package org.jboss.security.auth.spi;

import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.jboss.crypto.digest.DigestCallback;
import org.jboss.security.vault.SecurityVaultException;
import org.jboss.security.vault.SecurityVaultUtil;

/* loaded from: input_file:eap6/api-jars/picketbox-4.0.7.Final.jar:org/jboss/security/auth/spi/UsernamePasswordLoginModule.class */
public abstract class UsernamePasswordLoginModule extends AbstractServerLoginModule {
    private Principal identity;
    private char[] credential;
    private boolean ignorePasswordCase;
    private boolean hashStorePassword;
    private boolean legacyCreatePasswordHash;
    private Throwable validateError;
    private String hashAlgorithm = null;
    private String hashCharset = null;
    private String hashEncoding = null;
    private boolean hashUserPassword = true;
    private boolean throwValidateError = false;
    private InputValidator inputValidator = null;

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.hashAlgorithm = (String) map2.get("hashAlgorithm");
        if (this.hashAlgorithm != null) {
            this.hashEncoding = (String) map2.get("hashEncoding");
            if (this.hashEncoding == null) {
                this.hashEncoding = "BASE64";
            }
            this.hashCharset = (String) map2.get("hashCharset");
            if (this.log.isTraceEnabled()) {
                this.log.trace("Password hashing activated: algorithm = " + this.hashAlgorithm + ", encoding = " + this.hashEncoding + ", charset = " + (this.hashCharset == null ? "{default}" : this.hashCharset) + ", callback = " + map2.get("digestCallback") + ", storeCallback = " + map2.get("storeDigestCallback"));
            }
        }
        this.ignorePasswordCase = Boolean.valueOf((String) map2.get("ignorePasswordCase")).booleanValue();
        this.hashStorePassword = Boolean.valueOf((String) map2.get("hashStorePassword")).booleanValue();
        String str = (String) map2.get("hashUserPassword");
        if (str != null) {
            this.hashUserPassword = Boolean.valueOf(str).booleanValue();
        }
        String str2 = (String) map2.get("legacyCreatePasswordHash");
        if (str2 != null) {
            this.legacyCreatePasswordHash = Boolean.valueOf(str2).booleanValue();
        }
        String str3 = (String) map2.get("throwValidateError");
        if (str3 != null) {
            this.throwValidateError = Boolean.valueOf(str3).booleanValue();
        }
        String str4 = (String) map2.get("inputValidator");
        if (str4 != null) {
            try {
                this.inputValidator = (InputValidator) SecurityActions.loadClass(str4).newInstance();
            } catch (Exception e) {
                this.log.debug("Unable to instantiate input validator class: " + str4);
            }
        }
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public boolean login() throws LoginException {
        if (super.login()) {
            Object obj = this.sharedState.get("javax.security.auth.login.name");
            if (obj instanceof Principal) {
                this.identity = (Principal) obj;
            } else {
                try {
                    this.identity = createIdentity(obj.toString());
                } catch (Exception e) {
                    this.log.debug("Failed to create principal", e);
                    throw new LoginException("PB00019: Processing Failed:Failed to create principal: " + e.getMessage());
                }
            }
            Object obj2 = this.sharedState.get("javax.security.auth.login.password");
            if (obj2 instanceof char[]) {
                this.credential = (char[]) obj2;
                return true;
            }
            if (obj2 == null) {
                return true;
            }
            this.credential = obj2.toString().toCharArray();
            return true;
        }
        this.loginOk = false;
        String[] usernameAndPassword = getUsernameAndPassword();
        String str = usernameAndPassword[0];
        String str2 = usernameAndPassword[1];
        if (this.inputValidator != null) {
            try {
                this.inputValidator.validateUsernameAndPassword(str, str2);
            } catch (InputValidationException e2) {
                throw new FailedLoginException(e2.getMessage());
            }
        }
        if (str == null && str2 == null) {
            this.identity = this.unauthenticatedIdentity;
            this.log.trace("Authenticating as unauthenticatedIdentity=" + this.identity);
        }
        if (this.identity == null) {
            try {
                this.identity = createIdentity(str);
                if (this.hashAlgorithm != null && this.hashUserPassword) {
                    str2 = createPasswordHash(str, str2, "digestCallback");
                }
                String usersPassword = getUsersPassword();
                if (SecurityVaultUtil.isVaultFormat(usersPassword)) {
                    try {
                        usersPassword = SecurityVaultUtil.getValueAsString(usersPassword);
                    } catch (SecurityVaultException e3) {
                        LoginException loginException = new LoginException("PB00019: Processing Failed:Unable to get the password value from vault");
                        loginException.initCause(e3);
                        throw loginException;
                    }
                }
                if (this.hashAlgorithm != null && this.hashStorePassword) {
                    usersPassword = createPasswordHash(str, usersPassword, "storeDigestCallback");
                }
                if (!validatePassword(str2, usersPassword)) {
                    Throwable validateError = getValidateError();
                    FailedLoginException failedLoginException = new FailedLoginException("Password Incorrect/Password Required");
                    if (validateError == null || !this.throwValidateError) {
                        this.log.debug("Bad password for username=" + str);
                    } else {
                        this.log.debug("Bad password for username=" + str, validateError);
                        failedLoginException.initCause(validateError);
                    }
                    throw failedLoginException;
                }
            } catch (Exception e4) {
                this.log.debug("Failed to create principal", e4);
                throw new LoginException("PB00019: Processing Failed:Failed to create principal: " + e4.getMessage());
            }
        }
        if (getUseFirstPass()) {
            this.sharedState.put("javax.security.auth.login.name", this.identity);
            this.sharedState.put("javax.security.auth.login.password", this.credential);
        }
        this.loginOk = true;
        this.log.trace("User '" + this.identity + "' authenticated, loginOk=" + this.loginOk);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public Principal getIdentity() {
        return this.identity;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public Principal getUnauthenticatedIdentity() {
        return this.unauthenticatedIdentity;
    }

