package org.jboss.security.auth.spi;

import java.io.IOException;
import java.io.InputStream;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.jboss.crypto.digest.DigestCallback;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.vault.SecurityVaultException;
import org.jboss.security.vault.SecurityVaultUtil;

/* loaded from: input_file:WEB-INF/lib/picketbox-4.0.19.SP5-redhat-1.jar:org/jboss/security/auth/spi/UsernamePasswordLoginModule.class */
public abstract class UsernamePasswordLoginModule extends AbstractServerLoginModule {
    private static final String HASH_ALGORITHM = "hashAlgorithm";
    private static final String HASH_ENCODING = "hashEncoding";
    private static final String HASH_CHARSET = "hashCharset";
    private static final String HASH_STORE_PASSWORD = "hashStorePassword";
    private static final String HASH_USER_PASSWORD = "hashUserPassword";
    private static final String DIGEST_CALLBACK = "digestCallback";
    private static final String STORE_DIGEST_CALLBACK = "storeDigestCallback";
    private static final String IGNORE_PASSWORD_CASE = "ignorePasswordCase";
    private static final String LEGACY_CREATE_PASSWORD_HASH = "legacyCreatePasswordHash";
    private static final String THROW_VALIDATE_ERROR = "throwValidateError";
    private static final String INPUT_VALIDATOR = "inputValidator";
    private static final String PASS_IS_A1_HASH = "passwordIsA1Hash";
    private static final String[] ALL_VALID_OPTIONS = {HASH_ALGORITHM, HASH_ENCODING, HASH_CHARSET, HASH_STORE_PASSWORD, HASH_USER_PASSWORD, DIGEST_CALLBACK, STORE_DIGEST_CALLBACK, IGNORE_PASSWORD_CASE, LEGACY_CREATE_PASSWORD_HASH, THROW_VALIDATE_ERROR, INPUT_VALIDATOR, PASS_IS_A1_HASH};
    private Principal identity;
    private char[] credential;
    private boolean ignorePasswordCase;
    private boolean hashStorePassword;
    private boolean legacyCreatePasswordHash;
    private Throwable validateError;
    private String hashAlgorithm = null;
    private String hashCharset = null;
    private String hashEncoding = null;
    private boolean hashUserPassword = true;
    private boolean throwValidateError = false;
    private InputValidator inputValidator = null;

