package waffle.jaas;

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import waffle.windows.auth.IWindowsAccount;
import waffle.windows.auth.IWindowsAuthProvider;
import waffle.windows.auth.IWindowsIdentity;
import waffle.windows.auth.PrincipalFormat;
import waffle.windows.auth.impl.WindowsAuthProviderImpl;

/* loaded from: input_file:waffle/jaas/WindowsLoginModule.class */
public class WindowsLoginModule implements LoginModule {
    private String _username = null;
    private boolean _debug = false;
    private Subject _subject = null;
    private CallbackHandler _callbackHandler = null;
    private IWindowsAuthProvider _auth = new WindowsAuthProviderImpl();
    private Set<Principal> _principals = null;
    private PrincipalFormat _principalFormat = PrincipalFormat.fqn;
    private PrincipalFormat _roleFormat = PrincipalFormat.fqn;
    private boolean _allowGuestLogin = true;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this._subject = subject;
        this._callbackHandler = callbackHandler;
        for (Map.Entry<String, ?> entry : map2.entrySet()) {
            if (entry.getKey().equalsIgnoreCase("debug")) {
                this._debug = Boolean.parseBoolean((String) entry.getValue());
            } else if (entry.getKey().equalsIgnoreCase("principalFormat")) {
                this._principalFormat = PrincipalFormat.valueOf((String) entry.getValue());
            } else if (entry.getKey().equalsIgnoreCase("roleFormat")) {
                this._roleFormat = PrincipalFormat.valueOf((String) entry.getValue());
            }
        }
    }

    public boolean login() throws LoginException {
        if (this._callbackHandler == null) {
            throw new LoginException("Missing callback to gather information from the user.");
        }
        Callback nameCallback = new NameCallback("user name: ");
        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
        try {
            this._callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            String name = nameCallback.getName();
            String str = passwordCallback.getPassword() == null ? "" : new String(passwordCallback.getPassword());
            passwordCallback.clearPassword();
            try {
                IWindowsIdentity logonUser = this._auth.logonUser(name, str);
                try {
                    if (!this._allowGuestLogin && logonUser.isGuest()) {
                        debug("guest login disabled: " + logonUser.getFqn());
                        throw new LoginException("Guest login disabled");
                    }
                    this._principals = new LinkedHashSet();
                    this._principals.addAll(getUserPrincipals(logonUser, this._principalFormat));
                    if (this._roleFormat != PrincipalFormat.none) {
                        for (IWindowsAccount iWindowsAccount : logonUser.getGroups()) {
                            this._principals.addAll(getRolePrincipals(iWindowsAccount, this._roleFormat));
                        }
                    }
                    this._username = logonUser.getFqn();
                    debug("successfully logged in " + this._username + " (" + logonUser.getSidString() + ")");
                    logonUser.dispose();
                    return true;
                } catch (Throwable th) {
                    logonUser.dispose();
                    throw th;
                }
            } catch (Exception e) {
                throw new LoginException(e.getMessage());
            }
        } catch (IOException e2) {
            throw new LoginException(e2.toString());
        } catch (UnsupportedCallbackException e3) {
            throw new LoginException("Callback " + e3.getCallback().getClass().getName() + " not available to gather authentication information from the user.");
        }
    }

    public boolean abort() throws LoginException {
        return logout();
    }

    public boolean commit() throws LoginException {
        if (this._principals == null) {
            return false;
        }
        if (this._subject.isReadOnly()) {
            throw new LoginException("Subject cannot be read-only.");
        }
        Set<Principal> principals = this._subject.getPrincipals();
        principals.addAll(this._principals);
        debug("committing " + this._subject.getPrincipals().size() + " principals");
        if (!this._debug) {
            return true;
        }
        Iterator<Principal> it = principals.iterator();
        while (it.hasNext()) {
            debug(" principal: " + it.next().getName());
        }
        return true;
    }

    public boolean logout() throws LoginException {
        if (this._subject.isReadOnly()) {
            throw new LoginException("Subject cannot be read-only.");
        }
        this._subject.getPrincipals().clear();
        if (this._username == null) {
            return true;
        }
        debug("logging out " + this._username);
        return true;
    }

    private void debug(String str) {
        if (this._debug) {
            System.out.println("[waffle.jaas.WindowsLoginModule] " + str);
        }
    }

    public boolean isDebug() {
        return this._debug;
    }

    public IWindowsAuthProvider getAuth() {
        return this._auth;
    }

    public void setAuth(IWindowsAuthProvider iWindowsAuthProvider) {
        this._auth = iWindowsAuthProvider;
    }

    private static List<Principal> getUserPrincipals(IWindowsIdentity iWindowsIdentity, PrincipalFormat principalFormat) {
        ArrayList arrayList = new ArrayList();
        switch (principalFormat) {
            case fqn:
                arrayList.add(new UserPrincipal(iWindowsIdentity.getFqn()));
                break;
            case sid:
                arrayList.add(new UserPrincipal(iWindowsIdentity.getSidString()));
                break;
            case both:
                arrayList.add(new UserPrincipal(iWindowsIdentity.getFqn()));
                arrayList.add(new UserPrincipal(iWindowsIdentity.getSidString()));
                break;
        }
        return arrayList;
    }

    private static List<Principal> getRolePrincipals(IWindowsAccount iWindowsAccount, PrincipalFormat principalFormat) {
        ArrayList arrayList = new ArrayList();
        switch (principalFormat) {
            case fqn:
                arrayList.add(new RolePrincipal(iWindowsAccount.getFqn()));
                break;
            case sid:
                arrayList.add(new RolePrincipal(iWindowsAccount.getSidString()));
                break;
            case both:
                arrayList.add(new RolePrincipal(iWindowsAccount.getFqn()));
                arrayList.add(new RolePrincipal(iWindowsAccount.getSidString()));
                break;
        }
        return arrayList;
    }

    public boolean isAllowGuestLogin() {
        return this._allowGuestLogin;
    }

    public void setAllowGuestLogin(boolean z) {
        this._allowGuestLogin = z;
    }
}