    protected Object getCredentials() {
        return this.credential;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getUsername() {
        String str = null;
        if (getIdentity() != null) {
            str = getIdentity().getName();
        }
        return str;
    }

    protected String[] getUsernameAndPassword() throws LoginException {
        String[] strArr = {null, null};
        if (this.callbackHandler == null) {
            throw new LoginException("PB00015: Null Value:Error: no CallbackHandler available to collect authentication information");
        }
        Callback nameCallback = new NameCallback("User name: ", "guest");
        PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
        String str = null;
        try {
            this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            String name = nameCallback.getName();
            char[] password = passwordCallback.getPassword();
            if (password != null) {
                this.credential = new char[password.length];
                System.arraycopy(password, 0, this.credential, 0, password.length);
                passwordCallback.clearPassword();
                str = new String(this.credential);
            }
            strArr[0] = name;
            strArr[1] = str;
            return strArr;
        } catch (IOException e) {
            LoginException loginException = new LoginException("PB00019: Processing Failed:Failed to get username/password");
            loginException.initCause(e);
            throw loginException;
        } catch (UnsupportedCallbackException e2) {
            LoginException loginException2 = new LoginException("PB00008: Unrecognized CallbackCallbackHandler does not support: " + e2.getCallback());
            loginException2.initCause(e2);
            throw loginException2;
        }
    }

    protected String createPasswordHash(String str, String str2, String str3) throws LoginException {
        if (this.legacyCreatePasswordHash) {
            try {
                return (String) getClass().getMethod("createPasswordHash", String.class, String.class).invoke(this, str, str2);
            } catch (InvocationTargetException e) {
                LoginException loginException = new LoginException("Failed to delegate createPasswordHash");
                loginException.initCause(e.getTargetException());
                throw loginException;
            } catch (Exception e2) {
                LoginException loginException2 = new LoginException("Failed to delegate createPasswordHash");
                loginException2.initCause(e2);
                throw loginException2;
            }
        }
        DigestCallback digestCallback = null;
        String str4 = (String) this.options.get(str3);
        if (str4 != null) {
            try {
                digestCallback = (DigestCallback) SecurityActions.loadClass(str4).newInstance();
                if (this.log.isTraceEnabled()) {
                    this.log.trace("Created DigestCallback: " + digestCallback);
                }
                HashMap hashMap = new HashMap();
                hashMap.putAll(this.options);
                hashMap.put("javax.security.auth.login.name", str);
                hashMap.put("javax.security.auth.login.password", str2);
                digestCallback.init(hashMap);
                Callback[] callbackArr = (Callback[]) hashMap.get("callbacks");
                if (callbackArr != null) {
                    try {
                        this.callbackHandler.handle(callbackArr);
                    } catch (IOException e3) {
                        LoginException loginException3 = new LoginException(str3 + " callback failed");
                        loginException3.initCause(e3);
                        throw loginException3;
                    } catch (UnsupportedCallbackException e4) {
                        LoginException loginException4 = new LoginException(str3 + " callback failed");
                        loginException4.initCause(e4);
                        throw loginException4;
                    }
                }
            } catch (Exception e5) {
                if (this.log.isTraceEnabled()) {
                    this.log.trace("Failed to load DigestCallback", e5);
                }
                SecurityException securityException = new SecurityException("Failed to load DigestCallback");
                securityException.initCause(e5);
                throw securityException;
            }
        }
        return Util.createPasswordHash(this.hashAlgorithm, this.hashEncoding, this.hashCharset, str, str2, digestCallback);
    }

    protected Throwable getValidateError() {
        return this.validateError;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setValidateError(Throwable th) {
        this.validateError = th;
    }

    protected boolean validatePassword(String str, String str2) {
        if (str == null || str2 == null) {
            return false;
        }
        return this.ignorePasswordCase ? str.equalsIgnoreCase(str2) : str.equals(str2);
    }

    protected abstract String getUsersPassword() throws LoginException;

    /* JADX INFO: Access modifiers changed from: protected */
    public void safeClose(InputStream inputStream) {
        if (inputStream != null) {
            try {
                inputStream.close();
            } catch (Exception e) {
            }
        }
    }
}
