package io.ballerina.messaging.broker.auth.authentication.authenticator;

import io.ballerina.messaging.broker.auth.AuthException;
import io.ballerina.messaging.broker.auth.BrokerAuthConstants;
import io.ballerina.messaging.broker.auth.authentication.AuthResult;
import io.ballerina.messaging.broker.auth.authentication.Authenticator;
import io.ballerina.messaging.broker.auth.authentication.jaas.PlainSaslCallbackHandler;
import io.ballerina.messaging.broker.auth.authentication.jaas.UserStoreLoginModule;
import io.ballerina.messaging.broker.auth.authorization.UserStore;
import io.ballerina.messaging.broker.common.StartupContext;
import java.security.Principal;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/ballerina/messaging/broker/auth/authentication/authenticator/JaasAuthenticator.class */
public class JaasAuthenticator implements Authenticator {
    private static final Logger LOGGER = LoggerFactory.getLogger(JaasAuthenticator.class);

    @Override // io.ballerina.messaging.broker.auth.authentication.Authenticator
    public void initialize(StartupContext startupContext, UserStore userStore, Map<String, Object> map) throws Exception {
        String property = System.getProperty(BrokerAuthConstants.SYSTEM_PARAM_JAAS_CONFIG);
        if (property == null || property.trim().isEmpty()) {
            Object obj = map.get(BrokerAuthConstants.CONFIG_PROPERTY_JAAS_LOGIN_MODULE);
            if (!Objects.nonNull(obj)) {
                throw new AuthException("Jass login module have not been set.");
            }
            if (obj.toString().equals(UserStoreLoginModule.class.getCanonicalName())) {
                map.put(BrokerAuthConstants.PROPERTY_USER_STORE_CONNECTOR, userStore);
            }
            Configuration.setConfiguration(createJaasConfig(obj.toString(), map));
        }
    }

    @Override // io.ballerina.messaging.broker.auth.authentication.Authenticator
    public AuthResult authenticate(String str, char[] cArr) throws AuthException {
        LoginContext loginContext = null;
        try {
            try {
                PlainSaslCallbackHandler plainSaslCallbackHandler = new PlainSaslCallbackHandler();
                plainSaslCallbackHandler.setUsername(str);
                plainSaslCallbackHandler.setPassword(cArr);
                loginContext = new LoginContext(BrokerAuthConstants.BROKER_SECURITY_CONFIG, plainSaslCallbackHandler);
                loginContext.login();
                String str2 = str;
                if (Objects.nonNull(loginContext.getSubject())) {
                    Set<Principal> principals = loginContext.getSubject().getPrincipals();
                    if (Objects.nonNull(principals) && !principals.isEmpty()) {
                        Principal next = principals.iterator().next();
                        if (Objects.nonNull(next)) {
                            str2 = next.getName();
                        }
                    }
                }
                AuthResult authResult = new AuthResult(true, str2);
                if (Objects.nonNull(loginContext)) {
                    try {
                        loginContext.logout();
                    } catch (LoginException e) {
                        LOGGER.error("Error while logout from login module", e);
                    }
                }
                return authResult;
            } catch (LoginException e2) {
                throw new AuthException("Error while authenticating user with login module", e2);
            }
        } catch (Throwable th) {
            if (Objects.nonNull(loginContext)) {
                try {
                    loginContext.logout();
                } catch (LoginException e3) {
                    LOGGER.error("Error while logout from login module", e3);
                }
            }
            throw th;
        }
    }

    private static Configuration createJaasConfig(String str, Map<String, Object> map) {
        final AppConfigurationEntry[] appConfigurationEntryArr = {new AppConfigurationEntry(str, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, map)};
        return new Configuration() { // from class: io.ballerina.messaging.broker.auth.authentication.authenticator.JaasAuthenticator.1
            public AppConfigurationEntry[] getAppConfigurationEntry(String str2) {
                return appConfigurationEntryArr;
            }
        };
    }
}
