package oracle.security.jazn.realm;

import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import oracle.security.jazn.ApplicationServerProxy;
import oracle.security.jazn.JAZNConfig;
import oracle.security.jazn.JAZNException;
import oracle.security.jazn.action.GetJAZNConfigPropertyAction;
import oracle.security.jazn.callback.JAZNContextCallback;
import oracle.security.jazn.spi.ldap.LDAPRealmUser;
import oracle.security.jazn.spi.xml.XMLRealmUser;

/* loaded from: input_file:oracle/security/jazn/realm/RealmLoginModule.class */
public class RealmLoginModule implements LoginModule {
    private Subject _subject;
    private CallbackHandler _callbackHandler;
    private Map _sharedState;
    private Map _options;
    private boolean _debug;
    private boolean _addRoles;
    private boolean _addAllRoles;
    private boolean _storePrivateCredentials;
    private boolean _clearPrivateCredentials;
    private boolean _supportCSIv2;
    private boolean _supportNullPassword;
    private boolean _succeeded;
    private boolean _commitSucceeded;
    private JAZNContextCallback _jaznCtxCB;
    private String _fullname;
    private String _realmname;
    private String _username;
    private char[] _password;
    private Object _privCred;
    private RealmUserPrivateCredential _userPrivateCredential;
    private RealmPrincipal _userPrincipal;
    private Set _grantedRoles;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this._subject = subject;
        this._callbackHandler = callbackHandler;
        this._sharedState = map;
        this._options = map2;
        this._debug = "true".equalsIgnoreCase((String) this._options.get("debug"));
        this._addRoles = !"false".equalsIgnoreCase((String) this._options.get("addRoles"));
        this._addAllRoles = !"false".equalsIgnoreCase((String) this._options.get("addAllRoles"));
        this._storePrivateCredentials = "true".equalsIgnoreCase((String) this._options.get("storePrivateCredentials"));
        this._clearPrivateCredentials = "true".equalsIgnoreCase((String) this._options.get("clearPrivateCredentials"));
        this._supportCSIv2 = "true".equalsIgnoreCase((String) this._options.get("supportCSIv2"));
        this._supportNullPassword = "true".equalsIgnoreCase((String) this._options.get("supportNullPassword"));
        if (this._debug) {
            System.out.println("\t\t[RealmLoginModule] configuration options:");
            System.out.println("\t\t\tdebug                   = true");
            if (this._addRoles) {
                System.out.println(new StringBuffer().append("\t\t\taddRoles                = ").append(this._addRoles).toString());
            }
            if (this._addAllRoles) {
                System.out.println(new StringBuffer().append("\t\t\taddAllRoles             = ").append(this._addAllRoles).toString());
            }
            if (this._storePrivateCredentials) {
                System.out.println(new StringBuffer().append("\t\t\tstorePrivateCredentials = ").append(this._storePrivateCredentials).toString());
            }
            if (this._clearPrivateCredentials) {
                System.out.println(new StringBuffer().append("\t\t\tclearPrivateCredentials = ").append(this._clearPrivateCredentials).toString());
            }
            if (this._supportCSIv2) {
                System.out.println(new StringBuffer().append("\t\t\tsupportCSIv2            = ").append(this._supportCSIv2).toString());
            }
            if (this._supportNullPassword) {
                System.out.println(new StringBuffer().append("\t\t\tsupportNullPassword     = ").append(this._supportNullPassword).toString());
            }
        }
    }

