package com.sun.appserv.security;

import com.sun.enterprise.security.auth.login.LoginCallbackHandler;
import com.sun.enterprise.security.auth.login.common.PasswordCredential;
import com.sun.enterprise.security.auth.realm.Realm;
import com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface;
import com.sun.enterprise.security.web.integration.PrincipalGroupFactory;
import com.sun.enterprise.util.i18n.StringManager;
import com.sun.logging.LogDomains;
import java.security.Principal;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.glassfish.security.common.Group;
import org.glassfish.security.common.PrincipalImpl;
import org.jvnet.hk2.annotations.Scoped;
import org.jvnet.hk2.annotations.Service;
import org.jvnet.hk2.component.PerLookup;

@Service
@Scoped(PerLookup.class)
/* loaded from: input_file:com/sun/appserv/security/AppservPasswordLoginModule.class */
public class AppservPasswordLoginModule implements AppservPasswordLoginModuleInterface {
    protected Subject _subject;
    protected Map _sharedState;
    protected Map _options;
    protected String _username;

    @Deprecated
    protected String _password;
    protected char[] _passwd;
    protected Realm _currentRealm;
    protected PrincipalImpl _userPrincipal;
    protected static final StringManager sm = StringManager.getManager(LoginCallbackHandler.class);
    protected boolean _succeeded = false;
    protected boolean _commitSucceeded = false;
    protected String[] _groupsList = null;
    protected Logger _logger = LogDomains.getLogger(AppservPasswordLoginModule.class, "javax.enterprise.system.core.security");
    private LoginModule userDefinedLoginModule = null;

    public final void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this._subject = subject;
        this._sharedState = map;
        this._options = map2;
        if (this._logger.isLoggable(Level.FINE)) {
            this._logger.log(Level.FINE, "Login module initialized: " + getClass().toString());
        }
    }

    public final boolean login() throws LoginException {
        extractCredentials();
        authenticateUser();
        if (!this._logger.isLoggable(Level.FINE)) {
            return true;
        }
        this._logger.log(Level.FINE, "JAAS login complete.");
        return true;
    }

    public boolean commit() throws LoginException {
        if (!this._succeeded) {
            return false;
        }
        String name = this._currentRealm.getName();
        this._userPrincipal = PrincipalGroupFactory.getPrincipalInstance(getUsername(), name);
        Set<Principal> principals = this._subject.getPrincipals();
        if (!principals.contains(this._userPrincipal)) {
            principals.add(this._userPrincipal);
        }
        for (int i = 0; i < this._groupsList.length; i++) {
            if (this._groupsList[i] != null) {
                Group groupInstance = PrincipalGroupFactory.getGroupInstance(this._groupsList[i], name);
                if (!principals.contains(groupInstance)) {
                    principals.add(groupInstance);
                }
                this._groupsList[i] = null;
            }
        }
        this._groupsList = null;
        setUsername(null);
        setPassword(null);
        setPasswordChar(null);
        this._commitSucceeded = true;
        if (!this._logger.isLoggable(Level.FINE)) {
            return true;
        }
        this._logger.log(Level.FINE, "JAAS authentication committed.");
        return true;
    }

    public final boolean abort() throws LoginException {
        if (this._logger.isLoggable(Level.FINE)) {
            this._logger.log(Level.FINE, "JAAS authentication aborted.");
        }
        if (!this._succeeded) {
            return false;
        }
        if (!this._succeeded || this._commitSucceeded) {
            logout();
            return true;
        }
        this._succeeded = false;
        setUsername(null);
        setPassword(null);
        setPasswordChar(null);
        this._userPrincipal = null;
        for (int i = 0; i < this._groupsList.length; i++) {
            this._groupsList[i] = null;
        }
        this._groupsList = null;
        return true;
    }

    public final boolean logout() throws LoginException {
        if (this._logger.isLoggable(Level.FINE)) {
            this._logger.log(Level.FINE, "JAAS logout for: " + this._subject.toString());
        }
        this._subject.getPrincipals().clear();
        this._subject.getPublicCredentials().clear();
        this._subject.getPrivateCredentials().clear();
        this._succeeded = false;
        this._commitSucceeded = false;
        setUsername(null);
        setPassword(null);
        this._userPrincipal = null;
        if (this._groupsList == null) {
            return true;
        }
        for (int i = 0; i < this._groupsList.length; i++) {
            this._groupsList[i] = null;
        }
        this._groupsList = null;
        return true;
    }

    @Override // com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface
    public final void commitUserAuthentication(String[] strArr) {
        this._groupsList = strArr == null ? null : (String[]) Arrays.copyOf(strArr, strArr.length);
        this._succeeded = true;
    }

    @Override // com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface
    public Subject getSubject() {
        return this._subject;
    }

    @Override // com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface
    public final void extractCredentials() throws LoginException {
        if (this._subject == null) {
            String string = sm.getString("pwdlm.noinfo");
            this._logger.log(Level.SEVERE, string);
            throw new LoginException(string);
        }
        PasswordCredential passwordCredential = null;
        try {
            Iterator<Object> it = this._subject.getPrivateCredentials().iterator();
            while (it.hasNext() && passwordCredential == null) {
                Object next = it.next();
                if (next instanceof PasswordCredential) {
                    passwordCredential = (PasswordCredential) next;
                }
            }
        } catch (Exception e) {
            this._logger.log(Level.WARNING, "passwordlm.nocreds", e.toString());
        }
        if (passwordCredential == null) {
            this._logger.log(Level.SEVERE, "passwordlm.nopwdcred");
            throw new LoginException(sm.getString("pwdlm.nocreds"));
        }
        String str = null;
        try {
            str = passwordCredential.getRealm();
            this._currentRealm = Realm.getInstance(str);
            if (this._currentRealm == null) {
                String string2 = sm.getString("pwdlm.norealmavail", str);
                this._logger.log(Level.SEVERE, string2);
                throw new LoginException(string2);
            }
            setUsername(passwordCredential.getUser());
            setPasswordChar(passwordCredential.getPassword());
            setPassword(new String(passwordCredential.getPassword()));
        } catch (Exception e2) {
            String string3 = sm.getString("pwdlm.norealm", str);
            this._logger.log(Level.SEVERE, string3);
            throw new LoginException(string3);
        }
    }

    protected void authenticateUser() throws LoginException {
        throw new UnsupportedOperationException("Internal Error: Should not come here");
    }

    @Override // com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface
    public void setLoginModuleForAuthentication(LoginModule loginModule) {
        this.userDefinedLoginModule = loginModule;
    }

    @Override // com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface
    public String getUsername() {
        return this._username;
    }

    private void setUsername(String str) {
        this._username = str;
    }

    @Override // com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface
    @Deprecated
    public String getPassword() {
        return this._password;
    }

    @Deprecated
    private void setPassword(String str) {
        this._password = str;
    }

    public char[] getPasswordChar() {
        return this._passwd;
    }

    private void setPasswordChar(char[] cArr) {
        this._passwd = cArr;
    }

    @Override // com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface
    public Realm getCurrentRealm() {
        return this._currentRealm;
    }

    @Override // com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface
    public boolean isSucceeded() {
        return this._succeeded;
    }

    @Override // com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface
    public boolean isCommitSucceeded() {
        return this._commitSucceeded;
    }

    @Override // com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface
    public PrincipalImpl getUserPrincipal() {
        return this._userPrincipal;
    }

    @Override // com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface
    public String[] getGroupsList() {
        return this._groupsList;
    }
}
