package org.ldaptive.jaas;

import com.sun.security.auth.callback.TextCallbackHandler;
import java.security.Principal;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ldaptive.Credential;
import org.ldaptive.LdapEntry;
import org.ldaptive.LdapException;
import org.ldaptive.ReturnAttributes;
import org.ldaptive.auth.AuthenticationRequest;
import org.ldaptive.auth.AuthenticationResponse;
import org.ldaptive.auth.Authenticator;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;

/* loaded from: input_file:WEB-INF/lib/ldaptive-1.1.0.jar:org/ldaptive/jaas/LdapLoginModule.class */
public class LdapLoginModule extends AbstractLoginModule {
    private String[] userRoleAttribute = ReturnAttributes.NONE.value();
    private AuthenticatorFactory authenticatorFactory;
    private Authenticator auth;
    private AuthenticationRequest authRequest;

    @Override // org.ldaptive.jaas.AbstractLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.setLdapPrincipal = true;
        this.setLdapCredential = true;
        super.initialize(subject, callbackHandler, map, map2);
        for (String str : map2.keySet()) {
            String str2 = (String) map2.get(str);
            if ("userRoleAttribute".equalsIgnoreCase(str)) {
                if (AbstractBeanDefinition.SCOPE_DEFAULT.equals(str2)) {
                    this.userRoleAttribute = ReturnAttributes.NONE.value();
                } else if ("*".equals(str2)) {
                    this.userRoleAttribute = ReturnAttributes.ALL_USER.value();
                } else {
                    this.userRoleAttribute = str2.split(StringArrayPropertyEditor.DEFAULT_SEPARATOR);
                }
            } else if ("authenticatorFactory".equalsIgnoreCase(str)) {
                try {
                    this.authenticatorFactory = (AuthenticatorFactory) Class.forName(str2).newInstance();
                } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                    throw new IllegalArgumentException(e);
                }
            } else {
                continue;
            }
        }
        if (this.authenticatorFactory == null) {
            this.authenticatorFactory = new PropertiesAuthenticatorFactory();
        }
        this.logger.trace("authenticatorFactory = {}, userRoleAttribute = {}", this.authenticatorFactory, Arrays.toString(this.userRoleAttribute));
        this.auth = this.authenticatorFactory.createAuthenticator(map2);
        this.logger.debug("Retrieved authenticator from factory: {}", this.auth);
        this.authRequest = this.authenticatorFactory.createAuthenticationRequest(map2);
        this.authRequest.setReturnAttributes(this.userRoleAttribute);
        this.logger.debug("Retrieved authentication request from factory: {}", this.authRequest);
    }

    @Override // org.ldaptive.jaas.AbstractLoginModule
    protected boolean login(NameCallback nameCallback, PasswordCallback passwordCallback) throws LoginException {
        try {
            getCredentials(nameCallback, passwordCallback, false);
            this.authRequest.setUser(nameCallback.getName());
            this.authRequest.setCredential(new Credential(passwordCallback.getPassword()));
            AuthenticationResponse authenticate = this.auth.authenticate(this.authRequest);
            LdapEntry ldapEntry = null;
            if (authenticate.getResult().booleanValue()) {
                ldapEntry = authenticate.getLdapEntry();
                if (ldapEntry != null) {
                    this.roles.addAll(LdapRole.toRoles(ldapEntry));
                    if (this.defaultRole != null && !this.defaultRole.isEmpty()) {
                        this.roles.addAll(this.defaultRole);
                    }
                }
                this.loginSuccess = true;
            } else if (this.tryFirstPass) {
                getCredentials(nameCallback, passwordCallback, true);
                authenticate = this.auth.authenticate(this.authRequest);
                if (authenticate.getResult().booleanValue()) {
                    ldapEntry = authenticate.getLdapEntry();
                    if (ldapEntry != null) {
                        this.roles.addAll(LdapRole.toRoles(ldapEntry));
                    }
                    if (this.defaultRole != null && !this.defaultRole.isEmpty()) {
                        this.roles.addAll(this.defaultRole);
                    }
                    this.loginSuccess = true;
                } else {
                    this.loginSuccess = false;
                }
            } else {
                this.loginSuccess = false;
            }
            if (!this.loginSuccess) {
                this.logger.debug("Authentication failed: " + authenticate);
                throw new LoginException("Authentication failed: " + authenticate);
            }
            if (this.setLdapPrincipal) {
                this.principals.add(new LdapPrincipal(nameCallback.getName(), ldapEntry));
            }
            String resolvedDn = authenticate.getResolvedDn();
            if (resolvedDn != null && this.setLdapDnPrincipal) {
                this.principals.add(new LdapDnPrincipal(resolvedDn, ldapEntry));
            }
            if (this.setLdapCredential) {
                this.credentials.add(new LdapCredential(passwordCallback.getPassword()));
            }
            storeCredentials(nameCallback, passwordCallback, resolvedDn);
            return true;
        } catch (LdapException e) {
            this.logger.debug("Error occurred attempting authentication", (Throwable) e);
            this.loginSuccess = false;
            throw new LoginException(e != null ? e.getMessage() : "Authentication Error");
        }
    }

    public static void main(String[] strArr) throws Exception {
        LoginContext loginContext = new LoginContext(strArr.length > 0 ? strArr[0] : "ldaptive", new TextCallbackHandler());
        loginContext.login();
        System.out.println("Authentication/Authorization succeeded");
        Set<Principal> principals = loginContext.getSubject().getPrincipals();
        System.out.println("Subject Principal(s): ");
        Iterator<Principal> it = principals.iterator();
        while (it.hasNext()) {
            System.out.println("  " + it.next());
        }
        loginContext.logout();
    }
}
