package org.rhq.enterprise.server.core.jaas;

import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
import org.rhq.core.util.StringUtil;

/* loaded from: input_file:rhq-server.jar/org/rhq/enterprise/server/core/jaas/DelegatingLoginModule.class */
public class DelegatingLoginModule extends UsernamePasswordLoginModule {
    private static Log LOG = LogFactory.getLog("DelegatingLoginModule");
    LoginContext loginContext;
    private String[] usernamePassword;
    private Principal identity;
    private List<String> rolesList;
    private boolean debugEnabled;

    /* loaded from: input_file:rhq-server.jar/org/rhq/enterprise/server/core/jaas/DelegatingLoginModule$DelegateCallbackHandler.class */
    private class DelegateCallbackHandler implements CallbackHandler {
        private DelegateCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            if (DelegatingLoginModule.this.debugEnabled) {
                DelegatingLoginModule.LOG.debug("private handle callbacks");
            }
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(DelegatingLoginModule.this.usernamePassword[0]);
                } else {
                    if (!(callback instanceof PasswordCallback)) {
                        throw new UnsupportedCallbackException(callback, "Callback " + callback + " not supported");
                    }
                    ((PasswordCallback) callback).setPassword(DelegatingLoginModule.this.usernamePassword[1].toCharArray());
                }
            }
        }
    }

    @Override // org.jboss.security.auth.spi.UsernamePasswordLoginModule, org.jboss.security.auth.spi.AbstractServerLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.debugEnabled = LOG.isDebugEnabled();
        super.initialize(subject, callbackHandler, map, map2);
        String str = (String) map2.get("delegateTo");
        String str2 = (String) map2.get("roles");
        this.rolesList = StringUtil.explode(str2, ",");
        if (str == null || str.isEmpty()) {
            str = "other";
            LOG.warn("module-option 'delegateTo' was not set. Defaults to 'other'.");
        }
        if (this.debugEnabled) {
            LOG.debug("Delegating to " + str + " with roles " + str2);
        }
        try {
            this.loginContext = new LoginContext(str, new DelegateCallbackHandler());
        } catch (LoginException e) {
            LOG.warn("Initialize failed : " + e.getMessage());
        }
    }

    @Override // org.jboss.security.auth.spi.UsernamePasswordLoginModule, org.jboss.security.auth.spi.AbstractServerLoginModule
    public boolean login() throws LoginException {
        try {
            this.usernamePassword = super.getUsernameAndPassword();
            this.loginContext.login();
            this.usernamePassword[1] = null;
            this.identity = createIdentity(this.usernamePassword[0]);
            this.useFirstPass = true;
            this.loginOk = true;
            if (!this.debugEnabled) {
                return true;
            }
            LOG.debug("Login ok for " + this.usernamePassword[0]);
            return true;
        } catch (Exception e) {
            if (this.debugEnabled) {
                LOG.debug("Login failed for : " + this.usernamePassword[0] + ": " + e.getMessage());
            }
            this.loginOk = false;
            return false;
        }
    }

    @Override // org.jboss.security.auth.spi.UsernamePasswordLoginModule
    protected String getUsersPassword() throws LoginException {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jboss.security.auth.spi.UsernamePasswordLoginModule, org.jboss.security.auth.spi.AbstractServerLoginModule
    public Principal getIdentity() {
        return this.identity;
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Group[] getRoleSets() throws LoginException {
        SimpleGroup simpleGroup = new SimpleGroup("Roles");
        Iterator<String> it = this.rolesList.iterator();
        while (it.hasNext()) {
            simpleGroup.addMember(new SimplePrincipal(it.next()));
        }
        return new Group[]{simpleGroup};
    }
}
