package org.ow2.jonas.security.auth.spi;

import java.util.Map;
import javax.naming.InitialContext;
import javax.naming.NameNotFoundException;
import javax.rmi.PortableRemoteObject;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.axis.transport.jms.JMSConstants;
import org.ow2.jonas.lib.security.auth.JSubject;
import org.ow2.jonas.security.auth.callback.CertificateCallback;
import org.ow2.jonas.security.internal.JonasSecurityServiceImpl;
import org.ow2.jonas.security.internal.realm.factory.JResourceRemote;

/* loaded from: input_file:org/ow2/jonas/security/auth/spi/JResourceLoginModule.class */
public class JResourceLoginModule implements LoginModule {
    private static final String DEFAULT_SERVER_NAME = "jonas";
    private Subject subject = null;
    private Subject remoteSubject = null;
    private CallbackHandler callbackHandler = null;
    private Map options = null;
    private String password = null;
    private boolean loginWasDoneWithSuccess = false;
    private boolean useUpperCaseUsername = false;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.options = map2;
    }

    public boolean login() throws LoginException {
        Object lookup;
        if (this.callbackHandler == null) {
            throw new LoginException("No handler has been defined.");
        }
        String str = (String) this.options.get("resourceName");
        String str2 = (String) this.options.get("serverName");
        if (str2 == null) {
            str2 = "jonas";
        }
        String str3 = (String) this.options.get("useUpperCaseUsername");
        if (str3 != null && Boolean.valueOf(str3).booleanValue()) {
            this.useUpperCaseUsername = true;
        }
        String str4 = (String) this.options.get("certCallback");
        if (str == null) {
            throw new LoginException("You have to give an argument to this login module. The 'resourceName' parameter is required.");
        }
        String str5 = str2 + JonasSecurityServiceImpl.REMOTE_RESOUCE;
        try {
            InitialContext initialContext = new InitialContext();
            try {
                try {
                    lookup = initialContext.lookup(str5);
                } catch (NameNotFoundException e) {
                    Thread.sleep(JMSConstants.DEFAULT_CONNECT_RETRY_INTERVAL);
                    lookup = initialContext.lookup(str5);
                }
                JResourceRemote jResourceRemote = (JResourceRemote) PortableRemoteObject.narrow(lookup, JResourceRemote.class);
                Callback nameCallback = new NameCallback("User :");
                PasswordCallback passwordCallback = new PasswordCallback("Password :", false);
                CertificateCallback certificateCallback = new CertificateCallback();
                this.callbackHandler.handle((str4 == null || !Boolean.valueOf(str4).booleanValue()) ? new Callback[]{nameCallback, passwordCallback} : new Callback[]{nameCallback, passwordCallback, certificateCallback});
                String name = nameCallback.getName();
                if (name == null) {
                    throw new LoginException("A null username is not a valid username");
                }
                if (name.startsWith("##DN##") && certificateCallback.getUserCertificate() == null) {
                    throw new LoginException("Name must have a certificate to access this certificate based access login");
                }
                char[] password = passwordCallback.getPassword();
                if (password == null) {
                    throw new LoginException("A null password is not a valid password");
                }
                if (this.useUpperCaseUsername) {
                    name = name.toUpperCase();
                }
                this.password = new String(password);
                try {
                    JSubject authenticate = jResourceRemote.authenticate(name, password, str);
                    this.remoteSubject = new Subject();
                    this.remoteSubject.getPrivateCredentials().add(this.password);
                    this.remoteSubject.getPrincipals().add(authenticate.getName());
                    this.remoteSubject.getPrincipals().add(authenticate.getGroup());
                    this.loginWasDoneWithSuccess = true;
                    return true;
                } catch (Exception e2) {
                    throw createChainedLoginException("Cannot authenticate with principal name = '" + name + "' : " + e2.getMessage(), e2);
                }
            } catch (Exception e3) {
                throw createChainedLoginException("Cannot retrieve the resource '" + str5 + "'. Check that this resource is bound in the registry and that the server name is correct", e3);
            }
        } catch (Exception e4) {
            throw createChainedLoginException("Error during the login phase : " + e4.getMessage(), e4);
        }
    }

    private static LoginException createChainedLoginException(String str, Exception exc) {
        LoginException loginException = new LoginException(str);
        loginException.initCause(exc);
        return loginException;
    }

    public boolean commit() throws LoginException {
        if (this.loginWasDoneWithSuccess && this.remoteSubject != null) {
            this.subject.getPrincipals().addAll(this.remoteSubject.getPrincipals());
            this.subject.getPrivateCredentials().add(this.password);
        }
        return this.loginWasDoneWithSuccess;
    }

    public boolean abort() throws LoginException {
        if (this.loginWasDoneWithSuccess && this.remoteSubject != null) {
            this.remoteSubject = null;
        }
        return this.loginWasDoneWithSuccess;
    }

    public boolean logout() throws LoginException {
        if (this.loginWasDoneWithSuccess && this.remoteSubject != null) {
            this.subject.getPrincipals().remove(this.remoteSubject.getPrincipals());
        }
        return this.loginWasDoneWithSuccess;
    }
}