    public boolean login() throws LoginException {
        if (this._callbackHandler == null) {
            throw new LoginException("Error: no CallbackHandler available to garner authentication information from the user");
        }
        this._jaznCtxCB = new JAZNContextCallback();
        Callback nameCallback = new NameCallback("RealmLoginModule username: ");
        PasswordCallback passwordCallback = new PasswordCallback("RealmLoginModule password: ", false);
        try {
            this._callbackHandler.handle(new Callback[]{this._jaznCtxCB, nameCallback, passwordCallback});
            JAZNConfig jAZNConfig = this._jaznCtxCB.getJAZNConfig();
            if (jAZNConfig == null) {
                if (this._debug) {
                    System.out.println("\t\t[RealmLoginModule] JAZNConfigCallback.getJAZNConfig()==NULL. Use default JAZNConfig.");
                }
                jAZNConfig = JAZNConfig.getJAZNConfig();
            }
            String name = nameCallback.getName();
            int indexOf = name.indexOf(47);
            if (indexOf != -1) {
                this._fullname = name;
                this._realmname = name.substring(0, indexOf);
                this._username = name.substring(indexOf + 1);
            } else if (jAZNConfig != null) {
                try {
                    Set realms = jAZNConfig.getRealmManager().getRealms();
                    if (realms.size() != 1) {
                        throw new LoginException("Illegal username format.");
                    }
                    this._realmname = ((Realm) realms.iterator().next()).getName();
                    this._username = name;
                    this._fullname = new StringBuffer().append(this._realmname).append("/").append(this._username).toString();
                } catch (JAZNException e) {
                    throw new LoginException(e.getMessage());
                }
            }
            if (this._debug) {
                System.out.println(new StringBuffer().append("\t\t[RealmLoginModule] username: ").append(name).toString());
            }
            char[] password = passwordCallback.getPassword();
            if (password == null) {
                password = new char[0];
            }
            this._password = new char[password.length];
            System.arraycopy(password, 0, this._password, 0, password.length);
            passwordCallback.clearPassword();
            if (mylogin(jAZNConfig, this._realmname, this._username, this._password)) {
                return true;
            }
            throw new FailedLoginException("Authentication failure.");
        } catch (IOException e2) {
            if (this._debug) {
                e2.printStackTrace();
            }
            throw new LoginException(e2.toString());
        } catch (UnsupportedCallbackException e3) {
            if (this._debug) {
                e3.printStackTrace();
            }
            throw new LoginException(new StringBuffer().append("Error: ").append(e3.getCallback().toString()).append(" not available to garner authentication information from the user").toString());
        }
    }

    private String getJAZNProperty(JAZNConfig jAZNConfig, String str, String str2) {
        return (String) AccessController.doPrivileged(new GetJAZNConfigPropertyAction(jAZNConfig, str, str2));
    }

    public boolean mylogin(JAZNConfig jAZNConfig, String str, char[] cArr) throws LoginException {
        int indexOf = str.indexOf(47);
        if (indexOf != -1) {
            return mylogin(jAZNConfig, str.substring(0, indexOf), str.substring(indexOf + 1, str.length()), cArr);
        }
        throw new FailedLoginException("Invalid username format. Should be <realm_name>/<nick_name>");
    }

    public boolean mylogin(JAZNConfig jAZNConfig, String str, String str2, char[] cArr) throws LoginException {
        if (jAZNConfig == null) {
            jAZNConfig = JAZNConfig.getJAZNConfig();
        }
        try {
            Realm realm = jAZNConfig.getRealmManager().getRealm(str);
            if (realm == null) {
                throw new LoginException(new StringBuffer().append("Realm [").append(str).append("] does not exist in system.").toString());
            }
            RealmUser user = realm.getUserManager().getUser(str2);
            if (user == null) {
                throw new LoginException("User does not exist in system.");
            }
            if (user instanceof XMLRealmUser) {
                this._succeeded = ((XMLRealmUser) user).authenticate(cArr);
            } else if (user instanceof LDAPRealmUser) {
                if (!this._supportNullPassword && (cArr == null || cArr.length == 0)) {
                    throw new FailedLoginException("Invalid password.");
                }
                try {
                    ((LDAPRealmUser) user).authenticate(new String(cArr));
                    this._succeeded = true;
                } catch (JAZNException e) {
                    if (this._debug) {
                        e.printStackTrace();
                    }
                    this._succeeded = false;
                }
            }
            if (!this._succeeded) {
                if (this._debug) {
                    System.out.println("\t\t[RealmLoginModule] authentication failed");
                }
                cleanup();
                throw new FailedLoginException();
            }
            if (this._debug) {
                System.out.println("\t\t[RealmLoginModule] authentication succeeded");
            }
            this._userPrincipal = user;
            if (!this._storePrivateCredentials) {
                return true;
            }
            if (this._supportCSIv2) {
                this._privCred = ApplicationServerProxy.createPasswordCredential(new String(str2), cArr, "default");
                return true;
            }
            this._privCred = new RealmUserPrivateCredential(str2, cArr);
            return true;
        } catch (JAZNException e2) {
            if (this._debug) {
                e2.printStackTrace();
            }
            throw new LoginException(e2.toString());
        }
    }

