package org.teiid.services;

import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.teiid.logging.LogManager;
import org.teiid.runtime.RuntimePlugin;
import org.teiid.security.Credentials;
import org.teiid.security.SecurityHelper;

/* loaded from: input_file:org/teiid/services/TeiidLoginContext.class */
public class TeiidLoginContext {
    public static final String AT = "@";
    private LoginContext loginContext;
    private String userName;
    private String securitydomain;
    private Object credentials;
    private SecurityHelper securityHelper;

    public TeiidLoginContext(SecurityHelper securityHelper) {
        this.securityHelper = securityHelper;
    }

    public void authenticateUser(String str, final Credentials credentials, String str2, List<String> list, boolean z) throws LoginException {
        LogManager.logDetail("org.teiid.SECURITY", new Object[]{"authenticateUser", str, str2});
        final String baseUsername = getBaseUsername(str);
        if (z) {
            for (String str3 : getDomainsForUser(list, str)) {
                Subject subjectInContext = this.securityHelper.getSubjectInContext(str3);
                if (subjectInContext != null) {
                    this.userName = getUserName(subjectInContext) + AT + str3;
                    this.securitydomain = str3;
                    this.loginContext = createLoginContext(str3, subjectInContext);
                    return;
                }
            }
            throw new LoginException(RuntimePlugin.Util.getString("no_passthrough_identity_found"));
        }
        for (String str4 : getDomainsForUser(list, str)) {
            try {
                this.loginContext = createLoginContext(str4, new CallbackHandler() { // from class: org.teiid.services.TeiidLoginContext.1
                    @Override // javax.security.auth.callback.CallbackHandler
                    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                        for (int i = 0; i < callbackArr.length; i++) {
                            if (callbackArr[i] instanceof NameCallback) {
                                ((NameCallback) callbackArr[i]).setName(baseUsername);
                            } else {
                                if (!(callbackArr[i] instanceof PasswordCallback)) {
                                    throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
                                }
                                PasswordCallback passwordCallback = (PasswordCallback) callbackArr[i];
                                char[] credentialsAsCharArray = credentials != null ? credentials.getCredentialsAsCharArray() : null;
                                passwordCallback.setPassword(credentialsAsCharArray);
                                TeiidLoginContext.this.credentials = credentialsAsCharArray;
                            }
                        }
                    }
                });
                this.loginContext.login();
                this.userName = baseUsername + AT + str4;
                this.securitydomain = str4;
                return;
            } catch (LoginException e) {
                LogManager.logDetail("org.teiid.SECURITY", e, new Object[]{e.getMessage()});
            }
        }
        throw new LoginException(RuntimePlugin.Util.getString("SessionServiceImpl.The_username_0_and/or_password_are_incorrect", new Object[]{str}));
    }

    private String getUserName(Subject subject) {
        for (Principal principal : subject.getPrincipals()) {
            if (!(principal instanceof Group)) {
                return principal.getName();
            }
        }
        return null;
    }

    public LoginContext createLoginContext(String str, CallbackHandler callbackHandler) throws LoginException {
        return new LoginContext(str, callbackHandler);
    }

    protected LoginContext createLoginContext(String str, Subject subject) throws LoginException {
        return new LoginContext(str, subject);
    }

    public LoginContext getLoginContext() {
        return this.loginContext;
    }

    public String getUserName() {
        return this.userName;
    }

    public String getSecurityDomain() {
        return this.securitydomain;
    }

    public Object getSecurityContext() {
        Object obj = null;
        if (this.loginContext != null) {
            obj = this.securityHelper.getSecurityContext(this.securitydomain);
            if (obj == null) {
                Subject subject = this.loginContext.getSubject();
                Principal principal = null;
                Iterator<Principal> it = subject.getPrincipals().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Principal next = it.next();
                    if (this.userName.startsWith(next.getName())) {
                        principal = next;
                        break;
                    }
                }
                return this.securityHelper.createSecurityContext(this.securitydomain, principal, this.credentials, subject);
            }
        }
        return obj;
    }

    static String getBaseUsername(String str) {
        if (str == null) {
            return str;
        }
        int qualifierIndex = getQualifierIndex(str);
        String str2 = str;
        if (qualifierIndex != -1) {
            str2 = str.substring(0, qualifierIndex);
        }
        return str2.replaceAll("\\\\@", AT);
    }

    static String escapeName(String str) {
        return str == null ? str : str.replaceAll(AT, "\\\\@");
    }

    static String getDomainName(String str) {
        if (str == null) {
            return str;
        }
        int qualifierIndex = getQualifierIndex(str);
        if (qualifierIndex != -1) {
            return str.substring(qualifierIndex + 1);
        }
        return null;
    }

    static int getQualifierIndex(String str) {
        int length = str.length();
        while (true) {
            int lastIndexOf = str.lastIndexOf(AT, length - 1);
            length = lastIndexOf;
            if (lastIndexOf == -1) {
                return -1;
            }
            if (length > 0 && str.charAt(length - 1) != '\\') {
                return length;
            }
        }
    }

    private Collection<String> getDomainsForUser(List<String> list, String str) {
        String domainName;
        if (str != null && (domainName = getDomainName(str)) != null) {
            String str2 = null;
            Iterator<String> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String next = it.next();
                if (next.equalsIgnoreCase(domainName)) {
                    str2 = next;
                    break;
                }
            }
            if (str2 == null) {
                return Collections.emptyList();
            }
            LinkedList linkedList = new LinkedList();
            linkedList.add(str2);
            return linkedList;
        }
        return list;
    }
}