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        addValidOptions(ALL_VALID_OPTIONS);
        super.initialize(subject, callbackHandler, map, map2);
        this.hashAlgorithm = (String) map2.get(HASH_ALGORITHM);
        if (this.hashAlgorithm != null) {
            this.hashEncoding = (String) map2.get(HASH_ENCODING);
            if (this.hashEncoding == null) {
                this.hashEncoding = "BASE64";
            }
            this.hashCharset = (String) map2.get(HASH_CHARSET);
            PicketBoxLogger.LOGGER.debugPasswordHashing(this.hashAlgorithm, this.hashEncoding, this.hashCharset, (String) map2.get(DIGEST_CALLBACK), (String) map2.get(STORE_DIGEST_CALLBACK));
        }
        this.ignorePasswordCase = Boolean.valueOf((String) map2.get(IGNORE_PASSWORD_CASE)).booleanValue();
        this.hashStorePassword = Boolean.valueOf((String) map2.get(HASH_STORE_PASSWORD)).booleanValue();
        String str = (String) map2.get(HASH_USER_PASSWORD);
        if (str != null) {
            this.hashUserPassword = Boolean.valueOf(str).booleanValue();
        }
        String str2 = (String) map2.get(LEGACY_CREATE_PASSWORD_HASH);
        if (str2 != null) {
            this.legacyCreatePasswordHash = Boolean.valueOf(str2).booleanValue();
        }
        String str3 = (String) map2.get(THROW_VALIDATE_ERROR);
        if (str3 != null) {
            this.throwValidateError = Boolean.valueOf(str3).booleanValue();
        }
        String str4 = (String) map2.get(INPUT_VALIDATOR);
        if (str4 != null) {
            try {
                this.inputValidator = (InputValidator) SecurityActions.loadClass(str4).newInstance();
            } catch (Exception e) {
                PicketBoxLogger.LOGGER.debugFailureToInstantiateClass(str4, e);
            }
        }
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public boolean login() throws LoginException {
        if (super.login()) {
            Object obj = this.sharedState.get("javax.security.auth.login.name");
            if (obj instanceof Principal) {
                this.identity = (Principal) obj;
            } else {
                try {
                    this.identity = createIdentity(obj.toString());
                } catch (Exception e) {
                    LoginException failedToCreatePrincipal = PicketBoxMessages.MESSAGES.failedToCreatePrincipal(e.getLocalizedMessage());
                    failedToCreatePrincipal.initCause(e);
                    throw failedToCreatePrincipal;
                }
            }
            Object obj2 = this.sharedState.get("javax.security.auth.login.password");
            if (obj2 instanceof char[]) {
                this.credential = (char[]) obj2;
                return true;
            }
            if (obj2 == null) {
                return true;
            }
            this.credential = obj2.toString().toCharArray();
            return true;
        }
        this.loginOk = false;
        String[] usernameAndPassword = getUsernameAndPassword();
        String str = usernameAndPassword[0];
        String str2 = usernameAndPassword[1];
        if (this.inputValidator != null) {
            try {
                this.inputValidator.validateUsernameAndPassword(str, str2);
            } catch (InputValidationException e2) {
                throw new FailedLoginException(e2.getLocalizedMessage());
            }
        }
        if (str == null && str2 == null) {
            this.identity = this.unauthenticatedIdentity;
            PicketBoxLogger.LOGGER.traceUsingUnauthIdentity(this.identity != null ? this.identity.getName() : null);
        }
        if (this.identity == null) {
            try {
                this.identity = createIdentity(str);
                if (this.hashAlgorithm != null && this.hashUserPassword) {
                    str2 = createPasswordHash(str, str2, DIGEST_CALLBACK);
                }
                String usersPassword = getUsersPassword();
                if (SecurityVaultUtil.isVaultFormat(usersPassword)) {
                    try {
                        usersPassword = SecurityVaultUtil.getValueAsString(usersPassword);
                    } catch (SecurityVaultException e3) {
                        LoginException unableToGetPasswordFromVault = PicketBoxMessages.MESSAGES.unableToGetPasswordFromVault();
                        unableToGetPasswordFromVault.initCause(e3);
                        throw unableToGetPasswordFromVault;
                    }
                }
                if (this.hashAlgorithm != null && this.hashStorePassword) {
                    usersPassword = createPasswordHash(str, usersPassword, STORE_DIGEST_CALLBACK);
                }
                if (!validatePassword(str2, usersPassword)) {
                    Throwable validateError = getValidateError();
                    FailedLoginException invalidPassword = PicketBoxMessages.MESSAGES.invalidPassword();
                    PicketBoxLogger.LOGGER.debugBadPasswordForUsername(str);
                    if (validateError != null && this.throwValidateError) {
                        invalidPassword.initCause(validateError);
                    }
                    throw invalidPassword;
                }
            } catch (Exception e4) {
                LoginException failedToCreatePrincipal2 = PicketBoxMessages.MESSAGES.failedToCreatePrincipal(e4.getLocalizedMessage());
                failedToCreatePrincipal2.initCause(e4);
                throw failedToCreatePrincipal2;
            }
        }
        if (getUseFirstPass()) {
            this.sharedState.put("javax.security.auth.login.name", this.identity);
            this.sharedState.put("javax.security.auth.login.password", this.credential);
        }
        this.loginOk = true;
        PicketBoxLogger.LOGGER.traceEndLogin(this.loginOk);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public Principal getIdentity() {
        return this.identity;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public Principal getUnauthenticatedIdentity() {
        return this.unauthenticatedIdentity;
    }

