throwable) e2);
            }
        }
        if (this.encryptionSupport == null) {
            this.encryptionSupport = new BasicEncryptionSupport(map2);
        }
        super.initialize(subject, callbackHandler, map2);
    }

    public boolean login() throws LoginException {
        NameCallback[] nameCallbackArr = {new NameCallback("Username: "), new PasswordCallback("Password: ", false)};
        try {
            this.callbackHandler.handle(nameCallbackArr);
            this.user = nameCallbackArr[0].getName();
            char[] password = ((PasswordCallback) nameCallbackArr[1]).getPassword();
            if (password == null) {
                password = new char[0];
            }
            if (this.user == null) {
                throw new FailedLoginException("user name is null");
            }
            String property = users.getProperty(this.user);
            if (property == null) {
                throw new FailedLoginException("User doesn't exist");
            }
            String[] split = property.split(",");
            if (!checkPassword(new String(password), split[0])) {
                throw new FailedLoginException("Password does not match");
            }
            this.principals = new HashSet();
            this.principals.add(new org.apache.karaf.jaas.boot.principal.UserPrincipal(this.user));
            for (int i = 1; i < split.length; i++) {
                this.principals.add(new RolePrincipal(split[i]));
            }
            this.subject.getPrivateCredentials().add(new String(password));
            if (!this.debug) {
                return true;
            }
            LOG.debug("Successfully logged in {}", this.user);
            return true;
        } catch (IOException e) {
            throw new LoginException(e.getMessage());
        } catch (UnsupportedCallbackException e2) {
            throw new LoginException(e2.getMessage() + " not available to obtain information from user");
        }
    }

    public boolean abort() throws LoginException {
        clear();
        if (!this.debug) {
            return true;
        }
        LOG.debug("abort");
        return true;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().removeAll(this.principals);
        this.principals.clear();
        if (!this.debug) {
            return true;
        }
        LOG.debug("logout");
        return true;
    }

    @Override // org.apache.karaf.jaas.modules.AbstractKarafLoginModule
    public String getEncryptedPassword(String str) {
        Encryption encryption = this.encryptionSupport.getEncryption();
        String encryptionPrefix = this.encryptionSupport.getEncryptionPrefix();
        String encryptionSuffix = this.encryptionSupport.getEncryptionSuffix();
        if (encryption == null) {
            return str;
        }
        boolean z = encryptionPrefix == null || str.startsWith(encryptionPrefix);
        boolean z2 = encryptionSuffix == null || str.endsWith(encryptionSuffix);
        if (z && z2) {
            return str;
        }
        String encryptPassword = encryption.encryptPassword(str);
        if (encryptionPrefix != null) {
            encryptPassword = encryptionPrefix + encryptPassword;
        }
        if (encryptionSuffix != null) {
            encryptPassword = encryptPassword + encryptionSuffix;
        }
        return encryptPassword;
    }

    @Override // org.apache.karaf.jaas.modules.AbstractKarafLoginModule
    public boolean checkPassword(String str, String str2) {
        Encryption encryption = this.encryptionSupport.getEncryption();
        String encryptionPrefix = this.encryptionSupport.getEncryptionPrefix();
        String encryptionSuffix = this.encryptionSupport.getEncryptionSuffix();
        if (encryption == null) {
            return str.equals(str2);
        }
        boolean z = encryptionPrefix == null || str2.startsWith(encryptionPrefix);
        boolean z2 = encryptionSuffix == null || str2.endsWith(encryptionSuffix);
        if (z && z2) {
            return encryption.checkPassword(str, str2.substring(encryptionPrefix != null ? encryptionPrefix.length() : 0, str2.length() - (encryptionSuffix != null ? encryptionSuffix.length() : 0)));
        }
        return str.equals(str2);
    }
}
