package org.picketlink.identity.federation.core.wstrust.auth;

import java.io.IOException;
import java.security.Principal;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.log4j.Logger;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.identity.Role;
import org.jboss.security.identity.RoleGroup;
import org.jboss.security.mapping.MappingContext;
import org.jboss.security.mapping.MappingManager;
import org.jboss.security.mapping.MappingType;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.wstrust.STSClient;
import org.picketlink.identity.federation.core.wstrust.STSClientConfig;
import org.picketlink.identity.federation.core.wstrust.STSClientFactory;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;
import org.picketlink.identity.federation.core.wstrust.WSTrustException;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/picketlink-fed-core-1.0.4.final.jar:org/picketlink/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.class */
public abstract class AbstractSTSLoginModule implements LoginModule {
    private Logger log = Logger.getLogger(AbstractSTSLoginModule.class);
    public static final String SHARED_TOKEN = "org.picketlink.identity.federation.core.wstrust.lm.stsToken";
    public static final String OPTIONS_CREDENTIALS = "useOptionsCredentials";
    public static final String OPTIONS_PW_STACKING = "password-stacking";
    public static final String STS_CONFIG_FILE = "configFile";
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Element samlToken;
    private boolean success;
    private Map<String, ?> options;
    private Map<String, ?> sharedState;
    private boolean passwordStacking;
    private boolean useFirstPass;
    private boolean useOptionsCredentials;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.options = map2;
        this.sharedState = map;
        String str = (String) map2.get(OPTIONS_PW_STACKING);
        this.passwordStacking = str != null;
        if (this.passwordStacking) {
            this.useFirstPass = "useFirstPass".equals(str);
        }
        Boolean valueOf = Boolean.valueOf((String) map2.get(OPTIONS_CREDENTIALS));
        if (valueOf != null) {
            this.useOptionsCredentials = valueOf.booleanValue();
        }
    }

    public boolean login() throws LoginException {
        try {
            STSClientConfig.Builder builder = new STSClientConfig.Builder(getRequiredOption(getOptions(), STS_CONFIG_FILE));
            if (this.useOptionsCredentials) {
                useCredentialsFromOptions(builder, this.options);
            } else if (isUseFirstPass()) {
                useCredentialsFromSharedState(builder);
            } else {
                useCredentialsFromCallback(builder);
            }
            if (this.passwordStacking) {
                setPasswordStackingCredentials(builder);
            }
            Element invokeSTS = invokeSTS(createWSTrustClient(builder.build()));
            if (invokeSTS == null) {
                throw new LoginException("Could not issue a SAML Security Token");
            }
            setSuccess(true);
            setSamlToken(invokeSTS);
            setSharedToken(invokeSTS);
            return true;
        } catch (WSTrustException e) {
            throw new LoginException("WSTrustException : " + e.getMessage());
        }
    }

    public abstract Element invokeSTS(STSClient sTSClient) throws WSTrustException, LoginException;

    public boolean commit() throws LoginException {
        if (!this.success) {
            return false;
        }
        SamlCredential samlCredential = new SamlCredential(this.samlToken);
        boolean add = this.subject.getPublicCredentials().add(samlCredential);
        populateSubject();
        if (!add || !this.log.isDebugEnabled()) {
            return true;
        }
        this.log.debug("Added Credential :" + samlCredential);
        return true;
    }

    public boolean abort() throws LoginException {
        this.success = false;
        clearState();
        return true;
    }

    public boolean logout() throws LoginException {
        clearState();
        return true;
    }

    protected void useCredentialsFromCallback(STSClientConfig.Builder builder) throws LoginException {
        Callback nameCallback = new NameCallback("user:");
        PasswordCallback passwordCallback = new PasswordCallback("password:", true);
        try {
            getCallbackHandler().handle(new Callback[]{nameCallback, passwordCallback});
            builder.username(nameCallback.getName()).password(new String(passwordCallback.getPassword()));
        } catch (IOException e) {
            throw new LoginException(e.getMessage());
        } catch (UnsupportedCallbackException e2) {
            throw new LoginException(e2.getMessage());
        }
    }

    private void setPasswordStackingCredentials(STSClientConfig.Builder builder) {
        Map<String, ?> map = this.sharedState;
        map.put("javax.security.auth.login.name", builder.getUsername());
        map.put("javax.security.auth.login.password", builder.getPassword());
    }

