package org.jboss.security.srp.jaas;

import java.io.IOException;
import java.security.Principal;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import javax.crypto.spec.SecretKeySpec;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.jboss.logging.Logger;
import org.jboss.security.auth.callback.SecurityAssociationCallback;
import org.jboss.security.srp.SRPParameters;
import org.jboss.security.srp.SRPServerSession;
import org.jboss.security.srp.SRPSessionKey;
import org.jboss.util.CachePolicy;

/* loaded from: input_file:org/jboss/security/srp/jaas/SRPCacheLoginModule.class */
public class SRPCacheLoginModule implements LoginModule {
    private static Logger log;
    private Subject subject;
    private CallbackHandler handler;
    private Map sharedState;
    private String domainName;
    private String cacheJndiName;
    private byte[] clientChallenge;
    private SRPServerSession session;
    private Principal userPrincipal;
    private boolean loginFailed;
    static Class class$org$jboss$security$srp$jaas$SRPCacheLoginModule;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.handler = callbackHandler;
        this.sharedState = map;
        this.cacheJndiName = (String) map2.get("cacheJndiName");
        log.trace(new StringBuffer().append("cacheJndiName=").append(this.cacheJndiName).toString());
        this.domainName = (String) map2.get("domainName");
    }

    public boolean login() throws LoginException {
        this.loginFailed = true;
        getUserInfo();
        String name = this.userPrincipal.getName();
        try {
            if (this.cacheJndiName == null) {
                throw new LoginException("Required cacheJndiName option not set");
            }
            CachePolicy cachePolicy = (CachePolicy) new InitialContext().lookup(this.cacheJndiName);
            SRPSessionKey sRPSessionKey = this.userPrincipal instanceof SRPPrincipal ? new SRPSessionKey(name, ((SRPPrincipal) this.userPrincipal).getSessionID()) : new SRPSessionKey(name);
            Object obj = cachePolicy.get(sRPSessionKey);
            if (obj == null) {
                throw new LoginException(new StringBuffer().append("No SRP session found for: ").append(sRPSessionKey).toString());
            }
            log.trace(new StringBuffer().append("Found SRP cache credential: ").append(obj).toString());
            if (!(obj instanceof SRPServerSession)) {
                throw new LoginException(new StringBuffer().append("Unknown type of cache credential: ").append(obj.getClass()).toString());
            }
            this.session = (SRPServerSession) obj;
            if (!validateCache(this.session)) {
                throw new LoginException(new StringBuffer().append("Failed to validate SRP session key for: ").append(sRPSessionKey).toString());
            }
            log.trace("Login succeeded");
            this.sharedState.put("javax.security.auth.login.name", name);
            this.sharedState.put("javax.security.auth.login.password", this.clientChallenge);
            this.loginFailed = false;
            return true;
        } catch (NamingException e) {
            log.error("Failed to load SRP auth cache", e);
            throw new LoginException(new StringBuffer().append("Failed to load SRP auth cache: ").append(e.toString(true)).toString());
        }
    }

    public boolean commit() throws LoginException {
        if (this.loginFailed) {
            return false;
        }
        this.subject.getPrincipals().add(this.userPrincipal);
        this.subject.getPublicCredentials().add(this.clientChallenge);
        byte[] sessionKey = this.session.getSessionKey();
        SRPParameters parameters = this.session.getParameters();
        Set<Object> privateCredentials = this.subject.getPrivateCredentials();
        privateCredentials.add(parameters);
        if (parameters.cipherAlgorithm != null) {
            privateCredentials.add(new SecretKeySpec(sessionKey, parameters.cipherAlgorithm));
            return true;
        }
        privateCredentials.add(sessionKey);
        return true;
    }

    public boolean abort() throws LoginException {
        this.userPrincipal = null;
        this.clientChallenge = null;
        return true;
    }

    public boolean logout() throws LoginException {
        try {
            if (!this.subject.isReadOnly()) {
                this.subject.getPrincipals(this.userPrincipal.getClass()).remove(this.userPrincipal);
                this.subject.getPublicCredentials().remove(this.clientChallenge);
                byte[] sessionKey = this.session.getSessionKey();
                SRPParameters parameters = this.session.getParameters();
                Set<Object> privateCredentials = this.subject.getPrivateCredentials();
                if (parameters.cipherAlgorithm != null) {
                    privateCredentials.remove(new SecretKeySpec(sessionKey, parameters.cipherAlgorithm));
                } else {
                    privateCredentials.remove(sessionKey);
                }
                privateCredentials.remove(parameters);
            }
            return true;
        } catch (Exception e) {
            throw new LoginException(new StringBuffer().append("Failed to remove commit information, ").append(e.getMessage()).toString());
        }
    }

    private void getUserInfo() throws LoginException {
        if (this.handler == null) {
            throw new LoginException("No CallbackHandler provied");
        }
        SecurityAssociationCallback securityAssociationCallback = new SecurityAssociationCallback();
        try {
            this.handler.handle(new Callback[]{securityAssociationCallback});
            this.userPrincipal = securityAssociationCallback.getPrincipal();
            this.clientChallenge = (byte[]) securityAssociationCallback.getCredential();
            securityAssociationCallback.clearCredential();
        } catch (IOException e) {
            throw new LoginException(e.toString());
        } catch (ClassCastException e2) {
            throw new LoginException(new StringBuffer().append("Credential info is not of type byte[], ").append(e2.getMessage()).toString());
        } catch (UnsupportedCallbackException e3) {
            throw new LoginException(new StringBuffer().append("UnsupportedCallback: ").append(e3.getCallback().toString()).toString());
        }
    }

    private boolean validateCache(SRPServerSession sRPServerSession) {
        return Arrays.equals(sRPServerSession.getClientResponse(), this.clientChallenge);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$jboss$security$srp$jaas$SRPCacheLoginModule == null) {
            cls = class$("org.jboss.security.srp.jaas.SRPCacheLoginModule");
            class$org$jboss$security$srp$jaas$SRPCacheLoginModule = cls;
        } else {
            cls = class$org$jboss$security$srp$jaas$SRPCacheLoginModule;
        }
        log = Logger.getLogger(cls);
    }
}
