package org.picketbox.datasource.security;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Map;
import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.jboss.logging.Logger;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.vault.SecurityVaultException;
import org.jboss.security.vault.SecurityVaultUtil;

/* loaded from: input_file:WEB-INF/lib/picketbox-4.0.7.Final.jar:org/picketbox/datasource/security/ConfiguredIdentityLoginModule.class */
public class ConfiguredIdentityLoginModule extends AbstractPasswordCredentialLoginModule {
    private String principalName;
    private String userName;
    private String password;
    private static final Logger log = Logger.getLogger((Class<?>) ConfiguredIdentityLoginModule.class);
    private boolean trace = log.isTraceEnabled();

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.principalName = (String) map2.get("principal");
        if (this.principalName == null) {
            throw new IllegalArgumentException("PB00015: Null Value:Must supply a principal name!");
        }
        this.userName = (String) map2.get("userName");
        if (this.userName == null) {
            this.userName = (String) map2.get("username");
            if (this.userName == null) {
                throw new IllegalArgumentException("PB00015: Null Value:Must supply a user name!");
            }
        }
        this.password = (String) map2.get("password");
        if (this.password == null) {
            log.warn("Creating LoginModule with no configured password!");
            this.password = "";
        } else if (SecurityVaultUtil.isVaultFormat(this.password)) {
            try {
                this.password = SecurityVaultUtil.getValueAsString(this.password);
            } catch (SecurityVaultException e) {
                throw new RuntimeException(e);
            }
        }
        if (this.trace) {
            log.trace("got principal: " + this.principalName + ", username: " + this.userName + ", password: " + this.password);
        }
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public boolean login() throws LoginException {
        if (this.trace) {
            log.trace("login called");
        }
        if (super.login()) {
            return true;
        }
        SubjectActions.addPrincipals(this.subject, new SimplePrincipal(this.principalName));
        this.sharedState.put("javax.security.auth.login.name", this.principalName);
        SubjectActions.addCredentials(this.subject, new PasswordCredential(this.userName, this.password.toCharArray()));
        this.loginOk = true;
        return true;
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Principal getIdentity() {
        if (this.trace) {
            log.trace("getIdentity called");
        }
        return new SimplePrincipal(this.principalName);
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Group[] getRoleSets() throws LoginException {
        if (this.trace) {
            log.trace("getRoleSets called");
        }
        return new Group[0];
    }
}
