package org.jboss.security;

import java.io.IOException;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.jboss.modules.xml.XmlPullParser;

/* loaded from: input_file:org/jboss/security/ClientLoginModule.class */
public class ClientLoginModule implements LoginModule {
    private static final String USE_FIRST_PASSWORD = "useFirstPass";
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Principal loginPrincipal;
    private Object loginCredential;
    private Map<String, ?> sharedState;
    private boolean useFirstPass;
    private boolean restoreLoginIdentity;
    private SecurityContext cachedSecurityContext;
    private static final String MULTI_TREADED = "multi-threaded";
    private static final String RESTORE_LOGIN_IDENTITY = "restore-login-identity";
    private static final String PASSWORD_STACKING = "password-stacking";
    private static final String PRINCIPAL_CLASS = "principalClass";
    private static final String[] ALL_VALID_OPTIONS = {MULTI_TREADED, RESTORE_LOGIN_IDENTITY, PASSWORD_STACKING, PRINCIPAL_CLASS, SecurityConstants.SECURITY_DOMAIN_OPTION};

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        HashSet hashSet = new HashSet(Arrays.asList(ALL_VALID_OPTIONS));
        for (String str : map2.keySet()) {
            if (!hashSet.contains(str)) {
                PicketBoxLogger.LOGGER.warnInvalidModuleOption(str);
            }
        }
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        PicketBoxLogger.LOGGER.debugModuleOption(SecurityConstants.SECURITY_DOMAIN_OPTION, map2.get(SecurityConstants.SECURITY_DOMAIN_OPTION));
        String str2 = (String) map2.get(MULTI_TREADED);
        if (Boolean.valueOf(str2).booleanValue()) {
            PicketBoxLogger.LOGGER.debugModuleOption(MULTI_TREADED, str2);
        }
        if (str2 != null && str2.length() > 0 && org.jboss.as.cli.Util.FALSE.equalsIgnoreCase(str2)) {
            SecurityAssociationActions.setClient();
        }
        String str3 = (String) map2.get(RESTORE_LOGIN_IDENTITY);
        this.restoreLoginIdentity = Boolean.valueOf(str3).booleanValue();
        PicketBoxLogger.LOGGER.debugModuleOption(RESTORE_LOGIN_IDENTITY, str3);
        String str4 = (String) map2.get(PASSWORD_STACKING);
        if (str4 != null && str4.equalsIgnoreCase(USE_FIRST_PASSWORD)) {
            this.useFirstPass = true;
        }
        PicketBoxLogger.LOGGER.debugModuleOption(PASSWORD_STACKING, str4);
        this.cachedSecurityContext = SecurityAssociationActions.getSecurityContext();
    }

    public boolean login() throws LoginException {
        PicketBoxLogger.LOGGER.traceBeginLogin();
        if (this.useFirstPass) {
            try {
                Object obj = this.sharedState.get("javax.security.auth.login.name");
                if (obj instanceof Principal) {
                    this.loginPrincipal = (Principal) obj;
                } else {
                    this.loginPrincipal = new SimplePrincipal(obj != null ? obj.toString() : XmlPullParser.NO_NAMESPACE);
                }
                this.loginCredential = this.sharedState.get("javax.security.auth.login.password");
                return true;
            } catch (Exception e) {
                PicketBoxLogger.LOGGER.debugIgnoredException(e);
            }
        }
        if (this.callbackHandler == null) {
            throw PicketBoxMessages.MESSAGES.noCallbackHandlerAvailable();
        }
        PasswordCallback passwordCallback = new PasswordCallback(PicketBoxMessages.MESSAGES.enterPasswordMessage(), false);
        Callback nameCallback = new NameCallback(PicketBoxMessages.MESSAGES.enterUsernameMessage(), "guest");
        try {
            char[] cArr = null;
            this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            this.loginPrincipal = new SimplePrincipal(nameCallback.getName());
            char[] password = passwordCallback.getPassword();
            if (password != null) {
                cArr = new char[password.length];
                System.arraycopy(password, 0, cArr, 0, password.length);
                passwordCallback.clearPassword();
            }
            this.loginCredential = cArr;
            PicketBoxLogger.LOGGER.traceObtainedAuthInfoFromHandler(this.loginPrincipal, this.loginCredential != null ? this.loginCredential.getClass() : null);
            PicketBoxLogger.LOGGER.traceEndLogin(true);
            return true;
        } catch (IOException e2) {
            LoginException loginException = new LoginException(e2.getLocalizedMessage());
            loginException.initCause(e2);
            throw loginException;
        } catch (UnsupportedCallbackException e3) {
            LoginException loginException2 = new LoginException(e3.getLocalizedMessage());
            loginException2.initCause(e3);
            throw loginException2;
        }
    }

    public boolean commit() throws LoginException {
        PicketBoxLogger.LOGGER.traceBeginCommit(true);
        SecurityAssociationActions.setPrincipalInfo(this.loginPrincipal, this.loginCredential, this.subject);
        Set<Principal> principals = this.subject.getPrincipals();
        if (principals.contains(this.loginPrincipal)) {
            return true;
        }
        principals.add(this.loginPrincipal);
        return true;
    }

    public boolean abort() throws LoginException {
        PicketBoxLogger.LOGGER.traceBeginAbort();
        if (this.restoreLoginIdentity) {
            SecurityAssociationActions.setSecurityContext(this.cachedSecurityContext);
            return true;
        }
        SecurityAssociationActions.clear();
        return true;
    }

    public boolean logout() throws LoginException {
        PicketBoxLogger.LOGGER.traceBeginLogout();
        if (this.restoreLoginIdentity) {
            SecurityAssociationActions.setSecurityContext(this.cachedSecurityContext);
        } else {
            SecurityAssociationActions.clear();
        }
        this.subject.getPrincipals().remove(this.loginPrincipal);
        return true;
    }
}
