package org.efaps.jaas.efaps;

import java.io.IOException;
import java.security.Principal;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.efaps.admin.user.Group;
import org.efaps.admin.user.JAASSystem;
import org.efaps.admin.user.Person;
import org.efaps.admin.user.Role;
import org.efaps.jaas.ActionCallback;
import org.efaps.util.EFapsException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/efaps/jaas/efaps/UserLoginModule.class */
public class UserLoginModule implements LoginModule {
    private static final Logger LOG = LoggerFactory.getLogger(UserLoginModule.class);
    private CallbackHandler callbackHandler;
    private String jaasSystemName = "eFaps";
    private boolean committed = false;
    private Subject subject = null;
    private Principal principal = null;

    /* loaded from: input_file:org/efaps/jaas/efaps/UserLoginModule$UpdateException.class */
    public class UpdateException extends LoginException {
        private static final long serialVersionUID = 1;

        public UpdateException() {
        }
    }

    public final void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Init");
        }
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        String str = (String) map2.get("jaasSystem");
        if (str != null) {
            this.jaasSystemName = str;
        }
    }

    public final boolean login() throws LoginException {
        boolean z = false;
        NameCallback[] nameCallbackArr = {new ActionCallback(), new NameCallback("Username: "), new PasswordCallback("Password", false), new PasswordCallback("newPassword", false)};
        String str = null;
        try {
            this.callbackHandler.handle(nameCallbackArr);
            ActionCallback.Mode mode = ((ActionCallback) nameCallbackArr[0]).getMode();
            str = nameCallbackArr[1].getName();
            String str2 = new String(((PasswordCallback) nameCallbackArr[2]).getPassword());
            String str3 = new String(((PasswordCallback) nameCallbackArr[3]).getPassword());
            if (str != null) {
                try {
                    Person withJAASKey = Person.getWithJAASKey(JAASSystem.getJAASSystem(this.jaasSystemName), str);
                    if (withJAASKey != null) {
                        if (!withJAASKey.checkPassword(str2)) {
                            throw new FailedLoginException("Username or password is incorrect");
                        }
                        z = true;
                        if (mode.equals(ActionCallback.Mode.SET_PASSWORD)) {
                            try {
                                withJAASKey.setPassword(str3);
                            } catch (EFapsException e) {
                                throw new UpdateException();
                            }
                        }
                        this.principal = new PersonPrincipal(str);
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("login " + str + " " + this.principal);
                        }
                    }
                } catch (EFapsException e2) {
                    LOG.error("login failed for user '" + str + "'", e2);
                    throw new LoginException(e2.toString());
                }
            }
            return z;
        } catch (IOException e3) {
            LOG.error("login failed for user '" + str + "'", e3);
            throw new LoginException(e3.toString());
        } catch (UnsupportedCallbackException e4) {
            LOG.error("login failed for user '" + str + "'", e4);
            throw new LoginException(e4.toString());
        }
    }

    public final boolean commit() throws LoginException {
        boolean z;
        if (this.principal == null) {
            z = false;
        } else {
            z = true;
            if (!this.subject.getPrincipals().contains(this.principal)) {
                this.subject.getPrincipals().add(this.principal);
                try {
                    JAASSystem jAASSystem = JAASSystem.getJAASSystem(this.jaasSystemName);
                    Person withJAASKey = Person.getWithJAASKey(jAASSystem, this.principal.getName());
                    if (withJAASKey != null) {
                        Iterator<Role> it = withJAASKey.getRolesFromDB(jAASSystem).iterator();
                        while (it.hasNext()) {
                            this.subject.getPrincipals().add(new RolePrincipal(it.next().getName()));
                        }
                        Iterator<Group> it2 = withJAASKey.getGroupsFromDB(jAASSystem).iterator();
                        while (it2.hasNext()) {
                            this.subject.getPrincipals().add(new GroupPrincipal(it2.next().getName()));
                        }
                    }
                } catch (EFapsException e) {
                    LOG.error("assign of roles to user '" + this.principal.getName() + "' not possible", e);
                    throw new LoginException(e.toString());
                }
            }
        }
        this.committed = true;
        return z;
    }

    public final boolean abort() {
        boolean z = false;
        if (LOG.isDebugEnabled()) {
            LOG.debug("Abort of " + this.principal);
        }
        if (this.principal != null) {
            if (this.committed) {
                this.subject.getPrincipals().remove(this.principal);
            }
            this.committed = false;
            this.principal = null;
            z = true;
        }
        return z;
    }

    public final boolean logout() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Logout of " + this.principal);
        }
        this.subject.getPrincipals().remove(this.principal);
        this.committed = false;
        this.principal = null;
        return true;
    }
}
