package edu.vt.middleware.ldap.jaas;

import com.sun.security.auth.callback.TextCallbackHandler;
import edu.vt.middleware.ldap.Ldap;
import edu.vt.middleware.ldap.SearchFilter;
import java.security.Principal;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.naming.NamingException;
import javax.naming.directory.SearchResult;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:edu/vt/middleware/ldap/jaas/LdapRoleAuthorizationModule.class */
public class LdapRoleAuthorizationModule extends AbstractLoginModule implements LoginModule {
    private String roleFilter;
    private String[] roleAttribute = new String[0];
    private boolean noResultsIsError;
    private Ldap ldap;

    @Override // edu.vt.middleware.ldap.jaas.AbstractLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
        for (String str : map2.keySet()) {
            String str2 = (String) map2.get(str);
            if (str.equalsIgnoreCase("roleFilter")) {
                this.roleFilter = str2;
            } else if (str.equalsIgnoreCase("roleAttribute")) {
                if ("*".equals(str2)) {
                    this.roleAttribute = null;
                } else {
                    this.roleAttribute = str2.split(",");
                }
            } else if (str.equalsIgnoreCase("noResultsIsError")) {
                this.noResultsIsError = Boolean.valueOf(str2).booleanValue();
            }
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("roleFilter = " + this.roleFilter);
            this.logger.debug("roleAttribute = " + Arrays.toString(this.roleAttribute));
            this.logger.debug("noResultsIsError = " + this.noResultsIsError);
        }
        this.ldap = createLdap(map2);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Created ldap: " + this.ldap.getLdapConfig());
        }
    }

    @Override // edu.vt.middleware.ldap.jaas.AbstractLoginModule
    public boolean login() throws LoginException {
        try {
            try {
                NameCallback nameCallback = new NameCallback("Enter user: ");
                PasswordCallback passwordCallback = new PasswordCallback("Enter user password: ", false);
                getCredentials(nameCallback, passwordCallback, false);
                if (nameCallback.getName() == null && this.tryFirstPass) {
                    getCredentials(nameCallback, passwordCallback, true);
                }
                String name = nameCallback.getName();
                if (name != null && this.setLdapPrincipal) {
                    this.principals.add(new LdapPrincipal(name));
                    this.loginSuccess = true;
                }
                String str = (String) this.sharedState.get(AbstractLoginModule.LOGIN_DN);
                if (str != null && this.setLdapDnPrincipal) {
                    this.principals.add(new LdapDnPrincipal(str));
                    this.loginSuccess = true;
                }
                if (this.roleFilter != null) {
                    Iterator<SearchResult> search = this.ldap.search(new SearchFilter(this.roleFilter, new Object[]{str, name}), this.roleAttribute);
                    if (!search.hasNext() && this.noResultsIsError) {
                        this.loginSuccess = false;
                        throw new LoginException("Could not find roles using " + this.roleFilter);
                    }
                    while (search.hasNext()) {
                        this.roles.addAll(attributesToRoles(search.next().getAttributes()));
                    }
                }
                if (this.defaultRole != null && !this.defaultRole.isEmpty()) {
                    this.roles.addAll(this.defaultRole);
                }
                if (!this.roles.isEmpty()) {
                    this.loginSuccess = true;
                }
                storeCredentials(nameCallback, passwordCallback, null);
                this.ldap.close();
                return true;
            } catch (NamingException e) {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("Error occured attempting role lookup", e);
                }
                this.loginSuccess = false;
                throw new LoginException(e.getMessage());
            }
        } catch (Throwable th) {
            this.ldap.close();
            throw th;
        }
    }

    public static void main(String[] strArr) throws Exception {
        LoginContext loginContext = new LoginContext(strArr.length > 0 ? strArr[0] : "vt-ldap-role", new TextCallbackHandler());
        loginContext.login();
        System.out.println("Authorization succeeded");
        Set<Principal> principals = loginContext.getSubject().getPrincipals();
        System.out.println("Subject Principal(s): ");
        Iterator<Principal> it = principals.iterator();
        while (it.hasNext()) {
            System.out.println("  " + it.next().getName());
        }
        loginContext.logout();
    }
}
