package org.jboss.portal.identity.auth;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Iterator;
import java.util.Map;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.jacc.PolicyContext;
import javax.servlet.http.HttpServletRequest;
import javax.transaction.TransactionManager;
import org.jboss.portal.common.transaction.Transactions;
import org.jboss.portal.identity.IdentityConfiguration;
import org.jboss.portal.identity.MembershipModule;
import org.jboss.portal.identity.NoSuchUserException;
import org.jboss.portal.identity.Role;
import org.jboss.portal.identity.RoleModule;
import org.jboss.portal.identity.User;
import org.jboss.portal.identity.UserModule;
import org.jboss.portal.identity.UserProfileModule;
import org.jboss.portal.identity.UserStatus;
import org.jboss.security.SimpleGroup;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;

/* loaded from: input_file:org/jboss/portal/identity/auth/IdentityLoginModule.class */
public class IdentityLoginModule extends UsernamePasswordLoginModule {
    protected String userModuleJNDIName;
    protected String roleModuleJNDIName;
    protected String userProfileModuleJNDIName;
    protected String membershipModuleJNDIName;
    protected String additionalRole;
    protected String havingRole;
    protected String validateUserNameCase;
    protected String userNameToLowerCase;
    private UserModule userModule;
    private RoleModule roleModule;
    private UserProfileModule userProfileModule;
    private MembershipModule membershipModule;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.userModuleJNDIName = (String) map2.get("userModuleJNDIName");
        this.roleModuleJNDIName = (String) map2.get("roleModuleJNDIName");
        this.userProfileModuleJNDIName = (String) map2.get("userProfileModuleJNDIName");
        this.membershipModuleJNDIName = (String) map2.get("membershipModuleJNDIName");
        this.additionalRole = (String) map2.get("additionalRole");
        this.havingRole = (String) map2.get("havingRole");
        this.validateUserNameCase = (String) map2.get("validateUserNameCase");
        this.userNameToLowerCase = (String) map2.get(IdentityConfiguration.USER_USER_NAME_TO_LOWER_CASE);
        this.log.trace("userModuleJNDIName = " + this.userModuleJNDIName);
        this.log.trace("roleModuleJNDIName = " + this.roleModuleJNDIName);
        this.log.trace("userProfileModuleJNDIName = " + this.userProfileModuleJNDIName);
        this.log.trace("membershipModuleJNDIName = " + this.membershipModuleJNDIName);
        this.log.trace("additionalRole = " + this.additionalRole);
        this.log.trace("havingRole = " + this.havingRole);
        this.log.trace("validateUserNameCase = " + this.validateUserNameCase);
        this.log.trace("userNameToLowerCase = " + this.userNameToLowerCase);
    }

    protected UserModule getUserModule() throws NamingException {
        if (this.userModule == null) {
            this.userModule = (UserModule) new InitialContext().lookup(this.userModuleJNDIName);
        }
        return this.userModule;
    }

    protected RoleModule getRoleModule() throws NamingException {
        if (this.roleModule == null) {
            this.roleModule = (RoleModule) new InitialContext().lookup(this.roleModuleJNDIName);
        }
        return this.roleModule;
    }

    protected UserProfileModule getUserProfileModule() throws NamingException {
        if (this.userProfileModule == null) {
            this.userProfileModule = (UserProfileModule) new InitialContext().lookup(this.userProfileModuleJNDIName);
        }
        return this.userProfileModule;
    }

    protected MembershipModule getMembershipModule() throws NamingException {
        if (this.membershipModule == null) {
            this.membershipModule = (MembershipModule) new InitialContext().lookup(this.membershipModuleJNDIName);
        }
        return this.membershipModule;
    }

    protected String getUsersPassword() throws LoginException {
        return "";
    }

    protected boolean validatePassword(String str, String str2) {
        try {
            HttpServletRequest httpServletRequest = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
            if (httpServletRequest.getAttribute("ssoSuccess") != null) {
                return true;
            }
            try {
                if (str == null) {
                    return false;
                }
                try {
                    UserStatus userStatus = getUserStatus(str);
                    httpServletRequest.setAttribute("org.jboss.portal.userStatus", userStatus);
                    if (userStatus == UserStatus.DISABLE) {
                        httpServletRequest.setAttribute("org.jboss.portal.loginError", "Your account is disabled");
                        return false;
                    }
                    if (userStatus == UserStatus.NOTASSIGNEDTOROLE) {
                        httpServletRequest.setAttribute("org.jboss.portal.loginError", "The user doesn't have the correct role");
                        return false;
                    }
                    if (userStatus == UserStatus.UNEXISTING || userStatus == UserStatus.WRONGPASSWORD) {
                        httpServletRequest.setAttribute("org.jboss.portal.loginError", "The user doesn't exist or the password is incorrect");
                        return false;
                    }
                    if (userStatus == UserStatus.OK) {
                        return true;
                    }
                    this.log.error("Unexpected error while logging in");
                    return false;
                } catch (Exception e) {
                    this.log.error("Error when validating password", e);
                    return false;
                }
            } catch (Exception e2) {
                this.log.debug("Failed to validate password", e2);
                return false;
            }
        } catch (Exception e3) {
            this.log.error(this, e3);
            throw new RuntimeException(e3);
        }
    }

