package com.caucho.security;

import com.caucho.config.Config;
import com.caucho.config.ConfigException;
import com.caucho.config.types.InitParam;
import com.caucho.server.security.RolePrincipal;
import com.caucho.util.L10N;
import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.PostConstruct;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.spi.LoginModule;
import javax.servlet.ServletException;

/* loaded from: input_file:com/caucho/security/JaasAuthenticator.class */
public class JaasAuthenticator extends AbstractAuthenticator {
    private static final L10N L = new L10N(JaasAuthenticator.class);
    private static final Logger log = Logger.getLogger(JaasAuthenticator.class.getName());
    private Class<?> _loginModuleClass;
    private HashMap<String, String> _options = new HashMap<>();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/caucho/security/JaasAuthenticator$Handler.class */
    public static class Handler implements CallbackHandler {
        private String _userName;
        private String _password;

        Handler(String str, String str2) {
            this._userName = str;
            this._password = str2;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(this._userName);
                } else if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword(this._password.toCharArray());
                }
            }
        }
    }

    /* loaded from: input_file:com/caucho/security/JaasAuthenticator$JaasPrincipal.class */
    private static class JaasPrincipal implements RolePrincipal {
        private Principal _principal;
        private Group _roles;

        JaasPrincipal(Principal principal, Group group) {
            this._principal = principal;
            this._roles = group;
        }

        @Override // java.security.Principal
        public String getName() {
            return this._principal.getName();
        }

        @Override // com.caucho.server.security.RolePrincipal
        public boolean isUserInRole(String str) {
            if (this._roles == null) {
                return "user".equals(str);
            }
            Enumeration<? extends Principal> members = this._roles.members();
            while (members.hasMoreElements()) {
                if (str.equals(members.nextElement().getName())) {
                    return true;
                }
            }
            return false;
        }

        @Override // java.security.Principal
        public int hashCode() {
            return this._principal.hashCode();
        }

        @Override // java.security.Principal
        public boolean equals(Object obj) {
            if (obj instanceof JaasPrincipal) {
                return getName().equals(((JaasPrincipal) obj).getName());
            }
            return false;
        }

        @Override // java.security.Principal
        public String toString() {
            return this._principal.toString();
        }
    }

    public JaasAuthenticator() {
        setPasswordDigest(null);
    }

    public void setLoginModule(Class<?> cls) throws ConfigException {
        this._loginModuleClass = cls;
        Config.checkCanInstantiate(cls);
        if (!LoginModule.class.isAssignableFrom(cls)) {
            throw new ConfigException(L.l("'{0}' must implement javax.security.auth.spi.LoginModule", cls.getName()));
        }
    }

    public void setInitParam(InitParam initParam) {
        this._options.putAll(initParam.getParameters());
    }

    public void setOptions(InitParam initParam) {
        this._options.putAll(initParam.getParameters());
    }

    @Override // com.caucho.security.AbstractAuthenticator
    @PostConstruct
    public void init() throws ServletException {
        super.init();
        if (this._loginModuleClass == null) {
            throw new ServletException(L.l("JaasAuthenticator requires login-module"));
        }
    }

    @Override // com.caucho.security.AbstractAuthenticator
    protected Principal authenticate(Principal principal, PasswordCredentials passwordCredentials, Object obj) {
        try {
            Set<Principal> principals = getPrincipals(principal.getName(), new String(passwordCredentials.getPassword()));
            if (principals == null || principals.size() == 0) {
                return null;
            }
            Principal principal2 = null;
            Group group = null;
            for (Principal principal3 : principals) {
                if ("roles".equals(principal3.getName()) && (principal3 instanceof Group)) {
                    group = (Group) principal3;
                } else if (principal2 == null) {
                    principal2 = principal3;
                }
            }
            if (principal2 == null && group != null) {
                principal2 = group;
            }
            if (principal2 instanceof RolePrincipal) {
                return principal2;
            }
            if (principal2 != null) {
                return new JaasPrincipal(principal2, group);
            }
            return null;
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    @Override // com.caucho.security.AbstractAuthenticator, com.caucho.security.Authenticator
    public boolean isUserInRole(Principal principal, String str) {
        if (principal == null) {
            return false;
        }
        return principal instanceof RolePrincipal ? ((RolePrincipal) principal).isUserInRole(str) : "user".equals(str);
    }

    private Set<Principal> getPrincipals(String str, String str2) {
        try {
            LoginModule loginModule = (LoginModule) this._loginModuleClass.newInstance();
            Subject subject = new Subject();
            HashMap hashMap = new HashMap();
            hashMap.put("javax.security.auth.login.name", str);
            hashMap.put("javax.security.auth.login.password", str2);
            loginModule.initialize(subject, new Handler(str, str2), hashMap, this._options);
            try {
                loginModule.login();
            } catch (Exception e) {
                loginModule.abort();
            }
            loginModule.commit();
            return subject.getPrincipals();
        } catch (RuntimeException e2) {
            throw e2;
        } catch (javax.security.auth.login.LoginException e3) {
            log.log(Level.FINE, e3.toString(), (Throwable) e3);
            return null;
        } catch (Exception e4) {
            throw new RuntimeException(e4);
        }
    }
}