    protected void useCredentialsFromSharedState(STSClientConfig.Builder builder) {
        builder.username(getSharedUsername()).password(new String(getSharedPassword()));
    }

    protected void useCredentialsFromOptions(STSClientConfig.Builder builder, Map<String, ?> map) {
    }

    protected STSClientConfig getConfiguration(Map<String, ?> map) {
        return new STSClientConfig.Builder(getRequiredOption(map, STS_CONFIG_FILE)).build();
    }

    protected STSClient createWSTrustClient(STSClientConfig sTSClientConfig) {
        try {
            return STSClientFactory.getInstance().create(sTSClientConfig);
        } catch (ParsingException e) {
            throw new IllegalStateException("Could not create WSTrustClient:", e);
        }
    }

    protected String getRequiredOption(Map<String, ?> map, String str) {
        String str2 = (String) map.get(str);
        if (str2 == null) {
            throw new IllegalArgumentException("Required option '" + str + "' was missing from the login modules configuration");
        }
        return str2;
    }

    protected boolean isSuccess() {
        return this.success;
    }

    protected void setSuccess(boolean z) {
        this.success = z;
    }

    protected Subject getSubject() {
        return this.subject;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CallbackHandler getCallbackHandler() {
        return this.callbackHandler;
    }

    protected void setSamlToken(Element element) {
        this.samlToken = element;
    }

    protected void setSharedToken(Object obj) {
        if (this.sharedState == null) {
            return;
        }
        this.sharedState.put(SHARED_TOKEN, obj);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Object getSharedToken() {
        if (this.sharedState == null) {
            return null;
        }
        return this.sharedState.get(SHARED_TOKEN);
    }

    protected Map<String, ?> getOptions() {
        return this.options;
    }

    protected String getSharedUsername() {
        if (this.sharedState == null) {
            return null;
        }
        return (String) this.sharedState.get("javax.security.auth.login.name");
    }

    protected char[] getSharedPassword() {
        if (this.sharedState == null) {
            return null;
        }
        Object obj = this.sharedState.get("javax.security.auth.login.password");
        if (obj instanceof char[]) {
            return (char[]) obj;
        }
        if (obj instanceof String) {
            return ((String) obj).toCharArray();
        }
        return null;
    }

    protected boolean isUseFirstPass() {
        return this.useFirstPass;
    }

    protected boolean isUsePasswordStacking() {
        return this.passwordStacking;
    }

    protected boolean isUseOptionsConfig() {
        return this.useOptionsCredentials;
    }

    private void clearState() {
        removeAllSamlCredentials(this.subject);
        this.samlToken = null;
    }

    private void removeAllSamlCredentials(Subject subject) {
        Set publicCredentials = subject.getPublicCredentials(SamlCredential.class);
        if (publicCredentials.isEmpty()) {
            return;
        }
        subject.getPublicCredentials().removeAll(publicCredentials);
    }

    protected void populateSubject() {
        MappingManager mappingManager = getMappingManager();
        if (mappingManager == null) {
            return;
        }
        MappingContext mappingContext = mappingManager.getMappingContext(MappingType.PRINCIPAL.toString());
        MappingContext mappingContext2 = mappingManager.getMappingContext(MappingType.ROLE.toString());
        HashMap hashMap = new HashMap();
        hashMap.put(SHARED_TOKEN, this.samlToken);
        if (mappingContext != null) {
            mappingContext.performMapping(hashMap, (Object) null);
            this.subject.getPrincipals().add((Principal) mappingContext.getMappingResult().getMappedObject());
        }
        if (mappingContext2 != null) {
            mappingContext2.performMapping(hashMap, (Object) null);
            RoleGroup roleGroup = (RoleGroup) mappingContext2.getMappingResult().getMappedObject();
            SimpleGroup simpleGroup = new SimpleGroup(roleGroup.getRoleName());
            Iterator it = roleGroup.getRoles().iterator();
            while (it.hasNext()) {
                simpleGroup.addMember(new SimplePrincipal(((Role) it.next()).getRoleName()));
            }
            this.subject.getPrincipals().add(simpleGroup);
        }
    }

    protected MappingManager getMappingManager() {
        SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
        if (securityContext == null) {
            return null;
        }
        return securityContext.getMappingManager();
    }
}
