package org.jboss.security.auth.spi;

import java.security.Principal;
import java.security.acl.Group;
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;

/* loaded from: input_file:org/jboss/security/auth/spi/LdapLoginModule.class */
public class LdapLoginModule extends UsernamePasswordLoginModule {
    private static final String PRINCIPAL_DN_PREFIX_OPT = "principalDNPrefix";
    private static final String PRINCIPAL_DN_SUFFIX_OPT = "principalDNSuffix";
    private static final String ROLES_CTX_DN_OPT = "rolesCtxDN";
    private static final String USER_ROLES_CTX_DN_ATTRIBUTE_ID_OPT = "userRolesCtxDNAttributeName";
    private static final String UID_ATTRIBUTE_ID_OPT = "uidAttributeID";
    private static final String ROLE_ATTRIBUTE_ID_OPT = "roleAttributeID";
    private static final String MATCH_ON_USER_DN_OPT = "matchOnUserDN";
    private static final String ROLE_ATTRIBUTE_IS_DN_OPT = "roleAttributeIsDN";
    private static final String ROLE_NAME_ATTRIBUTE_ID_OPT = "roleNameAttributeID";
    private static final String SEARCH_TIME_LIMIT_OPT = "searchTimeLimit";
    private static final String SEARCH_SCOPE_OPT = "searchScope";
    private static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain";
    private transient SimpleGroup userRoles = new SimpleGroup("Roles");

    @Override // org.jboss.security.auth.spi.UsernamePasswordLoginModule
    protected String getUsersPassword() throws LoginException {
        return "";
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Group[] getRoleSets() throws LoginException {
        return new Group[]{this.userRoles};
    }

    @Override // org.jboss.security.auth.spi.UsernamePasswordLoginModule
    protected boolean validatePassword(String str, String str2) {
        boolean isTraceEnabled = this.log.isTraceEnabled();
        boolean z = false;
        if (str != null) {
            if (str.length() == 0) {
                boolean z2 = true;
                String str3 = (String) this.options.get("allowEmptyPasswords");
                if (str3 != null) {
                    z2 = Boolean.valueOf(str3).booleanValue();
                }
                if (!z2) {
                    if (!isTraceEnabled) {
                        return false;
                    }
                    this.log.trace("Rejecting empty password due to allowEmptyPasswords");
                    return false;
                }
            }
            try {
                createLdapInitContext(getUsername(), str);
                z = true;
            } catch (Throwable th) {
                super.setValidateError(th);
            }
        }
        return z;
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException: Cannot invoke "java.util.List.isEmpty()" because "s" is null
        	at jadx.core.utils.BlockUtils.getNextBlock(BlockUtils.java:411)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:172)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processIf(RegionMaker.java:735)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:152)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processExcHandler(RegionMaker.java:1110)
        	at jadx.core.dex.visitors.regions.RegionMaker.processTryCatchBlocks(RegionMaker.java:1046)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:55)
        */
    /* JADX WARN: Finally extract failed */
    private void createLdapInitContext(java.lang.String r7, java.lang.Object r8) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 1586
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jboss.security.auth.spi.LdapLoginModule.createLdapInitContext(java.lang.String, java.lang.Object):void");
    }

    private void addRole(String str) {
        boolean isTraceEnabled = this.log.isTraceEnabled();
        if (str != null) {
            try {
                Principal createIdentity = super.createIdentity(str);
                if (isTraceEnabled) {
                    this.log.trace("Assign user to role " + str);
                }
                this.userRoles.addMember(createIdentity);
            } catch (Exception e) {
                this.log.debug("Failed to create principal: " + str, e);
            }
        }
    }
}
