package org.apache.geronimo.security.jaas;

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.geronimo.security.RealmPrincipal;

/* loaded from: input_file:org/apache/geronimo/security/jaas/RemoteLoginModuleLocalWrapper.class */
public class RemoteLoginModuleLocalWrapper implements LoginModule {
    private String realmName;
    private LoginModuleId loginModuleId;
    private Subject internalSubject;
    private Subject externalSubject;
    private LoginServiceMBean remoteLoginService;
    private CallbackHandler callbackHandler;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.externalSubject = subject;
        this.callbackHandler = callbackHandler;
        this.realmName = (String) map2.get(LoginModuleConstants.REALM_NAME);
        this.remoteLoginService = (LoginServiceMBean) map2.get(RemoteLoginModule.LOGIN_SERVICE);
        try {
            this.loginModuleId = this.remoteLoginService.allocateLoginModules(this.realmName);
        } catch (LoginException e) {
        }
    }

    public boolean login() throws LoginException {
        if (this.loginModuleId == null) {
            throw new LoginException("No login module registered");
        }
        try {
            return tryLogin();
        } catch (ExpiredLoginModuleException e) {
            try {
                this.loginModuleId = this.remoteLoginService.allocateLoginModules(this.realmName);
                return tryLogin();
            } catch (Exception e2) {
                throw ((LoginException) new LoginException().initCause(e2));
            }
        } catch (Exception e3) {
            throw ((LoginException) new LoginException().initCause(e3));
        }
    }

    public boolean commit() throws LoginException {
        if (this.loginModuleId == null) {
            throw new LoginException("No login module registered");
        }
        this.remoteLoginService.commit(this.loginModuleId);
        this.internalSubject = this.remoteLoginService.retrieveSubject(this.loginModuleId);
        this.externalSubject.getPrincipals().addAll(this.internalSubject.getPrincipals());
        return true;
    }

    public boolean abort() throws LoginException {
        if (this.loginModuleId == null) {
            throw new LoginException("No login module registered");
        }
        return this.remoteLoginService.abort(this.loginModuleId);
    }

    public boolean logout() throws LoginException {
        if (this.loginModuleId == null) {
            throw new LoginException("No login module registered");
        }
        Iterator<Principal> it = this.externalSubject.getPrincipals().iterator();
        while (it.hasNext()) {
            Principal next = it.next();
            if (next instanceof RealmPrincipal) {
                it.remove();
            } else if (this.internalSubject.getPrincipals().contains(next)) {
                it.remove();
            }
        }
        return this.remoteLoginService.logout(this.loginModuleId);
    }

    private boolean tryLogin() throws Exception {
        Callback[] callbackArr = new Callback[0];
        Callback[] callbackArr2 = (Callback[]) this.remoteLoginService.getCallbacks(this.loginModuleId).toArray(new Callback[0]);
        try {
            this.callbackHandler.handle(callbackArr2);
            ArrayList arrayList = new ArrayList();
            for (Callback callback : callbackArr2) {
                arrayList.add(callback);
            }
            return this.remoteLoginService.login(this.loginModuleId, arrayList);
        } catch (IOException e) {
            throw ((LoginException) new LoginException().initCause(e));
        } catch (UnsupportedCallbackException e2) {
            throw ((LoginException) new LoginException().initCause(e2));
        }
    }

    protected void finalize() throws Throwable {
        if (this.loginModuleId != null) {
            this.remoteLoginService.removeLoginModules(this.loginModuleId);
        }
    }
}
