package org.jboss.security.auth.spi;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.Map;
import java.util.Properties;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.jboss.logging.Logger;
import org.jboss.util.StringPropertyReplacer;

/* loaded from: input_file:org/jboss/security/auth/spi/RoleMappingLoginModule.class */
public class RoleMappingLoginModule extends AbstractServerLoginModule {
    private static Logger log = Logger.getLogger(RoleMappingLoginModule.class);
    private boolean trace = log.isTraceEnabled();
    protected boolean REPLACE_ROLE = false;

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public boolean login() throws LoginException {
        if (super.login()) {
            return true;
        }
        this.loginOk = true;
        return true;
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Principal getIdentity() {
        for (Principal principal : this.subject.getPrincipals()) {
            if (!(principal instanceof Group)) {
                return principal;
            }
        }
        return null;
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Group[] getRoleSets() throws LoginException {
        if ("true".equalsIgnoreCase((String) this.options.get("replaceRole"))) {
            this.REPLACE_ROLE = true;
        }
        String str = (String) this.options.get("rolesProperties");
        if (str == null) {
            throw new IllegalStateException("rolesProperties option needs to be provided");
        }
        String replaceProperties = StringPropertyReplacer.replaceProperties(str);
        Group existingRolesFromSubject = getExistingRolesFromSubject();
        if (replaceProperties != null) {
            Properties properties = new Properties();
            try {
                properties = Util.loadProperties(replaceProperties, log);
            } catch (Exception e) {
                if (this.trace) {
                    log.trace("Could not load properties file:" + replaceProperties, e);
                }
            }
            if (properties != null) {
                try {
                    processRoles(existingRolesFromSubject, properties);
                } catch (Exception e2) {
                    if (this.trace) {
                        log.trace("Could not process roles:", e2);
                    }
                }
            }
        }
        return new Group[]{existingRolesFromSubject};
    }

    private Group getExistingRolesFromSubject() {
        for (Principal principal : this.subject.getPrincipals()) {
            if (principal instanceof Group) {
                Group group = (Group) principal;
                if ("Roles".equals(group.getName())) {
                    return group;
                }
            }
        }
        return null;
    }

    private void processRoles(Group group, Properties properties) throws Exception {
        Enumeration<?> propertyNames = properties.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            String property = properties.getProperty(str);
            Principal createIdentity = createIdentity(str);
            if (group.isMember(createIdentity)) {
                Util.parseGroupMembers(group, property, this);
            }
            if (this.REPLACE_ROLE) {
                group.removeMember(createIdentity);
            }
        }
    }
}