    public boolean commit() throws LoginException {
        try {
            if (!this._succeeded) {
                return false;
            }
            if (this._subject.isReadOnly()) {
                throw new LoginException("Subject is ReadOnly");
            }
            if (!this._subject.getPrincipals().contains(this._userPrincipal)) {
                this._subject.getPrincipals().add(this._userPrincipal);
            }
            if (this._addRoles) {
                this._grantedRoles = this._userPrincipal.getRealm().getRoleManager().getGrantedRoles(this._userPrincipal, !this._addAllRoles);
                for (RealmRole realmRole : this._grantedRoles) {
                    if (!this._subject.getPrincipals().contains(realmRole)) {
                        this._subject.getPrincipals().add(realmRole);
                    }
                }
            }
            if (this._storePrivateCredentials) {
                Set<Object> privateCredentials = this._subject.getPrivateCredentials();
                if (!privateCredentials.contains(this._privCred)) {
                    privateCredentials.add(this._privCred);
                }
            }
            this._username = null;
            for (int i = 0; i < this._password.length; i++) {
                this._password[i] = ' ';
            }
            this._password = null;
            if (this._debug) {
                printSubject(this._subject);
            }
            this._commitSucceeded = true;
            return true;
        } catch (JAZNException e) {
            if (this._debug) {
                e.printStackTrace();
            }
            throw new LoginException(e.toString());
        }
    }

    public boolean abort() throws LoginException {
        if (this._debug) {
            System.out.println("\t\t[RealmLoginModule] aborted authentication attempt.");
        }
        if (!this._succeeded) {
            cleanup();
            return false;
        }
        if (!this._succeeded || this._commitSucceeded) {
            logout();
            return true;
        }
        this._succeeded = false;
        cleanup();
        return true;
    }

    private void cleanup() {
        this._username = null;
        if (this._password != null) {
            for (int i = 0; i < this._password.length; i++) {
                this._password[i] = ' ';
            }
            this._password = null;
        }
        this._userPrincipal = null;
    }

    private void cleanupAll() {
        cleanup();
        this._subject.getPrincipals().remove(this._userPrincipal);
        if (this._grantedRoles != null) {
            for (RealmRole realmRole : this._grantedRoles) {
                if (!this._subject.getPrincipals().contains(realmRole)) {
                    this._subject.getPrincipals().remove(realmRole);
                }
            }
        }
    }

    public boolean logout() throws LoginException {
        this._succeeded = false;
        this._succeeded = this._commitSucceeded;
        cleanupAll();
        return true;
    }

    private static void printSet(Set set) {
        try {
            Iterator it = set.iterator();
            while (it.hasNext()) {
                System.out.println(new StringBuffer().append("\t\t\t").append(((Principal) it.next()).toString()).toString());
            }
        } catch (Exception e) {
        }
    }

    private static void printSubject(Subject subject) {
        if (subject == null) {
            return;
        }
        try {
            Set<Principal> principals = subject.getPrincipals();
            if (principals != null && principals.size() != 0) {
                System.out.println("\t\t[RealmLoginModule] added the following Principals:");
                printSet(principals);
            }
            Set<Object> publicCredentials = subject.getPublicCredentials();
            if (publicCredentials != null && publicCredentials.size() != 0) {
                System.out.println("\t\t[RealmLoginModule] added the following Public Credentials:");
                printSet(publicCredentials);
            }
        } catch (Exception e) {
        }
    }
}
