package org.teiid.jboss.oauth;

import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.acl.Group;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SimplePrincipal;
import org.picketbox.datasource.security.AbstractPasswordCredentialLoginModule;
import org.teiid.OAuthCredential;

/* loaded from: input_file:org/teiid/jboss/oauth/OAuth20LoginModule.class */
public class OAuth20LoginModule extends AbstractPasswordCredentialLoginModule {
    private String clientId;
    private String clientSecret;
    private String refreshToken;
    private String accessTokenURI;
    protected OAuthCredential credential;
    protected Subject callerSubject;
    protected Principal callerPrincipal;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.clientId = (String) map2.get("client-id");
        this.clientSecret = (String) map2.get("client-secret");
        this.refreshToken = (String) map2.get("refresh-token");
        this.accessTokenURI = (String) map2.get("access-token-uri");
    }

    public boolean login() throws LoginException {
        this.callerSubject = getSubject();
        this.callerPrincipal = getPrincipal();
        if (getCredential() == null) {
            if (getClientId() == null || getClientSecret() == null || getAccessTokenURI() == null || getRefreshToken() == null) {
                ((AbstractPasswordCredentialLoginModule) this).loginOk = false;
                return false;
            }
            OAuth20CredentialImpl oAuth20CredentialImpl = new OAuth20CredentialImpl();
            oAuth20CredentialImpl.setClientId(getClientId());
            oAuth20CredentialImpl.setClientSecret(getClientSecret());
            oAuth20CredentialImpl.setRefreshToken(getRefreshToken());
            oAuth20CredentialImpl.setAccessTokenURI(getAccessTokenURI());
            setCredential(oAuth20CredentialImpl);
        }
        ((AbstractPasswordCredentialLoginModule) this).loginOk = true;
        return true;
    }

    protected Principal getIdentity() {
        return this.callerPrincipal != null ? this.callerPrincipal : new SimplePrincipal("oauth-user");
    }

    protected Group[] getRoleSets() throws LoginException {
        return new Group[0];
    }

    public boolean commit() throws LoginException {
        this.subject.getPrincipals().add(getIdentity());
        addPrivateCredential(this.subject, getCredential());
        return true;
    }

    static void addPrivateCredential(final Subject subject, final Object obj) {
        if (System.getSecurityManager() == null) {
            subject.getPrivateCredentials().add(obj);
        } else {
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: org.teiid.jboss.oauth.OAuth20LoginModule.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    subject.getPrivateCredentials().add(obj);
                    return null;
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Principal getPrincipal() {
        return System.getSecurityManager() == null ? SecurityContextAssociation.getPrincipal() : (Principal) AccessController.doPrivileged(new PrivilegedAction<Principal>() { // from class: org.teiid.jboss.oauth.OAuth20LoginModule.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Principal run() {
                return SecurityContextAssociation.getPrincipal();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Subject getSubject() {
        return System.getSecurityManager() == null ? SecurityContextAssociation.getSubject() : (Subject) AccessController.doPrivileged(new PrivilegedAction<Subject>() { // from class: org.teiid.jboss.oauth.OAuth20LoginModule.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Subject run() {
                return SecurityContextAssociation.getSubject();
            }
        });
    }

    public OAuthCredential getCredential() {
        return this.credential;
    }

    public void setCredential(OAuthCredential oAuthCredential) {
        this.credential = oAuthCredential;
    }

    public String getClientId() {
        return this.clientId;
    }

    public void setClientId(String str) {
        this.clientId = str;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public void setClientSecret(String str) {
        this.clientSecret = str;
    }

    public String getRefreshToken() {
        return this.refreshToken;
    }

    public void setRefreshToken(String str) {
        this.refreshToken = str;
    }

    public String getAccessTokenURI() {
        return this.accessTokenURI;
    }

    public void setAccessTokenURI(String str) {
        this.accessTokenURI = str;
    }
}
