package org.jboss.security.auth.spi;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.jboss.logging.Logger;
import org.jboss.security.NestableGroup;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;

/* loaded from: input_file:WEB-INF/lib/picketbox-5.0.3.Final.jar:org/jboss/security/auth/spi/AbstractServerLoginModule.class */
public abstract class AbstractServerLoginModule implements LoginModule {
    private static final String USE_FIRST_PASSWORD = "useFirstPass";
    private static final String MODULE = "module";
    private HashSet<String> validOptions;
    protected Subject subject;
    protected CallbackHandler callbackHandler;
    protected Map sharedState;
    protected Map options;
    protected boolean useFirstPass;
    protected boolean loginOk;
    protected String principalClassName;
    protected String principalClassModuleName;
    protected Principal unauthenticatedIdentity;
    protected String jbossModuleName;
    protected Logger log = Logger.getLogger((Class<?>) AbstractServerLoginModule.class);
    private static final String PASSWORD_STACKING = "password-stacking";
    private static final String PRINCIPAL_CLASS = "principalClass";
    private static final String PRINCIPAL_CLASS_MODULE = "principalClassModule";
    private static final String UNAUTHENTICATED_IDENTITY = "unauthenticatedIdentity";
    private static final String[] ALL_VALID_OPTIONS = {PASSWORD_STACKING, PRINCIPAL_CLASS, PRINCIPAL_CLASS_MODULE, UNAUTHENTICATED_IDENTITY, "module", SecurityConstants.SECURITY_DOMAIN_OPTION};

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        PicketBoxLogger.LOGGER.traceBeginInitialize();
        if (this.validOptions != null) {
            addValidOptions(ALL_VALID_OPTIONS);
            checkOptions();
        }
        String str = (String) map2.get(PASSWORD_STACKING);
        if (str != null && str.equalsIgnoreCase(USE_FIRST_PASSWORD)) {
            this.useFirstPass = true;
        }
        this.principalClassName = (String) map2.get(PRINCIPAL_CLASS);
        this.principalClassModuleName = (String) map2.get(PRINCIPAL_CLASS_MODULE);
        String str2 = (String) map2.get(UNAUTHENTICATED_IDENTITY);
        if (str2 != null) {
            try {
                this.unauthenticatedIdentity = createIdentity(str2);
                PicketBoxLogger.LOGGER.traceUnauthenticatedIdentity(str2);
            } catch (Exception e) {
                PicketBoxLogger.LOGGER.warnFailureToCreateUnauthIdentity(e);
            }
        }
        this.jbossModuleName = (String) map2.get("module");
    }

    public boolean login() throws LoginException {
        PicketBoxLogger.LOGGER.traceBeginLogin();
        this.loginOk = false;
        if (!this.useFirstPass) {
            return false;
        }
        try {
            Object obj = this.sharedState.get("javax.security.auth.login.name");
            Object obj2 = this.sharedState.get("javax.security.auth.login.password");
            if (obj == null || obj2 == null) {
                return false;
            }
            this.loginOk = true;
            return true;
        } catch (Exception e) {
            PicketBoxLogger.LOGGER.debugFailedLogin(e);
            return false;
        }
    }

    public boolean commit() throws LoginException {
        PicketBoxLogger.LOGGER.traceBeginCommit(this.loginOk);
        if (!this.loginOk) {
            return false;
        }
        Set<Principal> principals = this.subject.getPrincipals();
        Principal identity = getIdentity();
        principals.add(identity);
        for (Group group : getRoleSets()) {
            Group createGroup = createGroup(group.getName(), principals);
            if (createGroup instanceof NestableGroup) {
                Group simpleGroup = new SimpleGroup("Roles");
                createGroup.addMember(simpleGroup);
                createGroup = simpleGroup;
            }
            Enumeration<? extends Principal> members = group.members();
            while (members.hasMoreElements()) {
                createGroup.addMember(members.nextElement());
            }
        }
        if (getCallerPrincipalGroup(principals) != null) {
            return true;
        }
        SimpleGroup simpleGroup2 = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
        simpleGroup2.addMember(identity);
        principals.add(simpleGroup2);
        return true;
    }

    public boolean abort() throws LoginException {
        PicketBoxLogger.LOGGER.traceBeginAbort(this.loginOk);
        return this.loginOk;
    }

    public boolean logout() throws LoginException {
        PicketBoxLogger.LOGGER.traceBeginLogout();
        Principal identity = getIdentity();
        Set<Principal> principals = this.subject.getPrincipals();
        principals.remove(identity);
        Group callerPrincipalGroup = getCallerPrincipalGroup(principals);
        if (callerPrincipalGroup == null) {
            return true;
        }
        principals.remove(callerPrincipalGroup);
        return true;
    }

    protected abstract Principal getIdentity();

    protected abstract Group[] getRoleSets() throws LoginException;

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getUseFirstPass() {
        return this.useFirstPass;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Principal getUnauthenticatedIdentity() {
        return this.unauthenticatedIdentity;
    }

    protected Group createGroup(String str, Set<Principal> set) {
        Group group = null;
        Iterator<Principal> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Principal next = it.next();
            if (next instanceof Group) {
                Group group2 = (Group) next;
                if (group2.getName().equals(str)) {
                    group = group2;
                    break;
                }
            }
        }
        if (group == null) {
            group = new SimpleGroup(str);
            set.add(group);
        }
        return group;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Principal createIdentity(String str) throws Exception {
        return this.principalClassName == null ? new SimplePrincipal(str) : (Principal) SecurityActions.loadClass(this.principalClassName, this.principalClassModuleName).getConstructor(String.class).newInstance(str);
    }

    protected Group getCallerPrincipalGroup(Set<Principal> set) {
        Group group = null;
        Iterator<Principal> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Principal next = it.next();
            if (next instanceof Group) {
                Group group2 = (Group) Group.class.cast(next);
                if (group2.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP)) {
                    group = group2;
                    break;
                }
            }
        }
        return group;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addValidOptions(String[] strArr) {
        if (this.validOptions == null) {
            this.validOptions = new HashSet<>(strArr.length);
        }
        this.validOptions.addAll(Arrays.asList(strArr));
    }

    protected void checkOptions() {
        for (Object obj : this.options.keySet()) {
            if (!this.validOptions.contains(obj)) {
                PicketBoxLogger.LOGGER.warnInvalidModuleOption((String) obj);
            }
        }
    }
}
