package org.picketbox.datasource.security;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.jboss.security.Base64Utils;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.Util;
import org.jboss.security.auth.callback.RFC2617Digest;

/* loaded from: input_file:rhq-enterprise-agent-4.13.0.zip:rhq-agent/lib/picketbox-4.0.19.SP7.jar:org/picketbox/datasource/security/PBEIdentityLoginModule.class */
public class PBEIdentityLoginModule extends AbstractPasswordCredentialLoginModule {
    private String username;
    private String password;
    private char[] pbepass;
    private String pbealgo;
    private byte[] salt;
    private int iterationCount;
    private PBEParameterSpec cipherSpec;

    public PBEIdentityLoginModule() {
        this.pbepass = "jaas is the way".toCharArray();
        this.pbealgo = "PBEwithMD5andDES";
        this.salt = new byte[]{1, 7, 2, 9, 3, 11, 4, 13};
        this.iterationCount = 37;
    }

    PBEIdentityLoginModule(String str, char[] cArr, byte[] bArr, int i) {
        this.pbepass = "jaas is the way".toCharArray();
        this.pbealgo = "PBEwithMD5andDES";
        this.salt = new byte[]{1, 7, 2, 9, 3, 11, 4, 13};
        this.iterationCount = 37;
        if (cArr != null) {
            this.pbepass = cArr;
        }
        if (str != null) {
            this.pbealgo = str;
        }
        if (bArr != null) {
            this.salt = bArr;
        }
        if (i > 0) {
            this.iterationCount = i;
        }
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.username = (String) map2.get(RFC2617Digest.USERNAME);
        if (this.username == null) {
            this.username = (String) map2.get("userName");
            if (this.username == null) {
                throw new IllegalArgumentException(PicketBoxMessages.MESSAGES.missingRequiredModuleOptionMessage(RFC2617Digest.USERNAME));
            }
        }
        this.password = (String) map2.get("password");
        if (this.password == null) {
            throw new IllegalArgumentException(PicketBoxMessages.MESSAGES.missingRequiredModuleOptionMessage("password"));
        }
        String str = (String) map2.get("pbepass");
        if (str != null) {
            try {
                this.pbepass = Util.loadPassword(str);
            } catch (Exception e) {
                throw new IllegalStateException(e);
            }
        }
        String str2 = (String) map2.get("pbealgo");
        if (str2 != null) {
            this.pbealgo = str2;
        }
        String str3 = (String) map2.get("salt");
        if (str3 != null) {
            this.salt = str3.substring(0, 8).getBytes();
        }
        String str4 = (String) map2.get("iterationCount");
        if (str4 != null) {
            this.iterationCount = Integer.parseInt(str4);
        }
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public boolean login() throws LoginException {
        PicketBoxLogger.LOGGER.traceBeginLogin();
        if (super.login()) {
            return true;
        }
        this.loginOk = true;
        return true;
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public boolean commit() throws LoginException {
        SubjectActions.addPrincipals(this.subject, new SimplePrincipal(this.username));
        this.sharedState.put("javax.security.auth.login.name", this.username);
        try {
            SubjectActions.addCredentials(this.subject, new PasswordCredential(this.username, decode(this.password)));
            return true;
        } catch (Exception e) {
            LoginException loginException = new LoginException(e.getLocalizedMessage());
            loginException.initCause(e);
            throw loginException;
        }
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public boolean abort() {
        this.username = null;
        this.password = null;
        return true;
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Principal getIdentity() {
        PicketBoxLogger.LOGGER.traceBeginGetIdentity(this.username);
        return new SimplePrincipal(this.username);
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Group[] getRoleSets() throws LoginException {
        return new Group[0];
    }

    private String encode(String str) throws Exception {
        this.cipherSpec = new PBEParameterSpec(this.salt, this.iterationCount);
        SecretKey generateSecret = SecretKeyFactory.getInstance(this.pbealgo).generateSecret(new PBEKeySpec(this.pbepass));
        Cipher cipher = Cipher.getInstance(this.pbealgo);
        cipher.init(1, generateSecret, this.cipherSpec);
        return Base64Utils.tob64(cipher.doFinal(str.getBytes()));
    }

    private char[] decode(String str) throws Exception {
        this.cipherSpec = new PBEParameterSpec(this.salt, this.iterationCount);
        SecretKey generateSecret = SecretKeyFactory.getInstance(this.pbealgo).generateSecret(new PBEKeySpec(this.pbepass));
        byte[] fromb64 = Base64Utils.fromb64(str);
        Cipher cipher = Cipher.getInstance(this.pbealgo);
        cipher.init(2, generateSecret, this.cipherSpec);
        return new String(cipher.doFinal(fromb64)).toCharArray();
    }

    public static void main(String[] strArr) throws Exception {
        String str = null;
        char[] charArray = "jaas is the way".toCharArray();
        byte[] bArr = null;
        int i = -1;
        if (strArr.length >= 2) {
            charArray = strArr[1].toCharArray();
        }
        if (strArr.length >= 3) {
            bArr = strArr[2].getBytes();
        }
        if (strArr.length >= 4) {
            i = Integer.decode(strArr[3]).intValue();
        }
        if (strArr.length >= 5) {
            str = strArr[4];
        }
        System.out.println("Encoded password: " + new PBEIdentityLoginModule(str, charArray, bArr, i).encode(strArr[0]));
    }
}
