package org.teiid.jboss;

import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.jboss.logging.Logger;
import org.jboss.resource.security.AbstractPasswordCredentialLoginModule;
import org.jboss.security.Base64Utils;
import org.jboss.security.SimplePrincipal;

/* loaded from: input_file:org/teiid/jboss/RoleBasedCredentialMapIdentityLoginModule.class */
public class RoleBasedCredentialMapIdentityLoginModule extends AbstractPasswordCredentialLoginModule {
    private Properties credentialMap;
    private static final Logger log = Logger.getLogger(RoleBasedCredentialMapIdentityLoginModule.class);
    private String mappedRole = "mappedRole";
    private char[] pbepass = "jaas is the way".toCharArray();
    private String pbealgo = "PBEwithMD5andDES";
    private byte[] salt = {1, 7, 2, 9, 3, 11, 4, 13};
    private int iterationCount = 37;
    private boolean encryptionInUse = false;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
        String str = (String) map2.get("credentialMap");
        if (str == null) {
            throw new IllegalArgumentException("Must supply credentialMap file name!");
        }
        try {
            this.credentialMap = Util.loadProperties(str, log);
        } catch (IOException e) {
            log.error("failed to load credentail map");
        }
        String str2 = (String) map2.get("encryptedPasswords");
        if (str2 == null || !str2.equalsIgnoreCase("true")) {
            return;
        }
        this.encryptionInUse = true;
        String str3 = (String) map2.get("pbepass");
        if (str3 != null) {
            try {
                this.pbepass = org.jboss.security.Util.loadPassword(str3);
            } catch (Exception e2) {
                throw new IllegalStateException(e2);
            }
        }
        String str4 = (String) map2.get("pbealgo");
        if (str4 != null) {
            this.pbealgo = str4;
        }
        String str5 = (String) map2.get("salt");
        if (str5 != null) {
            this.salt = str5.substring(0, 8).getBytes();
        }
        String str6 = (String) map2.get("iterationCount");
        if (str6 != null) {
            this.iterationCount = Integer.parseInt(str6);
        }
    }

    public boolean login() throws LoginException {
        if (this.credentialMap == null) {
            throw new LoginException("Credential Map properties file failed to load");
        }
        return super.login();
    }

    public boolean commit() throws LoginException {
        String str = null;
        String str2 = null;
        for (String str3 : getRoles()) {
            String property = this.credentialMap.getProperty(str3);
            if (property != null) {
                str = str3;
                str2 = property;
            }
        }
        if (str != null && str2 != null) {
            try {
                this.mappedRole = str;
                PasswordCredential passwordCredential = new PasswordCredential(str, decode(str2));
                passwordCredential.setManagedConnectionFactory(getMcf());
                SecurityActions.addCredentials(this.subject, passwordCredential);
            } catch (Exception e) {
                throw new LoginException("Failed to decode password: " + e.getMessage());
            }
        }
        return super.commit();
    }

    protected Principal getIdentity() {
        return new SimplePrincipal(this.mappedRole);
    }

    protected Group[] getRoleSets() throws LoginException {
        return new Group[0];
    }

    private Set<String> getRoles() {
        HashSet hashSet = new HashSet();
        for (Principal principal : this.subject.getPrincipals()) {
            if ((principal instanceof Group) && principal.getName().equals("Roles")) {
                Enumeration<? extends Principal> members = ((Group) principal).members();
                while (members.hasMoreElements()) {
                    hashSet.add(members.nextElement().getName());
                }
            }
        }
        return hashSet;
    }

    private char[] decode(String str) throws Exception {
        if (!this.encryptionInUse) {
            return str.toCharArray();
        }
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(this.salt, this.iterationCount);
        SecretKey generateSecret = SecretKeyFactory.getInstance(this.pbealgo).generateSecret(new PBEKeySpec(this.pbepass));
        byte[] fromb64 = Base64Utils.fromb64(str);
        Cipher cipher = Cipher.getInstance(this.pbealgo);
        cipher.init(2, generateSecret, pBEParameterSpec);
        return new String(cipher.doFinal(fromb64)).toCharArray();
    }
}
