package org.gatein.sso.saml.plugin;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/gatein/sso/saml/plugin/SAML2IdpLoginModule.class */
public class SAML2IdpLoginModule implements LoginModule {
    private static final String OPTION_ROLES_PROCESSING = "rolesProcessing";
    private static final String OPTION_STATIC_ROLES_LIST = "staticRolesList";
    private static final String OPTION_GATEIN_HOST = "gateInHost";
    private static final String OPTION_GATEIN_PORT = "gateInPort";
    private static final String OPTION_GATEIN_CONTEXT = "gateInContext";
    private static Logger log = Logger.getLogger(SAML2IdpLoginModule.class);
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map sharedState;
    private Map options;
    private String gateInHost;
    private String gateInPort;
    private String gateInContext;
    private ROLES_PROCESSING_TYPE rolesProcessingType;
    private List<String> staticRolesList;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/gatein/sso/saml/plugin/SAML2IdpLoginModule$ROLES_PROCESSING_TYPE.class */
    public enum ROLES_PROCESSING_TYPE {
        STATIC,
        PORTAL_CALLBACK
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/gatein/sso/saml/plugin/SAML2IdpLoginModule$ResponseContext.class */
    public static class ResponseContext {
        private final int status;
        private final String response;

        private ResponseContext(int i, String str) {
            this.status = i;
            this.response = str;
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        String readOption = readOption(OPTION_ROLES_PROCESSING, "STATIC");
        if ("STATIC".equals(readOption) || "PORTAL_CALLBACK".equals(readOption)) {
            this.rolesProcessingType = ROLES_PROCESSING_TYPE.valueOf(readOption);
        } else {
            this.rolesProcessingType = ROLES_PROCESSING_TYPE.STATIC;
        }
        this.staticRolesList = Arrays.asList(readOption(OPTION_STATIC_ROLES_LIST, "users").split(","));
        this.gateInHost = readOption(OPTION_GATEIN_HOST, "localhost");
        this.gateInPort = readOption(OPTION_GATEIN_PORT, "8080");
        this.gateInContext = readOption(OPTION_GATEIN_CONTEXT, "portal");
    }

    public boolean login() throws LoginException {
        try {
            NameCallback[] nameCallbackArr = {new NameCallback("Username"), new PasswordCallback("Password", false)};
            this.callbackHandler.handle(nameCallbackArr);
            String name = nameCallbackArr[0].getName();
            String str = new String(((PasswordCallback) nameCallbackArr[1]).getPassword());
            ((PasswordCallback) nameCallbackArr[1]).clearPassword();
            if (name == null || str == null) {
                return false;
            }
            if (validateUser(name, str)) {
                log.debug("Successful REST login request for authentication of user " + name);
                this.sharedState.put("javax.security.auth.login.name", name);
                return true;
            }
            String str2 = "Remote login via REST failed for username " + name;
            log.warn(str2);
            throw new LoginException(str2);
        } catch (LoginException e) {
            throw e;
        } catch (Exception e2) {
            log.warn("Exception during login: " + e2.getMessage(), e2);
            throw new LoginException(e2.getMessage());
        }
    }

    public boolean commit() throws LoginException {
        String str = (String) this.sharedState.get("javax.security.auth.login.name");
        Set<Principal> principals = this.subject.getPrincipals();
        SimpleGroup simpleGroup = new SimpleGroup("Roles");
        Iterator<String> it = getRoles(str).iterator();
        while (it.hasNext()) {
            simpleGroup.addMember(new SimplePrincipal(it.next()));
        }
        principals.add(simpleGroup);
        principals.add(new SimplePrincipal(str));
        return true;
    }

    public boolean abort() throws LoginException {
        return true;
    }

    public boolean logout() throws LoginException {
        Iterator it = new HashSet(this.subject.getPrincipals()).iterator();
        while (it.hasNext()) {
            this.subject.getPrincipals().remove((Principal) it.next());
        }
        return true;
    }

    protected boolean validateUser(String str, String str2) {
        StringBuilder sb = new StringBuilder();
        sb.append("http://" + this.gateInHost + ":" + this.gateInPort + "/" + this.gateInContext + "/rest/sso/authcallback/auth/" + str + "/" + str2);
        sb.toString();
        log.debug("Execute callback HTTP for authentication of user: " + str);
        ResponseContext executeRemoteCall = executeRemoteCall(sb.toString());
        return executeRemoteCall.status == 200 && "true".equals(executeRemoteCall.response.trim());
    }

    protected Collection<String> getRoles(String str) {
        if (this.rolesProcessingType == ROLES_PROCESSING_TYPE.STATIC) {
            return this.staticRolesList;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("http://" + this.gateInHost + ":" + this.gateInPort + "/" + this.gateInContext + "/rest/sso/authcallback/roles/" + str);
        String sb2 = sb.toString();
        log.debug("Execute callback HTTP request: " + sb2);
        ResponseContext executeRemoteCall = executeRemoteCall(sb2);
        if (executeRemoteCall.status == 200) {
            return Arrays.asList(executeRemoteCall.response.split(","));
        }
        log.warn("Incorrect response received from REST callback for roles. Status=" + executeRemoteCall.status + ", Response=" + executeRemoteCall.response);
        return new ArrayList();
    }

    private String readOption(String str, String str2) {
        String str3 = (String) this.options.get(str);
        if (str3 == null) {
            str3 = str2;
        }
        if (log.isTraceEnabled()) {
            log.trace("Read option " + str + "=" + str3);
        }
        return str3;
    }

    private ResponseContext executeRemoteCall(String str) {
        HttpClient httpClient = new HttpClient();
        HttpMethod httpMethod = null;
        try {
            try {
                httpMethod = new GetMethod(str);
                int executeMethod = httpClient.executeMethod(httpMethod);
                String responseBodyAsString = httpMethod.getResponseBodyAsString();
                if (log.isTraceEnabled()) {
                    log.trace("Received response from REST call: status=" + executeMethod + ", response=" + responseBodyAsString);
                }
                ResponseContext responseContext = new ResponseContext(executeMethod, responseBodyAsString);
                if (httpMethod != null) {
                    httpMethod.releaseConnection();
                }
                return responseContext;
            } catch (Exception e) {
                log.warn("Error when sending request through HTTP client", e);
                ResponseContext responseContext2 = new ResponseContext(1000, e.getMessage());
                if (httpMethod != null) {
                    httpMethod.releaseConnection();
                }
                return responseContext2;
            }
        } catch (Throwable th) {
            if (httpMethod != null) {
                httpMethod.releaseConnection();
            }
            throw th;
        }
    }
}
