package org.apache.geronimo.security.realm.providers;

import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
import org.apache.geronimo.security.jaas.WrappingLoginModule;
import org.apache.geronimo.system.serverinfo.ServerInfo;

/* loaded from: input_file:org/apache/geronimo/security/realm/providers/GenericHttpHeaderPropertiesFileLoginModule.class */
public class GenericHttpHeaderPropertiesFileLoginModule extends GenericHttpHeaderLoginmodule implements LoginModule {
    private static final String GROUPS_URI = "groupsURI";
    private static final String HEADER_NAMES = "headerNames";
    private static final String AUTHENTICATION_AUTHORITY = "authenticationAuthority";
    public static final List<String> supportedOptions = Collections.unmodifiableList(Arrays.asList("groupsURI", HEADER_NAMES, AUTHENTICATION_AUTHORITY));
    private static Log log = LogFactory.getLog(PropertiesFileLoginModule.class);
    final Map<String, Set<String>> roleUsersMap = new HashMap();

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.headerNames = (String) map2.get(HEADER_NAMES);
        this.authenticationAuthority = (String) map2.get(AUTHENTICATION_AUTHORITY);
        for (Object obj : map2.keySet()) {
            if (!supportedOptions.contains(obj) && !JaasLoginModuleUse.supportedOptions.contains(obj) && !WrappingLoginModule.supportedOptions.contains(obj)) {
                log.warn("Ignoring option: " + obj + ". Not supported.");
            }
        }
        try {
            ServerInfo serverInfo = (ServerInfo) map2.get(JaasLoginModuleUse.SERVERINFO_LM_OPTION);
            String str = (String) map2.get("groupsURI");
            if (str == null) {
                throw new IllegalArgumentException("groupsURI must be provided!");
            }
            loadProperties(serverInfo, new URI(str));
        } catch (Exception e) {
            log.error("Initialization failed", e);
            throw new IllegalArgumentException("Unable to configure properties file login module: " + e.getMessage(), e);
        }
    }

    public void loadProperties(ServerInfo serverInfo, URI uri) throws GeronimoSecurityException {
        try {
            URI resolveServer = serverInfo.resolveServer(uri);
            Properties properties = new Properties();
            InputStream openStream = resolveServer.toURL().openStream();
            properties.load(openStream);
            openStream.close();
            Enumeration keys = properties.keys();
            while (keys.hasMoreElements()) {
                String str = (String) keys.nextElement();
                String[] split = ((String) properties.get(str)).split(",");
                Set<String> set = this.roleUsersMap.get(str);
                if (set == null) {
                    set = new HashSet();
                    this.roleUsersMap.put(str, set);
                }
                for (String str2 : split) {
                    set.add(str2);
                }
            }
        } catch (Exception e) {
            log.error("Generic HTTP Header Properties File Login Module - data load failed", e);
            throw new GeronimoSecurityException(e);
        }
    }

    public boolean login() throws LoginException {
        this.loginSucceeded = false;
        Callback[] callbackArr = {new RequestCallback()};
        try {
            this.callbackHandler.handle(callbackArr);
            this.httpRequest = ((RequestCallback) callbackArr[0]).getRequest();
            try {
                Map<String, String> matchHeaders = matchHeaders(this.httpRequest, this.headerNames.split(","));
                if (matchHeaders.isEmpty()) {
                    throw new FailedLoginException();
                }
                if (this.authenticationAuthority.equalsIgnoreCase("Siteminder")) {
                    this.username = new SiteminderHeaderHandler().getUser(matchHeaders);
                } else if (this.authenticationAuthority.equalsIgnoreCase("Datapower")) {
                }
                if (this.username == null || this.username.equals("")) {
                    this.username = null;
                    throw new FailedLoginException();
                }
                if (this.username != null) {
                    for (Map.Entry<String, Set<String>> entry : this.roleUsersMap.entrySet()) {
                        String key = entry.getKey();
                        Iterator<String> it = entry.getValue().iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            if (this.username.equals(it.next())) {
                                this.groups.add(key);
                                break;
                            }
                        }
                    }
                }
                if (!this.groups.isEmpty()) {
                    this.loginSucceeded = true;
                    return this.loginSucceeded;
                }
                log.error("No roles associated with user " + this.username);
                this.loginSucceeded = false;
                throw new FailedLoginException();
            } catch (HeaderMismatchException e) {
                throw ((LoginException) new LoginException("Header Mistmatch error").initCause(e));
            }
        } catch (IOException e2) {
            throw ((LoginException) new LoginException().initCause(e2));
        } catch (UnsupportedCallbackException e3) {
            throw ((LoginException) new LoginException().initCause(e3));
        }
    }

    public boolean commit() throws LoginException {
        if (this.loginSucceeded && this.username != null) {
            super.commitHelper();
        }
        this.username = null;
        this.roleUsersMap.clear();
        this.groups.clear();
        return this.loginSucceeded;
    }

    public boolean abort() throws LoginException {
        if (this.loginSucceeded) {
            this.username = null;
            this.allPrincipals.clear();
        }
        return this.loginSucceeded;
    }

    public boolean logout() throws LoginException {
        this.loginSucceeded = false;
        this.username = null;
        if (!this.subject.isReadOnly()) {
            this.subject.getPrincipals().removeAll(this.allPrincipals);
        }
        this.allPrincipals.clear();
        return true;
    }
}