    protected Object getCredentials() {
        return this.credential;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getUsername() {
        String str = null;
        if (getIdentity() != null) {
            str = getIdentity().getName();
        }
        return str;
    }

    protected String[] getUsernameAndPassword() throws LoginException {
        String[] strArr = {null, null};
        if (this.callbackHandler == null) {
            throw PicketBoxMessages.MESSAGES.noCallbackHandlerAvailable();
        }
        Callback nameCallback = new NameCallback(PicketBoxMessages.MESSAGES.enterUsernameMessage(), "guest");
        PasswordCallback passwordCallback = new PasswordCallback(PicketBoxMessages.MESSAGES.enterPasswordMessage(), false);
        String str = null;
        try {
            this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            String name = nameCallback.getName();
            char[] password = passwordCallback.getPassword();
            if (password != null) {
                this.credential = new char[password.length];
                System.arraycopy(password, 0, this.credential, 0, password.length);
                passwordCallback.clearPassword();
                str = new String(this.credential);
            }
            strArr[0] = name;
            strArr[1] = str;
            return strArr;
        } catch (IOException e) {
            LoginException failedToInvokeCallbackHandler = PicketBoxMessages.MESSAGES.failedToInvokeCallbackHandler();
            failedToInvokeCallbackHandler.initCause(e);
            throw failedToInvokeCallbackHandler;
        } catch (UnsupportedCallbackException e2) {
            LoginException loginException = new LoginException();
            loginException.initCause(e2);
            throw loginException;
        }
    }

    protected String createPasswordHash(String str, String str2, String str3) throws LoginException {
        DigestCallback digestCallback = null;
        String str4 = (String) this.options.get(str3);
        if (str4 != null) {
            try {
                digestCallback = (DigestCallback) SecurityActions.loadClass(str4).newInstance();
                PicketBoxLogger.LOGGER.traceCreateDigestCallback(str4);
                HashMap hashMap = new HashMap();
                hashMap.putAll(this.options);
                hashMap.put("javax.security.auth.login.name", str);
                hashMap.put("javax.security.auth.login.password", str2);
                digestCallback.init(hashMap);
                Callback[] callbackArr = (Callback[]) hashMap.get("callbacks");
                if (callbackArr != null) {
                    try {
                        this.callbackHandler.handle(callbackArr);
                    } catch (IOException e) {
                        LoginException failedToInvokeCallbackHandler = PicketBoxMessages.MESSAGES.failedToInvokeCallbackHandler();
                        failedToInvokeCallbackHandler.initCause(e);
                        throw failedToInvokeCallbackHandler;
                    } catch (UnsupportedCallbackException e2) {
                        LoginException failedToInvokeCallbackHandler2 = PicketBoxMessages.MESSAGES.failedToInvokeCallbackHandler();
                        failedToInvokeCallbackHandler2.initCause(e2);
                        throw failedToInvokeCallbackHandler2;
                    }
                }
            } catch (Exception e3) {
                LoginException loginException = new LoginException(PicketBoxMessages.MESSAGES.failedToInstantiateClassMessage(Callback.class));
                loginException.initCause(e3);
                throw loginException;
            }
        }
        return Util.createPasswordHash(this.hashAlgorithm, this.hashEncoding, this.hashCharset, str, str2, digestCallback);
    }

    protected Throwable getValidateError() {
        return this.validateError;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setValidateError(Throwable th) {
        this.validateError = th;
    }

    protected boolean validatePassword(String str, String str2) {
        if (str == null || str2 == null) {
            return false;
        }
        return this.ignorePasswordCase ? str.equalsIgnoreCase(str2) : str.equals(str2);
    }

    protected abstract String getUsersPassword() throws LoginException;

    /* JADX INFO: Access modifiers changed from: protected */
    public void safeClose(InputStream inputStream) {
        if (inputStream != null) {
            try {
                inputStream.close();
            } catch (Exception e) {
            }
        }
    }
}
