package org.wso2.carbon.security.caas.api.module;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.kernel.context.PrivilegedCarbonContext;
import org.wso2.carbon.security.caas.api.CarbonPrincipal;
import org.wso2.carbon.security.caas.api.exception.CarbonSecurityAuthenticationException;
import org.wso2.carbon.security.caas.api.exception.CarbonSecurityClientException;
import org.wso2.carbon.security.caas.api.exception.CarbonSecurityLoginException;
import org.wso2.carbon.security.caas.api.exception.CarbonSecurityServerException;
import org.wso2.carbon.security.caas.api.model.User;
import org.wso2.carbon.security.caas.api.util.CarbonSecurityUtils;

/* loaded from: input_file:org/wso2/carbon/security/caas/api/module/UsernamePasswordLoginModule.class */
public class UsernamePasswordLoginModule implements LoginModule {
    private static final Logger log = LoggerFactory.getLogger(UsernamePasswordLoginModule.class);
    private Subject subject;
    private String username;
    private char[] password;
    private CallbackHandler callbackHandler;
    private Map sharedState;
    private Map options;
    private CarbonPrincipal carbonPrincipal;
    private User uncommittedUser;
    private boolean success = false;
    private boolean commitSuccess = false;
    private Base64.Decoder decoder = Base64.getDecoder();

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        if (this.username != null || this.password != null) {
            log.warn("PrototypeServiceFactory failed to deliver new UsernamePasswordLoginModule object");
        }
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
    }

    public boolean login() throws LoginException {
        Callback nameCallback = new NameCallback("username");
        PasswordCallback passwordCallback = new PasswordCallback("password", false);
        try {
            this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            this.username = nameCallback.getName();
            this.password = passwordCallback.getPassword();
            this.uncommittedUser = validateUserPassword(this.username, this.password);
            this.success = this.uncommittedUser != null;
            return this.success;
        } catch (IOException e) {
            throw new CarbonSecurityServerException(CarbonSecurityLoginException.CarbonSecurityErrorMessages.CALLBACK_HANDLE_EXCEPTION.getCode(), CarbonSecurityLoginException.CarbonSecurityErrorMessages.CALLBACK_HANDLE_EXCEPTION.getDescription(), e);
        } catch (UnsupportedCallbackException e2) {
            throw new CarbonSecurityClientException(CarbonSecurityLoginException.CarbonSecurityErrorMessages.UNSUPPORTED_CALLBACK_EXCEPTION.getCode(), CarbonSecurityLoginException.CarbonSecurityErrorMessages.UNSUPPORTED_CALLBACK_EXCEPTION.getDescription(), e2);
        }
    }

    private User validateUserPassword(String str, char[] cArr) throws CarbonSecurityServerException, CarbonSecurityAuthenticationException {
        if (cArr == null) {
            return null;
        }
        User user = CarbonSecurityUtils.getUser(str);
        if (user == null) {
            if (log.isDebugEnabled()) {
                log.debug("User not found for userName: %s. Failing the authentication.", str);
            }
            throw new CarbonSecurityAuthenticationException();
        }
        if (Arrays.equals(this.decoder.decode(user.getPassword()), toBytes(cArr))) {
            return user;
        }
        if (log.isDebugEnabled()) {
            log.debug("Password did not match with the configured user, userName: %s, Failing the authentication." + str);
        }
        throw new CarbonSecurityAuthenticationException();
    }

    private byte[] toBytes(char[] cArr) throws CarbonSecurityServerException {
        CharBuffer wrap = CharBuffer.wrap(cArr);
        ByteBuffer encode = StandardCharsets.UTF_8.encode(wrap);
        if (!encode.hasArray()) {
            throw new CarbonSecurityServerException("The password check failed due to inability to obtain byte[] from a ByteBuffer");
        }
        byte[] copyOfRange = Arrays.copyOfRange(encode.array(), encode.position(), encode.limit());
        Arrays.fill(wrap.array(), (char) 0);
        Arrays.fill(encode.array(), (byte) 0);
        return copyOfRange;
    }

    public boolean commit() throws LoginException {
        if (this.success) {
            this.carbonPrincipal = new CarbonPrincipal(this.uncommittedUser);
            if (!this.subject.getPrincipals().contains(this.carbonPrincipal)) {
                this.subject.getPrincipals().add(this.carbonPrincipal);
            }
            PrivilegedCarbonContext.getCurrentContext().setUserPrincipal(this.carbonPrincipal);
            this.username = null;
            for (int i = 0; i < this.password.length; i++) {
                this.password[i] = ' ';
            }
            this.password = null;
            this.commitSuccess = true;
        } else {
            this.commitSuccess = false;
        }
        return this.commitSuccess;
    }

    public boolean abort() throws LoginException {
        if (!this.success) {
            return false;
        }
        if (this.commitSuccess) {
            logout();
            return true;
        }
        this.success = false;
        this.username = null;
        if (this.password != null) {
            for (int i = 0; i < this.password.length; i++) {
                this.password[i] = ' ';
            }
            this.password = null;
        }
        this.carbonPrincipal = null;
        return true;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().remove(this.carbonPrincipal);
        this.success = false;
        this.commitSuccess = false;
        this.username = null;
        if (this.password != null) {
            for (int i = 0; i < this.password.length; i++) {
                this.password[i] = ' ';
            }
            this.password = null;
        }
        this.carbonPrincipal = null;
        return true;
    }
}