    protected UserStatus getUserStatus(final String str) {
        UserStatus userStatus = UserStatus.OK;
        try {
            UserStatus userStatus2 = (UserStatus) Transactions.required((TransactionManager) new InitialContext().lookup("java:/TransactionManager"), new Transactions.Runnable() { // from class: org.jboss.portal.identity.auth.IdentityLoginModule.1
                public Object run() throws Exception {
                    try {
                        User findUserByUserName = IdentityLoginModule.this.getUserModule().findUserByUserName(IdentityLoginModule.this.getUsername());
                        if (findUserByUserName == null) {
                            throw new NoSuchUserException("UserModule returned null user object");
                        }
                        if (IdentityLoginModule.this.validateUserNameCase != null && IdentityLoginModule.this.validateUserNameCase.equalsIgnoreCase("true") && !IdentityLoginModule.this.getUsername().equals(findUserByUserName.getUserName())) {
                            return UserStatus.UNEXISTING;
                        }
                        boolean z = false;
                        try {
                            Object property = IdentityLoginModule.this.getUserProfileModule().getProperty(findUserByUserName, User.INFO_USER_ENABLED);
                            if (property != null && (property instanceof Boolean)) {
                                z = ((Boolean) property).booleanValue();
                            }
                        } catch (Exception e) {
                            e.printStackTrace();
                        }
                        if (!z) {
                            return UserStatus.DISABLE;
                        }
                        if (IdentityLoginModule.this.havingRole != null) {
                            boolean z2 = false;
                            Iterator it = IdentityLoginModule.this.getMembershipModule().getRoles(findUserByUserName).iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                if (IdentityLoginModule.this.havingRole.equals(((Role) it.next()).getName())) {
                                    z2 = true;
                                    break;
                                }
                            }
                            if (!z2) {
                                return UserStatus.NOTASSIGNEDTOROLE;
                            }
                        }
                        if (findUserByUserName.validatePassword(str)) {
                            return null;
                        }
                        return UserStatus.WRONGPASSWORD;
                    } catch (NoSuchUserException e2) {
                        return UserStatus.UNEXISTING;
                    } catch (Exception e3) {
                        throw new LoginException(e3.toString());
                    }
                }
            });
            if (userStatus2 != null) {
                userStatus = userStatus2;
            }
        } catch (NamingException e) {
            e.printStackTrace();
        }
        return userStatus;
    }

    protected Group[] getRoleSets() throws LoginException {
        try {
            return (Group[]) Transactions.required((TransactionManager) new InitialContext().lookup("java:/TransactionManager"), new Transactions.Runnable() { // from class: org.jboss.portal.identity.auth.IdentityLoginModule.2
                public Object run() throws Exception {
                    Group simpleGroup = new SimpleGroup("Roles");
                    if (IdentityLoginModule.this.additionalRole != null) {
                        simpleGroup.addMember(IdentityLoginModule.this.createIdentity(IdentityLoginModule.this.additionalRole));
                    }
                    try {
                        Iterator it = IdentityLoginModule.this.getMembershipModule().getRoles(IdentityLoginModule.this.getUserModule().findUserByUserName(IdentityLoginModule.this.getUsername())).iterator();
                        while (it.hasNext()) {
                            String name = ((Role) it.next()).getName();
                            try {
                                simpleGroup.addMember(IdentityLoginModule.this.createIdentity(name));
                            } catch (Exception e) {
                                IdentityLoginModule.this.log.debug("Failed to create principal " + name, e);
                            }
                        }
                        return new Group[]{simpleGroup};
                    } catch (Exception e2) {
                        throw new LoginException(e2.toString());
                    }
                }
            });
        } catch (Exception e) {
            throw new LoginException(e.getCause().toString());
        }
    }

    protected Principal createIdentity(String str) throws Exception {
        return new UserPrincipal(str);
    }

    protected String getUsername() {
        return (this.userNameToLowerCase == null || !this.userNameToLowerCase.equalsIgnoreCase("true")) ? super.getUsername() : super.getUsername().toLowerCase();
    }

    protected String[] getUsernameAndPassword() throws LoginException {
        String[] usernameAndPassword = super.getUsernameAndPassword();
        if (this.userNameToLowerCase != null && this.userNameToLowerCase.equalsIgnoreCase("true") && usernameAndPassword[0] != null) {
            usernameAndPassword[0] = usernameAndPassword[0].toLowerCase();
        }
        return usernameAndPassword;
    }
}
