package org.jboss.as.security.remoting;

import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.jboss.as.core.security.RealmUser;
import org.jboss.as.core.security.SubjectUserInfo;
import org.jboss.as.security.logging.SecurityLogger;
import org.jboss.remoting3.Connection;
import org.jboss.remoting3.security.UserPrincipal;
import org.jboss.security.SimpleGroup;
import org.jboss.security.auth.callback.ObjectCallback;
import org.jboss.security.auth.spi.AbstractServerLoginModule;

/* loaded from: input_file:org/jboss/as/security/remoting/RemotingLoginModule.class */
public class RemotingLoginModule extends AbstractServerLoginModule {
    private static final SecurityLogger log = SecurityLogger.ROOT_LOGGER;
    private static final String USE_CLIENT_CERT_OPTION = "useClientCert";
    private static final String[] ALL_OPTIONS = {USE_CLIENT_CERT_OPTION};
    private boolean useClientCert = false;
    private Principal identity;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        addValidOptions(ALL_OPTIONS);
        super.initialize(subject, callbackHandler, map, map2);
        if (map2.containsKey(USE_CLIENT_CERT_OPTION)) {
            this.useClientCert = Boolean.parseBoolean(map2.get(USE_CLIENT_CERT_OPTION).toString());
        }
    }

    public boolean login() throws LoginException {
        SSLSession sslSession;
        if (super.login()) {
            log.debug("super.login()==true");
            return true;
        }
        Object credential = getCredential();
        if (!(credential instanceof RemotingConnectionCredential)) {
            return false;
        }
        Connection connection = ((RemotingConnectionCredential) credential).getConnection();
        Principal principal = null;
        SubjectUserInfo userInfo = connection.getUserInfo();
        if (userInfo instanceof SubjectUserInfo) {
            Iterator it = userInfo.getPrincipals().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Principal principal2 = (Principal) it.next();
                if (principal2 instanceof RealmUser) {
                    principal = principal2;
                    break;
                }
            }
        }
        if (principal == null) {
            Iterator it2 = connection.getPrincipals().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Principal principal3 = (Principal) it2.next();
                if (principal3 instanceof UserPrincipal) {
                    principal = principal3;
                    break;
                }
            }
        }
        if (principal == null) {
            return false;
        }
        this.identity = principal;
        if (getUseFirstPass()) {
            String name = this.identity.getName();
            log.debugf("Storing username '%s'", name);
            this.sharedState.put("javax.security.auth.login.name", this.identity);
            if (this.useClientCert && (sslSession = connection.getSslSession()) != null) {
                try {
                    credential = sslSession.getPeerCertificateChain()[0];
                    log.debug("Using certificate as credential.");
                } catch (SSLPeerUnverifiedException e) {
                    log.debugf("No peer certificate available for '%s'", name);
                }
            }
            this.sharedState.put("javax.security.auth.login.password", credential);
        }
        this.loginOk = true;
        return true;
    }

    protected Object getCredential() throws LoginException {
        Callback nameCallback = new NameCallback("Alias: ");
        Callback objectCallback = new ObjectCallback("Credential: ");
        try {
            this.callbackHandler.handle(new Callback[]{nameCallback, objectCallback});
            return objectCallback.getCredential();
        } catch (IOException e) {
            LoginException loginException = new LoginException();
            loginException.initCause(e);
            throw loginException;
        } catch (UnsupportedCallbackException e2) {
            LoginException loginException2 = new LoginException();
            loginException2.initCause(e2);
            throw loginException2;
        }
    }

    protected Principal getIdentity() {
        return this.identity;
    }

    protected Group[] getRoleSets() throws LoginException {
        Group simpleGroup = new SimpleGroup("Roles");
        Group simpleGroup2 = new SimpleGroup("CallerPrincipal");
        Group[] groupArr = {simpleGroup, simpleGroup2};
        simpleGroup2.addMember(getIdentity());
        return groupArr;
    }
}
